1. -1

    An uninteresting foray into PLT by a rich guy. As far as I can tell, there’s not really anything novel or interesting here, but I’m not well-versed in the Lisp tradition. Is there anything good here worth sharing, or is it a vanity project?

    1. 16

      He was the author of two fairly popular books on Common Lisp years before becoming rich. In the industry where a good deal of renowned practitioners and researchers are also multi-millionaires it’s a ridiculous dismissal.

      1. 5

        Now, regarding Bel proper. As I finally found time to read through his text, my opinion is it’s stillborn. The perspective of taking ‘theoretical’ Lisp as formalism to its extreme is an interesting one. However the language does not seem particularly axiomatic. It is also too full of hacks which seem to reflect Graham’s particular preferences.

      2. 15

        I think it’d be unwise to discount the intelligence of Paul Graham in his chosen field, whether or not you like him. He’s a lot more than just “a rich guy”, though he is that too. Like Rob Pike, even if he’s wrong, I’d expect it’s probably for a good reason.

        Either way, the guide makes it pretty clear Bel is an experiment in thinking about the math anf engineering behind Lisp. If the result isn’t anything interesting… then that’s a pretty interesting result, actually.

        1. 5

          “ think it’d be unwise to discount the intelligence of Paul Graham in his chosen field”

          This post supports your point with much, much detail. Very interesting, too, for the cultural and historical aspects that he presents along with the technical details.

          1.  

            For what it’s worth, PG didn’t write that one. Olin Shivers is the author.

            1.  

              That’s worth a lot. I don’t like misattributing such detailed write-ups. Thanks a lot for the correction.

              Edit: Oh Ok. There’s images on top that didn’t render. One says just the top pieces of his name. I see it now.

              Edit 2: He’s currently at Northeastern. There’s a lot of good work that comes out of there. Turns out he was part of team that did Preliminary Proposal for SAFE, too. Heck yeah!

        2. 10

          I mean, Lisp is one of the fields where Graham isn’t out of his depth

          1. 8

            He’s also a Harvard PhD in comp sci, has patents related to software granted, and was a founder / programmer of one of the first SaaS applications. He’s hardly someone to ignore from a technical perspective, industry or academically.

            1. 5

              I don’t know if it’s uninteresting, but I didn’t find anything about Bel exciting. Although I don’t mind seeing what PG is up to, I’m not sure whether there’s even an unusual evaluation model present here. It’s just call/apply with eval-by-request as usual right? Maybe there’s some convention to handling things in a bit cleaner way but meh. If I want this style of programming I have javascript there waiting for me.

            1. 1
              1. 3

                I suggested the IMO more important update - changing the title to clarify what the author thinks is broken.

                1. 7

                  Thank you for suggesting a story title that adds necessary context. Someone else did as well, and I synthesized both suggestions in to a story title that describes the subject of the article.

                2. 1

                  Makes sense. I can’t edit the post anymore, so maybe one of the mods could do it if they see this.

                  1. 1

                    It’s already been suggested by users.

                1. 5

                  Beautiful work. This kind of hobby project is so pure. I wonder if the dev is going for full POSIX compliance.

                  Semi-related quote:

                  Computer science would have progressed much further and faster if all of the time and effort that has been spent maintaining and nurturing Unix had been spent on a sounder operating system. We hope that one day Unix will be relinquished to the history books and museums of computer science as an interesting, albeit costly, footnote.

                  I love UNIX, maybe because I’m used to it, but I keep wondering what an OS building on what made *nix great without *nix grievances would be.

                  1. 7

                    I love UNIX, maybe because I’m used to it, but I keep wondering what an OS building on what made *nix great without *nix grievances would be.

                    This is exactly the intent of Plan 9; your mileage may vary on if it succeeds at its goals.

                    There are also non-Unix ways of thinking, but these were (IMHO, falsely) discredited by the sheer market and cultural powers of Unix.

                    1. 4

                      This is exactly the intent of Plan 9; your mileage may vary on if it succeeds at its goals.

                      I’ve tried it and it’s not for me. Plus the community is weird and unwelcoming.

                      There are also non-Unix ways of thinking, but these were (IMHO, falsely) discredited by the sheer market and cultural powers of Unix.

                      What are you referring to exactly? I’m interested in your thoughts about this.

                      1. 6

                        I have a few non-UNIX ways of thinking in this list that you might find interesting.

                        1. 3

                          There is Jehanne, which started as a Plan 9 fork — you might find it interesting. The website for the project has some good write-ups as well.

                          1. 3

                            What a sad state of affairs. I read the pieces on the Harvey OS side of the story, that’s enough to demotivate you completely.

                            1. 2

                              This is an interesting read too and hopefully I’m not breaking any rules by linking it.

                          2. 3

                            This may give you some idea.

                            https://web.mit.edu/~simsong/www/ugh.pdf

                            1. 2

                              I’ve read it :) the quote above is from this book.

                          3. 4

                            In my preferred alternate reality, VMS discredited UNIX.

                            I’d still rather use VMS than UNIX today for almost any non-trivial production task.

                            “One of the questions that comes up all the time is: How enthusiastic is our support for UNIX?

                            “Unix was written on our machines and for our machines many years ago. Today, much of UNIX being done is done on our machines. Ten percent of our VAXs are going for UNIX use. UNIX is a simple language, easy to understand, easy to get started with. It’s great for students, great for somewhat casual users, and it’s great for interchanging programs between different machines. And so, because of its popularity in these markets, we support it. We have good UNIX on VAX and good UNIX on PDP-11s.

                            “It is our belief, however, that serious professional users will run out of things they can do with UNIX. They’ll want a real system and will end up doing VMS when they get to be serious about programming.

                            “With UNIX, if you’re looking for something, you can easily and quickly check that small manual and find out that it’s not there.

                            With VMS, no matter what you look for – it’s literally a five-foot shelf of documentation – if you look long enough it’s there. That’s the difference – the beauty of UNIX is it’s simple; and the beauty of VMS is that it’s all there.”

                            • Ken Olsen
                            1. 1

                              Unix was free/cheap, VMS was expensive.

                              Also, what’s wrong with Windows (NT)? ;)

                              1. 2

                                Worse really is better, when it’s free.

                                1. 1

                                  “Also, what’s wrong with Windows (NT)? ;)”

                                  It was the successor to VMS designed by the same people tweaking and improving on the same internals. So, Ken Olsen’s arguments naturally apply to it, too. ;)

                              2. 2

                                O3ONE was one attempt by one amateur enthusiast to build a hobbyist VMS-like rather than UNIX-like system.

                                The project pages are up but it hasn’t been updated since 2004.

                                It might be a fun thing to fork and work on.

                                Edit: VMS became OpenVMS when they added support for POSIX system calls to their kernel and enhanced portability with “open systems”. There was the FreeVMS project, now defunct, which was working on a clone the opposite way, by adding VMS system calls and features to a POSIX/UNIX-like (Linux) kernel, and building on those to clone the standard VMS libraries and system services.

                                They did have a decent DCL and SMG$ and, if I recall correctly, a working BLISS compiler.

                              3. 4

                                HelenOS is a very interesting portable multicore multiserver microkernel research operating system that isn’t a UNIX clone and is not built to be compatible with existing systems, though they do provide enough compatibility to support porting most C11/C++14 applications and libraries, but it’s certainly not UNIX-like.

                                It’s development is driven by various academic research projects rather than a vision or roadmap, so it will likely never be a production system, but it’s interesting nonetheless to look at a modern non-UNIX design.

                              1. 9

                                One thing this announcement makes obvious is that Apple marketers see macOS primarily as an application suite. They don’t mention system-wide changes like security improvements until the last quarter of the page — it’s all about the apps.

                                1. 9

                                  Or most users/most of the target audience does not care about OS changes. E.g. my dad is also a macOS user – he probably cares more about that iTunes is now split in several apps, or what changes there are in Photos, than that developers have to do notarization or that macOS supports and will migrate to user-mode drivers.

