1. 8

    That’s quite saddening. Thank you for sharing it.

    1. 4

      Congratulations, @alynpost! I look forward to working with you. It’s well deserved.

      1. 3

        Perhaps I missed it, but it doesn’t appear that this author has considered what should happen in the case where an attacker steals the backup token, while the account owner still has the primary token. As I understand it, the backup token automatically and immediately invalidates the primary token when it’s used. That means it could be used on its own to lock the owner out, which seems undesirable.

        Of course, the same thing could be done with two credentials that act as “peers”, although an attacker would have to do more than just log in. So I’m not sure it’s actually a problem. But I’d appreciate a flowchart or similar analysis of the recovery flows for various attack scenarios, granting equal attention to those where the attacker “wins”.

        1. 4

          Yes sure, if an attacker manages to get the backup token, and if they also have your password so they are able to actually login to your account, then, bad luck. But, well, the whole point of that story is to be able to hide backup so far away so that the probability of such event is negligeable. So it’s up to the token’s owner to secure the token properly.

          And again, let’s not forget that the u2f token is just one factor; if by any chance someone gets my backup token, it’s not at all enough for them to use it. I keep my passwords in a keepassx database with huge number of transform rounds, so I don’t really believe I could ever be that unlucky to get both my passwords and backup token compromised.

          1. 4

            Oh, I agree that your design decision is reasonable and that there are ways to mitigate the concern. I just think it’s useful to discuss these threats, both so users can make their own decisions about what works for them, and for didactic purposes to show how to reason it out.

            1. 2

              Thanks, that’s fair point; I should update the article with those details.

        1. 2

          We (Amazon Web Service Elastic Filesystem) are!

          https://www.amazon.jobs/en/jobs/703035/software-development-engineer-ii

          Don’t believe the hype. Working for Amazon has been a literal life changer for me. Nothing is ever perfect, and this place is no exception, but there’s plenty of awesome around here and we work at a scale that few can match. The job is full of challenges and it’s a VERY different day to day experience from any company I’ve ever worked, but I love it.

          Most of our work is Java or C/C++ and a bunch of Python on the infrastructure side.

          Feel free to list me (cpatti at amazon dot com) as a referral if you apply, and let me know so I can connect the dots internally :)

          1. 2

            Hey @feoh! I’ve several times tried to apply for an SRE where I live but NEVER got any answer back. My profile is probably still a bit too young (4years exp), but I’m looking for great environment and teams to learn from. Would you have any idea about the profile matching this kind of job @ Amazon?

            1. 2

              It depends very much on the job level of the job in question.

              Also I don’t exactly know what “SRE” maps to in Amazon-ese :) My job title is “System Development Engineer” and that’s a good guess, but I’m not sure.

              If it’s a SysDE role, things we look for generally are:

              • Solid coding ability: You need to be able to implement simple algorithms and solve common systems problems in code. In practice this means you should know an actual programming language, not just bash, and be able to demonstrate that with a simple collaborative coding task.

              • System design at scale

              • A functional understanding of networking

              And then there are the less technical areas like our Leadership Principles. Definitely do some thinking on those and how each might apply to various situations in your career.

              As to finding a way in - network! Amazon has a sizable presence on LinkedIn. Reach out and politely ask quesitons of people, and don’t be afraid to be persistent. People are busy and may not get to you right away. Just be respectful of the fact that you’re asking for a leg up and you’ll be surprised at the response you might get.

              Good luck!

              [Note - I’m not speaking for my employer, just giving you my impressions of what we tend to look for in this one particular area.]

              1. 2

                Thank you so much for this comprehensive answer! That’s super helpful and I’ll definitely give a try!

            2. 1

              Every once in a while I get poked at by an Amazon recruiter on LinkedIn. Usually, I say it sounds awesome but I’m not willing to relocate, and I never hear back. :P

              1. 4

                I hear you. It was like that here for a long time too, and then around 5-6 years ago our director pitched a Boston office to the Seattle management chain and it worked. Now we’re booming.

                It’s kind of frustrating how cavalier some recruiters are about locating. My answer usually shuts them up “My wife is a VP at a bank, makes more than me, and has held the same job for 15 years. There is NO way we’re gonna give that up.”

                1. 2

                  Recruiters seem to believe, and in the aggregate they’re correct if only because it’s a self-fulfilling prophecy, that anyone who would answer their unsolicited emails can’t afford to be picky.

                  1. 2

                    I’ve wondered about that. Like, as in, what is their ACTUAL success rate? I get the impression that tech recruiting is one of those fields like real-estate. There WAS mad money to be made for a while so a lot of people got into it. But these days, with the web and with much better networking all around.

                    1. 2

                      It’s hard to tell. I expect that some of the larger “hiring” websites have some data on it for their own purposes, but for the rest of us, I don’t see any way to find out.

            1. 4

              Customers do not care what deals Intel/AMD have made with whom.

              The second a competitor comes along that doesn’t have this nonsense built-in, companies that sell computers will begin to source their CPUs from them. It has already begun with RISC-V, some ARM CPUs, POWER9, etc.

              Computer security has never been more important than it is now, and its importance is only increasing. Security experts, IT experts, their friends, and their families, etc., will vote with their money.

              Meanwhile, these companies will be dealing with lawsuits for intentionally selling customers faulty, backdoored malware. Have fun with that.

              1. 11

                I certainly hope you’re correct that the market will demand better. I think it’s possible, but I’m not as optimistic as you. Getting end users to care about security, even when the lack of it directly harms them, isn’t easy.

                1. 0

                  Getting end users to care about security, even when the lack of it directly harms them, isn’t easy.

                  I am optimistic because it’s simply the reality. The “users don’t care about privacy/security” refrain is just one of those things some people like to say. It’s total nonsense.

                  People use insecure, poorly designed technologies only when well designed, secure versions of those technologies do not exist. It’s just a market cycle. Poorly designed tech where engineers cut corners comes out first, and then the properly designed versions come out later. The instant they go on the market everyone abandons what’s broken and upgrades to the newer and better tech. This has always been the case.

                  1. 3

                    Engineers cutting corners is one thing. Entire industries conspiring to preclude any alternatives is another beast altogether.

                2. 9

                  The second a competitor comes along that doesn’t have this nonsense built-in, companies that sell computers will begin to source their CPUs from them.

                  There’s been competitors to Intel without the nonsense built in, with simpler architectures, faster at one point, and so on. Many went bankrupt, the products were withdrawn, or the company got acquired. So, your claim has to be assumed false by default given the market history is exactly the opposite. The combo of monopolistic tactics by Intel/IBM/Microsoft and the lock-in to x86 software made that happen. On x86 side, it was mostly the same with AMD happening because IBM forced it to happen. There’s one, surviving, third party that focused on lowest, energy usage. The Centaur’s were sold by VIA but VIA was losing boatloads of money. So, you don’t have a lasting, success story that was able to do non-coerced license of x86 for high-performance chips.

                  The good news is the prevalence of doing everything in the browser already got hardware diversity in via netbooks and tablets. The new architecture having excellent browser and codec support might be enough to get some of that market. Throw in sync with all devices plus online, private backups. There’s some potential. I’ve also been toying with ideas about cloud servers (esp for web stuff), network appliances, kiosks, and so on. Whereas, taking down Intel/AMD will require x86 support for legacy, x86-optimized apps. Intel publicly threatened to use patent suits on any company that does that.

                  “People use insecure, poorly designed technologies only when well designed, secure versions of those technologies do not exist.”

                  That’s nonsense. There are easy-to-use, private solutions in a number of areas. Let’s just say search, chat, email, and backups. The market at large uses the insecure offerings, even those with harder UI. That’s because they thought they were a good deal for every reason but the one you gave: truly private or secure. They don’t care about that. I think the easiest counterpoint is that the top providers of email and ways to hang out with friends are surveillance companies. They know it, private IM’s or group messages aren’t so hard, and they still use the surveillance platforms anyway. That’s hundreds of millions to billions of people. Where’s your market data backing your point a similarly-sized number of people cared enough to switch to DuckDuckGo, Signal, or SpiderOak? I’m cherry-picking things advertised as private that are easy to use with media coverage.

