1. 7

    If you haven’t tried Firefox for Android, I highly recommend checking it out. I find it’s much snappier than Chrome, has adblock, and a better UI in my opinion. For example, tab management is a lot saner. It also provides an option to load links in the background if you open them from a different app.

    1. 3

      It also provides an option to load links in the background if you open them from a different app.

      I switched this on by accident at some point and I find it’s wonderful.

    1. 1

      When you think about it, whichever character is going to be used as delimiter it’s probably also going to be allowed in the filename (anything other than \n or \0). So I’m not sure what the solution to this would be.

      1. 6

        Then put the filename alone on the first line, or put the file name last so that you can read in the numeric parameters then the rest of the line is the filename. Right?

        1. 2

          Seems like the simplest solution. And it’s not like files in /proc don’t use multilines already. I guess it’s made that way for legacy support. However, as mort mentioned you can also have \n in a filename.

        2. 5

          Files can actually contain newlines. Try for example touch "$(printf "hello\nworld")".

          It would probably work to use a slash as a separator though, unless the executable name might be a path.

          EDIT: added quotes around $(printf "hello\nworld")

          1. 1

            touch $(printf “hello\nworld”).

            This creates two files where I’m testing. But it seems like I’m able to do it without the printf.

            1. 3

              Sorry, I should’ve written touch "$(printf "hello\nworld")".

              If you just run ls, it will show you 'hello'$'\n''world', but if you redirect pipe ls (for example to less), it will show up on two separate lines.

          2. 4

            Or use a “safer” format like netstring, tnetstrings, or maybe even Bencode.

            1. 3

              Or expose structs over sysctls and ioctls instead of making these damn virtual filesystems…

              1. 2

                I’ve been testing yesterday getting those information through netlinks. There’s a kernel configuration called CONFIG_TASKSTATS (check if it’s enabled in your kernel config first /boo/config* or /proc/config.gz).
                The documentation can be found here: https://www.kernel.org/doc/Documentation/accounting/taskstats.txt There are a bunch of C headers to be able to access the features and there are even Go and Python libraries. I’ve been testing with the Python one, gnlpy (https://www.pydoc.io/pypi/gnlpy-0.1.2/autoapi/taskstats/index.html).
                However I’ve been running into trouble with the permission part, the capabilities(7). This is something that I haven’t found that much documentation on. This rfc http://www.faqs.org/rfcs/rfc3549.html and this manpage https://linux.die.net/man/7/netlink say that users need the capability cap_net_admin but it’s not doing it for me.

                5.  Security Considerations
                
                   Netlink lives in a trusted environment of a single host separated by
                   kernel and user space.  Linux capabilities ensure that only someone
                   with CAP_NET_ADMIN capability (typically, the root user) is allowed
                   to open sockets.
                

                I’ve been trying sudo setcap 'cap_net_admin=p cap_net_admin+i cap_net_admin+e' t.py but it still doesn’t execute as a normal user. But it works perfectly as root.

                Maybe someone here has more info on the topic.

                EDIT: As 1amzave, copying the python interpreter and assigning the capabilities on it works fine.

                1. 1

                  I’m gonna hazard a guess that your setcap not being effective might have something to do with it being interpreted (via a shebang line) rather than a directly-executed binary. Maybe create a copy of your python interpreter (presumably you don’t want to blindly grant CAP_NET_ADMIN to all python code), setcap that, and change your shebang line to use it instead.

                  1. 1

                    You’re right, that was the issue. Copying the python interpreter in a home directory and setting the capabilities on it did the trick. The python script itself doesn’t need capabilities.

                    Overall, I think netlink is great but unlike procfs it’s not that easily accessible.

            2. 1

              ASCII actually has field delimiter characters, which are very rarely used – it’s a shame, because it would make parsing trivial in cases like that.

              1. 5

                Not really, because file names can contain those field delimiter characters.

                It would’ve been nice if there were stricter rules about what charcaters are allowed in a file name. When would you ever want a newline, or field delimiter, or carriage return, or BEL, in a file name?

                1. 2

                  BEL, in a file name

                  When I want to play a small prank by making ls in a given directory make the terminal beep. :)

                2. 4

                  Field delimiters are also valid file names…

              1. 8

                I have a theory. It’s not that users don’t want push notifications.

                Sorry, your theory is wrong.


                Ok. Hyperbole aside. Here is my optimal user experience: I go to a website and find out I like it. Maybe it’s 538 because I’m a politics junkie and I love their blog posts. I go “jeez, I love these posts so much. I’d really like a notification for whenever there’s a new one.” So I see the “subscribe to this blog” button, which is exactly what I wanted. Hot dog. I press it, and I get the request from the browser to allow notifications. “Uh, duh,” I say to myself, “I definitely want this. Hurry up!” I press the button, and bingo, I’m subscribed on my own terms.

