1. 3

    I like it. It makes reading comments super fast. One minor issue, though.

    I’m using the gopher+ distribution (gopher-3.0.11p2). When I open the link I see “Page 1/4”. As I page down (or jump to the next page using “>”) I get to 3/4 and then it wraps back around to 1/4. I never see “Page 4/4”. Not a major problem, but paging works on other gopher sites.

    Thanks for making it!

    BTW, for anyone looking for a client, I find plain gopher has saner navigation than lynx. And less color! \o/

    1. 21

      Another remote access app may be welcome, but the claims are exuberant, especially when comparing itself to a codebase and specification that’s been around a long time and proved it’s worth and mettle.

      What Is It?

      It’s like SSH, but more secure, and with cool modern features. It is not an implementation of SSH, it is a new, modern protocol.

      Does Oxy have…

      + Years of testing and battle hardening? No, it's super green. But hey, if you try it you'll help make it less green!
      

      Questions I’d like to see answered:

      • Who designed it?
      • Who implemented it?
      • Who reviewed the design and implementation?
      • Who evaluated the use and implementation of the crypto?
      • How was it tested to be shown “more secure”?

      The site links a protocol specification. Excellent. But that’s just the beginning.

      Curious to know the same about OpenSSH, see the specifications page? Want to know more about the project and where it came from, see the home and history pages.

      Oxy is a new project and it takes time to build out a project site. Keep working on both the app and the site. But seriously, don’t expect security-minded folks to believe it’s “like SSH, but more secure” based on assertion. Deliver some serious smack-down proof. And then do it long enough to prove the project has the chops and the commitment to do it day in and day out for decades.

      Security is about more than claims. Until we see more evidence, I’ll watch Oxy and test it, but I’m not dropping ssh and nearly 20 years of demonstrated commitment to the principles and procedures for delivering secure software.

      1. 9

        This is a really timely post. Yesterday after reading @garybernhardt’s revision of Linus’ email, I went down the rabbit hole of type punning, strict aliasing, and undefined behavior. Here are some more helpful articles:

        John Regehr’s articles are always informative, as are Lattner’s. Cardelli’s is really helpful as far as understanding the value of type systems, how to think about them, and what they can and cannot do for you.

        The article @GeoffWozniak posted here has helpful links in the footnotes as well.

        1. 2

          Cardelli also worked on Modula-3 systems language. It has one of best balances Ive seen of features vs simplicity along with fast compiles, safe by default, and concurrency support. It also had first, standard library with partial, formal verification using the precurser to Why3.

          All it needed was macros to be nearly perfect alternative to C++. Well, maybe C syntax and some compatibility given how important that turned out. I consider that mandatory these days if aiming for C or C++ crowds.

        1. 9

          What Article 13 seemingly overlooks is the place of fair use/fair dealing. How does one critique a work when one can’t display it without a license? Yes, there’s an appeal process … but who’s the arbiter? How long does it take to get approval?

          What about transformative fair use? Is there a place in Article 13 to build upon the work of others?

          Yes, I understand we Americans have an expansive view of fair use, but Article 13 is too restrictive. It’s especially so when you consider how long and broad copyrights are. There is a very real need for balance between the rights of authors and those of the public on whose behalf governments extend copyright.

          And yes, again, I understand Americans view copyright as a mere grant of monopoly by government where in other domains it’s a recognition of droit moral. It’s complicated. But it’s not as simple as the music industry would see it.

          “This is a strong and unambiguous message sent by the European Parliament,” said executive chair Helen Smith.

          “It clarifies what the music sector has been saying for years: if you are in the business of distributing music or other creative works, you need a licence, clear and simple. It’s time for the digital market to catch up with progress.”

          1. 4

            The thing is also that the content-filtering obligation kicks in in the absence of a license. This is why the supposed target of this legislation (YouTube/Google) has lobbied for it, because that’s exactly what they want – not having to change anything. They already have Content ID, which means they won’t need a licensing deal with the rightholders, while everyone around them will have to either make a deal or develop/license their own Content ID.

          1. 12

            I like being able to toggle SMT without a visit to the BIOS. Very cool! Works without a reboot:

            $ sysctl hw.smt
            hw.smt=0
            
            $ ls -laR /
            
            $ echo in another terminal
            $ top
            
            load averages:  0.25,  0.16,  0.09                       openbsd 08:32:39
            64 processes: 62 idle, 2 on processor                                            up  0:09
            CPU0 states: 59.1% user,  0.0% nice, 17.4% sys,  4.2% spin,  1.6% intr, 17.8% idle
            CPU1 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr,  100% idle
            CPU2 states: 49.7% user,  0.0% nice, 21.4% sys,  4.8% spin,  0.0% intr, 24.2% idle
            CPU3 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr,  100% idle
            Memory: Real: 465M/1302M act/tot Free: 6268M Cache: 477M Swap: 0K/8129M
            
            $ doas sysctl hw.smt=1
            hw.smt: 0 -> 1
            
            $ ls -laR /
            
            $ echo in another terminal
            $ top
            
            load averages:  0.16,  0.17,  0.10                       OpenBSD 08:33:49
            64 processes: 61 idle, 3 on processor                                            up  0:10
            CPU0 states: 19.0% user,  0.0% nice, 10.4% sys,  5.4% spin,  1.6% intr, 63.7% idle
            CPU1 states: 15.2% user,  0.0% nice, 10.0% sys,  6.8% spin,  0.0% intr, 68.1% idle
            CPU2 states: 25.3% user,  0.0% nice, 12.4% sys,  5.4% spin,  0.0% intr, 56.9% idle
            CPU3 states: 21.0% user,  0.0% nice, 14.0% sys,  6.0% spin,  0.0% intr, 59.1% idle
            Memory: Real: 464M/1311M act/tot Free: 6259M Cache: 477M Swap: 0K/8129M
            
            1. 0

              So far I’ve only found one solution that is actually robust. Which is to manually check that the value is not nil before actually using it.