                  1. 2

                    taking down Intel/AMD will require x86 support for legacy, x86-optimized apps. Intel publicly threatened to use patent suits on any company that does that

                    Microsoft implemented their version of qemu-user into Windows on ARM. Is Intel going to sue them? :)

                    1. 1

                      I doubt it. We’ll see how far that goes given the performance difference. Also, we goes from one sue-happy, ISA monopoly to another. Least the SoC’s themselves are more diverse.

                      1. 2

                        re: performance — it’s not intended to be the primary way to run apps, it’s more of a transitional step, like Rosetta was for Apple. The plan is probably something like:

                        • Microsoft says to customers: “you can buy this, this is real Windows, not like RT was. It runs Photoshop!”
                        • People buy the devices, get somewhat disappointed with the performance of heavier apps, but still keep the devices
                        • Developers port their apps to AArch64 and ship native compiled versions to increase performance
                        1. 1

                          Now, that’s a great idea! There’s still going to be a legacy base whose stuff won’t port. I think the larger part of the market is using stuff that’s still getting updated. So, that strategy could gradually pull them off x86 if ARM chips get good enough for those users. I’m thinking more like cost-effective with nifty features their SoC’s support more than performance. The multimedia and sensor stuff on a SnapDragon is an example.

                    2. 1

                      There’s been competitors to Intel without the nonsense built in, with simpler architectures, faster at one point, and so on. Many went bankrupt, the products were withdrawn, or the company got acquired. So, your claim has to be assumed false by default given the market history is exactly the opposite.

                      I’m pretty sure you’re making an elaborate strawman argument to my point. The Intel ME thing is only recently in the news relative to the timeline you’re considering. It was not a factor back then. Now it is.

                      Where’s your market data backing your point a similarly-sized number of people cared enough to switch to DuckDuckGo, Signal, or SpiderOak? I’m cherry-picking things advertised as private that are easy to use with media coverage.

                      DuckDuckGo’s search results were (and are) historically poor compared to Google’s. So it’s not “well designed”. I chose my words and criteria carefully.

                      As far as Signal goes, it has a very large and growing userbase, but it too, doesn’t offer the same (or better) level of quality that the popular messaging services offer. It’s pretty darn buggy. Nevertheless, I use it almost exclusively with all of my friends. These technologies don’t go from zero to out-competing incumbents in a day. It obviously takes some amount of time. Facebook is losing users (to a service that advertises privacy as its #1 feature, albeit misleadingly), Signal and Telegram are gaining users.

                      As for SpiderOak, I can’t comment on that. Apple’s Time Machine backups are a better idea than cloud backups, no matter who your provider is, and I’m guessing Apple’s Time Machine has more users than whatever it is you have in mind.

                      1. 4

                        The Intel ME thing is only recently in the news relative to the timeline you’re considering.

                        People have been talking about Intel and DRM for a long time. I have a comment in this thread with links. That the markets ignored the risks to keep buying Intel isn’t a strawman so much as what they actually did. You were talking the hypothetical stuff that might cut into whatever their current, public revenues are. Hasn’t panned out yet if you’re talking secure processors or something like that.

                        re competition had issues. Most of the big, tech companies had products with issues when they started. Some of the biggest were trash-talked as garbage by many developing for them. They still got tons of users because those wanted or had to use what they offered. It seems like anywhere from most to all the companies focused on privacy or security that actually works vs checklist BS have failed to accomplish anything. You can get rich via sales or VC off a shitty, non-security app many times over before one, secure app will get high uptake. Must be some underlying principle or principles at work, yeah?

                        It’s why these days I tell people wanting private/secure apps to hide or embed that in a product sold on every other kind of benefit that people actually jump on. Enough people doing that might give us what we need. It will probably take a lot of time and cooperation, too.

                        1. 2

                          People have been talking about Intel and DRM for a long time. I have a comment in this thread with links. That the markets ignored the risks to keep buying Intel isn’t a strawman so much as what they actually did.

                          This is not true. I repeat myself: the problems of Intel ME were unheard of and out of the public’s consciousness only until recently, and even now, still, many are unaware of its existence. This is fact.

                          Likewise it is fact that Facebook is losing users to more private platforms, again proving the point that users do care about privacy and security.

                          One need only look at the security of computers over time to see that it’s constantly improving, just as it is with every other technology, be it cars, trains, spaceships, airplanes, whatever.

                          1. 2

                            You’re right that there’s increased awareness. You’re right that this could affect sales. The thing you’re leaving off is that anyone that cared about privacy could’ve just googled the AMT thing on their box to find out it was a backdoor. They didn’t care enough to do that. Whereas, privacy-conscious, lay people were already avoiding that shit years ago. They used to show up in forums talking about it, running SandboxIE, using NoScript for surfing, and so on.

                            My argument is most didn’t care, don’t, and won’t. If they buy a private-ish alternative, it will be for other reasons like apps, features, luxury, etc. Apple iPhone being pushed for privacy is an example. Apple succeeded for every other reason. That’s just after the fact that might bump sales up a bit.

                            1. 1

                              One cannot care about something that one is unaware of. So increased awareness = more caring, because of course users care about privacy and security. Many of them just aren’t computer experts like you and I who have the time to sift through all of the b.s. “privacy” marketing claims that companies like Facebook make.

                              So, again, users do care very much, and once they’re made aware they’ve been lied to, precisely because they care they will ditch these companies.

                              1. 3

                                Many of them just aren’t computer experts like you and I

                                That’s right. So, the ones that cared asked us on security forums what we thought. They’d get a basic assessment of overall risks, what defense to use, which products were better, and so on. Again, I’m talking about what privacy-conscious laypeople were doing for the past ten years or so I’ve been on security forums. They also usually found it hard to get friends and family using the better stuff. It didn’t have feature X, shiny emoji Y, and so on. They didn’t care. Same with literally over a 1,000 people I’ve tried to market that stuff to face-to-face.

                                “ So increased awareness = more caring, “

                                This can happen. I’m even hoping for it. The general public does respond to what’s in the media, esp scary stuff. The thing is, it’s not really an informed response so much as a reaction. They jump at buzzwords and false assurances en masse. So, what privacy-pushing suppliers need to do is keep good products ready for those events. Then, when it makes waves, they have media campaigns targeted at those people. The bullshitters already do this. The honest suppliers will only get so many amidst the competition. The numbers can gradually go up with each media wave while they do more positive type of marketing on a regular basis advertising features, privacy, and good service. Sales from that can drive new products. Even better if they’re nonprofits or public benefit corporations to reduce odds they themselves become the villains down the line.

                        2. 2

                          DuckDuckGo’s search results were (and are) historically poor compared to Google’s. So it’s not “well designed”. I chose my words and criteria carefully.

                          How about StartPage? Exact same results as Google. Where are all their users?

                          Consumers won’t care about additional choice if everything they care about is packaged into what they already use.

                          1. 1

                            That’s a good point, I think many people just don’t know it exists. Those who are aware do use it over Google.

                            I would be curious to know, for example, why Apple doesn’t make it or DDG the default search in Safari. Perhaps some form of collusion going on there.

                            1. 3

                              Apple gets paid for the search engine default. I don’t know if I’d call that ‘collusion’. I think it’s bad – it’s one of many small profit seeking behaviours that Apple engages in to the detriment of their users and their platform as a whole (see also: the 30% cut they take on the App Store).

                              1. 3

                                For default on iOS, I can give you three, billion reasons they’d keep Google. ;)

                                1. 0

                                  I think Apple foresees that there would be user backlash. At this point, Google is expected as a default, and providing anything to the contrary is considered presumptive. That would be a huge change; perhaps one day it will be in the forefront of Apple’s attention to take on that change, but for now, we will have to wait, and perhaps do the best we can do as individuals.

                                  1. 1

                                    I doubt that’s the reason. Apple’s users would praise Apple for the switch. It must be something else, and I’m guessing it’s more along the lines of what @jfb said.

                                    I’ll note one other thing, and that’s that even if users are aware of StartPage, that’s often not enough for them to use it. It isn’t clear at all how to change the default search engine in Safari, especially on iOS, and iOS doesn’t even allow StartPage in Safari AFAIK. So companies like Apple deliberately put roadblocks to adoption.

                                    This doesn’t mean users don’t care. It means big profit-seeking companies don’t care about their users, and this creates an opening for competitors to do a better job. This is why browsers like Brave are a thing and are taking users away from Safari, IE, Firefox, etc.

                                    1. 1

                                      Apple’s users would praise Apple for the switch.

                                      See the headphone jack debacle. Everything is an inconvenience to somebody; you don’t know how many until you ask.