                Fast forward a week. I figure out real fast that only Nate Silver’s posts are interesting. I’m ignoring the notifications now for all other blog posts whenever I see them. So I click on his name because I’m interested in reading his past blog posts when I notice that there’s a subscribe button for Nate Silver’s posts specifically. “Oh,” I say to myself, “I’d like this instead.” I subscribe to Nate Silver’s posts, and then I unsubscribe from the whole site. The point is, I’m interacting with the content I want. The site itself is servile. I am the master.

                Fast forward five months. Everyone went a little crazy with the push notifications. I did, too, and now I’m accidentally subscribed to 248 websites. I get push notifications ever 120 milliseconds, on average. This is insane. Suddenly, trumpets blare in the distance. Hark, Vivaldi browser (who?) has added a new browser feature: notification queue. It just stores all your notifications in a list so you can see them later. Awesome… sort of. I’m getting a million of these. Well have no fear. You know how Google Inbox rolled out that sweet semantic categorization of emails so that I don’t have to see advertising ever again? Vivaldi does that, now. So I don’t even have to worry about the accidental advertising, it’s just lost forever in my queue and I never check it. Nice! (Not nice for Newegg).

                Ok, but how do we handle the volume? Easy: add a merge option to push notification. Here’s an example. I’m subscribed to the Dharma and Greg Art Forum (???). I get a lot of notifications because I’m revered for my hyper realistic Dharma and Greg fan art. From a user perspective I don’t want to see two-thousand notifications from DGAF. I just want to see the most recent notification with a lot of info in it. Like a synopsis. “40 messages, last message from DharmaStalker85”. So set the merge option to Merge-Most-Recent. I’m sure they could be a lot more clever with this if they needed to. You could also add priority options like Important or Breaking, which needs no elaboration and the utility is very self evident.

                Look at the web we have, now. I don’t have to visit any of the sites I like to check if there’s something new. I start by checking out my notifications for sites I care about. I prioritize, filter, search based on my whims. Google Chrome revamps their Now product to manage push notifications. It recommends me to check out sites I haven’t looked at in a while (or surreptitiously prioritizes sites that pay it a small fee…). It manages my notifications in evolving and more interesting ways. I already get interesting app notifications on my phone (new Netflix movies, new podcasts, etc.), so it’s time for the browser to catch up, too.

                1. 4

                  I read this comment expecting the punchline at the end to be “and it was really just an RSS feed all along”.

                  1. 1

                    I wrote something like that and deleted it…

                1. 5

                  It seems like all of these issues could be resolved if the processor’s microcode (or the OS’s kernel) had explicit control over cache invalidation. Any microarchitecture researchers here that can comment on the existence of or any research on explicit cache control?

                  I’ve always wondered why the cache can’t be controlled explicitly, even in user mode code. It seems like a lot of performance is probably left on the table by having it automated. It’s like how using garbage collection (GC) can simplify code, but at the cost of throwing away information about memory usage and then having the GC try to guess that information in real time.

                  1. 7

                    My understanding (from David May’s lectures and asking lots of questions) is that memory caches are far too much on the hot path (of everything, all the time) to be controlled by microcode.

                    I remember he mentioned some processor (research? not mainstream, I think) being made with a mechanism wherein you could set a constant in a special register that would be added to the low bits of every physical address before it hit the cache system, so that you could have some user level control of which addresses alias each other. But I got the impression from that conversation that nobody had ever really seriously considered putting anything more than one adder’s worth of gate delays for user control of a cache system because it’s so important to performance and nobody could think of amazingly useful ways that running code could customise cache behaviour that can’t already be achieved well enough anyway using CPU features like prefetches or by cleverly changing the layout of your data structures.

                    1. 1

                      I could image separate load/store instructions for uncached memory access, for example. ARM already has exclusive load/store in addition to normal ones.

                    2. 1

                      The architecture of snooping caches is ridiculously baroque.

                      1. 1

                        Why is that? Afaik the only alternative is directory-based which has higher latency but scales better.

                        1. 1

                          You could design for non-coherent caches with software controlled cache line sync. Most data is not shared but the overhead for shared data is imposed on all transactions.

                          1. 1

                            Software control is probably even slower. One problem is that the compiler has to insert the management instructions without dynamic information like a cache, which means a lot of unnecessary cache flushing.