              This seems reasonable to me. If anything, I’d consider knowing how and when to use this kind of check a part of language competency knowledge as it is how Go was designed.

              1. 9

                We expect people to be competent enough to not crash their cars, but we still put seatbelts in.

                That’s perhaps a bad analogy, because most people would say that there are scenarios where you being involved in a car crash wasn’t your fault. (My former driver’s ed teacher would disagree, but that’s another post.) However, the point remains that mistakes happen, and can remain undiscovered for a disturbingly long period of time. Putting it all down to competence is counter to what we’ve learned about what happens with software projects, whether we want it to happen or not.

                1. 9

                  I wish more languages had patterns. Haskell example:

                  data Named = Named {Name :: Text} deriving Show
                  
                  greeting :: Maybe Named -> Text
                  greeting (Just thing) = "Hello " + (Name thing)
                  greeting _ = ""
                  

                  You still have to implement each pattern, but it’s so much easier, especially since the compiler will warn you when you miss one.

                  1. 3

                    Swift does this well with Optionals

                    1. 5

                      You can even use an optional type in C++. It’s been a part of the Boost library for a while and was added to the language itself in C++17.

                      1. 4

                        You can do anything in C++ but most libraries and people don’t. The point is to make these features integral.

                        1. 1

                          It’s in the standard library now so I think it’s integral.

                          1. 4

                            If it’s not returned as a rule and not as an exception throughout the standard library it doesn’t matter though. C++, both the stdlib and the wider ecosystem, rely primarily on error handling outside of the type-system, as do many languages with even more integrated Maybe types

                      2. 2

                        Yep. Swift has nil, and by default no type can hold a nil. You have to annotate them with ? (or ! if you just don’t care, see below).

                        var x: Int = nil // error
                        var x: Int? = nil // ok
                        

                        It’s unwrapped with either if let or guard let

                        if let unwrapped_x = x {
                            print("x is \(x)") 
                        } else {
                            print("x was nil")
                        }
                        
                        guard let unwrapped_x = x else {
                            print("x was nil")
                            return
                        }
                        

                        Guard expects that you leave the surrounding block if the check fails.

                        You can also force the unwraps with !.

                        let x_str = "3"
                        let x = Int(x_str)! // would crash at run-time if the conversion wouldn't succeed
                        

                        Then there’s implicit unwraps, which are pretty much like Java objects in the sense that if the object is nil when you try to use it, you get a run-time crash.

                        let x: Int! = nil
                        
                    2. 7

                      Hey, I’m the author of the post. And indeed that does work, which is why I’m doing that currently. However, like I try to explain further in the post this has quite some downsides. The main one is that it can be easily forgotten. The worst part of which is that if you did forget, you will likely find out only by a runtime panic. Which if you have some bad luck will occur in production. The point I try to make is that it would be nice to have this be a compile time failure.

                      1. 1

                        Sure, and that point came across. I think you’d agree that language shortcomings - and certainly this one - are generally excused (by the language itself) by what I mentioned?

                    1. 6

                      This news caused the public release for XSA-267 / CVE-2018-3665 (Speculative register leakage from lazy FPU context switching) to be moved to today.

                      1. 16

                        These embargoed and NDA’d vulnerabilities need to die. The system is broken.

                        edit: Looks like cperciva of FreeBSD wrote a working exploit and then emailed Intel and demanded they end embargo ASAP https://twitter.com/cperciva/status/1007010583244230656?s=21

                        1. 8

                          Prgmr.com is on the pre-disclosure list for Xen. When a vulnerability is discovered, and the discoverer uses the responsible disclosure process, and the process works, we’re given time to patch our hosts before the vulnerability is disclosed to the public. On balance I believe participating in the responsible disclosure process is better for my customers.

                          Pre-disclosure gives us time to build new packages, run through our testing process, and let our users know we’ll be performing maintenance. Last year we found a showstopping bug during a pre-disclosure period: it takes time and effort to verify a patch can go to production. With full disclosure, we would have the do so reactively, with significantly more time pressure. That would lead to more mistakes and lower quality fixes.

                          1. 2

                            This is a bad response to the issue. The bad guys probably already have knowledge of it and can use it. A few players deemed important should not get advanced notification.

                            1. 15

                              Prgmr.com qualifies for being on the Xen pre-disclosure list by a) being a vendor of a Xen-based system b) willing and able to maintain confidentiality and c) asking. We’re one of 6 dozen organizations on that list–the criteria for membership is technical and needs-based.

                              If you discover a vulnerability you are not obligated to use responsible disclosure. If you run Xen you are not obligated to participate in the pre-disclosure list. The process consists of voluntary coordination to discover, report, and resolve security issues. It is for the people and organizations with a shared goal: removing security defects from computer systems.

                              By maintaining confidentiality we are given the ability, and usually the means to have security issues resolved before they are announced. Our customers benefit via reduced exposure to these bugs. The act of keeping information temporarily confidential provides that reduced exposure.

                              You have described a voluntary process with articulable benefits as “needing to die,” along with my response being “bad.” As far as I can tell from your comments you claim “the system is broken” because some people “should not get advanced notice.” I’ve described what I do with that knowledge, and why it benefits my users. I’m thankful the security community tells me when my users are vulnerable and works with me to make them safer.

                              Can you improve this process for us? Have I misunderstood you?

                              1. 11

                                Some bad guys might already have knowledge of it. Once it’s been disclosed, many bad guys definitely have knowledge of it, and they can deploy exploits far, far faster than maintainers, administrators and users can deploy fixes.