                                      …companies like Apple deliberately put roadblocks to adoption.

                                      Where would you place that feature in order to guarantee discoverability? Do you think that change would make for a good user experience?

                                      Anecdote: I personally use Safari because it uses the least battery life on my computer, responsiveness stays the same up to a given number of tabs, and the user interface is understandable and consistent; as opposed to Chromium derivatives, which are huge CPU/battery hogs, tend to lag a bit at times, and don’t really mesh well with the rest of macOS (my use of which I could defend similarly). I admire the steps taken by other options such as Brave or qutebrowser, but they forego some basic QoL considerations that are important to users like me. I think that is Apple’s primary consideration.

                                      1. 1

                                        Where would you place that feature in order to guarantee discoverability?

                                        In the search bar when you search.

                                        Do you think that change would make for a good user experience?

                                        Yes.

                                        1. 1

                                          I agree that that’s probably the best way to do it. That being said, if I were Apple, I’d be trying to cut down on the number of flow-interrupting pop-ups that occur on performing a simple action such as a web search.

                                          1. 1

                                            Who said anything about a popup? Even Firefox (on Desktop) does this pretty well today. No popups.

                                            1. 1

                                              Oh, a dropdown menu? Now I understand what you were saying. That’s fair. I think Safari used to have that, actually. They’ve really been on a minimalist crusade, haven’t they?

                        1. 13

                          I agree with the overall thesis of the article, but find the suggestion of postmodern design rather lacking. Instead of looking at anti-rational movements like postmodernism, I think it would be more profitable to consider pre-modern or non-Western design as a source to draw from.

                          For example:

                          1. 4

                            Yeah, I adore post-modernism (and I wouldn’t call it anti-rational), but it really doesn’t seem to be solving the problem the author is explaining. I like Material Design a lot (disclosure: I work for Google), but I was nodding along and preparing to learn something interesting about design… up until the article basically said, use post-modernism for everything, and gave some very non-UI-like examples, with no explanation of what using post-modernism means in a UI/UX context and no justification for why post-modernism over any other choice.

                            I do think it’s a fascinating point that web and app design focuses very heavily on functionality, and that doing so is a choice and not necessarily the right choice for everyone. In that sense, the focus on post-modernism makes sense, because if there’s one thing post-modernism isn’t, it’s functional. But, um… Yes, the two design languages you linked would both be much more interesting choices in this context.

                            1. 1

                              For example:

                              These both seem like art styles to me. How would they translate to UI design?

                            1. 2

                              I use a Keyboardio. It’s my first keyboard with vertically-aligned keys, and I’m really liking that. Also, the pretty colors. I recently walked through the quick-start directions and practice-reflashed it with a fresh build of the default firmware, but I haven’t written any code for it yet. Anything I do to it is likely to be purely cosmetic… those individually-addressable LEDs give me a lot of ideas.

                              1. 4

                                What does this do better than the canvas element? And why is it specifically part of CSS?

                                1. 4

                                  The houdini project aims to let you polyfill (future) CSS features rather than waiting for them to be implemented everywhere.

                                  Once houdini support rolls out to all your target browsers, you won’t have to write a bunch of fallback CSS.

                                  1. 4

                                    This is what happens when excitement overrules sane design principles. People seem to have all but forgotten about why we tried to separate HTML, CSS and JS. Now it seems to converge on the idea of everything being a JS library and JS being a structure of the Web, instead of HTML.

                                    1. 1

                                      I don’t see it that way at all. The practical implication of the Houdini features (viewed in total, not just this piece of them), at least aspirationally, will be that it’s easier to factor custom design elements into their declarative parts and their procedural parts. There’s a lot of black-box complexity within CSS as it currently stands, and it makes sense to open that up so it can be extended and modified.

                                      1. 1

                                        But then you lose predictability. It’s one thing for a browser to optimize CSS knowing exactly how it works, but as soon as you have to accommodate arbitrary imperative code from outside all optimization bets are usually off.

                                        1. 2

                                          I take that point for sure, but it’s really a performance concern rather than a code health one, isn’t it? I defer to browser vendors as to whether Houdini will hurt performance unacceptably; I don’t feel qualified to have an opinion.

                                  1. 3

                                    I’m a bit concerned about the XSS security implications as this allows even more scripting from even more places. I guess it is another reason to be very strict on the whitelists for any user content.

                                    1. 4

                                      Realistically, CSS already has more security implications than anybody really wants to think about. Everyone should already be treating it as attack surface. This API does make things worse; it was previously difficult but possible to reason about the security implications of an isolated CSS snippet, and now it’s not possible without considering the entire page and all its scripts as well. Maybe that change will get more people to use the caution they already should have been…

                                    1. 2

                                      Our investigations commenced immediately and we found that the attacker had been able to log in to a number of freenode accounts.

                                      If your account was affected, we are in the process of contacting you directly with information to reset your password and restore access to your account.

                                      That Freenode had the operational capacity to detect this attack down to the account level, enabling them to reach out individually to those affected, is praiseworthy. With GDPR this year, along with AB-375, one area I’ve had to focus on is the line between privacy and abuse. I’ve broadly been concerned about using privacy law to hide abuse, fraud, or malicious activity–the risk being that one becomes a customer or user as a means of gaining the protection necessary to simultaneously act (hide) in bad faith.

                                      Have any of you at Freenode grappled with this issue?

                                      1. 2

                                        I’m not at Freenode, but +1 that it’s possible for there to be a tension between privacy and protecting systems against abuse. I run into that a lot, and it requires a lot of care to design appropriate protections which respect both needs. (I’m intentionally not going into detail because the above is all I feel it’s appropriate to say.)

                                        1. 3

                                          Regarding not intentionally going in to detail, one bit of received wisdom in email spam filtering is that you can’t (shouldn’t) disclose in too much detail how you filter, as it gives too much information to the attacker. One example of this is a class of attack against SpamAssassin or other Bayesian classification systems. You send messages designed to perturb the message scoring sufficient to allow your real message to go through. It borders on trivial when you have perfect information about the filter you’re trying to circumvent. Here lack of detail on how one classifies can go a reasonably long way preventing it, due to restoring information asymmetry.

                                      1. -2

                                        From #cat-v’s /topic:

                                        no {bots,logging,politics,heh,keyboard shortcuts,transphobia}

                                        Please remove this. We don’t publish logs for a reason.

                                        1. 7

                                          It’s weird that someone who dislikes codes of conduct requests that Lobsters enforce its community’s official site violating its own code of conduct (the quoted real one, not the joke one). I’m going to pass.

                                          1. 8

                                            And, hat off, I didn’t read closely enough or research to see if this is seriously or sarcastically anti-semitic, but if it’s the latter I guess this is a pretty good example of how the failure mode of “isn’t it funny that we’re imitating white supremacists so well” is that y’all look like a bunch of white supremacists.

                                            1. 2

                                              Same, nor do I want to read that closely. There’s far too much very serious anti-semitism in the world these days.

                                              I would encourage everyone who hasn’t, to read the copy of the Daily Stormer style guide which was obtained by the Huffington Post. It explains exactly what function “it’s just a joke” serves, in the words of people who call themselves Nazis unironically. But have a loved one nearby when you read it, I don’t even have words to describe what a horrifying and unpleasant read it is.

                                              This chat log was seven years ago. At that time, it was indeed the case that most people thought of Nazis as a historical phenomenon rather than a contemporary one. Also, I agree that people can change and grow. I am personally willing to take sl at their word when they say “I’m not a Nazi, racist, sexist, homophobe, or antisemitic” (elsewhere in this comment tree), not because I don’t find the chat log vile, but because that declaration is one that people who do subscribe to those ideologies are usually unwilling to make, in my experience.

                                              I am hopeful that sl won’t prove me wrong in future.

                                              1. 4

                                                You could also take heart in the fact that I have never expressed affinity for such ideas, in the seven year old chat log or anywhere else. It’s never completely clear why anyone thinks I, or 9front, do hold an affinity for such ideas. It’s always precisely this kind of completely shallow, drive-by condemnation of things no one ever said or did, usually (as here) accompanied by a declaration that the accuser does not intend to bother to find out if what they are saying is true or not. It’s really that consistent and weird. It leaves me in a position where I have to decide whether or not to engage the accusation (which is almost always diminishing returns), or allow the person to wallow in their misunderstanding. One benefit of allowing people who aren’t thinking clearly to wallow in their misunderstandings is that they will often proceed to leave 9front alone. Really, it’s win/win, for our devs and for our users. But let me be clear: There is no political or ideological substance to the 9front project beyond simply using and maintaining Plan 9.

