1. 6

    To me, the ethical intent of copyleft is clear: if your code has a first-degree dependency on copyleft code in any sense –static linking, dynamic linking, IPC, RPC– then your code must also be copyleft. Indeed, the Affero GPL came about precisely because people were circumventing the intended sharing requirements of the GPL by claiming, “I don’t distribute the GPL backend, my proprietary app just talks to it over the network!” As others here have also mentioned, the LGPL family of licenses would also be superfluous if this wasn’t a property of strong copyleft licenses like the GPL and AGPL.

    If your code has first-degree copyleft dependencies, and you don’t want your own code to be copyleft, then it’s time to either: remove the first-degree copyleft dependency, or convince the copyright holders to grant you an exception in one form or another. Now, I concede that the boundaries of such “first-degree” dependencies aren’t always easily or perfectly defined, and the notion of a “dependency” is itself tenuous. But in general, if you have… direct/strong/hard/stiff dependencies on copyleft code, if you lose functionality when removing the copyleft dependency, if you are unable or unwilling to swap out the copyleft dependency with a suitably licensed alternative, then chances are, you are ethically obligated to make your own code copyleft as well. The pedantry of lawyers and judges concerning whether you are legally obligated to do so is immaterial.

    Ultimately, if you don’t want to share your code, then don’t touch codebases that are hostile to that notion. It’s not as if there’s a dearth of non-copyleft options out there.

    1. 1

      To me, the ethical intent of copyleft is clear: if your code has a first-degree dependency on copyleft code in any sense –static linking, dynamic linking, IPC, RPC– then your code must also be copyleft.

      Hm, no. Your code can be anything, as long as you don’t effectively restricts the rights that the GPL gives the user of the artifact (free inspection, modification and redistribution of the whole). It’s perfectly fine to distribute your code under a compatible non-copyleft license and later someone else coming along, ripping the GPL parts out and republish the whole thing in a non-copyleft fashion.

    1. 2

      A perhaps unrelated question: is anyone running grsec on a GNU/Linux desktop without disabling any of the protections for their day-to-day usage? I’ve considered implementing it on several occasions, but on each occasion, I’m reminded that I’ll effectively be disabling the protections on large parts of the stack: gnome-shell, qt components, firefox… You know, the very targets most ripe for the kinds of exploits that grsec is meant to contain.

      Don’t get me wrong. grsec is an awesome project. It’s not grsec’s problem that so much software has been developed without its security model in mind. But I can’t help but feel like using grsec –in a desktop context at least– is a pointless endeavor if you still end up disabling it for large portions of your stack.

      1. 2

        Speaking specifically about Firefox, now that Firefox 47 and on support W^X compat, disabling W^X for Firefox shouldn’t be needed anymore for grsec-based systems.

        Using HardenedBSD as an example, though, we still have to disable W^X protections for Firefox on HardenedBSD because we don’t yet support TEXTRELs in our implementation. Support for TEXTRELs should be completed in the coming months, at which point, we shouldn’t have to disable W^X protections for Firefox.

        But, the vast majority of applications I use don’t need any protections disabled. zsh, git, clang, make, etc. don’t require RWX mappings.

      1. 11

        There’s a collective of quixotic Mexican software developers and users that is quite active. I wonder why is it that FSF’s philosophy with its exhortation to viciously defend freedom resonates so well in some parts of Mexico. It was those groups, which congregate on the Hackmitin[1], Hacklab Autónomo and Rancho Electrónico that helped Jacobo Nájera with his legal proceedings against Secure Boot.

        I went a couple of times to the Hacklab. It’s an interesting place. At the time, it looked like they were squatting in an abandoned building and they looked like Hollywood hacker stereotypes. If it weren’t for the proliferation of hardware with Debian and Trisquel logos, their appearance make you would think these were just ordinary anarchist punks. In a way, that’s what they are, except they are technoanarchist punks, and obviously not completely anarchist as they know how to work with the legal system. They were very left-leaning, distrustful of all corporations, completely aligned with FSF philosophy; radical, feminist, and fiercely protective of their rights.

        I rather miss that scene. I haven’t found quite something like it here in Canada.

        I hope Nájera manages to get somewhere, but it seems like a hopeless fight against MSFT, the one that is really ensuring that installing the OS of your choice is impossible. The whole “security” thing is a sideshow; the real goal here with “Secure” Boot is to make it harder to install unlicensed copies of Windows.

        [1] (“mitin” in Spanish is from English “meeting” but has left-leaning political connotations such as protests and marches.)

        1. 4

          I wonder why is it that FSF’s philosophy with its exhortation to viciously defend freedom resonates so well in some parts of Mexico.

          I suspect it’s because much of Latin America has deeper roots with leftist politics, and Free Software hems closely (if not explicitly) to much of the same underlying philosophy. I’m more disappointed it doesn’t resonate with the majority of the tech crowd here in the states. Instead, the reactionary “Open Source” movement is the cultural juggernaut, often with an explicit rejection of Free Software. I’d love to get involved with what they’re doing. Granted, my Spanish is mediocre at best. I do like this bit from your second link though (at the bottom):


          1. 1

            I hope Nájera manages to get somewhere, but it seems like a hopeless fight against MSFT, the one that is really ensuring that installing the OS of your choice is impossible. The whole “security” thing is a sideshow; the real goal here with “Secure” Boot is to make it harder to install unlicensed copies of Windows.

            Or you enroll your own keys, sign your own kernels, and remove the OEM provided ones. Or enroll the keys of some other entity you trust.

            Secure Boot is a tool. That’s all it is. Properly used, it can be a major boon in preventing rootkits at the bootloader and kernel module level.

            1. 4

              That assumes you can add your own keys. I don’t believe that’s possible on my current laptop, though I haven’t investigated extensively. I can do it on my desktop, but I feel that that’s likely a rarity.

              1. 5

                Microsoft mandates that for a computer to be sold with OEM Windows 10, you must be able to configure the chain of trust. If it doesn’t do that, it’s buggy firmware. (completely unsurprised with OEMs)

          1. 17

            I find it difficult to change my biometrics, as opposed to my passwords, if the need arises.

            1. 3

              You wanna know how I got these scars?

              1. 3

                No. D:

              2. 1

                2017 Everyone changes from passwords to biometrics.
                2018 Chinese hackers access Apple/Google/Microsoft/Facebook servers and get access to everyone’s biometrics.
                2019 Everyone changes from biometrics to passwords. 2020 Cars made in 2017 are still frequently stolen, some have been converted back to key/remote/card access.