                                1. 8

                                  You’re treating “the bad guys” like they’re all one thing. In actuality, there’s a string of bad guys from people who will use a free, attack tool to people who will pay a few grand for one to people who can customize a kit if it’s just a sploit to people who can build a sploit from a description to rare people who had it already. There’s also a range in intent of attackers from DOS to data integrity to leaking secrets. The folks who had it already often just leak secrets in stealthy way instead of do actual damage. The also use the secrets in a limited way compared to average, black hat. They’re always weighing use vs detection of their access.

                                  The process probably shuts down quite a range of attackers even if it makes no difference for the best ones who act the sneakiest.

                                  1. 4

                                    The process probably shuts down quite a range of attackers even if it makes no difference for the best ones who act the sneakiest.

                                    I believe the process is so effective at shutting down “quite a range of attackers” that it works despite: a) accidental leaks [need for improvement of process] b) intentional leaks [abuse] c) black hats on the pre-disclosure list reverse engineering an exploit from a patch. [fraud] In aggregate, the benefit from following the process exceeds the gain a black hat would have from subverting it.

                              2. 9

                                Well, it’s complicated. (Disclosure: we were under the embargo.)

                                When a microprocessor has a vulnerability of this nature, those who write operating systems (or worse, provide them to others!) need time to implement and test a fix. I think Intel was actually doing an admirable job, honestly – and we were fighting for them to broaden their disclosure to other operating systems that didn’t have clear corporate or foundation backing (e.g., OpenBSD, Dragonfly, NetBSD, etc). That discussion was ongoing when OpenBSD caught wind of this – presumably because someone who was embargoed felt that OpenBSD deserved to know – and then fixed it in the worst possible way. (Namely, by snarkily indicating that it was to address a CPU vulnerability.) This was then compounded by Theo’s caustic presentation at BSDCan, which was honestly irresponsible: he clearly didn’t pull eager FPU out of thin air (“post-Spectre rumors”), and should have considered himself part of the embargo in spirit if not in letter.

                                For myself, I will continue to advocate that Intel broaden their disclosure to include more operating systems – but if those endeavoring to write those systems refuse to honor the necessary secrecy that responsible disclosure demands (and yes, this means “embargoed and NDA’d vulnerabilities”), they will make such inclusion impossible.

                                1. 18

                                  We could also argue Theo’s talk was helpful in that the CVE was finally made public.

                                  Colin Percival tweeted in his thread overview about the vulnerability that he learned enough from Theo’s talk to write an exploit in 5 hours.

                                  If Theo and and the OpenBSD developers pieced enough together from rumors to make a presentation that Colin could turn into an exploit in hours, how long have others (i.e., bad guys) who also heard rumors had working exploits?

                                  Theo alone knows whether he picked-up eager FPU from developers under NDA. Even if he did, there’s zero possibility outside of the law he lives under (or contracts he might’ve signed) that he’s part of the embargo. As to the “spirit” of the embargo, his decision to discuss what he knew might hurt him or OpenBSD in the future. That was his call to make. He made it.

                                  Lastly, I was at Theo’s talk. Caustic is not how I would describe it, nor would I categorize it as irresponsible. Theo was frustrated that OpenBSD developers who had contributed meaningfully to Spectre and Meltdown mitigation had been excluded. He vented some of that frustration in the talk. I’ve heard more (and harsher) venting about Linux in a 30 minute podcast than all the venting in Theo’s talk.

                                  On the whole Theo’s talk was interesting and informative, with a sideshow of drama. And it may have been what was needed to get the vulnerability disclosed and more systems patched.


                                  Disclosure: I’m an OpenBSD user, occasional port submitter, BSDCan speaker and workshop tutor, FreeNAS user and recommender, and have enjoyed many podcasts, some of which may have included venting.

                                  1. 4

                                    If Theo and and the OpenBSD developers pieced enough together from rumors to make a presentation that Colin could turn into an exploit in hours, how long have others (i.e., bad guys) who also heard rumors had working exploits?

                                    It was clear to me the day Spectre / Meltdown were disclosed that there would be future additional vulnerabilities of the same class based on that discovery. I think there is circumstantial evidence suggesting the discovery was productive for the people who knew about it in the second half of 2017 before it was publicly disclosed. One can safely assume black hats have had the ability to find and use novel variations in this class of vulnerability for at least six months.

                                    If Theo did pick up eager FPU from a developer under embargo that demonstrates just how costly it is to break embargo. Five hours, third hand.

                                    1. 4

                                      If Theo did pick up eager FPU from a developer under embargo that demonstrates just how costly it is to break embargo. Five hours, third hand.

                                      I have absolutely no idea what point you’re trying to make. Certainly, everyone under the embargo knew that this would be easy to exploit; in that regard, Theo showed people what they already knew. The only new information here is that Theo is every bit as irresponsible as his detractors have claimed – and those detractors would (of course) point out that that information is not new at all…

                                      1. 1

                                        With respect, how is Theo irresponsible for reducing the time the users of his OS are vulnerable?

                                        Like, the embargo thing sounds a lot to the ill-informed like some kind of super-secret clubhouse.

                                    2. 4

                                      Theo definitely wasn’t part of the embargo, but it’s also unquestionable that Theo was relying on information that came (ultimately) from someone who was under the embargo. OpenBSD either obtained that information via espionage or via someone trying to help OpenBSD out; either way, what Theo did was emphatically irresponsible. Of course, it was ultimately his call – but he is not the only user of OpenBSD, and is unfortunate that he has effectively elected to isolate the community to serve his own narcissism.