                                                One small addendum: What people say on IRC is up to each individual. #cat-v has never been ban-happy, but people saying stupid things are usually questioned thoroughly, often resulting in humiliation. That includes Nazis, racists, sexists, homophobes, and antisemites.

                                                1. 5

                                                  The reason I don’t intend to investigate is pretty simple: If the bad things are true, it’ll be clear in due time without me having to put in the emotional resources and time to investigate. If they’re false, I’m not taking action against you, so there’s no reason to put in those resources. The resources required would be substantial; I’ve had to do it in other communities I manage.

                                                  I appreciate and understand why good people do not enjoy having to say “I’m not a Nazi” frequently. Unfortunately, Nazis aren’t stupid - they’re as capable of anyone else of saying thoughtful words to explain why they don’t feel they should have to say “I’m not a Nazi”. Literally any words can be co-opted by people who don’t care what those words mean. There’s no magic incantation. But Nazis do pay some small social cost by saying “I’m not a Nazi”, so it’s at least something.

                                                  I appreciate your statement, it does help.

                                                  1. 5

                                                    Thanks for your candor. Your method seems sound, and I can identify with the reasoning behind it.

                                                    I do comprehend that mentioning [thing] will always draw complaints that one is promoting [thing]. A certain amount of responsibility comes with the territory, especially where 20th century Germany is concerned. The very first 9front propaganda image was this: http://9front.org/img/9frontfell01.png. It’s David Bowie, captured by a photographer in Victoria Station, circa 1976. If you know anything at all about this debacle, it might help to illuminate the spirit in which the original 9front propaganda was undertaken: You stand up to wave at your fans and some enterprising photographer catches you at just the right moment; immediately, the front falls off, and the Daiichi Fukushima disaster lands in your publicist’s lap (matters are complicated by your previous “clever” statements to the press about the intersection of politics and the occult). What happened was, most of the 9front developers are German, or otherwise (Eastern) European, and big fans of things like Monty Python, cat-v, Milton Friedman. Inevitably, people started making jokes. Perhaps just as inevitably, outsiders to the project started noticing these jokes and expressing offense. This only caused the jokes to escalate. It might seem unconscionable to software evangelists, but 9front developers don’t care about attracting users or presenting a professional face to potential investors or employers. Everyone is only there to run and maintain Plan 9 for their own use. And our typical experience with people who show up on IRC to express outrage is that: 1.) it’s no use arguing with them, 2.) they probably don’t have much to offer the project in the first place. I think I mentioned earlier that most of these people tell us up front they have no interest in finding out what is really going on. Like I said, it’s win/win.

                                                    I will say that some idiots on IRC cloud the issue. I argue with them regularly.

                                                    1. 2

                                                      If they’re false, I’m not taking action against you

                                                      Honestly, I think that the “hat-off” comment of @pushcx was quite dangerous.

                                                      Implying that “y’all look like a bunch of white supremacists” is an action.

                                                      In itself, nothing I would care to flag if directed to me, but I think it’s worth to remember that Nazi were used to burn books.

                                                      If you do not “read closely enough”, you will end supporting their propaganda.

                                                      1. 3

                                                        All I can ask is that you trust my experience as a community manager, and my status as a person belonging to groups that fall squarely within Nazis’ targeting criteria. Nobody has the resources for a lengthy discussion of how to handle this on lobste.rs, but I can promise that thought is going into it.

                                                2. 0

                                                  I am very confused about what point you are trying to make. I haven’t even posted in the thread that you linked to. Perhaps you were referring to a different thread? (apparently I did, but it was hidden because I was responding to a deleted comment.) While it is true that I dislike codes of conducts, what relevance does it have now?

                                                  And, btw, the 9front CoC changes with every refresh. Perhaps you saw one that you thought was relevant. I don’t know which one you were referring to.

                                                  1. 3

                                                    I was comparing the one you quoted prohibiting positing logs with the joke one I linked.

                                                    1. 2

                                                      i think the main part is that the log was hosted on 9front.org

                                                      1. 1

                                                        9front.org is a separate entity from #cat-v.

                                                        1. 5

                                                          In that case, it is even weirder that I’m being asked to enforce the chat room’s code of conduct against the site and I’m glad I’m staying out of it.

                                                          1. 1

                                                            maybe /u/4ad was asking OP to remove it, not a mod.

                                                            1. 4

                                                              In #lobsters 4ad explicitly asked for the story on Lobsters to be deleted.

                                                              1. 1

                                                                ah. well there you go.

                                                            2. -1

                                                              An IRC channel topic is not a “code of conduct”, and you know it.

                                                              1. 5

                                                                Yeah, it’s an encoding of rules for conduct and not a code of conduct.

                                                                Please just leave me out of whatever this weird drama is. I’m not replacing the dead link with a live one because I already feel like we ducked a flamewar and I don’t want to tempt fate, let’s just stop commenting so it falls off the homepage and /comments.

                                                    2. 6

                                                      Ehm… this is published on 9front.org

                                                      1. 1

                                                        This was published years ago as part of an attempt to contextualize a factually inaccurate article written about 9front by a rogue journalist who has since left the field. The parent directory contains more information, including his note of apology. I have restricted access to the raw IRC log (the original interview from which the article was sourced took place entirely on IRC), pending an unlikely change in #cat-v policy.

                                                        1. 1

                                                          i don’t see anything in http://9front.org/press/sdtimes/ - did you intend to restrict access to the entire directory?

                                                          1. 1

                                                            Curiouser and curiouser. The directory listing is apparently, though inadvertently, excluded by the CMS (werc), which the old content was moved into… several years ago. This makes me wonder how he found the file in the first place; though it’s easy enough to imagine it turning up in search requests or other pages on the site that used to link to it in the past.

                                                            1. 1

                                                              I’ve fixed things so that now there is a short explanation and links to the remaining files.

                                                      1. 14

                                                        Yeah…. OK.

                                                        curl -O https://oxy-secure.app/oxy
                                                        chmod +x oxy
                                                        ./oxy --help
                                                        

                                                        I know this practice has, again and again, been discussed to various levels of “this is no different than your package manager over HTTPS.”

                                                        But, this is shocking: “trust the security of your network to a brand new protocol implemented in this convenient, 3 command installable, binary. Be sure to download it as root, just for good measure. What do you have to lose?”

                                                        1. 6

                                                          I upvoted you, and then looked closer realizing that they aren’t asking people to run a bash script from the Internet. Perhaps you misread, as I did, what the instructions were saying?

                                                          It’s basically standard practice for people to download compiled binaries from the Internet and run them (certainly on Windows and macOS). curl is not being run as root. And just below those instructions are compile-your-own binary instructions, for those who would rather compile it themselves:

                                                          cargo install --git https://github.com/oxy-secure/oxy
                                                          ~/.cargo/bin/oxy --help
                                                          

                                                          Which, incidentally, has the exact same trust assumptions (X.509) as the downloaded binary.

                                                          1. 5

                                                            they aren’t asking people to run a bash script from the Internet.

                                                            No. What they’re doing is kind of worse. Instead of telling you to download and run a bash script from the internet, (which you could reasonably inspect first), they’re telling you to run a binary that obscures the fact that it’s doing something malicious.

                                                            And, sure, you can cargo install it after auditing the source, but can I be reasonably sure that the binary is derived from that source? No. I can’t. Assuming reproducible builds, I could reproduce the build and compare a checksum, but that binary could have been created from a slightly different, and malicious source tree. When given the choice of downloading a recently compiled binary, and waiting 30 seconds for rust to build it (with the cargo instructions), maybe I say, “eh, that’s OK, I’ll just take the pre-compiled one.” Social engineering at it’s finest! Tell people they can wait, or have it right now….

                                                            But, let’s assume that it’s “accepted practice” to download and run random binaries off of a mysterious website that doesn’t even list its authors… Maybe we should… I don’t know… stop doing that????

                                                            But, but, but, package servers are just protected by X.509, too! you say. Sure. The transport is protected by that. But, there’s also (usually) some level of trust associated with a package server. In the case of most distributions you’ve got signed packages. In the case of homebrew, you have the ability to choose where you get your formulae from, which has implications in the trust model. I don’t know much more about homebrew, but I assume they at least compare known checksums from the formulae to checksums of downloaded source tarballs?