              1. 3

                Heh. So I’m not the only one using markdown!


                It is indeed an awesome intermediary. And in the spirit of semi-justified shameless self-promotion… I’m unemployed in Austin, and would love a chance to work as a software engineer :P I’m tiring of the Ops roles.

                1. 2

                  And you won’t be the last!

                1. 18

                  One thing that is so frequently forgotten these days is that “open source” was coined as a marketing synonym for “free software”. The two terms refer to the same software and licenses (except for minor obscure exceptions). Copyleft is not required for free software, and open source requires the same freedoms as free software. The only substantive difference is a matter of how you think of the software, whether you think it’s mostly about freedom or mostly about commercial advantage.

                  1. 16

                    And to expand on your point (and great blog post), “open source” was promoted by business interests to avoid RMS’s politics of “free software”.

                    Huh. I just realized it’s been 20 years since I heard about it, 30 since it was coined, and “free software” is still a bad, confusing term. Maybe it’s time to stop digging in that hole and rebrand to “libre software” or one of the other alternatives.

                    1. 7

                      I had a meaner way of saying this, which I deleted…

                      The popular misconception that free software is made by large companies and is free in the same sense as “free fries with a large Whopper” informs a lot of the attitude that often drives people away from making free software as their way of benefiting others.

                      I do feel as though changing the terminology would help that. Looking at the larger context of why “free” is even a word that connotes “good” in the first place, which is a lot of the motivation for using it… it’s because political rhetoric has used that word as an undefined but good thing for centuries. Let’s pick a word that has a meaning that can be pinned down.

                      Wow, I’m cynical in the morning.

                      1. 6

                        As long as it’s not the truly awful initialism “FLOSS”, I can get behind this.

                      2. 8

                        “open source” was coined as a marketing synonym for “free software”.

                        I disagree. Open Source was created to promote toothless alternatives to licenses like those in the GPL family, and to ignore ethical questions about software distribution and control over computation in general. If the purpose of the Open Source labeling was just to dissociate themselves from Stallman or the FSF, then the community wouldn’t also be recommending weak/lax/permissive, non-copyleft software licenses –as opposed to the {A,L,}GPL– that fail to guarantee the very freedoms that make the work Free Software in the first place.

                        Copyleft is not required for free software

                        But it is required for Free Software to remain Free, and the de facto effect of this is that copyleft is the proper, logical way to promote and license Free Software specifically. If Free Software and Open Source really are the same, with a mere relabeling, then why bother with different licenses that leave the software and its users vulnerable to proprietary middlemen that turn once-Free Software into proprietary black boxes? That’s bad, right? Why sink millions of man-hours into permissively licensed projects, with the explicit goal of getting away from copyleft projects and licenses, even going so far as to rebuild entire toolchains from scratch to get away from the GPL? I mean, they’re the same thing right? Hell, why not just throw the source under the public domain? That’s Free Software too. And this whole Open Source schism was just a relabeling to sell Free Software, right?

                        The reason is simple. The Open Source community are proponents of a development methodology –as opposed to an ethical software distribution framework which respects the freedoms of the user– that is preferential to the interests of business, typically to the detriment of the users' freedoms. The developers enjoy the four freedoms that Free Software provide, but often refuse to provide those freedoms to their users in turn, instead chaining them. The software isn’t Free/Open Source Software for me if the end result, as a user, is a binary blob that I must rely upon to do my computing and that strips me of my freedoms. It’s disingenuous to suggest that the Open Source movement is just a relabeling or marketing synonym, given its refusal to recognize the importance of copyleft in protecting the very Free Software tenants it claims to be identical to.

                        This, to me, is the real “substantive difference.” It’s only obscure because of continued refusal to address the ethical components of software freedom. And it’s certainly not a minor difference. Inconvenient perhaps, but not minor. The linked essay goes into these issues at length and makes clear that the differences are not obscure or minor. They are fundamental.

                        1. 3

                          We already had the BSD license before GNU reimplemented [some of] Unix. You could ask why GNU reimplemented everything under a different license too, except now we have an answer to that: to pull a bait and switch by releasing the GPLv3. If a new toolchain prevents a GPLv4 it will be a small price for the effort.

                          1. 5

                            Well, there was the AT&T BSD lawsuit at the time which made it unclear if BSD really was free or not. I think the GPL was in part also a response to that sort of thing, so that there could be no doubt as to the freedom of the code.

                            Also GPLv3 is not the bugbear people think it is. It is not some insidious plot of the FSF to trick people into using GPLv3. Can you articulate what your problem with GPLv3 is? I find GPLv3 to be widely misunderstood and thus feared.

                            1. 0

                              My own problem is much more basic than that. Back when I was younger and knew more, I studied the GPLv2 and used it to develop a working understanding of Title 17. That work was rewarding, but too far afield of my day job to give GNU a second study. By the time GPLv3 was published I was well enmeshed in MIT/X code and I’ve had no reason to wade through FSF license churn when those works have such an apparently short shelf life and attendant uncertainty. Linus' defection was a big help in letting me focus elsewhere.

                              1. 3

                                Do you mean Title 17 of GPLv3? GPLv2 only has 12 sections.

                                If you are basing your understanding of GPLv3 on Linus not liking it, well… Linus himself doesn’t seem to understand GPLv3. I wanted to clear up confusion of what people think they dislike about GPLv3, but you seem to prefer to not want to attempt understanding.

                                1. 1

                                  No I mean Title 17 of the United States code. I realize I sound like I prefer ignorance to understanding. What I dislike about the GPLv3 is the “I have altered the deal, pray I don’t alter it further” property. I was happy with the first deal and do not have any new licensing problems. I have been blessed to spend my time working on other things. If you think I have a problem the GPLv3 solves, I’m happy for you to tell me what it is.

                          2. 1

                            It’s only obscure because of continued refusal to address the ethical components of software freedom.

                            I find all forms of intellectual property to be unethical (copyright + patents + trademarks + …) and therefore find copyleft itself to be unethical. The FSF doesn’t have a monopoly on the ethics of software freedom.

                            1. 1

                              What’s your problem with trademarks? I think they’re overall a pretty good thing. It’s important for consumers to be informed about what they are buying. I don’t want people who are not GNU to start using the GNU trademark and thus deceive the public.