                                  Of course, the OS changes will benefit users, but they are harder to explain.

                                  1. 1

                                    iTunes is now split in several apps

                                    LOL what? How can a music player be this complicated?

                                    1. 4

                                      iTunes was where Apple used to dump anything iPod related, and it was a bit hairy as a result. Now each function is broken into its own application or folded into Finder.

                                      1. 2

                                        There was a point (it may still be true; I don’t use XCode anymore) where updating XCode required quitting iTunes because… iTunes had a dependency on XCode?

                                        The mind reels.

                                        1. 1

                                          Round and round we go.

                                        2. 0

                                          You have no idea.

                                          1. 1

                                            I don’t. That’s why I use Linux.

                                      2. 2

                                        Users shouldn’t have to think about technical things like security improvements

                                        1. 4

                                          They really should, though.

                                          1. 2

                                            They should publish it somewhere, but not here. This is not a technical document. This is a marketing piece aimed at non-technical consumers.

                                            1. 1

                                              Stop dividing users by “technical” and “non-technical”. Also, he’s right - rising security awareness in a gentle yet sill informative way should be a top priority for company which people rely on so hard.

                                      1. 13

                                        It’s cute and I have to respect the effort put into it, but be honest - I doubt this will be useful in a post-collapse scenario.

                                        The kind of people who have Z80s and know how to work with them are likely the first ones gone in such a (morbid) scenario, and their usefulness is limited. I don’t think getting semiconductor fabrication would be a high priority in such a scenario.

                                        If computers are useful post-collapse (big if), people will scavenge x86 boxes because they’re everywhere, people are far likelier to know how to use it, and they already run most everything. There’s enough around that scavenging is easier than using 1970s tech, and the older examples are quite workable with a soldering iron anyway.

                                        1. 8

                                          Maybe the author is completely earnest, but I prefer to think this is a sort of RPG, broadly in the “zachlike” genre.

                                          1. 6

                                            The assumption that all computers will break down in two decades is also quite wrong. There are still plenty of x86 boxes built two decades ago that are still working fine, or suffer from trivially repairable problems (like cap plague). Lots of boxes from three decades ago are still working as well.

                                            That’s not mentioning 90’s workstations that were absurdly expensive at the time, but were really built to last. Lots of Sun/SGI/HP/DEC boxes are still lurking in labs, manufacturing facilities, and other places.

                                            I suppose a more relevant post-collapse project would be an easy to make dumb terminal system to enable sharing the remaining machines.

                                            1. 3

                                              I suppose a more relevant post-collapse project would be an easy to make dumb terminal system to enable sharing the remaining machines.

                                              Probably more radios (tube, not transistor).

                                              1. 1

                                                The process nodes of the old stuff last longer. The newest stuff breaks really fast. So, it’s also possible we run out of new stuff before the old stuff. Optimizing for the old stuff then makes even more sense.

                                                And making backup stuff on old nodes, too.

                                                1. 2

                                                  I don’t think this assumption is universally applicable. There are more cheaply made devices now because it’s finally cheap to produce them. Whether the good ones made today are going to last, time will tell.

                                                  There are reliability bitter spots, like the late 90’s generation of chips suspectible to electromigration, before anyone figured how to deal with that issue. Early to mid 00’s boards before solid-state caps were especially suspectible to cap plague, from my “anecdata”. In a hypothetical societal collapse scenario, we’ll probably end up with a few narrow bands of device generations rather than a contiguous spectrum, but then, if you account for legacy hardware outside of the IT industry, it’s probably already like that.

                                              2. 1

                                                Known to run on:

                                                • A RC2014 through a serial link. It can also have a PS/2 keyboard directly plugged in.

                                                • A Sega Master System or a MegaDrive (Genesis) with video output and D-Pad input and/or a PS/2 keyboard adapter.

                                                I have absolutely no way to run this now, as I sit here in a room full of capable computers and there being no immediate (obvious, as there would be in a ‘collapse’) threat to my ability to live. I think your assertion that x86 is that way to go, is the way to go. ARM is probably more common at this point, but the architecture is a mess in terms of backward compatibility.

                                                1. 1

                                                  ARM is probably more common at this point, but the architecture is a mess in terms of backward compatibility.

                                                  Yeah; most ARM chips are in embedded or otherwise very locked-down systems. If you can find a hard drive with your (if you can find it) working example of a system, you’re good to go and can reconfigure it as needed.

                                              1. 8

                                                The MacStories review is up - that’s the closest to the old Siracusa ones I’ve seen, FWIW.

                                                1. 3

                                                  Years ago I was living overseas and my bank had what they called “online banking”. You’d fill out a web form in prose: “please transfer 28484 francs from acct 48233 to acct 383383, thank you” and then hours/days later it would go through. I’m pretty sure that web form just printed out a transfer form like you’d manually fill out at the bank and then a teller just did it however they normally did.

                                                  They also had a card reader that you had to hook up via a serial port and you had to swipe your bank card through that for some transactions. It only supported Windows. It was weird.

                                                  1. 6

                                                    I suspect that card reader might have worked like this.

                                                    1. 2

                                                      I’ve tried multiple banks and been through probably a dozen versions of online banking software. The online banking experience you described would likely make my top three.

                                                      Honestly it might be my platonic ideal for what online banking should look like.

                                                      1. 1

                                                        A delay of hours to days would not be ideal for my use case. Having the system remember the payees is pretty useful to me too.

                                                        1. 2

                                                          This is how I know you’re from Europe ;)

                                                          Here in the USA, most money transfers are performed via ACH. Two business days is as fast as you’ll get there as it is a batch process.

                                                          We can also do wire transfers for near real time transfer but banks tend to charge $30+ for that service.

                                                          1. 2

                                                            Heh. Here in the UK transfers are free and instant between banks and have been for years :)

                                                            Turns out regulation is useful ;)

                                                    1. 16

                                                      It is unfortunate that this distribution mixes a very good idea (a simplified Linux likely to get traction on servers and in containerized workloads) with a very bad idea (not including support for more than one language). Lack of non-English languages (and in fact, lack of any localization support, as they’ve removed gettext and intltool completely) is a mistake.

                                                      This is already apparent in the FAQ, where it’s clear that they’ve realised that some people otherwise in their target audience really do need internationalization features and have outsourced those (specifically keyboard layouts) to another project.

                                                      1. 15

                                                        I get why people want internationalisation, but I don’t understand why everyone needs it. This just seems geared to those who don’t? And if one wants to go even further, than I believe one must accept that this isn’t a unfortunate mix, but that internationalisation in it’s current form is incompatible with what is deemed simplicity in the realm of Unix.

                                                        Also, this isn’t so much an explicit choice of the distro, as much as they choose to base their system on the musl libc, that doesn’t have internationalisation support, per se. Try void+musl, it’s the same thing.

                                                        1. 7

                                                          what is deemed simplicity in the realm of Unix.

                                                          My point is that this is incompatible with simplicity, as is already demonstrated by the fact that anyone using a non-US keyboard, including an ISO standard keyboard, has to fetch files from another project outside of the package management provided just to use the thing.

                                                          1. 3

                                                            But don’t forget: Simple doesn’t mean easy to use. See anything Unix minimalists to theoretical mathematicians.

                                                          2. 1

                                                            What is “the realm of Unix”? (And why should anyone care?)

                                                            To me, this seems like simplicity in the realm of asshole nerds.

                                                            1. 8

                                                              I’d say “the realm of Unix” is what one considers good and elegant style within a (classical) Unix system. You can shoehorn Unix to act like something else, but some people don’t like that, and I guess they are the ones who care, because they want to.

                                                          3. 8

                                                            I just find it interesting that their version of simple includes dependency-tracking package management but excludes Spanish.

                                                            Distros without dependency-tracking package management exist, you know.