                            If you go for software controlled, I would rather bet on fully software managed scratch pad memory. There seems to be no consensus how to use that well though.

                            1. 1

                              Very few memory locations are shared - probably fewer should be shared. Snooping caches are designed to compensate for software with no structure to shared variables.

                      2. 1

                        Looking at the Spectre proof of concept code, it looks like there already actually is a way for user mode code to explicitly invalidate a cache line, and it’s used in the attack.

                        Perhaps a microcode patch could use this feature of the cache to invalidate any cache lines loaded by speculative execution?

                      1. 14

                        tl;dr:

                        • Meltdown is easy to exploit and gives access to kernel memory and other programs’ memory from userspace. Affects Intel CPUs. There is a kernel fix that more or less doubles the cost of context switches.

                        • Spectre is hard to exploit and allows access to some other program’s memory. Affects all main CPU vendors who implement speculative execution. There is no fix, but some userspace mitigation should be possible, at the significant performance cost of preventing speculative execution.

                        1. 23

                          And this in the Spectre paper is horrifying:

                          In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.

                          This is likely an unprecedentedly huge problem for the next several decades (thinking of all the enterprise and embedded systems this affects), and the “mitigation” sections of the papers are not encouraging.

                          1. 4

                            I didn’t read about Spectre yet, but I read a paper from 2015 saying the same thing (?):

                            The spy in the sandbox: Practical cache attacks in javascript and their implications

                            So does anyone know if Spectre is worse than this?

                            https://scholar.google.com/scholar?cluster=1498045933646289522&hl=en&as_sdt=0,5&sciodt=0,5

                            We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim’s machine – to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today’s web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al. [23], allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser.

                            1. 9

                              To the best of my understanding, it builds on that work and is far, far worse.

                              Previously you could execute a timing attack (in JS) to observe the value of some piece of information that is being processed by the victim at the time your code runs.

                              My understanding is that now you can discern contents of a victim’s memory (that aren’t necessarily being touched at all by the victim) by doing something along the lines of:

                              • causing the CPU to speculatively execute loads that are dependent on the value of data that you’re not supposed to be permitted to read
                              • observing the effect of that speculated (and aborted) load on the state of the cache
                              • by observing the state of the cache, glean some information about what is in the memory that you aren’t supposed to be allowed to read
                              • because the attempt to read unreadable memory happened in an not-taken (only speculated) branch, it didn’t officially happen according to the ISA, so it doesn’t cause a segfault or anything that’d stop you carrying on with this nefarious deed

                              I need to read this again to be sure but I’m under the impression that Spectre is a relatively slow information leak that can be adapted to more or less any CPU with speculative execution but Meltdown is a much faster and hence practical attack that makes use of specific foibles of specific Intel chips.

                        1. 3

                          Time to rewrite all our programs to drastically reduce the number of system calls they make. Not to make the security problem go away, but to shrink the performance impact of the workaround for it. :)

                          1. 3

                            The main piece of code I work on for work exports stats to a shared memory segment that we can see in the UI. One of the most important stats is “avgcommit” - the number of units written per syscall. It is, by far, the most important performance statistic we have.

                            1. 1

                              Cool! If you’re looking closely at that, are you getting into the kind of territory where you might want to be looking at the storage equivalents of DPDK’s approach? By that I mean an approach like driving iSCSI or FC HBAs or NVMe controllers directly from userspace instead of via a kernel filesystem. I think that https://software.intel.com/en-us/articles/introduction-to-the-storage-performance-development-kit-spdk is the kind of thing I’m thinking of.

                              1. 1

                                We’ve looked into similar things, but the limitations on what hardware we can use and how we interact with legacy systems means that it’s basically a non-starter. Instead we do some cleverness with how we write both data and metadata, and end up writing about 250-300 units and their metadata per syscall (the original system, written before I got here, was one syscall per unit and one syscall per metadata chunk).

                                The 250-300 units metric is the speed that we’re receiving things, so we’re operating at speed. I’ve got some ideas on how to speed things up further, but they’re radical departures from what we’re doing now, so much so that it would be essentially a complete rewrite of the subsystem.

                            2. 3

                              system calls are already ridiculously expensive.

                              1. 2

                                Good thing I’ve got a one year head start. :)

                                1. 1

                                  What, pledge()? I thought that was more of a restriction of variety rather than frequency. ;)

                                  1. 3

                                    No, just running ktrace and asking “why is this program being stupid?”

                              1. 3

                                Come to think of it, I would be willing to gamble that Cyrix CPUs don’t exhibit this bug either ;)

                                1. 3

                                  2560x1600 at 2x DPI scaling so I can have nice font rendering on a screen small enough to hold.