                              1. 2

                                It’s important for consumers to be informed about what they are buying.

                                I agree!

                                I don’t want people who are not GNU to start using the GNU trademark and thus deceive the public.

                                I agree!

                                What’s your problem with trademarks?

                                Because they are a form of intellectual property. There are lots of critiques of IP that resonate with me. I’m partial to “Information Feudalism.” I also disagree with IP philosophically. I don’t think creations of the intellect can be meaningfully owned, and therefore, I think laws granting monopolies on such things is unethical.

                                1. 1

                                  I think the problem here is that you are thinking that trademarks are the same as software patents because people call them both “intellectual property”. The problem is that “intellectual property” has such vague and broad meaning that it makes people think that different things are similar. Trademarks are very different from patents and very different from copyright. So, without making reference to this nebulous “intellectual property”, what is the problem with trademarks?

                                  I actually think some patents are really awesome. For example, Michael Jackson’s patent on the Smooth Criminal leaning trick. That’s how the patent system is supposed to work, a magician revealing his tricks! Without patent law, MJ may have taken the secret to his grave.

                                  1. 2

                                    I can assure you that I’m not confused. I am intentionally using the term intellectual property because my criticism is fundamental to it. I fundamentally disagree with the notion that ideas ought to be the foundation of legal monopolies. A direct consequence of this is that I find trademarks unethical (and anything else that is propped up by IP laws).

                                    I don’t just dislike “software” patents. I dislike all patents. Especially the type of medical patents that IP rich countries use to strong arm developing nations. (cf. “Information Feudalism.”)

                                    1. 2

                                      But trademarks are not ideas. There is no originality or creativity required in trademarks. You can trademark a square if you want, but you can’t copyright or patent squares.

                                      1. 2

                                        Trademarks are creations of the intellect and depend on a legal monopoly given to them by the State. I don’t know what originality has to do with this.

                                        1. 2

                                          That’s the thing, trademarks are not creations of the intellect. They do not require any intellect at all. I can trademark “JordiGH’s thing” and it required absolutely no thinking to come up with this trademarkable name. Regional designations are similar, in that “made in Canada” is also not a creation of the intellect, yet is covered by laws that people call “intellectual property”.

                                          1. 1

                                            You are misunderstanding “creation of the intellect.” It is not meant to designate effort or ability, it is merely to designate it as something that only exists in the abstract. A trademark is itself some design or expression, it is not a tangible thing. A trademark has no scarcity. It has no physical presence. And by consequence, it has no inherent exclusionary properties; two or more people can use the same trademark simultaneously. (This is not to say anything about any potential confusion that may cause, which is itself dependent on a number of factors.)

                                            It is these properties that cause trademarks to be classified under the umbrella term “intellectual property.” These properties are shared among copyright and patents, and they are specifically the things that I have a problem with being the basis of legal monopolies.

                                            trademarks are not creations of the intellect

                                            To be clear, you are implying something here that is at odds with the mainstream definition of intellectual property. The mainstream definition includes trademarks, among other things. The mainstream definition is also usually something like “legal monopoly granted to ideas” or “ownership of ideas” or “ownership over creations of intellect.” Trademark is included in all of these definitions.

                                            1. 1

                                              Last attempt, please read this.

                                              1. 2

                                                I have. You are not the first FSF advocate I’ve run across. Although, I will say that most FSF advocates acknowledge my stance against IP and tend to agree with it, but that we part ways simply disagreeing with the means at which we express it. The GPL is purportedly using the system against itself, while I would rather not use more IP at all.

                                                I’ve demonstrated why trademark is IP. It specifically depends on legal monopolies granted to ideas. Trademarks are very clearly unlike property and fit perfectly in the framework of intellectual property.

                                                1. 2

                                                  And for what it’s worth, that FAQ is a pretty bad response to the thoughts I’ve expressed here. It doesn’t actually address my specific criticism against IP. It seems to be addressing proponents of IP instead of detractors. It almost addresses it here:

                                                  It leads people to focus on the meager commonality in form that these disparate laws have—that they create artificial privileges for certain parties—and to disregard the details which form their substance: the specific restrictions each law places on the public, and the consequences that result. This simplistic focus on the form encourages an “economistic” approach to all these issues.

                                                  But this snippet is completely dismissive. The “meager commonality” is precisely the thing that I find unethical. So it would seem that your FAQ agrees that there does exist a commonality, but seemingly dismisses it as unimportant.

                          1. 5

                            It would be interesting to know what “format shifting” is as this could mean that I cannot even play the CD’s I own as the format of the disc is changed in order for me to hear the music on my computer…

                            1. 6

                              Streaming media involves dozens of transient copies being made between the origin server and whatever device is playing it.

                              In reality, I doubt this ruling will ever be used, and in particular an attempt to prosecute someone for streaming would be thrown out immediately, lawyers having little patience for technical technicalities. (The other kind, of course, being their bread and butter.) The big issue here is the potential for extremely dangerous interpretations using this as precedent, and the fact that people who make and interpret law blatantly have no understanding or experience whatsoever of what they’re ruling on or legislating about.

                              1. 4

                                All DACs are now contraband.

                                1. 4

                                  IANAL but this seems unenforceable to me.

                                1. 7

                                  It seems like if HEVC Advance gets what they want (not sure if RAND/FRAND requirement applies?), then this would likely either just drive people to vp9, or simply keep them using h.264.

                                  1. 4

                                    The thing about video patents is that it’s not even a matter of patents that cover particular formats. The MPEG.LA pool has patents that cover, so far, every clean-room codec anyone has tried to invent, including VP9, which was specifically an effort to avoid that.

                                    But it seems premature to worry about this HEVC group before they actually have any patents. :)

                                    1. 5

                                      These particular patents have always confused me. I thought that mathematics couldn’t be patented. How does image processing not fall under the “mathematics” veil? And even if image processing doesn’t constitute mathematics, how does patenting an image processing algorithm not constitute an instance of “patenting an idea rather than an implementation”? I could possibly understand patenting IC designs that efficiently implement encoding/decoding of codecs –though even in that case, it seems that often there is only one design that makes any sense. But the process itself? How does such a patent even get granted?

                                      1. 10

                                        Roughly, because patent officers don’t understand the patents they’re granting.