                                                            https://secure.app/oxy was put on the internet by someone – looking at the commit history, https://github.com/jennamagius – whose discoverable online presence is: “Hi, I’m Jenna” (via https://jenna.app/ redirected from jennamagius.github.io). If that isn’t suspicious to you… god speed.

                                                            1. 2

                                                              I’ll double down on that saying this is a remote, access tool. Those are front doors for the good folks or backdoors for the bad folks depending on how they’re implemented or how much (if any) monitoring is happening. High-value target. One should only use a RAT that’s been thoroughly vetted by people that have a track record breaking bad protocols, crypto, etc. Actually, these are such necessary and risky tools that they’re among the few I think deserve all the assurance we can throw at them. All the way up to formal proof. Plus, ability for much independent verification.

                                                              Until multiple, independent assessments confirm quality/security, I’d ignore whatever the new RAT tool is to stick with OpenSSH or something with lots of review and use in the field. Those wanting improvements can enhance their code or UI piece by piece carefully testing and vetting the changes for now. For reliability, too, since more bugs will have been shaken out. Next worst thing to hackers getting in your system is you not getting in your own system due to immature software breaking. They tend to do it at worst times, too.

                                                              1. 1

                                                                Also, I realize I didn’t really respond to your specific claim “… (certainly on Windows and macOS)”

                                                                I don’t use Windows anymore – not in 18 years at this point. But, my understanding is that they are adopting a “store” model to combat this practice. The same with Apple and the Mac App Store. It’s true that you can still download and run random Apps on OS X, but you’re given plenty of warnings, and the practice is pretty discouraged by Apple.

                                                                If for some reason someone like GitHub decides to not use the Mac App Store to distribute Atom, well, it’s perhaps the case that you trust GitHub to host and provide an untampered with binary, because you actually trust your other data to GitHub.

                                                                1. 3

                                                                  I will reply to both of your replies here.

                                                                  So, you raised several concerns. Let’s go through them again.

                                                                  Be sure to download it as root, just for good measure.

                                                                  I pointed out the authors (whoever they are), never suggested you do this, and their instructions do not tell people to do that. So, that’s one down, let’s move on to the next concern.

                                                                  they’re telling you to run a binary that obscures the fact that it’s doing something malicious.

                                                                  This appears to be your other main concern, the basic idea of installing software not-from-source.

                                                                  This is a common practice on macOS, Windows, and Linux. I would venture to say that 99.99% of users do this.

                                                                  But, in later comment, you bring up app stores:

                                                                  But, my understanding is that they are adopting a “store” model to combat this practice. The same with Apple and the Mac App Store. It’s true that you can still download and run random Apps on OS X, but you’re given plenty of warnings, and the practice is pretty discouraged by Apple.

                                                                  I will point out that your original comment, to which I was replying to, never mentioned anything about being upset that oxy was not registered in an app store. Yes, you did mention package managers, but both app stores and package managers are known to distribute malware from time to time, and many of them come with differing trust assumptions (some worse than others).

                                                                  So a package manager or app store is no guarantee that the binary you’re installing is safe at all, and you’re back to square one with your trust assumptions.

                                                                  https://jenna.app/ redirected from jennamagius.github.io). If that isn’t suspicious to you… god speed.

                                                                  Now this is a perfectly reasonable concern. Had you raised the trustworthiness of the particular author of the software as your concern in your original comment to which I replied, I would never have replied, because that’s a legitimate concern.

                                                                  1. 1

                                                                    I pointed out the authors (whoever they are), never suggested you do this, and their instructions do not tell people to do that.

                                                                    Of course they didn’t. I was adding a figurative eye roll, which I’m pretty sure went right past you—I am sorry that I failed to make that more clear.

                                                                    Naturally, some number of people installing this software in the recommended way will want to copy this into /usr/bin, or /usr/local/bin, though. How many people blindly ./configure && make && sudo make install?

                                                                    On to the next point!

                                                                    package managers

                                                                    I am not upset by the fact that it’s not in a package manager. I am upset that it’s promoting a shitty practice, which has no auditability, no update mechanism, and no oversight whatsoever.

                                                                    Package managers are not perfect, as you have pointed out. However, they represent an additional check in the process for someone to think twice about including it, and, in doing so, take some responsibility, and a hit in reputation/ trust, when they do something that results in malware, or something else malicious. At least, that should be the case…

                                                                    trustworthiness of author

                                                                    It stands to reason that a person creating a security tool such as this, and claiming it is so much better than other solutions understands that the installation practice being described is controversial. This is at least doubly/quadruply true for a RAT tool.

                                                                    I see no reason why skepticism to the 10,000th degree isn’t being applied here…

                                                                    Have we all just given up on security? I mean…

                                                                    1. 3

                                                                      I see no reason why skepticism to the 10,000th degree isn’t being applied here…

                                                                      Have we all just given up on security? I mean…

                                                                      It is not too uncommon for the author of a piece of security software to want to remain anonymous.

                                                                      There is nothing wrong with expressing concern, but if you do it, it should be (a) relevant/legitimate concern, and (b) balanced appropriately in the event that your suspicions of the project turn out to be misplaced. Someone out there did, after all, spend a lot of time putting effort into creating an alleged improved, rustified RAT, and if their work is legitimate they deserve kudos for that.

                                                                      1. 2

                                                                        I’m one of the people that pushes look at the work, not the author. I’ll take software from the NSA if it’s rigorously vetted by 3rd parties I trust with a matching signature. That philosophy is what old, security certifications tried to achieve on highest levels. However, I do accept looking at the author as a heuristic for making quick decisions if not much else is available. One thing we see a lot in INFOSEC is people good at secure protocols have a track record of… writing secure code or protocols. They get good by publishing some work, getting it reviewed, often getting their asses handed to them, fixing it, and repeat. It might be shared more privately with instructors or fellow hackers doing same process. There will be references, prior work, prior writings describing work… something to evaluate… for either their actual identity or their alias they stick with.

                                                                        The other heuristic is that unproven or unevaluatable people publishing new protocols get it wrong in security-breaking ways. This happens so much it should be assumed by default. Insecurity should be assumed by default anyway but especially with unknown developers. Again, the best route is evaluating the protocol and code itself. That said, people have a working protocol already with limited time on their hands. The heuristic might be used to save time avoiding unestablished or unvetted authors’ work since 99+% it will be broken anyway. In this case, avoiding work based on strange author is about saving time and/or avoiding insecurity.

                                                                        So, there’s two ways of looking at the unknown author that would lead one to avoid their work until someone with right skills and spare time to donate evaluates it carefully.

                                                                        1. 3

                                                                          That’s certainly fair. I don’t really disagree with any of that. I’m not suggesting anyone feel like wasting their time, only that critiques be on-point and people not be berated for doing good work (if that’s what they did).

                                                                          Speaking of on-point critiques, I’m surprised nobody raised the concern that these releases are not GPG signed. That should be standard practice for all software, and certainly security-critical software.

                                                                          1. 1

                                                                            I’m surprised nobody raised the concern that these releases are not GPG signed.

                                                                            Unless this, more or less anonymous person, has a key signed by many trusted keys / people, how would that increase trust?

                                                                            My points above about package servers signing, or at least providing checksums, points at trust in the actual distributed assets. I may not trust the particular $SIGNER of a package, but I might trust others who trust $SIGNER, and accept that if $THEY trust $SIGNER, it’s probably OK for me to trust $SIGNER, too. That’s the model of the Web of Trust, and the model that every package server I know of (whether it be from freebsd, openbsd, or some random GNU/Linux distribution) works.

                                                                            1. 1

                                                                              The point of GPG signing releases has nothing to do with web-of-trust.

                                                                              It is about establishing a direct line of trust to the author of the software to protect against third-party tampering. It doesn’t matter if they’re anonymous.

                                                                              1. 1

                                                                                Yeah, agreed. I honestly think it’s quite frustrating how GPG entangles web-of-trust with its other features. It creates a lot of confusion.

                                                                                1. 2

                                                                                  @itistoday, earlier in this long thread you suggest:

                                                                                  Which, incidentally, has the exact same trust assumptions (X.509) as the downloaded binary.