                                  But, serious answer:

                                  • more, better sleep
                                  • oh god actual exercise I suppose
                                  • stop trying to work hard and work productively instead
                                  • get rid of all the junk in my flat and put up at least one flat pack bookcase
                                  • make my career actually go somewhere
                                  • release my still-unreleased side project before rather than after the game it’s based on completely dies
                                  1. 3

                                    I wonder if it wouldn’t be a better solution to actually teach people to work with legal terms so that they can understand terms of service themselves. Identifying the legally critical sections and skimming the rest is a vital (but difficult) skill.

                                    1. 3

                                      Even if I understand what all the terms mean, the sheer length of all the EULAs I’m presented with still makes reading them prohibitively expensive.

                                    1. 1

                                      It seems to have learned that shades of grewn that remind people of hospital walls should be named after drugs. :)

                                      1. 6

                                        I think the best map in here for navigation is the last but one - the one with the cities, and roads that connect them, but without most of the road labels.

                                        The intent with the paper map is that I use this view to get pretty much all the way to my destination.

                                        • I need all the road names on it, to know where to turn. -The paper map has a finite area and detail level.
                                        • If I’m going to somewhere unfamiliar, I’ll probably have to carry two maps at different sizes.

                                        With the Google map, I can do things a bit differently:

                                        • At any point I can pinch to zoom in to get a higher detail map covering a smaller area.
                                        • I can type in the names of the places I want to go and it’ll give me turn by turn directions.

                                        I think the computer map should not look the same as the paper map because it isn’t for solving the same problem.

                                        1. 1

                                          This all seems sensible and nice. :)

                                          One tiny nitpick: where you used the word “abstract” here, I’d have used the word “isolate”.

                                          1. 2

                                            Makes sense. Will remember it; thank you!

                                            1. 16

                                              I really can’t feel bad for companies on this. They’ve demonstrated over and over again that they can’t be trusted to do the right thing on their own.

                                              I wish the United States could enact a law like this, but who am I kidding?

                                              1. 0

                                                I really can’t feel bad for companies on this. They’ve demonstrated over and over again that they can’t be trusted to do the right thing on their own.

                                                Even the one-man companies currently just starting out that are under threat of 20M EUR fines for not complying with rules that are practically impossible to comply with?

                                                You’re not seeing the big picture here. The EU says it wants to “protect” people with GDPR, while all governments are spying on people as much as they can.. It’s fucking ridiculous.

                                                1. 18

                                                  Even the one-man companies currently just starting out that are under threat of 20M EUR fines for not complying with rules that are practically impossible to comply with?

                                                  Especially those ones because otherwise they have no checks and balances whatsoever and the single person in charge will do whatever they feel like without telling anybody.

                                                  We don’t let small restaurants ignore food safety, or small construction companies ignore building codes, why would we let small internet companies ignore privacy regulations?

                                                  You’re not seeing the big picture here. The EU says it wants to “protect” people with GDPR, while all governments are spying on people as much as they can.. It’s fucking ridiculous.

                                                  Just because the government is spying on us doesn’t mean we should allow corporations to do it too. We don’t have to solve both problems at the same time.

                                                  1. -5

                                                    Do you sincerely think that small companies need to be threatened with 20M EUR fines to keep them in check?

                                                    I mean.. seriously? I hope you’re trolling, for your sake.

                                                    Just because the government is spying on us doesn’t mean we should allow corporations to do it too.

                                                    Who’s “we”? -The faceless bureaucracy of the EU that’s hoisting this pile of garbage on productive people?

                                                    1. 7

                                                      I’ve downvoted you as troll because we don’t have anything like “unnecessarily rude”.

                                                      Please try to be less abrasive with your posts.

                                                      1. 5

                                                        Do you sincerely think that small companies need to be threatened with 20M EUR fines to keep them in check?

                                                        Another way of putting this is “do you sincerely think that small companies need to be threatened with being put out of business entirely if they disregard their customers’ safety?” and my answer is yes, absolutely.

                                                        Restaurants operate perfectly well under there threat of “if you give a noticeable quantity of customers food poisoning even once, the FSA will permanently shut you down”.

                                                        It’s perfectly sensible to me that any other business capable of ruining a whole bunch of peoples’ lives should be held to the same standard.

                                                        1. 0

                                                          Another way of putting this is “do you sincerely think that small companies need to be threatened with being put out of business entirely if they disregard their customers’ safety?” and my answer is yes, absolutely.