                                        True, mathematics and software cannot be patented. But “a method and a device” can! So, just rephrase your mathematics and software patent to indicate that it has to be running with a computer. And what software doesn’t! So now what’s patented is the combination of software and mathematics together with this other machine that executes them, so bam, now you have patents of things that were never originally meant to be patented.

                                        Look what I found this way! A software patent for refusing file transfers if they are too big.

                                        1. 2

                                          Yes, this. It’s a reasonable question, but there’s a lengthy case history (Wikipedia) drawing various lines for eligibility, none of which are that.

                                        2. 2

                                          I think “can’t patent math” is an oversimplification that misses the larger context and motivation. You don’t want people patenting “F = ma” or other underlying scientific principles.

                                          Looking at a video codec (or encryption cipher), it’s pretty obvious it’s not a natural property of the world around us.

                                          1. 4

                                            But any math is universally true. I don’t really see a difference between “F = ma” and an algorithm with a certain complexity or performance in some particular context. Both are just properties of our universe (or whatever, I’m not a physicist). The problem I see is that it is very hard to make a case like the one I’ve just made without ending up arguing against ALL patents. After all, even a bridge design, one of the classic examples of a “good” patent, can be reduced to a bunch of math that was just waiting to be discovered. Maybe this is why we struggle with this topic so much.

                                            1. 2

                                              Yeah. I mean, I tend to feel that very few patents are legitimate, and I don’t have an example to hand of one that I feel is. The whole theory is that they disclose how a thing is done for the betterment of humanity, and get the exclusivity in exchange… but the only ones I can think of that actually patent how they do something, instead of the goal it accomplishes, are the ones patenting something that people were already doing beforehand.

                                              That is: If it wouldn’t be obvious to a reader how a claim could be accomplished, patent authors leave the details out, and end up getting actually better protections than if they’d disclosed, since then it would have narrower coverage. A system that encourages that is deeply broken.

                                              Of course, I’m pretty sure there is no set of facts and qualifications that would get that position taken seriously, so it’s just a personal belief. :)

                                              1. 1

                                                I do not believe that IDEA is just a property of the universe, except to the extent that it is part of our universe.

                                                Or, in short. You can patent inventions. You can’t patent discoveries. Determining what’s an invention and what’s a discovery is the kind of problem that’s only difficult on Internet forums.

                                                (Not to say the patent office doesn’t fuck up, either, but this isn’t meaning of life hard.)

                                            2. 1

                                              What others have said, but in addition, it is easy for us to see that software patents and even many hardware patents should be illegitimate, but you have to remember that the general public, pointy haired bosses, judges and even most of the patent office apparently don’t know how computers, networks or software work.

                                              Hell, a manager I know (Who is very freaking high up) recently declared, “Don’t put any money into the website or [Windows/Mac] desktop builds. Apps are the future, everyone is using apps now”. Meaning he doesn’t know the difference between the desktop clients, mobile apps, the website and how they all interact. He is literally in charge of 10,000+ people, billions of dollars worth of profits/spending/infrastructure and he doesn’t even have a high school understanding of IT.

                                            3. 2

                                              Great point regarding video patents. It will certainly be interesting to see how this all “plays” out (pun!). Exciting times! :)

                                              1. 1

                                                Haha, yeah :)

                                          1. 10
                                            1. The logo looks ridiculous. The RGB IBM logo on the Thinkpads of yore had many fewer, smaller blocks of color.
                                            2. I don’t care even a little bit about the touchpad. Trackpoint is the only laptop mouse that’s not absolutely atrocious. The touchpad will be disabled in the BIOS before I even install a real OS over whatever you decide to prepopulate the drive with. Speaking of which…
                                            3. Let me buy it without Windows. (Or anything else, for that matter, because you’re never going to sell a laptop with a minimal Debian install on it, so I’ll be installing my own OS regardless. But it’s way more important to me to avoid paying the Windows tax than to avoid a single write cycle over the drive.)
                                            4. 4:3 is better than 3:2 which is better than 16:10. But 16:10 is better than 16:9. 1366x768 is an absolute dealbreaker, but failing to beat 1440x900 is a major black mark. Glossy screens are pants and I trust you have the sense to know better.
                                            5. Chiclet keyboard is a guaranteed dealbreaker. The keyboard on your renders is the right one, but I like the forward/back keys above the cursor keys.

                                            It would be amazing if they follow through with this and don’t cock it up. I’ve been jumping between older eBay Thinkpads for more than half a decade now; if I could get the same solid, usable design in something with modern hardware, I’d be on it in a moment.

                                            1. 6

                                              I would love them to throw the 3:2 Google Pixel screen (2560x1700) in there with a matte finish.

                                              1. 4

                                                1 The logo looks ridiculous. The RGB IBM logo on the Thinkpads of yore had many fewer, smaller blocks of color.

                                                Dear god, that is an atrocity.

                                                2 I don’t care even a little bit about the touchpad. Trackpoint is the only laptop mouse that’s not absolutely atrocious. The touchpad will be disabled in the BIOS before I even install a real OS over whatever you decide to prepopulate the drive with. Speaking of which…

                                                Most people will not buy a laptop without a trackpad. IBM realized this around the T30.

                                                3 Let me buy it without Windows. (Or anything else, for that matter, because you’re never going to sell a laptop with a minimal Debian install on it, so I’ll be installing my own OS regardless. But it’s way more important to me to avoid paying the Windows tax than to avoid a single write cycle over the drive.)

                                                Windows is nearly free for the OEM, and on some classes of machines, actually is.

                                                4 4:3 is better than 3:2 which is better than 16:10. But 16:10 is better than 16:9. 1366x768 is an absolute dealbreaker, but failing to beat 1440x900 is a major black mark. Glossy screens are pants and I trust you have the sense to know better.

                                                3:2 gives you the best of 16:10 and 4:3 - viewablility of widescreen content without excess letterboxing, but also a squarish screen for documents and images.

                                                5 Chiclet keyboard is a guaranteed dealbreaker. The keyboard on your renders is the right one, but I like the forward/back keys above the cursor keys.

                                                Are you sure on that? The layout can be considered naff, but from what I hear, it’s superior in feel to the older keyboards. There’s no flex and the keys are nicely molded and feel good.

                                                1. 3

                                                  I have a T60, T410, and X230 and I think I prefer the chicklet keys. They’re definitely close IMO, I don’t imagine they’d really be dealbreakingly bad to anyone who gave them a shot, they’re much better than the macbook pro and other chicklet keys I’ve used.