                                                                                  (To be clear: this was in response to download the binary, vs download the source and compile the binary)

                                                                                  So, you trust the author’s X.509 certificate enough to assume it’s not tampered with on download, but don’t trust the author put it there in the first place? And, who, even has the authority to make a release? We don’t know! So, we still have to be suspicious even if it’s signed.

                                                                                  Let’s discuss this scenario:

                                                                                  I’m a l33t h4x0r and I pwn3d oxy-secure.app’s servers. I want to put a rouge oxy up there. Since the key who signed the old oxy binary is just a one off anyway (because it’s unknown to everyone), I’ll sign my malicious oxy binary with a one off key, too, and update the HTML referencing how to get this new key! My l33t social engineering skills suggest that I should use the same email address and for the name, use “Original Name - NEW KEY” (or something else that implies I’m still the same person, I just made a mistake)

                                                                                  $ gpg --gen-key
                                                                                  ...
                                                                                  $ gpg --sign malicious-oxy
                                                                                  

                                                                                  I replace https://oxy-secure.app/oxy , and the signature file with my malicious ones, and even publish my new public key somewhere, and no one is the wiser! (I then twist my handlebar mustache, and let out an evil snicker)

                                                                                  NOW, if as a user, I happened to import the previous signing key, I might notice that this is different and it might raise some eyebrows. Just like I might notice that the SSL cert’s fingerprint changed as it started pointing to my server oxy-notsosecure.app/oxy… But, given this author is unknown, I also might not bat an eye at my plausible explanation of: “oh, what an idiot! They forgot to backup their key!”

                                                                                  If I’m being fair, yes, a signed binary, even with an unestablished key can help here. It introduces additional levels of potential doubt at the authenticity of the binary. But, even if the original oxy is signed, I’m still taking a giant risk by accepting the fact that I’m downloading a random binary from the internet built by some random anonymous person, and they may (or may not) have malicious intent, or not have the skills to back up the claims they’ve made (in the case where it’s actually not malicious intent).

                                                                                  If the key is known to other people I know, as it’s part of the web of trust, it’s a little easier to believe that the risk is less malicious intent and more, “the author might still be making exuberant claims.”

                                                                        2. 1

                                                                          This is no longer productive, and I am taking your response as:

                                                                          a) my concern is irrelevant b) I’ll have egg on my face when this turns out to be the RAT that saves us all.

                                                                          In response, I am just going to invite you to @akpoff’s well written comment, which also expresses concerns. Maybe they are more “relevant”: https://lobste.rs/s/3hrwqf/oxy_security_focused_remote_access_tool#c_0hsv4p

                                                            1. 3

                                                              The author claims they’re a programmer, but they still clicked 338 checkboxes manually? Sounds fishy :)

                                                              Here’s what I’ve done on Tumblr, which also has something similar.

                                                              for (var x of jQuery("input[checked]")) {jQuery(x).removeAttr("checked");}

                                                              1. 11

                                                                The author is a programmer, a software architect, an hacker, and a curious person in general.

                                                                I can conceive several ways to fool your smart jquery script. If you cannot think of them yourself, you shouldn’t code in Javascript, actually.

                                                                But also I’m a UI and UX designer, at work.

                                                                I was surprised to see a nice UI with such a stupid mistake.

                                                                I hoped the developer on the other end was cool enough to surprise me.

                                                                After the first ten clicks I realized she was not that smart.

                                                                I hit F12. But then I thought “my users cannot hit F12: lets walk their path and see how I feel”.

                                                                I’m not stupid. I simply care.

                                                                1. 2

                                                                  I can conceive several ways to fool your smart jquery script. If you cannot think of them yourself, you shouldn’t code in Javascript, actually.

                                                                  • I don’t think he was claiming his solution was a fit for all
                                                                  • So by your logic only people who know DOM JS should code in JS? ;)

                                                                  I know this was a reply to a slightly provocative comment in defense of the author, but this in particular seems a little silly

                                                                  1. 5

                                                                    I’m the author. And actually I’m sorry for the tone of the reply: I’m tired, and I didn’t intended the @janiczek’s post as a joke for me, but as an attempt to justify InfoWorld by calling me fishy.

                                                                    I’m fishy, definitely! :-)

                                                                    But I also care about users. And I’m an European fish…

                                                                    So by your logic only people who know DOM JS should code in JS? ;)

                                                                    Nobody should code in JS. Really. Nobody should.

                                                                    But yes, if you don’t know how DOM JS has been interpreted in the last 10 years, I think you shouldn’t code in JavaScript professionally. You might think I’m exaggerating to get a point, but trust me: everything is still there, under the hood. Ready to break.

                                                                    1. 2

                                                                      Thanks for the kind reply. I wasn’t trying to provoke myself, just point out something that seemed a bit off :) Professionally? Perhaps your right in a perfect world, but the fact remains there will always be code monkeys that build or maintain simple systems for a customer base that can’t pay for a seasoned developer. Regardless, I agree with the pain point of your article :)

                                                                      1. 3

                                                                        Mm, I kind of feel like as a profession we should try to have more respect for our own work. Software can cause significant harm, and we’ve all just collectively agreed that it’s okay to prop up companies that want to build broken things and not properly maintain them. Maybe companies that aren’t willing to spend the money to build safe software shouldn’t have the privilege of getting engineers to work for them.

                                                                        I know that’s a tangent and not really what you were trying to address.

                                                                        1. 3

                                                                          I completely agree with your first statement, having respect for your own work is a great virtue.

                                                                          The devil is in the details in regards to companies/individuals who provide shoddy services. Outside passionate and informed social circles, it’s customers vote with their pockets (counting data as a form of currency here), whether that be for trading for convenience or just a result of plain ignorance.

                                                                          Unfortunately there aren’t any easy remedies to this problem. Shoddy companies/individuals will find ways to work their way around regulations, and customers will quite happily dig themselves into holes in pursuit of the cheapest or quickest solution. That doesn’t mean you don’t try, in fact I personally think one of the best tactics we can use for problems such as these, is informing the general public of the consequences (though that’s another problem in itself).

                                                                          1. 2

                                                                            Yes, I agree with all of that, and thank you for it.

                                                                          2. 2

                                                                            Maybe companies that aren’t willing to spend the money to build safe software shouldn’t have the privilege of getting engineers to work for them.

                                                                            I see your point, but to me it’s like saying that companies that aren’t willing to spend the money to write proper English shouldn’t have the privilege of getting writers to work for them.

                                                                            They can learn how to write by themselves.

                                                                            I prefer a different approach: turn all people into hackers.

                                                                            1. 1

                                                                              Yeah, I see that point also. But, I mean, writers have historically been more willing to stand up to exploitative labor practices than hackers have… I think there’s a balance to be found, and getting to the right balance requires rethinking some things.

                                                                              1. 3

                                                                                We are just like scribes from Ancient Egypt.

                                                                                Despite the groupthink, we are still at a very early stage of information technology.

                                                                                Just like being a scribe back then, being hackers today does not mean understanding the power and responsiblity we have. But it’s just a matter of time.

                                                                                We will forge the future.

                                                                        2. 1

                                                                          I’m sorry if my post came as provocative! (Maybe my definition of “fishy” – as English is not my native language – is slightly off compared to your definition)

                                                                          Yeah, “I know I could do X instead of clicking, but common user can’t, so let’s walk in their shoes” is a fair motivation. Maybe I just expected the thought to be expressed in the post, given you’ve expressed you’re a programmer. But maybe that’s a silly expectation ¯_(ツ)_/¯ Thanks for the clarifications in the comments here.

                                                                  1. 3

                                                                    From the title, I first thought this might be an article from a long, long, time ago. Nah, some vulnerabilities just persist. I left Windows long time ago. Have there been any improvements on preventing or detecting these risks?

                                                                    1. 1

                                                                      Granted I’m a bit biased, but what’s the risk? I’m missing it.

                                                                      1. 3

                                                                        In principle, malware could hide in it - and probably does, but I don’t think many people are under the illusion that they can detect malware without specialized tools anyway. The most “practical” use I can think of for it is data exfiltration. I think most of the risks are around bugs rather than malicious use; it’s a somewhat bizarre feature, and not well-known, and as such it should be regarded as technical debt.

                                                                        1. 4

                                                                          I see. I’m sure it’s used by Windows though.