                                                            1. 7

                                                              The line has to be drawn somewhere, and they’ve drawn it at i18n. Either they end up caring about those people otherwise in their target audience—or their current model ends up working for them in the long run. There’s nothing inherently wrong with not shooting for the stars.

                                                              1. 9

                                                                Writing a package manager in shell is also a bad idea!

                                                                (Fun story: I’ve tried that back in the day… on one of those Motorola phones powered by Linux… the result was rm -rf /, which permanently bricked the phone because a very important unique-to-individual-phone security boot partition thing was always mounted read-write because lol)

                                                                Excluding the modern freedesktop stack is a bad idea too, if you ask me.

                                                                good idea (a simplified Linux likely to get traction on servers and in containerized workloads)

                                                                er, that exists, it’s called Alpine, it already dominates containerized workloads pretty much?

                                                                1. 11

                                                                  Slackware has been using a package manager written in shell script for 15 years, it still works flawlessy

                                                                  1. 1

                                                                    There is an unlink function in every language, but I confess that the shell has many quirks.

                                                                    1. 1

                                                                      unlink do not work for directories and rmdir refuses to remove non-empty directories, so this is less problematic unless such language provides rm -rf equivalent OOtB.

                                                                    2. 1

                                                                      The author is experienced in shell and careful to write safe code. Additionally, everything is linted by ShellCheck.

                                                                    3. 1

                                                                      There is a difference in supporting localization in the end, user-exposed application (where gettext could come handy) and supporting locales in the system utilities.

                                                                      In french, the coreutils free command translation changed between versions, and this lead to scripts parsed with AWK failing (1 word -> 2 words).

                                                                      Also, coding with locales is terrible. This mean you cannot parse RFC822 formats with strptime(); as part of a parsing library, unless you define the locale in the library, which will change the whole program behavior!

                                                                      Instead, locales should work as passing an argument to the functions supporting them. But so is POSIX today.

                                                                      1. 4

                                                                        That’s Unix’s problem for making bags of bytes both the user interface and the IPC mechanism, IMHO.

                                                                      2. 1

                                                                        Regarding keyboard layouts, the compose key gets most of the issue out of the way, but I don’t know about ie Cyrillic.

                                                                      1. 4

                                                                        I loved my N900; will be interesting to see how this plays out.

                                                                        1. 1

                                                                          I linked this because it’s the developer of the exploit explaining their motivations (on page 3). Understandable if it gets merged into ntmalf though.

                                                                          1. 1

                                                                            Thank you for posting this follow-up interview. I did merge it, hlngzo, in to ntmalf as you surmise.

                                                                          1. 2

                                                                            Desktop: Fedora, Gnome Shell, Firefox, Evolution, Gnome Terminal, gedit, Audacious

                                                                            Laptop: Windows 10, Firefox, Outlook, PuTTY, OneNote, Visual Studio

                                                                            On remote systems, I try to stay close to defaults for the OS (which could be anything) as possible; the exception is if the defaults are truly repugnant (like say, original Bourne shell). I actually can use vanilla vi just fine.

                                                                            1. 11

                                                                              Help keep computers unlocked (no “secure boot” that restricts what systems we can run). Truly secure boot means YOU specify what system is allowed to run in your computer.

                                                                              The problem I have with this is the lack of recognition that Secure Boot is implemented for very real reasons that don’t just disappear because there are also downsides to it. I wish people like rms would work harder to find a solution that addresses all concerns – which is probably not very hard technically, and mostly an UI issue – rather than just crossing their arms and saying “no”.

                                                                              1. 13

                                                                                I think he’s spoken about this before. Disabling secure boot means letting you run your own software with no integrity checking. Letting users configure signing keys that the device will trust means letting you run your own software with integrity checking. In theory you could configure a machine to only load a bootloader that has been signed with your personal key, but for that manufacturers need to let the firmware be able to configure the keys, and to ensure that any booted operating system cannot alter that firmware. This doesn’t seem technically challenging, it’s more a question of business interests.

                                                                                1. 1

                                                                                  so the idea there would be to raise the cost of stealing passwords and other information, by an attacker with physical access to your computer?

                                                                                  1. 5

                                                                                    The idea of an integrity checked boot sequence is to make it harder for malware to do things that would effectively rootkit your system. In theory a full integrity check means the firmware verifies the bootloader, the bootloader verifies the kernel, the kernel verifies drivers, potentially the whole way to verifying that usermode programs are the ones that the owner of the system intended to run. This makes it harder for sophisticated viruses to attach to such a system (unless the private signing keys were present on it.)

                                                                                    When protecting data on a computer against an attacker with physical access, secure encryption of data at rest is more important, but that’s (somewhat) unrelated to integrity checking.

                                                                                    1. 2

                                                                                      This makes it harder for sophisticated viruses to attach to such a system (unless the private signing keys were present on it.)

                                                                                      This is far from obvious to me. Isn’t it possible that the complexity introduced in this verification process opens doors for new bugs?

                                                                                      1. 3

                                                                                        I don’t buy that complexity argument. HTTPS is more complicated than HTTP. TLS implementations have a long and well-known history of bugs and vulnerabilities. But does that make plain unauthenticated HTTP better? No.

                                                                                        1. 0

                                                                                          HTTP’s insecurities are not the result of bugs, they are a consequence of the protocol. That gives reason for a new protocol with different security properties.

                                                                                          In contrast, the insecurities in an OS are the result of bugs. If the OS were implemented correctly, the secure boot chain would be of no use (as far as I understand it). So there is a question of whether time should be spent fixing bugs in the OS, or adding complexity to mitigate the consequences of said bugs, while potentially introducing new ones.

                                                                                          If HTTP were just as secure as HTTPS when correctly implemented, the usefulness of HTTPS would be similarly called into question.

                                                                                          1. 5

                                                                                            If the OS were implemented correctly, the secure boot chain would be of no use

                                                                                            Wrong. If a user opens an email, runs virus.exe, and allows administrator access, that virus can simply install itself as a boot loader on that machine. The computer did exactly what the user asked, but objectively the wrong thing. A correct consumer OS needs a secure boot chain.

                                                                                            If there were ZERO bugs, a secure boot chain could simply be read-only system files, à la Apple’s System Integrity Protection. But that’s absolute nonsense, every OS has bugs. Which is why Apple also uses code signing and SecureBoot.

                                                                                            there is a question of whether time should be spent fixing bugs in the OS, or adding complexity to mitigate the consequences of said bugs

                                                                                            No, there isn’t a question. Literally everyone agrees on implementing layered security. Wide-sweeping safety nets that protect from whole classes of bugs are obviously more efficient than fixing every single OS bug in existence.

                                                                                            And everyone agrees code signing in particular is a massive security win. But code signing doesn’t work without a secure boot chain, as I’ve just explained above.

                                                                                            1. 0

                                                                                              Wrong. If a user opens an email, runs virus.exe, and allows administrator access, that virus can simply install itself as a boot loader on that machine. The computer did exactly what the user asked, but objectively the wrong thing. A correct consumer OS needs a secure boot chain.

                                                                                              If there were ZERO bugs, a secure boot chain could simply be read-only system files, à la Apple’s System Integrity Protection.

                                                                                              But SIP is not a secure boot chain, it’s a security feature implemented in the kernel. So a secure boot chain actually would be of no use if the OS were implemented correctly, contrary to the beginning of your comment. I think my point stands that HTTPS is not a good analogy for this reason.

                                                                                              But that’s absolute nonsense, every OS has bugs. Which is why Apple also uses code signing and SecureBoot.

                                                                                              there is a question of whether time should be spent fixing bugs in the OS, or adding complexity to mitigate the consequences of said bugs

                                                                                              No, there isn’t a question. Literally everyone agrees on implementing layered security. Wide-sweeping safety nets that protect from whole classes of bugs are obviously more efficient than fixing every single OS bug in existence.

                                                                                              The UNIX permission model is one such layer. Apple’s SIP is another. Obviously at least some security layers/safety nets are worthwhile, but that doesn’t mean all are.