                                      As for the conjecture that Theo served any helpful role here: sorry, that’s false. (Again, I was under the embargo.) The CVE was absolutely going public; all Theo did was marginally accelerate the timeline, which in turn has resulted in systems not being as prepared as they otherwise could be. At the same time, his irresponsible behavior has made it much more difficult for those of us who were advocating for broader inclusion – and unfortunately it will be the OpenBSD community that suffers the ramifications of any future limited disclosure.

                                      1. 6

                                        Espionage? You’re suggesting one of:

                                        1. Someone stole the exploit information, leaked it to the OpenBSD team, a team known for proactively securing their code, on the off-chance Theo would then further leak it (likely with mitigation code), causing the embargoed details to be released sooner than expected,

                                        2. OpenBSD developers stole the exploit information, then leaked it (while committing mitigation code), causing the embargoed details to be released sooner than expected.

                                        The first doesn’t seem plausible. The second isn’t worthy of you or any of the developers on the OpenBSD team.

                                        I’m sure you’ve read Colin’s thread. He contacted folks under embargo after he wrote his exploit code based on Theo’s presentation. The release timeline moved forward. OSs that had no knowledge of the vulnerability now have patches in place. Perhaps those users view “helpful” in a different light.


                                        Edit: Still boggling over the espionage comment. Had to flesh that out more.

                                        1. 8

                                          Theo has replied:

                                          In some forums, Bryan Cantrill is crafting a fiction.

                                          He is saying the FPU problem (and other problems) were received as a leak.

                                          He is not being truthful, inventing a storyline, and has not asked me for the facts.

                                          This was discovered by guessing Intel made a mistake.

                                          We are doing the best for OpenBSD. Our commit is best effort for our user community when Intel didn’t reply to mails asking for us to be included. But we were not included, there was no reply. End of story. That leaves us to figure things out ourselves.

                                          Bryan is just upset we guessed right. It is called science.

                                          He’s also offered to discuss the details with Bryan by phone.

                                          1. 4

                                            Intel still has 7 more mistakes in the Embargo Execution Pipeline™️ according to a report^Wspeculation by Heise on May 3rd.

                                            https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

                                            Let the games begin! 🍿

                                            1. 1

                                              What’s (far) more likely: that Theo coincidentally guessed now, or that he received a hint from someone else? Add Theo’s history, and his case is even weaker.

                                              1. 13

                                                While everyone is talking about Theo, the smart guys figuring this stuff out are Philip Guenther and Mike Larkin. Meet them over beer and discuss topics like ACPI, VMM, and Meltdown with them and you won’t doubt anymore that they can figure this stuff out.

                                                1. 6

                                                  In another reply you claim your approach is applied Bayesian reasoning, so let’s go with that.

                                                  Which is more likely:

                                                  1. A group of people skilled in the art, who read the relevant literature, have contributed meaningful patches to their own OS kernel and helped others with theirs, knowing that others besides themselves suspected there were other similar issues, took all that skill, experience and knowledge, and found the issue,

                                                  or

                                                  1. Theo lied.

                                                  Show me the observed distribution you based your assessment on. Show me all the times Theo lied about how he came to know something.

                                                  Absent meaningful data, I’ll go with team of smart people knowing their business.

                                                  1. 4

                                                    Absent meaningful data

                                                    Your “meaningful data” is 11 minutes and 5 seconds into Theo’s BSDCan talk: “We heard a rumor that this is broken.” That is not guessing and that is not science – that is (somehow) coming into undisclosed information, putting some reasonable inferences around it and then irresponsibly sharing those inferences. But at the root is the undisclosed information. And to be clear, I am not accusing Theo of lying; I am accusing him of acting irresponsibly with respect to the information that came into his possession.

                                                    1. 3

                                                      Here is at least one developer’s comment on the matter. He points to the heise.de article about Spectre-NG as an example of the rumors that were floating around. That article is a long way from “lazy FPU is broken”.

                                                      Theo has offered to discuss your concerns, what you think you know, what he knew, when and how. He’s made a good-faith effort to get his cellphone number to you. If you don’t have it, ask.

                                                      If you do have his number, call him. Ask him what he meant by “We heard a rumor that this is broken.” Ask him what rumor they heard. Ask him whether he was referring to the Spectre-NG article.

                                                      Seriously, how hard does this have to be? You engaged productively with me when I called you out. You’ve called Theo out. Talk to him.

                                                      And yes, I get it. Your chief criticism at this point is responsible disclosure. But as witnessed by the broader discussion in the security community, there’s no single agreed-upon solution.

                                                      While you’ve got Theo on the phone you can discuss responsible disclosure. Frankly, I suggest beer for that part of the discussion.


                                                      Edit: Clarify that Florian wasn’t saying he knew heise.de were the source.

                                                    2. 0

                                                      Reread the second sentence in my reply you linked.

                                                    3. 2

                                                      This is plain libel, pure and simple.

                                                      1. -2

                                                        It is Bayesian reasoning, pure and simple.

                                                        That said, this is a tempest in a teacup, so call it whatever you want; I’m gonna go floss my cat.

                                                  2. 6

                                                    Sorry – I’m not accusing anyone of espionage; apologies if I came across that way.

                                                    What I am saying is that however Theo obtained information – and indeed, even if that information didn’t originate with the leak but rather by “guessing” as he is now apparently claiming – how he handled it was not responsible. And I am also saying that Theo’s irresponsibility has made the job of including OpenBSD more difficult.

                                                    1. 9

                                                      The spectre paper made it abundantly clear that addtional side channels will be found in the speculative execution design.

                                                      This FPU problem is just one additonal bug of this kind. What I’d like to learn from you is:

                                                      1. What was the original planned public disclosure date before it was moved ahead to today?

                                                      2. Do you really expect that a process with long embargo windows has a chance of working for future spectre-style bugs when a lot of research is now happening in parallel on this class of bugs?