                                                          You know you’re comparing apples to oranges, right? Someone’s e-mail address staying in a database somewhere “against his will” is not comparable to feeding people rotten/contaminated food or something.

                                                          Regardless, neither warrants a 20M EUR penalty, and in the first case, it’s just utterly insane. You also understand that just fine, so why are you arguing against me?

                                                          It’s as if EU regulators were completely oblivious to the existence of small businesses, which they’re actually not, of course, because they’re not that fucking retarded/insane.

                                                          So they’ve set MegaCorp level fines for everyone for some reason other than insanity/stupidity. But it’s not for no reason, and it’s not because it’s reasonable either.

                                                          And obvious truth is met with hostility, as always.

                                                          1. 2

                                                            you’re comparing apples to oranges

                                                            Privacy violations don’t happen at a rate of 1 or 2 per incident, they hit thousands of people at a time.

                                                            neither warrants a 20M EUR penalty

                                                            You won’t be paying 20M EUR. Your company will be accruing a 20M EUR debt that it will immediately fold under. You founded a limited liability company for this reason. The number could be 13.37B EUR and that outcome would be the same for small companies.

                                                            Folding your company is a perfectly fair outcome for you flagrantly violating other peoples’ privacy rights.

                                                            met with hostility

                                                            I didn’t say anything rude to you at all. You asked a question, “Do you sincerely think that small companies need to be threatened with 20M EUR fines to keep them in check?” and I gave a completely polite answer. You just read it as hostile because you don’t like that answer edit: because people downvoted you a lot, which, to be fair, probably feels hostile.

                                                        2. 2

                                                          Do you sincerely think that small companies need to be threatened with 20M EUR fines to keep them in check?

                                                          I do sincerely think companies who can’t respect people’s privacy and don’t take the issue seriously should go out of business. The size of the company has nothing to do with it. The potential damage done once the info escapes into the wild is the same either way.

                                                          It’s unfortunate that it takes the threat of a 20M EUR fine and possibly going out of business to drive the point home, but asking nicely and hoping companies do the right thing hasn’t worked.

                                                          Who’s “we”? -The faceless bureaucracy of the EU that’s hoisting this pile of garbage on productive people?

                                                          If they can’t harness some of that productivity to protect the private data they collect, then good riddance.

                                                      2. 3

                                                        The EU says it wants to “protect” people with GDPR, while all governments are spying on people as much as they can

                                                        States (for better or worse) need a monopoly on coercion. Some of them have realized that the breakdown of privacy is eroding that monopoly, and they’re reacting.

                                                        1. -4

                                                          That doesn’t make sense, but you’re probably just trolling again, so whatever.

                                                          1. 2

                                                            What doesn’t make sense about it?

                                                            I’m not making a value judgement about whether it’s a good thing or not; I’m giving a reason why a self-interested state would choose this course of action.

                                                            Separating value judgement from behavioral reasoning is the only way to make sense of others behavior when they don’t share your values.

                                                        2. 3

                                                          Why do you think they are impossible to comply with? Germany has had laws like this for years and it works just fine.

                                                      1. 6

                                                        It hasn’t improved much IMO.

                                                        Haskell is normally extremely strong when it comes to well-designed and reusable abstractions. Unfortunately that appears to be more or less absent from the Haskell crypto libraries. There are a few different monad classes for pseudorandom number generation, for example, and all of them are overcomplicated. I often end up just rolling my own (monad, not PRNG) when I need clean random number generation.

                                                        There are a few decent libraries available for sundry concrete cryptographic tasks, but well below par for the Haskell ecosystem.

                                                        In fairness, cryptography libraries are bad across almost all languages, but I expect more from Haskell.

                                                        1. 4

                                                          Is it fair to suggest that Haskell expects more from you, too? I mean, you’re certainly welcome to contribute.

                                                          1. 3

                                                            In fairness, cryptography libraries are bad across almost all languages, but I expect more from Haskell.

                                                            Why? Does Haskell have any special features that make it fundamentally easier to correctly implement cryptography algorithms compared to other high-level languages? Parametricity doesn’t particularly help when all your routines map tuples of integers to tuples of integers.

                                                            1. 4

                                                              Does Haskell have any special features that make it fundamentally easier to correctly implement cryptography algorithms compared to other high-level languages?

                                                              Yes, e.g. QuickCheck, QuickSpec, LiquidHaskell, etc.

                                                              1. 4

                                                                These get you some of the way but there’s a whole class of dude channel attacks we have very little ability to reason about in Haskell. Timing is something I have no idea how to talk about how to make a constant time Integrr multiplication algorithm and be sure it is constant time.