                                                                                              And everyone agrees code signing in particular is a massive security win. But code signing doesn’t work without a secure boot chain, as I’ve just explained above.

                                                                                              If you did explain it then I didn’t understand it. Wouldn’t code signing fix the issue with a user running virus.exe as root? Or for that matter, redesigning the UI to prevent user error. I don’t see why a secure boot chain would be necessary. What am I missing?

                                                                                              1. 2

                                                                                                Wouldn’t code signing fix the issue with a user running virus.exe as root?

                                                                                                No. An authorized developer could still sign and publish malicious code. App stores try to regulate the apps they allow developers to publish, but they aren’t perfect. Apple does a pretty good job. Google does a terrible job, the play store is full of malware.

                                                                                                So a signed app from an authorized developer wants to install a root kit as a driver. If the kernel only loads drivers signed by the kernel vendor, it should be safe right? Except without SecureBoot or similar, the malicious app can overwrite the boot loader and circumvent all code signature verification at every level.

                                                                                                It can then download malicious unsigned code and do whatever it wants.

                                                                                                Without a secure boot chain, the code signing system is massively weakened.

                                                                                                redesigning the UI to prevent user error

                                                                                                Fix all OS bugs, and now fix all user error. You really don’t ask for much do ya? 😜

                                                                                                1. 0

                                                                                                  I think you’re falling into a false dichotomy between the current state of software and one particular approach to addressing certain security problems. Secure boot is based on a code signing scheme, and there’s no reason conventional code signing couldn’t be subject to the same vetting process as the secure boot chain. Likewise there’s no reason running a program in a mode which lets it overwrite the boot loader needs to be as easy as clicking a button.

                                                                                                  So a signed app from an authorized developer wants to install a root kit as a driver. If the kernel only loads drivers signed by the kernel vendor, it should be safe right? Except without SecureBoot or similar, the malicious app can overwrite the boot loader and circumvent all code signature verification at every level.

                                                                                                  This scenario already has a much more obvious solution: don’t run foreign apps in order to install drivers. Have a standardized format for drivers, and use a program already on your system to do the installation. That’s how all Linux package managers work.

                                                                                                  But even if there is a reason for an ill-informed user to run a program in a privileged mode, the bootloader could be protected by conventional kernel-based security, the same way system files are protected from unprivileged processes.

                                                                                                  Fix all OS bugs, and now fix all user error. You really don’t ask for much do ya? 😜

                                                                                                  Secure boot chains are also susceptible to bugs and user error: what’s to prevent a user from changing the keys in their firmware to allow the running of a malicious boot loader?

                                                                                                  1. 2

                                                                                                    there’s no reason conventional code signing couldn’t be subject to the same vetting process as the secure boot chain

                                                                                                    Without a secure boot chain, the post-boot code signature verification process can be subverted. Vet all you want, guard your private keys in Fort Knox, that won’t save you when malicious code disables your signature verification pre-boot.

                                                                                                    To be honest, I don’t understand what you’re getting at here. Conventional code signing is subject to the same vetting process. Drivers are signed by the OS vendor. Apps are signed by app publishers, who are in turn signed by the app store CA. But without SecureBoot or similar, the kernel goes unsigned and unverified. All those carefully vetted certificates mean nothing when the code doing the verification is itself unverified!

                                                                                                    don’t run foreign apps in order to install drivers

                                                                                                    In my scenario, the malicious app wants to install a driver as a root kit. Your proposed solution requires using a specialized program to install drivers, completely reasonable. But it also requires every user to have perfect knowledge of when apps have been hijacked, to avoid running and authorizing apps that have had malicious code side-loaded and signed.

                                                                                                    That’s how all Linux package managers work.

                                                                                                    On standard desktop Linux, root access allows you to install arbitrary kmods from outside the package manager. If kmod signature verification is enabled, you’re safe from that attack. Unless you don’t have SecureBoot, and the attacker simply installs a kernel build with kmod verification disabled. Or even simpler, public keys.

                                                                                                    On Linux, root access is a lot harder to come by than Windows. But not that hard. One malicious / hijacked AUR package and loads of Arch users could have unauthorized kmods on their system. “DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.” – aur.archlinux.org

                                                                                                    the bootloader could be protected by conventional kernel-based security

                                                                                                    This is one thing SIP does. It helps secure the boot chain. That’s valuable. But again, layered security is important. There may be vulnerabilities that allow circumventing SIP. It’s a mitigation, not an absolutely bulletproof solution devoid of any current or future flaws.

                                                                                                    Secure boot chains are also susceptible to bugs and user error

                                                                                                    Which is why OS vendors continue to develop and employ more mitigations. Layered security.

                                                                                                    what’s to prevent a user from changing the keys in their firmware to allow the running of a malicious boot loader?

                                                                                                    Nothing. What’s to stop a user from disabling SIP? Nothing. What’s to stop a user from installing their own kernel with all mitigations like ASLR and W^X disabled? Nothing. What’s preventing a user from mailing their laptop, password, and $5000 to a Nigerian prince? Nothing. Maybe customs I guess.

                                                                                                    You can’t stop a user from deliberately sabotaging themselves. But you can mitigate unintentional issues. Verifying signatures on system code, from the bottom up, absolutely helps.

                                                                                                    Responding to your earlier comment:

                                                                                                    I think my point stands that HTTPS is not a good analogy for this reason.

                                                                                                    HTTPS, or rather TLS, is the perfect analogy. I’m not talking about the encryption aspect of TLS at all, I’m talking about authorization. The signatures on TLS certificates. TLS authorization falls apart without root certificates any clown can make. SecureBoot is the code signing analog to TLS root certificates.

                                                                                                    There’s also a clear TLS analog to abandoning SecureBoot and fixing OS bugs instead. Why not abandon the root certificates, use TLS encryption without authentication, and spend more time securing the network? “The bootloader could be protected by conventional kernel-based security” and your HTTPS traffic could be protected by conventional link layer security. Routers and switches rejecting unverified network topology changes, internet backbones rejecting anomalous network subtrees, and so on and so forth.

                                                                                                    Internet providers obviously try to secure their networks. But no one seriously believes TLS certificates have minimal value. We traverse many networks of varying security daily. And in the same vein, we run millions and millions of lines of code written by many people of varying levels of competence and security-consciousness.

                                                                                                    We live in a world with javascript, where it’s completely normal to fetch and instantly evaluate code from a dozen web servers. We live in a world with app stores, where it’s completely normal to download dozens of miscellaneous apps from god knows who, and give them whatever permissions they ask for. Browser sandboxes are imperfect. App sandboxes are imperfect. Operating systems are imperfect. So I for one am thrilled that my iPhone has SecureBoot.

                                                                                                    You said it was “far from obvious to [you]” that “[SecureBoot] makes it harder for sophisticated viruses to attach to such a system.” I think I’ve thoroughly explained why SecureBoot works as a mitigation. It’s not perfect. It’s disproportionally annoying for Linux users who need to turn it off, but have hardware with frustrating preboot configuration. It encourages centralization, since there aren’t many firmware CA providers, although shim mitigates this now. It could have been executed differently, but the core concept still has value.

                                                                                                    1. 0

                                                                                                      Thanks, I think that gives a good picture of the reasons you have for liking secure boot compared to the status quo. But I think it requires more subtlety to say whether it’s a good solution compared to alternative proposals.

                                                                                                      Rather than unpack every tangent, perhaps we can refocus on what I see as the defining feature of secure boot: performing the root of verification in firmware which is isolated from the rest of the OS by the properties of the hardware. This means secure boot requires specialized hardware components, which makes it possible to prevent the user from replacing a malicious OS with a more benign OS.

                                                                                                      The alternative I’ve been hinting at is to implement restrictions on writing to the boot loader or kernel in the kernel itself, so that specialized hardware components are unnecessary. You’re right that operating systems are big and complex, but the parts of the kernel that implement this security can be relatively simple.