                                                      1. 5
                                                        1. The original date for CVE-2018-3665 was July 10th. After the OpenBSD commit, there was preparation for an earlier disclosure. After Theo’s talk and after Colin developed his POC, the date was moved in from July 10th to June 26th, with preparations being made to go much earlier as needed. After the media attention today, the determination was made that the embargo was having little effect and that there was no point in further delay.

                                                        2. Yes, I expect that long embargo windows can work with Spectre-style bugs. Researchers have been responsible and very accommodating of the acute challenges of multi-party disclosure when those parties include potentially hypervisors, operating systems and higher-level runtimes.

                                                        1. 10

                                                          Thanks for disclosing the date. I must say I am happy that my systems are already patched now, rather than in one month from now.

                                                          I’ll add that some new patches with the goal of mitigating spectre-class bugs are being developed in public without any coordinated disclosure:

                                                          http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/9474cbef7fcb61cd268019694d94db6a75af7dbe

                                                          https://patchwork.kernel.org/patch/10202865/

                                                      2. 5

                                                        Thanks for the clarification.

                                                        I don’t think early disclosure is always irresponsible (the details of what and when matter). Others think it’s never irresponsible; and some that it’s always irresponsible. Good arguments can be made for each position that reasonable people can disagree about and debate.

                                                        One thing I hope we can all agree on is that we need clear rules for how embargoes work (probably by industry). We need clear, public criteria covering who, what, when and how long. And how to get in the program, ideally with little or no cost.

                                                        It’s a given that large companies like Microsoft will be involved. Open-source representatives should have a seat at the table as well. But “open source” can’t just mean Red Hat and a few large foundations. OSs like OpenBSD have a presence in the ecosystem. We can’t just write the rules with a “You must be this high to ride” sign at the door.

                                                        And yeah, Theo’s talk might make this more difficult going forward. Hopefully both sides will use this event as an opportunity to open a dialog and discuss working together.

                                                        1. 6

                                                          Right, I completely agree: I’m the person that’s been advocating for that. I was furious with Intel over Spectre/Meltdown (despite our significant exposure, we learned about it when everyone else did), and I was very grateful for the work that OpenBSD and illumos did together to implement KPTI. This time around, I was working from inside the embargo to get OpenBSD included. We hadn’t been able to get to where we needed to get, but I also felt that progress was being made – and I remained optimistic that we could get OpenBSD disclosure under embargo.

                                                          All of this is why I’m so frustrated: the way Theo has done this has made it much more difficult to advocate this position – it has strengthened the argument of those who believe that OpenBSD should not be included because they cannot be trusted. And that, in my opinion, is a shame.

                                                          1. 11

                                                            Look at it from OpenBSD’s perspective though. They (apparently) tried emailing Intel to find out more, and were told “no”. What were they supposed to do? Just wait on the hope that someone, somewhere, was lobbying on their behalf to be included, with no knowledge of that lobbying?

                                          1. 4

                                            One thing that puts me off from using kore is the degree of magic that seems to come with being a “framework”. No main function. An obscure documentation system. A baked-in build system. A baked-in web server. That’s a lot of duplication of mature, well-known tools—make, httpd, and so on—with none of them being trivial at all. I guess C to me is synonymous with UNIX, and frameworks like this go against what UNIX means: manpages, doing a small thing well and fitting into a larger framework, etc. It would be nice, all that being said, to split these tools apart and use them separately. (A well-written HTTP server library would be very handy—and there are a lot of questionable ones out there.)

                                            1. 5

                                              Kore author here.

                                              You must have used Kore ages ago. The build tool and web server are two separate things and have been for a while.

                                              If you don’t want to use the build tool to help you get started, automatically properly build your app or have any benefits from it, you can roll your own Makefiles. The applications are normal dso files mapped into the server its address space by dlopen() anyway. Those aren’t magic.

                                              Not having a main function sort of goes hand in hand with the fact your apps are dso’s.

                                              Yes there are more things the build tool can help you with, like injecting assets or building a single binary out of your application instead of a dso.

                                              I fully agree that the 2 year old documentation is shit, and that’s something I’m fixing for the next release :)

                                              1. 3

                                                Not to mention writing a web app in C sounds like a masochistic security mine field due to all the string processing it normally entails. C++ wouldn’t be as bad with std::string, but even then it sounds dreadful.

                                                So it’s not for me, but it still looks like a solid project, and it’s filling an interesting niche.

                                                1. 6

                                                  I don’t think kristapsdz got the memo about not writing web apps in C. https://learnbchs.org/ ;-)

                                              1. 4

                                                This looks very promising. As soon as I saw it I thought “plan9”, and sure enough, it’s somewhat related, using devdraw from plan9port.

                                                The widget set is complete enough to create functioning apps. The developer has created several demo apps, including a local mail reader, acme clone, and a simple database browser and query tool.

                                                And it’s pure Go.

                                                Very promising, indeed.

                                                1. 5

                                                  I run OpenBSD as my daily driver and have for years. I’m a developer and a bit of a minimalist, preferring text-oriented tools, and lightweight window managers like cwm, xmonad, or rio. But that doesn’t mean it can’t be used by folks who want the “full” desktop experience if that’s what you’re looking for (Gnome, KDE, Xfce, Lumina).

                                                  You’ll find approximately the same selection of open-source apps you run on Linux are available on OpenBSD (and the other BSDs). The edge cases in my experience are Linux-only ports (MS SQL Server), Linux api/kernel-dependent projects like Docker (FreeBSD has jails, a superior choice anyway), and commercial software (e.g., games, Skype, Dropbox). And strange abominations BSD users would rather avoid, like systemd.

                                                  You also won’t find apps like VirtualBox, but you will find good alternatives like vmm(4) on OpenBSD, and bhyve on FreeBSD.