                                                                          It’s a pretty common feature across many filesystems: https://en.wikipedia.org/wiki/Extended_file_attributes#Implementations

                                                                          1. 3

                                                                            Yes, you’re certainly correct that it’s not that rare a thing. As the original article notes, NTFS added it for parity with Apple’s HFS+. That doesn’t really change that it’s obscure and fragile, but certainly Windows shouldn’t bear the blame alone.

                                                                          2. 2

                                                                            You nailed it! Hiding malware and storage channel for exfiltration are main issues.

                                                                      1. -10

                                                                        I know you get a lot of pat-on-the-backs when you implement stuff for the disabled. But I just feel like it’s rarely worth it unless you are at a large scale where the disabled population will offset the man-hours. Not to mention that different segments of the disabled have different requirements and the same special interface will not couple with all of them.

                                                                        So to me, I can’t help but think that whenever some megacorps implement these solutions, it’s more likely virtue-signalling rather than altruism or legit economic advantage.

                                                                        The problem of course, is that if we could solve this problem economically, then we would have solved it forever, but if it is virtue-signalling, then the incentive isn’t really to provide solutions, but to provide the appearance of caring, and so the mismatch will eventually result in the problem not really being solved long-term.

                                                                        1. 10

                                                                          I don’t understand this comment at all. If it’s not profitable, why do you think companies are “virtue signaling” and not caring? ISTM you’re reading an awful lot into their behavior, under the odd belief that doing something good has to be for egotistical reasons, and not because you want to help someone out.

                                                                          1. 3

                                                                            To expand on what I believe @LibertarianLlama is saying is, it’s possible this comes out of their marketing budget as a kind of loss. The upside of this would be that the PR leads to other sells, not necessarily of this product, but others.

                                                                            In the end it doesn’t really matter. It’s a local choice of the company, not trying to solve a problem globally in an economically sustainable way.

                                                                            It should also be remembered that helping people can be egotistical, in which case it’s a win-win! I find it personally strange when people sometimes boycott beneficial things because they’re suspicious of the underlying motives, when the motives clearly aren’t arming belligerents in a foreign war, or something else clearly evil.

                                                                            1. -2

                                                                              why do you think companies are “virtue signaling”

                                                                              because they think creating an image will give them financial rewards.

                                                                              1. 3

                                                                                I’m truly sorry you’ve never had the opportunity to work somewhere that prioritizes results over optics.

                                                                            2. 9

                                                                              Did you read the article? The controller is heavily customizable (it’s a platform, really), precisely to accommodate as many people’s needs as possible.

                                                                              1. 8

                                                                                I think you’ve put your finger on a significant contradiction in libertarianism. You want to judge the worth of the enterprise by economic returns: success is denominated in dollars and the market is the only neutral or efficient judge of value.

                                                                                However, the other name for “to provide the appearance of caring” is marketing, and of course good marketing enormously multiplies the returns of a product, the world being annoyingly reticent to beat a path to the door of entrepreneurial mousetrap makers. Even in the very unlikely event that sales of this controller wouldn’t cover the costs to design and manufacture it (given that video gaming is measured in the tens of billions for the U.S. and this product looks overwhelmingly superior to competitors for the mostly-untapped wallets of tens or hundreds of millions of humans with motor control injuries), Microsoft could get a positive return on investment just from the increase in warm, fuzzy feelings from the majority of the market with no need for this product if they go on to buy ever-so-slightly-more copies of OneDrive or Office. The existence of marketing and cross-promotion means that the value of these products can’t be judged solely by the invisible hand of the market discovering prices for goods and driving firms out of business. You make this point in reverse; the long-term existence of marketing points it being economically valuable. There are externalities not on the books of a single product, just like how, in reverse, the market overvalues a polluter because the externality of cleaning up toxic waste or reversing climate change isn’t charged to the company and so can’t be reflected in the stock price.

                                                                                But whether or not the economics work, perhaps in this instance we can settle for helping make an entire art form accessible because it’s a small act of basic human decency and we’re not unthinking monsters.

                                                                                1. 4

                                                                                  I’ll probably get downvoted, but here goes…

                                                                                  I think you’ve put your finger on a significant contradiction in libertarianism. You want to judge the worth of the enterprise by economic returns: success is denominated in dollars and the market is the only neutral or efficient judge of value.

                                                                                  However, the other name for “to provide the appearance of caring” is marketing […]

                                                                                  Libertarianism is actually about the freedom to property and its action, where the individual is his or her own property. Economics is more a description of the market that emerges from action and property. Be it a free market or not, depending on the freedom to the underlying rights.

                                                                                  So when you point out a contradiction, there really is no contradiction. It barely exists on the same plane of reality. Anyone in business, who wants to stay there, knows about marketing, cross-promotion and all that. It’s a business strategy.

                                                                                  PS.

                                                                                  Libertarianism is not a game of winners and losers where money is how we keep score.

                                                                                  But in a hypothetical world where it were, Microsoft would likely end up winning with this device. As would the customer demographic.

                                                                                2. 13

                                                                                  I think you’re right, but I SO don’t care!

                                                                                  As a partially blind person, there is SO much of the gaming world that’s closed off to me. That’s OK. I still sleep just fine at night knowing I will never be a Call of Duty GOD :)

                                                                                  However, when game developers and console makers bother to make adaptations available to allow me and others with disabilities to enjoy the beautiful mix of art and science that is most modern video games, I really appreciate it.

                                                                                  So, virtue signaling or not, this is a laudable move on Microsoft’s part, and I for one think we should all recognize that.

                                                                                  Almost makes me want to own an Xbox again. Only problem is that I haven’t had time to play a game on any platform in ~6 months :)

                                                                                  -Chris (Aside from iPad gaming in waiting rooms sometimes)

                                                                                  1. 1

                                                                                    Even if I disagree with you, I don’t understand why you are being downvoted for this argumenter opinion of your. Anyway… thank you for expressing yourself on the topic.

                                                                                    To me it’s mostly about having a customizable solution for gaming controls, that can be used for players with disabilities. If you look at Nintendo, they recently launched this thing with customizable objects in paper to enhance the gaming experience, this is just how the Microsoft gaming team is implementing it! Bold move from them!

                                                                                    1. 9

                                                                                      Even if I disagree with you, I don’t understand why you are being downvoted for this argumenter opinion of your. Anyway… thank you for expressing yourself

                                                                                      Because it’s incorrect, and baseless bloviating in order to shit on the idea of not needlessly excluding the marginalized.

                                                                                  1. 6

                                                                                    As others have alluded to, this is the classic plight of early “Web 2.0” successes where they thought they could keep their service “free” by using advertiser support. Only when nobody cared and everybody was enjoying their free lunch Twitter among many others has started to clamp down.

                                                                                    What I would LOVE to see is widespread acceptance of the idea that advertiser funding is a fatally flawed model. One way for Twitter to go with this is to offer a “pro” option which would be ad free and paid, and also allow full and open access to all of its APIs, including the ones they’ve nuked in recent years.

                                                                                    One of the things that drew me to Twitter was its diverse ecosystem of users and clients because developers had free reign to innovate using their platform. Clearly the future for this kind of innovation lies with tools like Mastodon and Pleroma, but as I say above it’s not too late for companies like Twitter to make bold moves and fix the broken model before it destroys them.

                                                                                    1. 2

                                                                                      I find the “pro” strategy appealing, but I can’t think of a big site that’s succeeded with it. I’ve seen a lot of sites try and it doesn’t really seem to last. I don’t have numbers available, but I suspect that advertising revenue substantially outweighs subscription revenue most of the time.

                                                                                      1. 4

                                                                                        Can’t remember where I heard it, but on some sites the value of a user (to advertisers) who would use a pro option exceeds what said user is willing to pay.

                                                                                        Not sure if true or not, but it has stuck in my mind.

                                                                                        1. 2

                                                                                          Yes, that’s what I was suggesting.

                                                                                          1. 1

                                                                                            Oh! This is super interesting for a completely different discussion I’ve been having recently. Can you do me a favor and try to find out where you got that?

                                                                                          2. 2

                                                                                            I did some googling wondering if I could find some real data on this and failed. Flickr comes to mind, which was in fact quite successful and is still much loved despite having been bought by that roving dumpster fire that is Yahoo, and recently SmugMug.

                                                                                            1. 1

                                                                                              This is not at all an apples-to-apples comparison, but The Guardian (a newspaper/media co) now makes more from subscribers than from advertising. It’s a far cry from saying “this model works!” (the same article notes they still posted a loss) but I think it’s promising.