                                                                My dream for this sort of work is a inline-rust package, in the vain of inline-c, so we get memory safety but also a language which better allows timing analysis.

                                                                1. 2

                                                                  inline-rust is something I want in every programming language. :)

                                                                  I think it’s possible that a subset of Haskell in which you only use primitive types and primops (like Word32# and MutableByteArray# and so on) and can’t have any laziness anywhere (because no values are ever boxed) might be more amenable to timing analysis.

                                                                  I’m not sure if there is a pragma or Language setting in GHC that can automatically enforce that everything in a given file uses only primitives and primops.

                                                                  1. 2

                                                                    Check out Jasmin for language implementing high-assurance crypto. Once again, it’s achieved with a language quite opposite of Haskell’s high-level style.

                                                                    1. 2

                                                                      That would be cool indeed—but I can already viscerally imagine the impact on build times from invoking the Rust compiler via Template Haskell… :)

                                                                    2. 3

                                                                      In 2017, QuickCheck is by no means specific to Haskell. Nowadays you can find property-based testing libraries and frameworks for just about any language.

                                                                      As for LiquidHaskell, the real verification is performed by an external SMT solver. So again I don’t think this constitutes a Haskell-specific advantage.

                                                                    3. 3

                                                                      Because Haskell libraries are, in general, much higher quality than libraries in other ecosystems I use. Correctness also isn’t the concern — I have little doubt that the crypto libraries are correct. The concern is usability. Most of the Haskell crypto libraries are clumsy, typically because they just wrap some C library without providing any additional abstractions.

                                                                      1. 2

                                                                        So you are confident the underlying C library is correct?

                                                                  1. 13

                                                                    Finally! This article is about desktop, but OpenSSH is coming to all of Windows, including IoT Core where I work. I’ve been championing the upgrade for years now. Compared to our old SSH implementation, OpenSSH is more stable, supports newer encryption standards, and can send files over sftp.

                                                                    Very excited to see this land. Kudos to the Powershell team for putting in most of the porting work, and of course to OpenBSD for developing OpenSSH in the first place.

                                                                    1. 5

                                                                      Last time I tried anything microsofty in that sort of realm I started throwing things at the screen. (Can’t remember what it was telnet maybe? Their built in “term” thing?)

                                                                      It obstinately refused to resize, and got the wrapping horribly wrong and clearly had been written by somebody who had an ideological hatred of the command line.

                                                                      Downloaded putty and…. Oh My! It all just worked and worked correctly!

                                                                      So merely having a ssh client will not cause me to shift from putty, having a ssh client that works properly and slickly might convince me.

                                                                      1. 7

                                                                        Well, for IoT Core I’m more excited about the OpenSSH server than the client. I’ve been connecting to it with PuTTY.

                                                                        That said, the Windows command-line has vastly improved from 8.1 to 10. The biggest improvement is that text reflows as you resize the window. Copy/paste was also improved.

                                                                        Telnet and SSH are just transports. I bet your frustration was due to the old Windows conhost.exe being a terrible terminal.

                                                                        1. 2

                                                                          When you connect to IoT Core via SSH what shell are you dropped in to?

                                                                          1. 1

                                                                            Just plain old CMD. Usually Powershell is present too, but OEMs can choose to build an image without Powershell.

                                                                            If you want to connect directly to a Powershell session, it has its own remote shell feature, enter-pssession.

                                                                            1. 1

                                                                              There’s a more detailed answer by Joey Aiello in the HN thread.

                                                                          2. 3

                                                                            Their built in “term” thing?

                                                                            AFAIK some projects such as the Git command line utilities for Windows have for years now shipped with a TTY which is based on PuTTY’s TTY (just not using any of the SSH code or anything) and it’s much nicer.

                                                                            1. 2

                                                                              ConEmu is another tool that will improve your commandline life on Windows. As for Microsoft products, there are many people who swear by Powershell!

                                                                              1. 2

                                                                                Powershell is a nice shell, but it lives inside the same terminal (conhost.exe) that CMD does.

                                                                                1. 1

                                                                                  Cmder is a great shell built on top of ConEmu that even has support for the quake-style appear/disappear animation.

                                                                              2. 2

                                                                                Try cmder for a decent terminal. The git version comes with a bunch of tools (including ssh, ls, etc) and provides a terminal experience on Windows that won’t make you throw things at the screen (hopefully!).

                                                                              3. 1

                                                                                That’s pretty impressive. OpenSSH makes a lot of POSIX assumptions about things like PTYs and fork.