                                                                                                      You’re implying that implementing this security in firmware using specialized hardware is less prone to vulnerabilities than the same security properties being implemented in the kernel. I certainly don’t know enough to deny this, but I’m not sure you’ve considered the full scope of this question.

                                                                                                      I can see why one might defer to “experts” and assume that if the industry is doing this it must be a good idea. But there are ulterior motives at play. Perhaps Apple chose secure boot not for its security properties, but because it frees them from competition with free operating systems. Have you considered that perhaps iOS would be less user-hostile if it had to compete with alternatives on the same hardware? Perhaps Apple’s decision to use secure boot is actually a net negative for you.

                                                                                                      1. 1

                                                                                                        You say “secure boot compared to the status quo,” but SecureBoot is the status quo. PCs and Macs come with SecureBoot. Ubuntu and Red Hat both ship signed kernels, i.e. they install and run just fine with SecureBoot enabled.

                                                                                                        As for alternatives, I’m not sure iOS actually uses SecureBoot. They have some kind of boot loader / kernel signing, but I don’t know details. I don’t think Android does either, though Android does have something called Verified Boot.

                                                                                                        I think kernel restrictions are important and valuable. But I don’t consider that an alternative. We should have both.

                                                                                                        And I absolutely believe it’s easier to check some signatures at boot time than write a kernel guaranteed to never allow any action that could compromise its integrity, even in the face of 0days. I certainly do know enough to make this claim, and I’ve considered the scope of the question. Scope is exactly the problem: kernels are big sprawling things with loads of bizarre legacy interfaces for backwards compatibility.

                                                                                                        I have written about kernel tomfoolery on lobste.rs before, and when this mixes with device-specific behaviors, the surface area for attack becomes truly enormous. I truly believe it’s impossible to 100% secure a kernel in the way you describe without a full blown paradigm shift in structuring kernel code.

                                                                                                        Perhaps Apple chose secure boot not for its security properties, but because it frees them from competition with free operating systems.

                                                                                                        No. Apple doesn’t need SecureBoot for that, having closed hardware interface is more than enough. Stallman addresses this in the original post: “Publish the hardware interface of products such as Hololens so we can run them without any nonfree software. Even if our software is years behind, that will be better than not being able to use these devices at all.” I have no interest in a device that’s years behind, even if it’s running 100% free code.

                                                                                                        I’m not sure about iOS, but MacOS supports disabling SecureBoot, and Apple publishes official instructions to do so. There’s no problem running free operating systems on Apple computers. Linus Torvalds famously ran Fedora on a MacBook Air a few years ago.

                                                                                                        1. 1

                                                                                                          No. Apple doesn’t need SecureBoot for that, having closed hardware interface is more than enough.

                                                                                                          Good point, considering that iPhones were more restricted than Android or computers since before SecureBoot existed. Do you know what exactly makes the hardware interfaced so closed down? Is it just that the flash memory doesn’t conform to a standard interface such as SATA, making it harder to flash your own boot loader?

                                                                                                          1. 1

                                                                                                            It’s everything really. Apple goes full custom: they make their own ARM CPUs and GPUs, but publish no spec sheets. Apple added new SIMD custom instructions to the iPhone 11, and as far as I know they are undocumented and non-standard.

                                                                                                            Same goes for the coprocessors and peripherals. I doubt there’s any hardware interface documentation for the T2 secure enclave, FaceID, or TouchID. The new multi-camera switching on the iPhone X and iPhone 11 probably relies on custom undocumented hardware, but I wouldn’t know for sure. That’s what I’ve got off the top of my head, but I’m sure there’s plenty more.

                                                                                                            Android phones have many parts manufactured by different companies, which means they have spec sheets and interface documents. Apple just builds for Apple, they don’t sell any of their custom hardware. Anecdotally, Apple core OS engineers sort out confusion with hardware interfaces by walking next door to ask the folks who designed it.

                                                                                                            Then there’s the general problem that the ARM platform doesn’t have a standardized way of laying out and discovering hardware like x86 has BIOS / UEFI. So you kinda just have to know what things are ahead of time. As of now, Linux on ARM supports different devices on a board-by-board basis, by having a registry of what boards have what. That’s why ARM devices not explicitly supported by Linux are often crippled, whereas you can build an x86 machine from whatever parts you feel like and it will work.

                                                                                                            1. 2

                                                                                                              Mobile cpu performance wise, apple are 2-3 years ahead of every other arm manufacturer. I can’t help but imagine the difference is in part because the designers have open lines of communication to one another.

                                                                                                              1. 1

                                                                                                                Cool, thanks for the info. This has been illuminating.

                                                                                  2. 4

                                                                                    The problem I have with this is the lack of recognition that Secure Boot is implemented for very real reasons that don’t just disappear because there are also downsides to it.

                                                                                    Who owns the computer?

                                                                                    Google argues they do, and that’s why they need Secure Boot. You’ve only purchased a license of temporary permission to use the computer and when you need to trust all your data with Google, you’re forfeiting all fourth- and fifth-amendment rights, since Google (not being the Government) is free to pass your data to them (or anyone else) whenever they like. Google unabashedly maintains you must forfeit these rights in order to protect Google’s copyright.

                                                                                    There are real reasons for allowing the Owner to protect against subversion from the User, but it is an entirely different thing to bury this technical discussion inside the constitutional one.

                                                                                    1. 1

                                                                                      for very real reasons

                                                                                      Eh, aren’t boot sector viruses virtually extinct? I was never convinced that Secure Boot was actually guarding against a clear threat.

                                                                                      1. 6

                                                                                        Rootkits are a very real threat. Remember that a proper secure boot implementation checks that the entire chain of trust of booting isn’t compromised - this includes bootloader, kernel, and drivers.

                                                                                        1. 1

                                                                                          Hmmmmmmm…. o.Ô I guess?

                                                                                          Btw, you’re off Masto now?

                                                                                          1. 1

                                                                                            Instance died for Reasons. I’m elsewhere on it.

                                                                                    1. 6

                                                                                      [Stallman] the only person I have ever met in person who struck me as being measurably smarter than I am, which sounds horrifyingly egotistical but is probably more a reflection of my choice in fellow-travelers.

                                                                                      Also, I hate to tell her this, and its embarrassing that I should be the one to lecture an MIT graduate on this, but teams are for normies, for neurotypicals, for trash people who can’t retain multiple levels of variable dereferencing in their heads while coding. Teams do not accomplish, and have never accomplished, anything of genuine intellectual value.

                                                                                      Wow. Just…wow.

                                                                                      Ms. Selam Jie Gano, the author in question, is part of the most pernicious, and reprehensible, movement in technology, namely: the cabal of people who want to reduce the American (and Western) programming and technological development base of expertise to a kindergarten political commissariat which investigates its own belly button for thoughtcrime

                                                                                      God forbid we ask that when people work together they do so respectfully. No, it can only be a conspiracy to destroy America.

                                                                                      Unfortunately for the social justice crowd, the genius IQ contributors to societal progress and better living have also been disproportionally white and male, and since we haven’t found the secret sauce of genius to give to those who don’t possess it due to genes and culture, higher education must focus on teamwork, diversity, and inclusiveness to provide some free-rider credit for those who couldn’t otherwise contribute.

                                                                                      Again, just…wow.

                                                                                      They yearn for cash-cow garbage projects like the Obamacare website, which cost two billion dollars but which likely contained more of Richard Stallman’s code than the government’s.

                                                                                      Ah, this old lie. The website cost between $70 and $90 million. The $2 billion figure included both all HHS contracts with the vendor for the previous seven years (some of which were tapped to begin work on the project, but had been started previously for other IT work) and various other expenditures for the federal healthcare marketplace as a political entity itself in addition to the website. This lie was so flimsy that even Glenn Beck’s The Blaze debunked it.