                                                  Hardware

                                                  Going on to OpenBSD-specific recommendations, a lot of legacy hardware (x86, amd64, SPARC, and PowerPC) still works on OpenBSD. And a lot of very current hardware as well (x86, amd64, arm, SPARC64, MIPS and other). x86 and amd64 are probably the best options for desktop/laptop use.

                                                  Before getting to how my configuration and use, I’ll mention some gaps you might find troubling:

                                                  • file systems (ffs, pick one) (ext2, dos, or fuse are available for interoperability)
                                                  • GPUs (most will work, but you won’t be doing any CUDA on OpenBSD)

                                                  My Laptop

                                                  Currently I run OpenBSD on a Thinkpad T450s. Both wired and wireless (em(4), iwm(4)) work flawlessly.

                                                  External monitors work very well with xrandr. At a previous job I had a 4k monitor. I ran it alone and together with the internal monitor without issue, though you’ll not be gaming on a 4k monitor at 60 fps with the Intel 5500 series.

                                                  Suspend/resume works. I don’t use hibernate much, but it worked when I tried it.

                                                  As far as I can tell all the sensors work. Battery status and charge remaining work.

                                                  I have a docking station. When I dock/undock the switching is seamless. As with any OS, you have to connect/disconnect some devices during the process (e.g., USB disks … could be somewhat automated). Mice, keyboards and many peripherals connect/disconnect without issues. To manage switching between wired/wireless networking I wrote a script run by apm(8).

                                                  Software (apps I use)

                                                  • backups and syncing (rsync and unison)
                                                  • cli (xterm, ksh, tmux)
                                                  • dev (sed, awk, python, haskell, php, javascript, perl, c)
                                                  • email (acme, mutt)
                                                  • image viewing and manipulation (feh, ImageMagick)
                                                  • media (mplayer)
                                                  • office (LibreOffice)
                                                  • printing (lpr)
                                                  • reading (more, mupdf, Calibre for ebooks)
                                                  • videos (mplayer, youtube-dl, Chrome)
                                                  • web browsing (w3m, Chrome)
                                                  • writing (ed, acme, pandoc)

                                                  On the whole, I find OpenBSD a perfectly usable desktop OS, and it’s certainly my preference. I occasionally have to use other OSs due to work requirements, or where there’s no available software (see comments above about Skype).

                                                  1. 1

                                                    My initial searches proved worthless, I’ll try to set this up after work, thanks a ton! I’m mathuin from bsd.network by the way, so this is really on point.

                                                    1. 2

                                                      I had been thinking to write some articles about plan9 and Acme. Your question on https://bsd.network prompted me get started. Let me know how it goes.

                                                      1. 1

                                                        I was wondering why you chose msmtp over the openbsd smtp?

                                                        1. 1

                                                          A couple of reasons:

                                                          1. I already have it configured for multiple services I send through (personal domain, gmail),
                                                          2. msmtp is more of a client that functions like sendmail(8) where smtpd(8) would need to be configured as relay host,
                                                          3. It also runs in user space.
                                                    1. 2

                                                      I’ve played with using a program called amail to read mail in acme, but can’t recommend it. It’s written in a literate style, which means the actual code produced is just a giant pile of slinkys and impossible to read by itself.

                                                      It’s on my long list of projects to write a maildir adapter for Mail or add maildir support directly so that I can continue to use my mbsync+msmtp workflow.

                                                      1. 2

                                                        This might be overkill, but setup dovecot(1) on your local system. Let it serve email to Acme via IMAP. Your current workflow should continue to work.

                                                        I used to do something similar when I used gnus on Emacs. The only difference is I used the doveadm(1) sync command to keep the local in sync with the primary server. For dovecot-to-dovecot syncing, doveadm(1) is the way to go.

                                                      1. 1

                                                        I cringe when I see practice of putting clear passwords in any text file, especially the dreaded .netrc.

                                                        Supposedly secstore(1) could help with that, but I have never ventured further in those. Can somebody say anything about the security aspect of these programs in plan9port?

                                                        1. 1

                                                          With msmtp(1) you should use the passwordeval option which will evaluate an expression and use whatever is returned on stdout as the password:

                                                          gpg2 --no-tty -q -d ~/.msmtp-password.gpg
                                                          

                                                          Install pinentry-gtk2 and you’ll get a nice dialog box.

                                                          I intended to mention the passwordeval option, but the writing went into the wee hours and it was lost. :D I’ve updated the $HOME/.msmtprc example with a note referencing it.

                                                          As for secstore(1), that’s a backing store for factotum(4). I think you could use passwordeval with factotum(4).

                                                          1. 1

                                                            How does one set up factotum with secstore? Can I use it the same way I use pass? If I don’t explicitly use secstore will I have to set the secret everytime I start factotum?

                                                            1. 1

                                                              iirc, yeah, you’ll get prompted. Well, may get prompted. I don’t think things like auth/fgui(1) got brought over.

                                                        1. 4

                                                          Rather than the video, I want to see the car’s telemetry stream just prior to the collision. Logs too, please.

                                                          1. 12

                                                            What’s the best way to use Mastodon? I appreciate its dedication to privacy, but the distributed nature of Mastodon confuses me. I feel like it’s the World of Warcraft server problem, where it’s impossible to find a server with all your friends on it without one server having everyone on it.

                                                            1. 11

                                                              You don’t have to be on the same server, you can follow accounts from other instances.

                                                              1. 10

                                                                Many of us in the BSD world went with https://bsd.network/.

                                                                You might try the instances.social finder: https://instances.social/.

                                                                One of the things I like about Mastodon is I can join a server (or servers) that are more closely aligned to my interests. By monitoring the instance timeline I see all the posts. I don’t have to find a bunch of people to follow immediately. I can grow the list by following the folks I notice posting things I enjoy reading.