                                                  edit: The T410 would probably be more pleasant than the x230 just for the 16:10 screen if it wasn’t a god awful TN panel.

                                                  I agree with someone below who complained about them optimizing for thin and light. I do want light, but I don’t really care about thin, it’s not like my bag is stuffed to the brim already. Just give me room to work when messing with the internals.

                                                  1. 1

                                                    I like reasonably thin and light as possible, but for me, I’d like a cool running CPU that runs quiet as possible and squeezes as much battery as it can. Using the modern ULV processors gets you performance equivalent to the old full-voltage mobile CPUs.

                                                  2. 1

                                                    Windows is nearly free for the OEM, and on some classes of machines, actually is.

                                                    But each OEM just has to add in their little widgets and mess with the default home page and add 500MB of rubbish. They often use weird hardware which requires special drivers (And Windows doesn’t have as good default hardware support built in as Linux for example). If they didn’t bundle Windows then they could push their drivers to the Linux kernel say and instantly support 20 Linux distros (Or someone may already have created drivers for Linux for them). So in summary, it isn’t just the cost of the WIndows license, if that were the case they would just give you a blank computer and a Windows disc. You also need to pay for the development costs of drivers and rubbish software, tech support for their bundled OS, documentation, etc. With some sort of open source OS they could offload all of this.

                                                    1. 1

                                                      If you buy consumer laptops yes. Most business-grade stuff like ThinkPads and Latitudes have spartan installs, and even then, for corporate deployments, they will very likely be reimaged.

                                                  3. 3

                                                    Point one I completely agree with. Looks like a christmas tree.

                                                    Point two I am not sure about. I don’t like the trackpoint, but I also don’t like the T540p’s touchpad. I have found touchpads I do like though.

                                                    Point three: agreed.

                                                    Point four: I actually like my 1366x768, could you give me some reasons this would be an issue?

                                                    Point five: agreed.

                                                    1. 7

                                                      I actually like my 1366x768, could you give me some reasons this would be an issue?

                                                      It’s fewer vertical pixels than was considered substandard a decade ago, it’s not a standard aspect ratio (it’s actually about 16:8.9956), and it’s an indicator of other shoddy technical decisions. There’s nothing inherently wrong with it other than the extremely low vertical resolution, but it would be a cheap and underwhelming choice in what’s otherwise clearly meant to be an extremely high-standards laptop.

                                                      1. 1

                                                        Ah, I see. I kind of forgot that this laptop is supposed to be high-end, I usually am fine working with a mid-range one as long as it can run vim and fx at the same time. Being able to run flightgear is a plus, but not a necessity.

                                                      2. 5

                                                        I actually like my 1366x768, could you give me some reasons this would be an issue?

                                                        15 years ago I hated 1024x768. 1366x768 is almost the same resolution as a bad monitor from 2000.

                                                      3. 3

                                                        1.) I agree about the logo, but then again, my laptop typically gets covered in stickers.

                                                        2.) I’m not fond of the mouse at all, but when the keyboard doesn’t cut it, I’ve always preferred the touchpad. Using the trackpoint takes entirely too much effort compared to just sliding across the touchpad.

                                                        3.) Yes please.

                                                        4.) 1366x768 must die.

                                                        5.) This.

                                                        I’d also note that the form-factor –Bento box; “little black box” according to the article– is a dealbreaker too. The craze to make everything as light and thin as possible never appealed to me, as it means making repairs and upgrades much more difficult.

                                                        1. 2

                                                          With you on the TrackPoint and aspect ratio.

                                                          I still think the T60p was the best laptop I ever owned, at least at its time. Today’s laptops are all compromising in many, many ways.

                                                        1. 9

                                                          I don’t think “when” is as important as “why,” though this piece doesn’t actually answer either question. But hey, we use clickbait titles because they work :) My response: people are flocking to this field –development specifically, and technical vocations in general– because it’s the grim reaper that’s marking so many other fields and vocations for death, and they’re hoping to get in on the high salaries before labour supply saturates and salaries stagnate.

                                                          With regards to what the article actually talks about… the entire article is about the pitfalls that new learning developers face, and how they are different from the pitfalls faced in earlier decades. I don’t think most of these pitfalls are new. I suspect the author just has the benefit of past experience informing his view of the present, and hasn’t taken a (long, pensive) trip down memory lane yet. I’ll grant that complexity has increased across numerous technical fields, but then again, the field was more complex two generations ago than it was three or four. This ever-increasing complexity necessarily lengthens the gestation period between “noob” and “competent” with every generation, but it’s only ever “new” in the sense that “hey, it takes longer to learn now” will likely always be a valid statement to make in the present.

                                                          As an aside, I really think that a thorough understanding of your field’s history should be prerequisite before you start diving into the deep end, if only because there’s so much hard-earned wisdom to be gleaned from realizing that typically, what’s new is actually old.

                                                          1. 5


                                                            There were these kids see, making junk out of their parents garage doing this computer thing, and they became RICH! I mean richer than VEGAS rich. That’s why it’s so cool.

                                                            Now, some people always thought programming computers, and doing math, and peering through telescopes, and tinkering in the garage on their hot rod was cool. I don’t think their number has increased, though.

                                                          1. 8

                                                            The search engine: http://getstrike.net/torrents/

                                                            Well I’m certainly impressed. I’m doubtful for its long-term future if it’s hosted anywhere that the old-guard media moguls have influence, but it’s certainly a good look at the way things could be. I’m curious to know if there is any capacity for decentralization of the service.

                                                            1. 7

                                                              So all the code/core systems can easily be put on a flash drive and moved to any system so long as it has 512mb of ram, 1tb of storage (for expansion sake) and a dual core cpu. While this doesn’t necessarily decentralize the application, in the event the site has the shutdown the data can easily be released for anyone to rehost. This would include the core scrapers so content can continue to grow.

                                                              All that being said, if the MPAA comes after me, they’re going to have to justify why as this is simply one part of a larger application that aims to improve HTPCs

                                                              1. 4

                                                                All that being said, if the MPAA comes after me,

                                                                So, I take it from your username that you’re in the USA? I almost guarantee that if your search engine gets any popularity, the MPAA will definitely come after you, and your code, and the blood of your firstborn.