                                                                                      Seriously, I’m grateful to RMS for what he did but articles like this do not belong on lobste.rs. This is QAnon-style rambling and navel-gazing. We have repeated calls (I think ironically, but I’m not sure) to the Illuminati, grandiose claims, imagined persecution (the poor white man), blatant racism and sexism…I mean. Seriously. Come on.

                                                                                      1. 3

                                                                                        I like how someone posts an article where non-white/non-male people are explicitly described as inferior and tells a blatant and oft-debunked lie, but someone had the audacity to claim my comment was the troll and not the article…

                                                                                        1. 1

                                                                                          You can choose to not to dignify a thread like this with a response. Silently vote and move on instead of stirring the flames as intended.

                                                                                          1. 2

                                                                                            There’s this thread of crypto-racism/barely-concealed sexism that runs through our industry, and I’d prefer that lobste.rs not fall prey to it. If this article had simply been a rant about the RMS situation that’s one thing, but unabashed racism and sexism should not be tolerated…but it was submitted, and tolerated by at least a few. I’m not down with that, and I’d prefer to call it out rather than ignore it.

                                                                                      1. 7

                                                                                        I can understand if this topic is bumped but I do feel this is a very well written article and deserving of a read.

                                                                                        Regardless of personal feelings about the event I think we can all acknowledge it is at least notable in the history of open source. Accounts like these, from people with intimate knowledge of the whole context, are invaluable and can sometimes have a big impact over the years.

                                                                                        1. 16

                                                                                          of open source.

                                                                                          I’d just like to interject for a moment…

                                                                                          1. 9

                                                                                            It’d be nice if it’s notable in the sense of “this is when the FSF was able to get a new leader and begin more effective campaigning for libre software.”

                                                                                            I suspect it’ll more likely be remembered for quite some time as “this is when call-out culture demonstrated that no history of productivity will save somebody and that having any history of opinions or nuanced rational independent thought in non-tech realms–regardless of how respected or consistent you are–online is a strict liability if you are in tech.”

                                                                                            Edit: Whoever flagged this as troll or incorrect…you really need to explain your reasoning instead of abusing the flagging system–otherwise, it loses its effectiveness. Are you saying that my stated suspicions are not in fact my actual suspicions? If so, how would you know? If I’m trolling, who am I trolling and how? I didn’t post anything uncivil here.

                                                                                            1. 5

                                                                                              And this is where we’re going to. In the past, everything was archived, in libraries and elsewhere, and now pretty much everything has to be ethereal, removable in a minute’s notice, without a trace to the author.

                                                                                              I think this is a problem for the actual times we’d need to look back and see what we did in the last 25 years… When so much of the information purposefully has to be removed in order to not subject oneself to a cancellation.

                                                                                              1. 4

                                                                                                “President of the Free Software Foundation” is not a technical role, it is a leadership role. It doesn’t matter how skilled or productive RMS is in the technical arena, or the manifesto-writing arena, or the underwater-basket-weaving arena, if he does not have the leadership and people skills to effectively lead, and to represent the organisation to outsiders.

                                                                                                1. 4

                                                                                                  The issue here is that he’s one of the most hardcore Free Software advocates. He’s probably the only one capable of saying that he doesn’t use any non-free software; consistently taking the time to patiently teach people about the drawbacks of proprietary software, even so much as the “non-free” JavaScript (Obfuscript) of the websites. Everyone else just complains on Twitter to @Uber that their UX isn’t good enough; or claims to be a free software developer on GitHub, all whilst enjoying the proprietary platform to further benefit from the non-free software ecosystems. Why do people join FSF? What’s FSF without Stallman?

                                                                                                  FSF is not about OSS. Without Stallman, the guy who used to live in his office at MIT more than most, it loses its whole identity in the FLOSS world. I don’t understand why anyone would want to be associated specifically with Free Software whilst hating on the only person who truly lives by it — Dr Richard Stallman.

                                                                                                  I think this is all a setup. All those people who tried so hard to cancel Stallman don’t really care about neither Free Software nor OSS — heck, it was all done on Medium and Twitter, after all. I cannot see FSF remaining relevant when their leadership wouldn’t be practising what Stallman preached. Let’s be real here — all of us use proprietary software on a daily basis; many of us have no idea what it’d be like to live in a world that Stallman lives in.

                                                                                                  1. 3

                                                                                                    Pointing out that he was the only person living up to the standards is… not the strongest counterargument to the claim that his behavior discouraged others from getting involved.

                                                                                                    1. 2

                                                                                                      This is not about his behaviour, this is about the standard of Free Software. If you can’t meet the standard, leadership at FSF probably isn’t for you (and that’s OK — that’s what we have Open Source and all the other communities for — doesn’t mean you have to dismantle FSF just because it doesn’t fit your immediate needs).

                                                                                                      1. 2

                                                                                                        doesn’t mean you have to dismantle FSF

                                                                                                        The FSF, as far as I can tell, continues to exist. From what I’ve seen, it’s got quite a bit more funding this week than it did a month ago.

                                                                                                        I don’t understand why anyone would want to be associated specifically with Free Software whilst hating on the only person who truly lives by it.

                                                                                                        I don’t hate him (or anyone - humans are too complicated to hate). We all have virtues and vices; I can respect him for his virtues (many, and rare) while also finding his vices (oppositional defiance of social norms and wilful disregard for the impact his behavior has on those around him) a bridge too far.

                                                                                                        1. 4

                                                                                                          The FSF, as far as I can tell, continues to exist. From what I’ve seen, it’s got quite a bit more funding this week than it did a month ago.

                                                                                                          Where exactly do you get this data from? I’ve emailed Stallman to ask him privately about his FSF resignation and what people could/should do; his suggestion was to join FSF (yes, of which he’s no longer the president).

                                                                                                          I’ve seen someone post on Twitter (not exactly the manifestation on the use of free software, BTW) that they’ve quit FSF after learning these things about Stallman like his well-known unconventional political notes from years ago (which pretty much everyone with any sort of history in the whole FLOSS movement was very well aware of), and, on the other hand, several users posting on Reddit to have resigned from FSF membership because the only thing that kept them there was Stallman. To conclude that it’s going one way and not the other would be to perpetuate the same level of disinformation and the Trial-By-Twitter culture that brought this issue upon us in the first place; so, let’s kindly not degenerate Lobsters to that level.

                                                                                                          Likewise, to say that FSF continues to exist is a premature assessment. If they continue to follow Stallman’s leadership, then it’s not exactly a benefit that Stallman himself has to hide or be hidden from his involvement in FSF for the rest of his life. If they do decide to deviate and embrace a more Proprietary-friendly approach, then they’ll likely lose their uniqueness and the remaining folk that affiliate themselves specifically with FSF just because of Stallman.

                                                                                                          And I’m yet to see all these #cancelStallman folk joining the ranks of FSF; most of them probably don’t even know the difference between Free Software and OSS, and wouldn’t be the target audience of FSF as we know it anyways, making the whole point of catering to them rather moot. TBH, it just doesn’t make any sense why he resigned; I think he must have gotten scared for the future of FSF, or was tricked by some of his associates that seem have their own interest at heart. The whole thing is rather confusing to observe, especially given his own statements that he had no plans to give up just a few days prior.

                                                                                                          1. 3

                                                                                                            I personally wouldn’t take too much stock in a cult of personality.

                                                                                                            rms’ leadership was controversial within the FSF. Beyond “rms is a creep” and other political toxic waste, which makes for juicy headlines (that, and with how tightly the FSF brand was tied to rms, how it reflected badly on the FSF), it’s arguably a distraction from another big reason why - there was the fundamental issue that rms was not a good leader for the FSF beyond founding it. Mistakes like appointing someone to dotGNU that just used the label to work on his PHP groupware projects while condemning Mono, eglibc and egcs forks, dying on hills that meant Emacs has better interop with clang than it does gcc, Hurd being a debacle, poor marketing campaigns that did nothing to preach to the choir, all while failing to address real problems for free software like user-hostile SaaS. The FSF has lost goodwill with actual free software (often under the GNU umbrella!) developers and promoters, not hero-worshippers.