                                                                              1. 10

                                                                                Honestly, I can’t help but to feel very bearish on ETH. I really like the idea, but I think the implementation is poor, and the community is poorly aligned in values to making it a success.

                                                                                The most important construct in ETH that sets it apart from other currencies is the Smart Contract. I don’t believe though that these are either smart, nor contracts. Whether or not you agree with the resolution of the DAO hack or not, the fact that we consider it a hack to be in some way resolved indicates we do see smart contracts as programs that can and should be changeable to better meet the intent.

                                                                                Based on the DAO and a number of other issues with smart contracts, I don’t think they are smart based on the design of the language being so poorly adapted for the kind of verification needed to make robust contracts. It isn’t smart.

                                                                                Based on the communities willingness to fork over contract actions they don’t agree with means they aren’t contracts. In real life, if you’re duped by a creative but legal (as judged by the legal process, or in this case the execution on the blockchain) interpretation, you need to suck it up and move on. In Ethereum, you can fork, and in practice the group that lead to the fork of ETH were a minority. Smart contracts aren’t contracts because by the decision of a few they can be rewritten without the agreement of all involved parties.

                                                                                Ultimately, if I were looking to do non-hobbyist business, either as the business or a customer, for these reasons I wouldn’t feel comfortable using Ethereum.

                                                                                1. 19

                                                                                  I am not a lawyer, but I did grow up with one, and I’m pretty sure a legal but clever and tricky contract has legal grounds to be thrown out in court.

                                                                                  As a kid I was curious if the “tiny fine print that you couldn’t read” could really be used to trick someone. It can’t. The legal system is very aware of the distinction, it’s called acting in good faith.

                                                                                  Again, not a lawyer, not legal advice, don’t make choices based on what I’ve said, but it’s not as cut and dry as you claim it is.

                                                                                  1. 15

                                                                                    And contracts with “bugs” in them (i.e., that don’t accurately represent the intent of the parties) aren’t taken literally either. There are rules/principles about how to interpret them that are much more nuanced than that. Only a programmer who doesn’t get out much would think that a better approach is to eliminate the potential for ambiguity and then always interpret contracts literally.

                                                                                    1. 7

                                                                                      I generally understand your point and agree with it, but what I’m suggesting is that the execution of a smart contract is the legal process in this context.

                                                                                      It’s not that it’s right or wrong that the contract was interpreted/executed in a given way, it’s that after the field has been set and the dice cast, then going back in time and writing out the execution because some definition of majority (usually a minority in practice) didn’t win is the issue.

                                                                                      Changing how the outcome played out after the fact that it was interpreted and executed feels (in the context of a smart contract being interpreted by the legal process of the block chain) like an extrajudicial action by people who lost out.

                                                                                      1. 5

                                                                                        The legal system has been dealing with smartasses since before your ancestors were deloused.

                                                                                        Think of it like the efficient market hypothesis: People have been banging on legal systems for so long that you can reasonably assume that all of the interesting stuff has been found, and is either a known technique or is already illegal. There might be exceptions to this, but the fact the system is administered by humans who exercise human judgement closes a lot of novel loopholes, as well.

                                                                                        1. 3

                                                                                          I’d go one step further and assert that, in legal systems that have been functioning for centuries and are thoroughly debugged, some obvious glaring flaws will continue to exist, but they are those that are actively maintained by some group which has an extraordinary amount of power and stands to gain an extraordinary amount of wealth from them.

                                                                                      2. 4

                                                                                        I used to think this way, until I realized that all these high-profile bugs in applications on Ethereum have very little to do with the code in Ethereum.

                                                                                        The DAO is a good example. It was not written by the core Ethereum project. It was a distributed application written by unrelated developers, and crowdfunded by a token sale. Blaming the Ethereum project for DAO’s code quality is like blaming the Unix developers for a segfault in some third-party app.

                                                                                        1. 3

                                                                                          You don’t have to blame the core developers for the DAO contract code’s bugs to blame them for forking the block chain to “fix” the bugs for THE DAO developers.

                                                                                          Those are two separate acts from two separate groups of people.

                                                                                          1. 1

                                                                                            On the other hand, one of the Ethereum founders was responsible for the Parity bug.

                                                                                            1. 1

                                                                                              I agree with you but think the conclusion you draw is incorrect. While Solidity itself is not a bug, the language itself is part of the design of Ethereum, and by using a language (Solidity) that is so poorly adapted to verification, it’s made it easier for users to write buggy contracts.

                                                                                              1. 1

                                                                                                C is buggy, but that didn’t kill Unix.

                                                                                                Unless a credible competitor appears, I think Ethereum will continue to dominate the smart contracts space.