                                                                DMCA, Title IV, Section 408: Authorization of Deadly Force.

                                                                1. 2

                                                                  I gave it a try too, and am very impressed with the quality of results.

                                                                2. 2

                                                                  I’m doubtful for its long-term future […]

                                                                  Probably not what you meant, but right now it’s down with a bad case of DDOS attack:

                                                                  Back soon, under a DDOS attack!

                                                                  Check for updates on @andrewmd5 on twitter

                                                                  1. 2

                                                                    Its back, i can build to scale, but my data center obviously can’t handle a 500gb/s attack :p, they shut me off and refused to unnull route so i had to get a new ip

                                                                1. 4

                                                                  You’ll want to install this on your Android device at a bare minimum:


                                                                  That it’s only available on the Google Play store and not f-droid is irritating, but apparently there are some hurdles that haven’t been addressed:


                                                                  1. 2

                                                                    “Apps like TextSecure and Silent Text are secure alternatives to SMS messages, while Signal, RedPhone and Silent Phone encrypt voice communications.”

                                                                    I’d like to see these installed on Android by default. Cyanogenmod uses TextSecure. I assume all the phone versions use SSL instead of the phone network unfortunately?

                                                                    1. 1

                                                                      I don’t think there’s anything out there that encrypts regular voice calls, though I’m not sure how well that would work. Don’t regular calls rely pretty heavily on compression?

                                                                  1. 18

                                                                    I am fed up with systemd. I am not fed up with GNU/Linux. I’m disappointed that Debian has gone down the systemd path and hope that course reverts at some point (and I expect it will eventually). In the meantime, I’ve finally got enough motivation to fiddle with Gentoo and OpenRC.

                                                                    My main problem with systemd is that it breaks with a design philosophy that has been in place for decades and has far more benefits than drawbacks. I’m not a crotchety old unix admin. I’m a 25 year old kid that thinks “do one thing, do it well, and let APIs and protocols and standards be your common ground” is a superior solution when designing a system that needs to be extensible, customizable, and not beholden to the whims of a handful of large, entrenched players. Communities can coalesce around the best of many prolific standards as necessary and according to whatever parameters are appropriate for them; they can’t coalesce around multiple non-existent super-projects that want to be the kernel of userspace.

                                                                    These are the things that I believe systemd does well:

                                                                    • a parallelized, dependency-based, and event-driven init system (still not entirely convinced about the event-driven aspect)

                                                                    These are all things that an init system should not be, no matter how well or poorly they fulfill the function:

                                                                    • rsyslogd (Using binary logging is its own can of worms)
                                                                    • crond
                                                                    • hostname
                                                                    • pm-utils
                                                                    • iptables
                                                                    • udev
                                                                    • ConsoleKit
                                                                    • dbus
                                                                    • ntpd
                                                                    • httpd
                                                                    • date
                                                                    • mount
                                                                    • LUKS

                                                                    And before I get lynched by the systemd-is-modular-you-dumb-dumb-just-leave-those-modules-out mob and get linked to the systemd myths webpage: the Linux kernel is also modular. That doesn’t mean it isn’t a monolithic piece of software. Tight coupling –which the systemd project seems to regard as a feature rather than a bug– is almost always bad. It means all of those lovely modules can’t operate independently. It’s all systemd or nothing. And while you may be able to leave those modules out today… what about tomorrow? A year from now? Three? I seriously doubt that journald will forever remain the only hard dependency of systemd as time goes on. That list is going to continue to grow.

                                                                    My own personal opinion is that a number of important, but boring, Free Software projects had burnt out developers and maintainers who had no problem letting RedHat take the torch and run with it, even if that meant tossing the UNIX design philosophy and letting RedHat conveniently embrace, extend, and extinguish any remaining semblance of competition in the enterprise GNU/Linux sphere. There are some projects up there –the most glaring being ConsoleKit and of course sysvinit itself– that most people largely agreed just sucked and needed replacing. But in my view, the baby got thrown out with the bathwater. We just haven’t realized it yet.

                                                                    1. 6

                                                                      One thing I’d like point out is that while systemd is coupling many of those sort of things together into one cohesive package (but not one program, natch), it’s not trying to be the primary thing for all of those. So you can rule out hostname, httpd, dbus, LUKS, date, and iptables from that list. (It won’t be the primary webserver, it just has one. It isn’t hosting the DBus daemon as part of it, it just uses it extensively, etc.)

                                                                      The other aspect of some of the extraneous projects that systemd is introducing (datetimed, hostnamed, etc) are just APIs and an implementation for something that has badly needed one but nothing had arisen yet. Convention over configuration is a powerful default, one that Linux has sorely lacked.

                                                                      And there is a lot of configuration the system needs to do during boot-up to get a basic functioning system, regardless of purpose. You want your hard drives mounted, in the correct locations. You want your network stack initialized, at least basically. You want your firewall rules applied. You want all of this done in the correct order, but parallelized when possible. Which means you’d need a defined interface to interrogate the state of each of those. And perhaps a defined interface for each of those to notify the init process. (An alternative architecture can be developed, I’m sure.)

                                                                      All that being said, I think systemd would’ve been easier to swallow if hostnamed, datetimed, etc were introduced earlier and used before pushing systemd itself. However, I don’t think a lot of people would have used them individually if they were. It’d be like looking at trying to replace a cron implementation. A dedicated camp or two would use it, but the rest of the community would ignore it. (Pick any example, I’m certain I could find examples of alternatives coming but never reaching critical mind share. Even if they would’ve improved the status quo in some way.)

                                                                      I see systemd as pushing many different changes that needed to happen at some point all at once. Risky, noisy, and quite painful. Ripping the bandages off all the hacks from the 80’s & 90’s at once.

                                                                      It could’ve been done better.

                                                                    1. 5

                                                                      Does anybody have any advice on how to become a effectively become a better writer? Yes, you want to write as much as possible, that’s a given, but can you get meaningful feedback from someone who’s much better than you at it? Is there quality coaching of any sort that you can get?

                                                                      1. 3

                                                                        My advice here is pretty standard, not just for writing, but for any field, but I think it’s standard because it works. Get good feedback and practice incorporating it. Don’t try to fix everything at once; add skills one at a time.

                                                                        In my experience, it takes a while to find people who will give you good feedback for free. Most people don’t come up with substantive writing critiques, but if you ask for advice on a lot of drafts, you’ll eventually find a few people who come up with meaningful critiques and not just spelling and grammar corrections.