                                                                                                            The events of the past few days merely provided a social final straw for long-standing leadership issues.

                                                                                                            1. 2

                                                                                                              I’m yet to see all these #cancelStallman folk joining the ranks of FSF

                                                                                                              Anecdotes are not data, but I know several who subscribed in the wake of the announcement.

                                                                                                              probably don’t even know the difference between Free Software and OSS, and wouldn’t be the target audience of FSF as we know it

                                                                                                              This, I don’t follow at all. People who know the difference between OSS and Free Software don’t need to be reached. The target audience of the FSF, surely, is people who are not yet aware of why Free Software is important.

                                                                                                      2. 1

                                                                                                        Promoting Free Software (specifically, not including Open Source) is advocacy from a moral perspective - it asks people to give up immediate monetary gain, for the sake of the greater good of society.

                                                                                                        It behooves the leaders of such a movement not to be “perfect” - no-one is - but to adhere to the more moral end of the social spectrum. A leader of an advocacy group that embezzles money will lose credibility, for example.

                                                                                                        No-one has accused RMS of financial impropriety, nor has he done anything that amounts to a conviction in a criminal or civil court. But his reported behavior and public statements effectively makes it impossible for him to represent an advocacy group like the FSF. Every appearance he would make could be used by enemies of Free Software to hinder its goals.

                                                                                                        “Dr. Stallman, your ideas for software development are interesting, but let’s talk about how you’ve defended pedophilia….”

                                                                                                        It sucks, and it’s technically unfair, and as a fellow human being I feel really sorry for RMS right now, but it’s the rules you have to live by as a very public figure and advocate.

                                                                                                    2. 3

                                                                                                      I’d already come to the conclusion that ‘default open’ is no longer a useful approach to online life. It seems to be confirmed time and again.

                                                                                                      1. 3

                                                                                                        nuanced rational independent thought in non-tech realms

                                                                                                        If you have rational thought expand on poor axioms, your thought can be extremely nuanced, rational and independent, and still be grossly wrong. Rationality alone is not a good indicator of intelligence and should not be a singular measure. Stallman’s axioms were not good (my claim) and his rational arguments built from them are therefore invalid. I’ve read plenty of rational arguments from flat-earthers that were nuanced, rational, and independent. They were also wrong because their axioms are wrong.

                                                                                                        What people complained RMS was not his ability to be rational and logical. But the way he treated women. The email thread was simply a spark that allowed others to express their complaint.

                                                                                                        1. 2

                                                                                                          I think the point of Bushnell’s post was that the opposition to RMS may have stemmed more from unethical behavior than from his opinions.

                                                                                                      1. 4

                                                                                                        Liveblog begins here.

                                                                                                        • Nostalgic flat design animation. iPod, gumdrop iMacs, etc. All iconic Apple designs here. Ends.

                                                                                                        • Tim on stage. Apple pep speech. Big announcements claimed. No progress reports from Tim this time, straight to updates.

                                                                                                        • Apple Arcade. Ann to stage to talk about that. Games a la carte for all Apple platform on a subscription. Many exclusives. Many launching at the same time. App Store arcade tab. New stuff every month, typical store content and editorial content. Many styles covered.

                                                                                                        • Konami guy on stage. A new Frogger. It’s on Apple Arcade, duh.

                                                                                                        • Capcom guy, “console quality”. Underwater platformer. Survival horror elements? Apple Arcade exclusive, duh^2.

                                                                                                        • Annapurna woman on stage. Pop-music-video-inspired rhythm racing game? Arcade, Arcade, Arcade.

                                                                                                        • There’ll be more, of course. Arcade available on 19th. 150 countries. 100 games in launch catalogue. Costs 4.99$/mo, including family plan. One month trial.

                                                                                                        • Tim back. Apple TV+. They released some trailers last time. People got excited. Trailer about a world of the blind? Content.

                                                                                                        • Apple TV+ will be available on November 1st (limited library at that time, more content a month). >100 countries for launch. 4.99$ a month, family included. When you buy a Mac/iOS device, a year of TV+ included for free.

                                                                                                        • iPad. Big year for iPad; line revamp and rebranded iOS.

                                                                                                        • Joz on stage. Talking about the 9.7” that is most popular. 60% have as first iPad. New model has a slightly larger screen (10.2”?) with bigger resolution/nits/viewing angle. Still has home button. A10 Fusion CPU, smart keyboard compat.

                                                                                                        • Review of iPad OS features. Desktop-class Safari, one-handed keyboard, SD card support, etc. 100% recycled al-u-min-ium chassis. It starts at 329$. 299$ in edu. Orders today, ships at end of month.

                                                                                                        • Back to Tim. Watch. Promo video for Watch health and fitness stuff. Tim gets a lot of letters.

                                                                                                        • Sumbul on stage. Lots of research. More watch-conducted studies as a result. Cycle tracking study. Hearing study. Heart study. App to enroll and monitor. Apple doing the privacy thing too.

                                                                                                        • Back to Tim. Stan with more on Watch. Next-gen? Series 5. Always-on display. Time and complications available, activating watch enables full brightness. “LTPO” display. Dynamic refresh rate. 60-1Hz. Low power display driver, new ALS, new PMC. Same 18hr battery life. Watch faces have been changed to accommodate this and workout metric viewing.

                                                                                                        Lost connection here.

                                                                                                        • Compass app. API for it.

                                                                                                        • Safety features. International emergency calling on cellular models.

                                                                                                        • More bands. 100 %recycled Iveium. Titanium now too, with custom finishes. Ceramic (I think a Lobsters post predicted this) white. New Nike and Hermes models, if that’s your thing. 399$ for GPS base model. 499$ for cellular. Orders after the video. In stores 20th. Series 3 remains in production; it drops to 199$.

                                                                                                        • Back to Tim. More Watch video. iPhone. New iPhones. iPhone 11. Dual camera?

                                                                                                        • I didn’t get her name, but she’ll be talking now. Anodized Iveium and glass. New Purple/White/Yellow/Green/Red (more?). 6.1” (LCD? That’s what liquid implied?) display of the typical Apple quality. Speaker improvements. Wide-angle camera. Faster autofocus. Even wider-angle camera. Low level light performance. NPU used for camera? Better HDR. New mono portrait mode. (Not sure if the jargon used means anything to people, or if it’s just jargon.) Demo of camera. They’re really proud of the camera. Front-facing is better too, with a wider angle and slo-mo with demo.

                                                                                                        • SoCs are something good. Bragging about their lead. A13 Bionic SoC. It’s faster. Graphics still doing better. Gamedev from Giant on stage. Showing off their game (fantasy hack and slash, kinda Soulsborne and Shadow of the Colossus like?) on the new system.

                                                                                                        • Battery is nice. Lots of other features. More promo. Base price at 699$.

                                                                                                        • Back to Tim. Bigger announcement? 11 Pro. Triple cameras. Phil on stage. Apple says pro label means they mean serious business. Various designs. 5.8” and Max at 6.5? 1200 nits and other nice display facts. Same speaker setup, Atmos, etc. “XDR” display.

                                                                                                        • Silicon engineering VP on stage to talk about A13. Power efficiency and machine learning. Faster ML perf with faster matrix multiplication. Is that 1TFLOPs? ML jobs can be scheduled between CPU/GPU/NPU. 7nm. 8.5B transistors. Multiple voltage and clock gating domains. 20% faster, up to 40% power efficiency improvements, better sustained turbo perf.

                                                                                                        • Back to Phil. 4 hours longer battery than previous model. Max is 5. 18W adapter in the box. Cameras. Wide, telephoto, and ultrawide cameras. 4X optical zoom. Samples. “Deep Fusion” combined images with different exposures before shutter. Demo of video. They prepare the other cameras when you’re only using one. Camera apps. Director type guy on stage to talk about one.