                                                                1. 2

                                                                  What network do Haskellers use?

                                                                  1. 4
                                                                  2. 1

                                                                    Yeah that’s one of the things I really dig about it. It’s a metacommunity. You find an instance that focuses on your interests, or create one of your own if that’s what floats your boat, and it becomes a microcosm unto itself, but you all still share the global timeline.

                                                                  3. 6

                                                                    Replace instance with server and mastodon with e-mail. Then all these explanations become less confusing. Unless your server’s admin or your peer’s admin blocks your messages, you can write messages to every peer on every other server as you see fit.

                                                                    Does that make sense to you?

                                                                    1. 4

                                                                      You don’t need to find a server with everyone in it since federation allows you to follow people on other servers. I do recommend to simply find a community you enjoy and use that as home-base.

                                                                      1. 1

                                                                        With sites like joinmastodon.org or instances.social, I haven’t experienced this to be too much of a problem. Yes, it takes a while, but you can always delete an account and create a new one on another instance.

                                                                        To me, the real problem seems to be the difficulty to find interesting accounts to follow, and create a informative, fun and interesting stream. There are a lot of inactive accounts, regardless of the server (mine is one of these), and some active ones, but I can’t really re-create the same level of experience as on twitter, reddit or image boards, for example, even though I have stopped using all of these by now.

                                                                        1. [Comment removed by author]

                                                                          1. 6

                                                                            The flagship instance is overloaded and has some trouble scaling; I’d recommend finding something else, if only to ease the burden on the poor folks doing ops on it.

                                                                        1. 2

                                                                          Interested in doing this myself. At my previous job, I did iOS development, among other things. So macOS was pretty much a requirement. Now I’m unemployed and don’t have that machine any more, and I haven’t been in a hurry to find a replacement. I want something serviceable, preferably ARM-based, and with good battery life.

                                                                          Those new Windows 10 ARM machines (e.g. HP Envy x2) are quite tempting, but they’re prolly glue sandwiches like everything else. Recommendations are most welcome!

                                                                          (Also there’s a link to my website in this post; that was unexpected. 🙂)

                                                                          1. 14

                                                                            If you have the time and inclination to try various options, may I suggest one the BSDs? A lot of folks run OpenBSD as their daily driver, including a number of us here on lobste.rs (@mulander, @qbit, @stsp, @jcs, to name a few). You might also try FreeBSD or TrueOS (the more end-user focused version).

                                                                            I’ll be honest, as far as OpenBSD goes, you’ll find there are few thing you won’t be able to run. GPU stuff is pretty much out of the question. And you’ll stumble across the odd app that hasn’t been ported yet. For general productivity, you’ll find pretty much every desktop environment, LibreOffice, etc. As a development platform you’ll find lots of choices and options. And let’s not forget stellar doc.

                                                                            If you like gaming, the past year or so has been very good to OpenBSD. Check out this list at GOG.

                                                                            I’m not as up on the ARM options as I’d like for laptops. The one I can think of off the top of my head is the PineBook. It’s still a work-in-progress as far as OpenBSD goes. The company that make it do have a Linux-based OS for it.

                                                                            If you’re looking for hacking-on-the-system options, OpenBSD and a PineBook might be just right. ;-)

                                                                            Good luck finding something that meets your interests and needs!

                                                                            1. 3

                                                                              I ran FreeBSD on my home and work desktops (and most of my servers) for almost 10 years. I use a Mac these days, but I still have a soft spot for FreeBSD on the desktop.

                                                                              @wezm - For Dropbox on FreeBSD, I found just installing the CLI (pkg install dropbox-api-command) and then calling “dropbox-api sync” in cron ever 10 minutes was good enough.

                                                                              1. 3

                                                                                I use FreeBSD on my server and like it for that, and was eyeing TrueOS for my cheapo desktop, but it seems to lack ARM support so that didn’t work. Definitely a bigger fan of *BSD than the Linuxes. I really wish I could use Haiku, but it’s also lacking ARM support and is more of a fantasy/pipe dream. 🙂

                                                                                Checking out the PineBook, thanks!

                                                                              2. 1

                                                                                Chromebook Pixel 2?

                                                                              1. 2

                                                                                Nice write up. Better … I now know about Elfeed, an emacs feed reader. https://github.com/skeeto/elfeed

                                                                                1. 1

                                                                                  I’m interested to see what you think of elfeed.

                                                                                  I tried it a while back but eventually gave up on it. Configuration was a pain and it didn’t match my “workflow” very well. And since the author’s moved to Vim, it seemed unlikely to improve much.

                                                                                  It wasn’t terrible, I just couldn’t get used to it.

                                                                                  1. 1

                                                                                    Maybe he came back. The repo shows a commit 2 days ago.

                                                                                    I just started using it. The jury’s still out on whether I like it. So far, not bad.

                                                                                1. 1

                                                                                  I would love to know the validity of this claim. It seems fishy that a patent was filed but no white paper was submitted to journal for peer review (that I can find). If anyone with more expertise can provide their take on the matter, I would greatly enjoy it!

                                                                                  1. 19

                                                                                    The inventor has a website called boundedfloatingpoint.com. There he describes it in a bit more detail than the article, but not much.

                                                                                    Note carefully how he describes it:

                                                                                    This invention provides a device that performs floating point operations while calculating and retaining a bound on floating point error.

                                                                                    And “[t]his invention provides error notification by comparing the lost bits”.

                                                                                    It’s a solution to the problem of “unreported errors”. His solution provides extra fields in the floating point representation to carry information about ’lost bits” and allows the operator to specify how many significant digits must be retained before an error is flagged.