                                                                        And of course you don’t have to only get free advice. If you’re a programmer, you can certainly afford to hire a professional editor to help you. I don’t want to post what’s basically an advertisement for an editor on lobsters, but if you’re interested in this, contact me privately (see my profile) and I can recommend a good editor.

                                                                        My process is to get good feedback about something (often a blog post), incorporate the feedback in the current thing, and then try to write something from scratch that incorporates one specific thing from that feedback. I then get feedback on that second thing to see if I was able to improve that one thing. When I’m able to consistently write something that doesn’t get the same critical feedback, I move on to another problem in my writing and try to eliminate it.

                                                                        I don’t claim that my writing is good, but when I look at how my writing has changed over the past year and a half, it’s certainly improved a lot. For a given level of effort (30 second email, 15 minute blog post, 3 hour blog post done in 3 sittings, etc.), my writing is a lot better. I’d say that my dashed off 15 minute blog posts are as “good” as my serious 2-4 revision blog posts were a year and a half ago, when I started this blogging/writing improvement experiment. Considering the time investment (a few hours a month), I’d say that improving my writing using this method is one of the highest ROI things I’ve done lately.

                                                                        1. 1

                                                                          Does anybody have any advice on how to become a effectively become a better writer?


                                                                          Yes, you want to write as much as possible, that’s a given,

                                                                          That is a given of course. Read too. Read as much as you can on as much as you can. It really is a shame that our modern lives are so strongly aligned towards any other form of recreation than reading, given reading’s relatively lengthy time requirements to get much out of it. Beware the shysters who claim they can “speed read” at some exorbitant number of words per minute. The act of reading requires more than merely pushing and popping groupings of words into and out of your brain’s mental queue as fast as possible.

                                                                          but can you get meaningful feedback from someone who’s much better than you at it?

                                                                          Absolutely. Editors exists for more reasons than merely finding typos and other grammatical errors.

                                                                          Is there quality coaching of any sort that you can get?

                                                                          There are several communities of critiques, readers/writers, reviewers, editors, teachers and so on. In my experience, their eagerness to help is typically proportional to your own reciprocity in helping them in turn. That being said, finding an audience can still be difficult given our desire to become ever more efficient schedulers of our limited (and in some cases decreasing) free time.

                                                                          1. 1

                                                                            I agree with the posted essay. Writing can bring great clarity and you can grep it.

                                                                            A few observations from good essays / blogs

                                                                            1. Put your personality into it.
                                                                            2. Give a strong purpose to each essay / blog.

                                                                            I consider zenhabbits.net to be a good representative of the above said points.
                                                                            Words like good and better are however, subjective.

                                                                            Hope that helps :)

                                                                            1. 1

                                                                              (link with typo correction: http://zenhabits.net)

                                                                          1. 14

                                                                            User diafygi from HN also provides these useful links:

                                                                            The full list of documents: http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html

                                                                            The CCC stream of the lecture by Poitras and Appelbaum: http://streaming.media.ccc.de/relive/6258/

                                                                            The actual lecture starts 15 minutes into the stream, and its introduction juxtaposes General Alexander’s 2012 DEFCON talk with what we know now. The intro alone is powerful and I’m currently watching through the rest of the lecture.

                                                                            Some notes from the lecture:

                                                                            • At 34:30 or so, Appelbaum states that in approximately three weeks additional stories will be released documenting specific forms of malware and how the information gathered with that malware is shared (presumably amongst Five Eyes)
                                                                            • At 40:00, Appelbaum begins discussing SSH and SSL/TLS. It is implied that SSH isn’t owned, but that the Five Eyes go to great lengths to attack the implementations and to store the ciphertext. They then either bruteforce it or else attempt to obtain key material later.
                                                                            • At 46:00, Appelbaum reveals that they have released the first FISA intercepts that are utilized by other executive bodies via parallel reconstruction (this appears to be one such document, along with a comforting message: “No decrypt available for this PGP encrypted message.”).
                                                                            • At 49:00, Appelbaum shows one such FISA intercept, with the comforting message “No decrypt available for this OTR encrypted message” found in the chatlogs collected via PRISM.
                                                                            • At 49:40 or so, Appelbaum indicates that OTR works, and that the NSA et. al. are unable to break the encryption itself.
                                                                            • At 51:25 or so, Appelbaum indicates the same thing with PGP.
                                                                            • At 54:00, Appelbaum starts detailing that the NSA et.al. view the following as “catastrophic” to their mission:
                                                                              • Redphone and Signal
                                                                              • Tails and tor
                                                                              • OTR
                                                                              • PGP
                                                                            • At 56:00, Appelbaum mentions a program called TUNDRA, which appears to have “a handful of cryptanalytic attacks on AES”. No further indication on what these are, save that they can’t straight-up break it. Presumably, some of the recent cache poisoning attacks might come to mind.
                                                                            • At 1:03:00, questions begin.
                                                                            • At 1:04:35, question from the internet: “What should we do about SSH?” Appelbaum essentially reiterates that he doesn’t have direct evidence of attacks on the protocol itself, but that there is evidence that the NSA claims it has several attacks on SSH (presumably, on implementations). Appelbaum mentions the NIST curves, and really anything coming from a governmental standards body. He states that the NSA regards their involvement in undermining these standards as “top secret”, implying that such undermining is likely a large part of their work in attacking SSH.
                                                                            • At 1:15:10, audience question: “Is there a minimum keylength that you [Appelbaum] would consider unsafe?” Appelbaum mentions the GCHQ’s supercomputing resources, and how they could handle 640 bit keys with ease in 2011-2012. Anything less than 1024 bit is definitely a problem, but Appelbaum also indicates that you are not just encrypting for “today” but also for “50 years from today.” Appelbaum uses 4096-bit RSA keys kept on a hardware token.
                                                                            • At 1:16:45, Appelbaum continues: “make it harder for them to target you for surveillance in the first place.” When you can:
                                                                              • Utilize tor.
                                                                              • Utilize ephemeral keys whenever you can so they can’t steal the key material and decrypt later.
                                                                              • Take a look at elliptic curves.
                                                                              • Utilize only free-as-in-freedom software.
                                                                            • At 1:17:40, Appelbaum summarizes: “Free software with software implementations with large keys. When you can, protocols that allow for ephemeral keying and/or PFS. Things like Pond, OTR, Redphone, GPG is also powerful even with the caveat of not having ephemeral keying.”
                                                                            • At 1:19:00, the talk ends.
                                                                            1. 8

                                                                              The response from FTDI seems to indicate that they’re aware of what’s going on and this isn’t some accident.