                                                                                                1. 2

                                                                                                  C isn’t buggy. Solidity isn’t buggy. Their use in the systems mentioned have lead to more bugs, and an environment more user- and developer-hostile than had they instead been replaced with other languages.

                                                                                                  I agree that Solidity won’t kill Ethereum, but a credible competitor will. I think it is almost a certainty that the biggest shining star of a more mature smart contract blockchain system will be better verifiability in the language. It might not be the immediate killer of Ethereum, it might not even be the technology that kills the Ethereum killer, but I really do think that a verifiable in practice language will be a requisite feature for a smart contract technology that isn’t as known for being a massive footgun as Ethereum is.

                                                                                                  1. 1

                                                                                                    Wait, since when is C buggy?

                                                                                                    1. 1

                                                                                                      I should have been more precise.

                                                                                                      While C itself is not a bug, the language itself is part of the design of Unix, and by using a language (C) that is so poorly adapted to verification, it’s made it easier for users to write buggy programs.

                                                                                                      Buggy programs didn’t kill Unix, so I doubt Ethereum is in danger.

                                                                                            1. 3

                                                                                              That is a crazy bug. So I wasn’t wrong to be suspicious of M:N threading? I understand why Go went that route, but the complexity is crazy.

                                                                                              Here is another example of a years-long bug related to M:N threading (which I saved years ago):

                                                                                              https://github.com/golang/go/issues/1435

                                                                                              1. 1

                                                                                                the only runtime that gets this right is Erlang/OTP’s BEAM, with pre-emptive concurrency.

                                                                                                1. 1

                                                                                                  I’d argue that the bug is having direct calls between code produced by two different compilers that disagree about what the ABI is, rather than it being m:n threading itself that’s the culprit. You could hypothetically want really tiny stacks for some other reason than m:n threading and get the same bug?

                                                                                                1. 5

                                                                                                  Fascinating read, including the RAM heating aside!

                                                                                                  I’m curious about the implications of that racy ORQ stack probe though. If that’s actually not a no-op due to reading and writing back memory, isn’t that still a likely cause of even more obscure bugs? Say for a concurrent program sharing its stack space between multiple thread. Could the GCC probe be done in a safer (or more obviously safe) way?

                                                                                                  EDIT: The LKML thread goes into the details a bit further: https://lkml.org/lkml/2017/11/10/188

                                                                                                  1. 3

                                                                                                    It shouldn’t cause any bugs, the mitigation works by writing to each page that’s beyond your current end of stack, i.e. uninitialized memory, up to the amount of stack your function needs. It’s trying to hit the end of stack guard page. Lots of good details in this stack clash exploit write up.

                                                                                                    1. 2

                                                                                                      Say for a concurrent program sharing its stack space between multiple thread

                                                                                                      If I understand right, it’s okay because it’s probing beyond the end of the stack. I’m not allowed to use a region on my stack beyond the current stack frame at all for anything (on this thread or any other) at all without invoking UB. With the stack protection scheme that is in use there, it must be mandatory to have guard pages at the ends of stacks, so the end of a stack is never close enough to another data structure to be in danger.

                                                                                                    1. 5

                                                                                                      Wow, this is going to be cool! One of the biggest gripes I have with both Ruby and Python is that it’s so hard to understand what is happening when your program is no longer making forward progress and your logs just stop. When I try to sample the process, I just get code from the interpreter executing some generic byte code operations. If I’m lucky, the code is calling into some C library or implementation and I can infer where in the code the program has halted or is looping over or is spending most of it’s time.

                                                                                                      1. 3

                                                                                                        Have you tried DTrace? Ruby has been instrumented since 2.0. Most of the popular language runtimes are!

                                                                                                        1. 2

                                                                                                          My vague impression is that Python code “ought” to be easy to pull a stack trace out of, without needing to modify your program, provided you have debug symbols for the interpreter, because you can walk the Python stack automatically in gdb with a script that knows which C functions correspond to bytecode evaluation and which of their local variables correspond to line numbers and function names - see py-bt on https://wiki.python.org/moin/DebuggingWithGdb

                                                                                                          1. 1

                                                                                                            Visual studio made some really impressive stuff for seamlessly switching between c++ and python callstacks. https://docs.microsoft.com/en-us/visualstudio/python/debugging-mixed-mode

                                                                                                          2. 2

                                                                                                            Agreed! One of our Ruby apps has a section that seems far too slow for no apparent reason. Last time I worked on it, I spent a day or so fiddling with profilers, to no avail. Anything that makes that easier is a good thing for the Ruby ecosystem.