                                                                                    This is an advantage over the current technology that does not permit any control on the allowable error. This invention, not only permits the detection of loss of significant bits, but also allows the number of required retained significant digits to be specified.

                                                                                    At a cursory glance one might be inclined to think he’s solved the problem of floating point, but the reality is he’s developed a standard for communicating error in floating-point operations that can be implemented in hardware.

                                                                                    Not to detract from his solution, but it doesn’t seem like he’s invented anything that will surprise hardware designers.

                                                                                    1. 7

                                                                                      Thank you for that analysis. This is a real problem with floating point numbers, but hardly the only one.

                                                                                      People who haven’t seen it might be interested in this post from last year about a new number representation called “posits”, which addresses some completely orthogonal issues with fixed-size number representations. :)

                                                                                      1. 1

                                                                                        Nice! Thanks for the link.

                                                                                      2. 1

                                                                                        It’s a solution to the problem of “unreported errors”. His solution provides extra fields in the floating point representation to carry information about ’lost bits” and allows the operator to specify how many significant digits must be retained before an error is flagged.

                                                                                        SIGNAL ON LOSTDIGITS;
                                                                                        NUMERIC DIGITS 10;
                                                                                        NUMERIC FUZZ 2;
                                                                                        

                                                                                        We just need to do all our math in REXX.

                                                                                    1. 4

                                                                                      Aha, glad to see more people thinking of replacing prelude, especially Snoyman!

                                                                                      The Foundation project aims towards the same goal, but I guess having a FP-complete backed alternative cannot hurt!

                                                                                      [edit] Right, posted this comment too soon! This is a different approach, they plan to actually reuse the existing libraries. This is definitely nice, hopefully the prelude problem will definitely be fixed in 2~3 years from now.

                                                                                      1. 3

                                                                                        What “Prelude problem” ?

                                                                                        1. 5

                                                                                          The project README more or less states the problem:

                                                                                          The RIO module works as a prelude replacement, providing more functionality and types out of the box than the standard prelude (such as common data types like ByteString and Text), as well as removing common “gotchas”, like partial functions and lazy I/O. The guiding principle here is:

                                                                                          • If something is safe to use in general and has no expected naming conflicts, expose it from RIO
                                                                                          • If something should not always be used, or has naming conflicts, expose it from another module in the RIO. hierarchy.

                                                                                          Snoyman and FP-complete are trying to move Haskell more in the direction of a batteries-included solution for software development. The Haskell Foundation project mentioned by @NinjaTrappeur above is attempting the same thing.

                                                                                          Many of the changes RIO makes as a Prelude replacement solve problems beginners don’t know they have until they’ve been coding a while in Haskell. Using String rather than Text or ByteString is one of the most common mistakes beginners make. And why shouldn’t they? It’s right there in the “base” of the language. And then you learn, often after months of coding, String performance is a disaster.

                                                                                          Whether RIO is the right solution, time will tell. That it’s a step in the right direction, is beyond doubt.

                                                                                          1. 5

                                                                                            I personally use Protolude. The problems it solves (for my projects, on my computer, for my use cases) are:

                                                                                            • head :: [a] -> a becomes head :: [a] -> Maybe a (and all the other partial functions that throw error "message", like tail and so on…)
                                                                                            • everything is Text
                                                                                            • convenience functions that I used to copy in all my project, for example: toS which convert from any string-like (Text, String, ByteString, …) to any other string-like.
                                                                                            • foldl, head, … are on traversable not just lists
                                                                                            • a lot of other stuff, that I’m missing at the top of my head
                                                                                            1. 2

                                                                                              afaik, it’s the issues connected with the standard prelude, either concerning inefficient data structures (String is defined as [Char], ie. a linked list) or simple lack of utilities, which are then afterwards commonly installed by many uses (eg. Data.Vector). Many other “alternative” preludes have tried to replace the standard, but most of them can’t manage to get any significant adoption.

                                                                                              That’s at least what I understand when someone says “Prelude problem”.

                                                                                              1. 2

                                                                                                The Foundation README gives some information about this “problem”, RIO gives other arguments. The two main issues people have with Prelude is partial functions and Lazy IO, as fas as I can tell.

                                                                                                1. 1

                                                                                                  @akpoff, @zge and @lthms pretty much summed up the problem.

                                                                                                  I would also come up with another problem class: “legacy semantics”.

                                                                                                  [EDIT] The following statement is wrong.

                                                                                                  The most notable offender is the Monad typeclass. As it is defined in base (prelude is re-exporting parts of the base library), Applicative is not a superclass of monad. Those two typeclasses are actually completely unrelated as it’s implemented. In other terms, you could end up with a Monad not being an Applicative. Some people are trying to fix that directly in base, some are trying to fix that in external libraries such as Foundation.

                                                                                                  In the end, it is not such of a big deal for an intermediate/experienced developer; however, it is quite confusing for newcomers. Not knowing what you can safely use from the standard library is not a really nice user experience in my opinion.

                                                                                                  [Edit] As a side note, I am saddened to see that the return keyword is preferred over pure. This keyword has a totally different meaning in procedural languages (ie. 90% of the languages), using it in this context is just a constant source of confusion for newcomers…

                                                                                                  1. 1

                                                                                                    Applicative has been a superclass of Monad for quite some time in GHC base. I disagree with the change (breaks compatibility) but understand why they did it.

                                                                                                    1. 1

                                                                                                      Oh yes, you’re right, my bad!

                                                                                                      See monoid and semigroup, the problem is quite similar.

                                                                                              1. 3

                                                                                                This is pretty sleazy. NVidia used to make it hard enough to use consumer cards in lights-out scenarios. Some settings can only be adjusted via the GUI control panel, whereas the drivers for the workstation cards can be adjusted from the command line. But to add the prohibition to the driver EULA is pretty low.