                                                                              1. 6

                                                                                Wow. Talk about a big, fat FUCK YOU to everyone bit by this. I think twitter user @macegr sums it up nicely:

                                                                                .@FTDIChip @davbbley @mikelectricstuf Your [FTDI’s] response to a supply chain issue is the digital equivalent of sugaring end users' gas tanks?

                                                                                1. 2

                                                                                  …and a day later, that link is now dead and Mr. CEO is in full damage-control mode: http://www.ftdichipblog.com/?p=1053

                                                                                  “Though our intentions were honorable…”


                                                                                1. 3

                                                                                  The Las Vegas prosecutors charged Nestor and Kane with conspiracy and violations of the Computer Fraud and Abuse Act.

                                                                                  The CFAA is the gift that just keeps on giving, isn’t it?

                                                                                  The media portrayed Nestor as a real-life Danny Ocean, and prosecutors hit him with 698 felony counts, ranging from theft to criminal conspiracy.

                                                                                  Seeing parallels to the Game King prosecution, the judge overseeing Kane and Nestor’s case ordered the government to justify the hacking charge. The prosecutors didn’t even try, opting instead to drop the charge—leaving only an ill-fitting “conspiracy to commit wire fraud” count remaining.

                                                                                  Piling on charges in hopes of coercing a plea bargain…

                                                                                  Prosecutors had a weak hand, and they knew it. As a December 3, 2013, trial date approached, the Feds made Kane and Nestor separate but identical offers: The first one to agree to testify against the other would walk away with five years of probation and no jail time.

                                                                                  Getting co-defendants to testify against each other in exchange for their own freedom…

                                                                                  The old gambling buddies had one more game to play together. It was the Prisoner’s Dilemma. Without speaking, they both arrived at the optimal strategy: They refused the offer. A few months later, the Justice Department dropped the last of the charges, and they were free.

                                                                                  It’s a small comfort to see a judge actually press the prosecution rather than defer to their “expertise.” I suppose this entire situation could have ended much more badly. In this case, they both walked free at least.

                                                                                  Well… not entirely free. Apparently, Nestor didn’t get to keep his more recent winnings. And there’s some indication that his old winnings were in the possession of his roommate? I didn’t fully understand how that particular aspect played out. In any case, having his recent winnings seized didn’t stop the IRS from hounding him:

                                                                                  Nestor says the Meadows still has his winnings, and the IRS is chasing him for $239,861.04 in back taxes, interest, and penalties—money he doesn’t have.

                                                                                  Perhaps Nestor had simply been neglecting his taxes long before this whole situation blew up in his face. Or not. Finally, there’s this gem:

                                                                                  If there’s one silver lining, it’s that Nestor has been banned from Pennsylvania casinos. He still gambles occasionally in neighboring states, but his more pressing addiction right now is Candy Crush, which he plays on a cheap Android tablet. He cleared 515 levels in two months, using a trick he found on the Internet to get extra lives without paying.

                                                                                  I smell another CFAA case in the making.

                                                                                  1. 2

                                                                                    Hehe. For the uninitiated, I suppose (which included me until about 20 minutes ago):


                                                                                    There are three types of entries. This one is of the “HARD” (Honest And Reliable Data) variety. Yeah. Hard. Long and hard. Anyway…

                                                                                    The data provided in the annex of the PDF has a link to each photo used to establish Obama’s MFH (Morgan Freeman Hair) percentage for that year/month. And at first glance each year/month hair sample does appear to be sourced from the mentioned link in the annex. That is to say, when I picked a few of the samples from Figure 1 at random and checked the supposed source image from the annex, the source image did in fact contain the sample. So perhaps the data really is honest and reliable…

                                                                                    The methodology, however, leaves something to be desired.

                                                                                    For each photo, we used the magnetic lasso tool in Adobe Photoshop to select Obama’s hair. We then obtained the Median Gray Value of the selection, using the Record Measurements tool. This Gray Value is a measure of brightness, and ranges from 0 (dark, or ‘black hair’) to 255 (bright, or ‘white hair’).

                                                                                    Utilizing the lasso tool in Photoshop has left a significant amount of non-hair pixels in each of the samples taken. Consequently, utilizing Photoshop’s Record Measurements tool to establish a Gray Value will be significantly skewed from sample to sample, as apparent from Figure 2. The paper does indeed mention this in its results:

                                                                                    The source of these fluctuations comes from some combination of: the differential lighting in the photos, error associated from measuring Gray Values in Photoshop, and whether or not Obama recently had a haircut.

                                                                                    I suggest that the authors obtain a DeLorean DMC-12, travel backwards in time to collect physical samples from Mr. Obama for each year/month, and reconvene in the present day with their updated findings. Obtaining access to Mr. Obama’s person may prove difficult. But I am prepared to present the team with a delicious and moist cake upon obtaining the samples and updating their paper to reflect the results of the more accurate data.

                                                                                    It’s always amusing to see how much passing legitimacy a properly typeset document and plausibly utilized technical jargon and techniques can give an otherwise satirical endeavor. And, really, this particular entry isn’t entirely facetious. We now have a semi-sorta-kinda-scientific baseline for the notion that a president’s hair tends to gray over time!

                                                                                    But really, how High Brow can you be when your acronym is a penis joke?

                                                                                    1. 5

                                                                                      I haven’t seen any “hating on Stallman” regarding shellshocked. Is that really taking place, or is it just happening in the author’s bubble?

                                                                                      1. 5

                                                                                        Outside of /g/? Not really. But there is a definite difference in tone between reactions to similar bugs in other Open Source software (e.g. OpenSSL) and bugs in bash, licensed under the GPLv3. People were falling over themselves to send money to the OpenBSD foundation in support of libressl and further development+maintenance of other security projects like OpenSSH. I’ve yet to see a major wave of enthusiasm for supporting the FSF and the numerous GNU projects it supports, however. Functionally, the situations are very similar. But politically? Well… “Free” (as in Fredom) is almost a four letter word in many tech circles that otherwise laud the “Open Source” movement.