                                                                                            2. 2

                                                                                              What I would LOVE to see is widespread acceptance of the idea that advertiser funding is a fatally flawed model. One way for Twitter to go with this is to offer a “pro” option which would be ad free and paid, and also allow full and open access to all of its APIs, including the ones they’ve nuked in recent years.

                                                                                              This may be an unpopular opinion, but I don’t think social networks offer enough value for enough people to pay in the “pro” model. It might work on a small scale, but I don’t think it can work for a network as large as Twitter.

                                                                                              1. 2

                                                                                                You may be right. That would have me leaning towards the idea that behemoths like Twitter will need to go full on closed system draconian advertising for everyone and no third party anything, which will drive away the minority who really care (who should likely be seeking safe harbor in open networks like Mastodon at this point anyway.)

                                                                                                I personally feel that if someone could make a Mastodon or Mastodon-like server simple enough to deploy that grandma could do it, Mastodon would really take off in a big way.

                                                                                            1. 3

                                                                                              The title of the paper is “Out of the Tar Pit” not “Common Causes of Complexity”.

                                                                                              1. 2

                                                                                                Thanks - fixed.

                                                                                              1. 27

                                                                                                What are the advantages to making it federated over the current setup?

                                                                                                1. 7

                                                                                                  In terms of content and moderation, each instance would be kind of like a “view” over the aggregate data. If you want stricter moderation you could sign up for one instance over another. Each instance could also cater to a different crowd with different focuses, e.g. Linux vs. BSD vs. business-friendly non-technical vs. memes vs. …. Stories not fitting an instance could be blocked by the instance owner. Of course you could also get the catch-all instance where you see every type of story; it might feel like HN.

                                                                                                  The current Lobsters has a very specific focus and culture, and also locked into a specific moderation style. Federating it would allow a system closer to Reddit and its subreddit system where each instance has more autonomy, yet the content from the federated instances would all be aggregated.

                                                                                                  So of course such a system wouldn’t be a one-to-one replacement for Lobsters but a superset. Ideally an individual instance could be managed and moderated such that it would feel like the Lobsters of today.

                                                                                                  1. 18

                                                                                                    The current Lobsters has a very specific focus and culture, and also locked into a specific moderation style. Federating it would allow a system closer to Reddit and its subreddit system where each instance has more autonomy, yet the content from the federated instances would all be aggregated.

                                                                                                    If federation results in a reddit-like site, I’d much rather that lobste.rs doesn’t federate. It’s a tech-news aggregator with comments, there’s no real benefit in splitting it up, especially at it’s current scale.

                                                                                                    1. 6

                                                                                                      I get what you’re saying. I think OP framed the idea wrong. People come to Lobsters because they like Lobsters. The question is whom would the federated Lobsters benefit – it would mostly benefit people who aren’t already Lobsters users.

                                                                                                      It’s just that the Lobsters code base is open source and actively developed, and much simpler than Reddit’s old open source code. So it’s not unreasonable to want to build a federated version on top of Lobsters’ code rather than start somewhere else.

                                                                                                      1. 3

                                                                                                        it would mostly benefit people who aren’t already Lobsters users.

                                                                                                        Well that was my point. Any spammer or shiller can create and recreate reddit and hacker-news accounts, thereby decreasing the quality and the standard of the platform, and making moderation more difficult. This is exactly what the invite tree-concept prevents, which is quite the opposite of (free) federation.

                                                                                                        1. 8

                                                                                                          We do have one persistent fellow who created himself ~20 accounts to submit and upvote his SEO spam. He’s still nosing around trying to re-establish himself on Lobsters. I’m very glad not to be in an arms race with him trying to prevent him from abusing open signups.

                                                                                                          1. 1
                                                                                                    2. 2

                                                                                                      Based on my experience in community management, including here on Lobsters, I do not believe it’s possible for an individual instance in a system like you describe to have a coherent culture which is different from the top-level culture in substantial ways, unless you’re okay with participants feeling constantly under siege. The top-level culture always propagates downward, and overriding it takes an enormous amount of resources and constant effort.

                                                                                                      1. 1

                                                                                                        Have you used Mastodon at all? If that’s used as a model, it seems each instance can have a distinct personality, as Mastodon instances do today. Contrast with traditional forums, and Reddit to some extent, which do more-or-less have a tree structure and where your concern definitely applies. With federation there doesn’t necessarily need to exist a top-down structure, even if that might be the easiest to architect (although I don’t know if it is the easiest).

                                                                                                        1. 1

                                                                                                          I have used Mastodon, but not enough to have a strong opinion on it. It’s been a challenge for me to pay enough attention to it to keep up with what’s happening; it’s kind of an all-or-nothing thing, and right now Twitter is still taking the attention that I would have to give to Mastodon.

                                                                                                    3. 7

                                                                                                      Biggest argument in favor is probably for people that want to leech off of the quality submissions/culture here but who don’t want to actively participate in the community or follow its norms. That and the general meme today of “federated and decentralized is obviously better than the alternative”.

                                                                                                      Everybody wants the fruit of tilled gardens, but most people don’t want to put in the effort to actually do the work required to keep them running.

                                                                                                      The funny thing is that we’d probably just end up with a handful (N < 4) of lobster peers (after the novelty wears off), probably split along roughly ideological lines:

                                                                                                      • Lobsters for people that want a more “open” community (signups, etc.) and with heavier bias towards news and nerdbait
                                                                                                      • Lobsters for social-justice and progressive people
                                                                                                      • Lobsters for edgelords and people who complain about “social injustice”
                                                                                                      • Lobsters Classic, this site

                                                                                                      And sure, that’d scratch some itches, but it’d probably just result in fracturing the community unnecessarily and creating the requirement for careful monitoring of what gets shared between sites. As a staunch supporter of Lobsters Classic, though, I’m of course biased.

                                                                                                      1. 3

                                                                                                        So “federation” is what the cool kids are calling “forking” nowadays? Good to know ;)

                                                                                                      2. 3

                                                                                                        I’d be quite interested to see lobsters publish as ActivityPub/OStatus (so I could, for instance, use a mastodon account to follow users / tags / all stories). I don’t see any reason to import off-site activity; one of the key advantages of lobsters is that growth is managed carefully.

                                                                                                        1. 2

                                                                                                          Lobsters actually already does this with Twitter, so that seems both entirely straightforward to add and in line with existing functionality.

                                                                                                          (Note that I don’t use Twitter, so I can’t speak to how well that feed actually works.)

                                                                                                          1. 1

                                                                                                            The feeds already exist, just have to WebSub enable them…

                                                                                                          2. 1

                                                                                                            It won’t go away entirely if the one, special person who happens to own this system decides to make it go away for whatever reason of their own. It won’t die off if this specific instance gets sold or given to someone who can’t handle it and who runs it into the ground.

                                                                                                          1. 2

                                                                                                            Huh, what would a federated message board look like? I guess I could see a reddit-like one where each sub could be on a different server, but you’d have a shared account around them all. Still one server per forum, so you can have consistent ordering of stories and comments. I’m not really sure what the benefit is to anyone of having a shared account among a ton of federated board servers, though. It just preserves reddit weirdness like sharing massively different karma amounts between joke boards and deep research boards.

                                                                                                            Lobsters is meant to have one main page though. How would you do consistent ordering of the front page if stories were federated?

                                                                                                            1. 4

                                                                                                              what would a federated message board look like?

                                                                                                              Usenet, I think. Threaded messages (with different people getting a different, but eventually consistent view of the thread). Each lobste.rs post would be a new top-level thread.

                                                                                                              You’d lose voting and ranking on a straight usenet model, but that would be a small extension (usenet already supports control messages - you’d just have upvotes/downvotes propagated as a type of control message and your ‘top level’ view respecting the votes and an aging algorithm etc.

                                                                                                              1. 1

                                                                                                                I’m not at all convinced that you need that consistent view. Twitter doesn’t have one - everyone sees their own slice of things that they’re paying attention to.

                                                                                                                Having some consistency is a prerequisite for a place to be a community, though, so it would certainly be a very different form of interaction.

                                                                                                              1. 3

                                                                                                                Good article. I particularly like that it raises the issue of unprotected length fields. I’d never thought about how security issues affect the suitability of a format for archival, but certainly if it became unsafe to use the existing libraries for the format, that would create work for archivists.