                                                                                                        • Phil back, promo video. Yup, Apple flaunting ethical materials. 999$ and Max at 1099$ base. Preorders Friday 10 AM PDT. Ships 20th. 8 and Xr in the line.

                                                                                                        • Tim back. Tim talks retail. Deidre on stage. Product personalization. Trade-ins and monthly payments in some countries. Tweaks to stores.

                                                                                                        • Back to Tim. Summarizing. If you’re actually there, hands-on demos. Lots of thanks.

                                                                                                        Fin?

                                                                                                        1. 42

                                                                                                          Microsoft ♥ Linux – we say that a lot, and we mean it!

                                                                                                          I’m calling bullshit on this. Microsoft ‘loves Linux’ so much that they’ve ignored requests to support Linux with Outlook/Word/Powerpoint/Teams/etc. Microsoft ‘loves Linux’ so much that they effectively killed Linux support on Skype. Microsoft ‘loves Linux’ so much that they prevent Skype from even working over the web interface on (arguably) the most popular browser used by folks on Linux (if you visit web.skype.com with Firefox you get redirected to this page: https://www.skype.com/en/unsupported-browser). Or do they only ‘love Linux’ when it suites their financial and PR interests?

                                                                                                          1. 19

                                                                                                            I’d like to add the lack of official linux drivers for their Microsoft-branded laptops to this list.

                                                                                                            1. 24

                                                                                                              do they only ‘love Linux’ when it suites their financial and PR interests?

                                                                                                              Well, obviously. Expecting any large corporation to “love” anything that’s not purely out of self-interest strikes me as rather naïve.

                                                                                                              Either way, I much prefer the current Microsoft over the “Linux is cancer” and “get the facts” Microsoft of 15 years ago.

                                                                                                              1. 10

                                                                                                                You can’t “love” something then actively ignore critical parts of it. A better slogan for what they are doing is “microsoft tolerates Linux.” I take issue with the fact that they are heavily implying that they are doing more than tolerating it now (when clearly they are not).

                                                                                                                1. 4

                                                                                                                  Microsoft is making money off of Linux. They “love” it the only way a big profit-driven company can; they found a way to monetize people who actually like it.

                                                                                                                  1. 4

                                                                                                                    You can run Microsoft SQL Server on Linux, which seems like a lot more than “tolerating” it. Office has been ported to iOS and Android — I don’t see why they wouldn’t be porting it to Linux too, if there were sufficient demand. (The 2019 numbers I could find showed <5% market share for Linux, measured by web browser.)

                                                                                                                    1. 8

                                                                                                                      That still seems like toleration. I’m not convinced that if Linux hadn’t stuck around and/or expanded beyond microsoft’s wildest dreams, that they would still consider it a cancer. They may support Linux on a small subset of all software they pump out, but they ignore it on the vast majority. Can we at least agree that the ’microsoft loves Linux” slogan is pure marketing bullshit and not reflective of their actual behavior?

                                                                                                                2. 8

                                                                                                                  if you visit web.skype.com with Firefox you get redirected to this page: https://www.skype.com/en/unsupported-browser)

                                                                                                                  Wow, you actually do. What the fuck Microsoft?

                                                                                                                  1. 12

                                                                                                                    Or do they only ‘love Linux’ when it suites their financial and PR interests?

                                                                                                                    Like any company, yes. They love Linux on Azure.

                                                                                                                    1. 4

                                                                                                                      I recently had to battle and debug some EWS/Azure/Exchange crap just to get evolution-ews working with Microsoft 2FA. Microsoft has supported Exchange+Evolution exactly 0%. It’s all gnome devs and other random volunteers figuring out how their broken OAuth2/Azure/Office365 rubbish works.

                                                                                                                      1. 3

                                                                                                                        Microsoft ‘loves Linux’ so much that they effectively killed Linux support on Skype.

                                                                                                                        The Skype client for Linux works fine. Sure, it’s Electron and ugly, but so is the Mac version. But it does the job.

                                                                                                                        (Sure, there are better and open solutions, but the outside world uses Skype.)

                                                                                                                        1. 0

                                                                                                                          Microsoft ‘loves Linux’ so much that they’ve ignored requests to support Linux with Outlook/Word/Powerpoint/Teams/etc.

                                                                                                                          You can’t use the O365 versions on browsers on Linux?

                                                                                                                        1. 5

                                                                                                                          Still waiting for that POWER9 based laptop with classic 7-row ThinkPad keyboard …

                                                                                                                          1. 3

                                                                                                                            it’s 90W - it’s going to be one of those incredibly thick gamer laptops at best

                                                                                                                            1. 3

                                                                                                                              What prevents them from making a one with 2 cores and SMT4 at 25W envelope? :)

                                                                                                                              1. 6

                                                                                                                                The market for it. (Also, the 90W figure is for the 4-core part that pretty only exists as chaff that RCS uses and IBM otherwise wouldn’t. POWER9 is designed for 4-8 thread clumps - IBM sells single-core/thread models, but those use firmware DRM to be restricted)

                                                                                                                                1. 1

                                                                                                                                  Which ones are those?

                                                                                                                                  1. 1

                                                                                                                                    Servers like the S812 Mini. The AIX configuration has more cores, but the i configuration is limited to a single one.

                                                                                                                                    1. 2

                                                                                                                                      Oh, yes. IBM i definitely plays by different rules.

                                                                                                                                2. 3

                                                                                                                                  The limiting factor for the 4cores aren’t the cores itself, but all the peripheries like the PCIe host bridges, the core interconnect, the onchip accelerators, the MMU etc.

                                                                                                                            1. 6

                                                                                                                              This reminds me a little of Haiku’s packagefs system.

                                                                                                                              1. 4

                                                                                                                                More than a little for me; I’m having trouble finding a feature that isn’t implemented by Haiku’s package manager. Not that that’s a bad thing; I’ve been wanting an equivalent for Linux ever since I’ve learned about it.

                                                                                                                              1. 1

                                                                                                                                I wonder how Gtk+1.2 would stack up to Motif (or as they called it, at the time, “Bloatif”). Kind of disappointed that Qt is so high.

                                                                                                                                1. 2

                                                                                                                                  Along the same lines, I’d love to see the different Qt versions. I assume here Qt==Qt5, but it’s worth noting that Qt has been a useful and widely deployed toolkit since 1.x, which was a lot leaner. (I used to statically link it back in the day.)

                                                                                                                                  1. 2

                                                                                                                                    Just check the list, it shows Motif and something called ‘GDK’. Since GDK is not a GUI toolkit I can only assume that this is GTK1.x. Motif uses 1.50MB and as such lies between GDK (which is lower at 1.20MB) and GTK+2 (higher at 2.80MB).

                                                                                                                                    1. 1

                                                                                                                                      GDK is the drawing engine of GTK. I assume that’s using GDK to draw, without using GTK widgets.

                                                                                                                                      1. 5

                                                                                                                                        This is mostly the case - GDK is used as an abstraction layer between GTK and the underlying system (Xlib on X11). It was more Glib I was thinking about here than GDK. Still, GTK1 was a relatively lightweight abstraction on top of GDK (and gdk-pixbuf) which did not need (nor support) things like Pango, Cairo, ATK etc. It was lighter than Motif but heavier than Xaw (Athena).

                                                                                                                                        Another interesting option for this list would be Xview (Sun’s OpenLook widget library) and the related OLIT (OpenLook Intrinsics Toolkit) which I suspect will end up being more lightweight even than GTK1 while still being perfectly usable. The somewhat sparse OpenLook style fits right in with the current flat UI toolkit trend.

                                                                                                                                    2. 2

                                                                                                                                      I remember working with Motif on…some system, I can’t remember which now…some Unix….that didn’t support shared objects, so Motif was statically linked into every Motif application. Moreover, they didn’t do a good job with the archives, so every application had a minimum size of like 2-3MB. This was back when that was an enormous amount of space.