1. 10

    Why do people think MS is doing all this? Do people really think a company worth 860 billion dollars has anything to give away for free? I do not want to go into MS bashing, but believing that a big company like MS is now altruistic and believing in making the world a better place is just naive. MS wants to be seen as cool and hip with the dev. crowd, esp. the young Sillicon Valley crowd, so that they can sell more Azure. They do not care about software freedom or anything like that.

    1. 12

      Goals can align. Microsoft might care about software freedom because that improves their business in some way. In this case, their goal is obviously to collect metrics about users. Almost all of the code is open though.

      1. 3

        I don’t think thats an obvious goal at all - metrics about users. A perfectly acceptable goal is to regain mindshare among developers. vscode can be seen as a gateway drug to other microsoft services, improving their reputation.

        1. 2

          I wonder what metrics from a text editor would be useful to them?

          1. 10

            I want metrics from the compilers I work on. It’d be super useful to know what language extensions people have enabled, errors people hit, what they do to fix them, etc. Sounds mundane at first, but it’d allow me to focus on what needs work.

            1. 8

              Well, VS Code doesn’t choose your compilers :)

              either way, I don’t get the paranoia. Performance telemetry, automated crash reports, stats about used configurations – not stuff that violates privacy in any meaningful way. It’s weird that this gets lumped in together in the general paranoia storm with advertisers building a profile of you to sell more crap.

              1. 8

                Issue #49161 VSCode sends search keystrokes to Microsoft even with telemetry disabled

                It’s not even paranoia so much as irritation at this point. I know my digital life is leaking like a sieve, and I’d like to plug the holes.

                1. 3

                  Kinda clickbait issue title. Yeah, keystrokes are always a lot more worrying than metrics, but this is settings search. I guess you could Ctrl+F search for something secret (e.g. a password) in a text file, but not in the settings.

                  1. 12

                    You know, there was a time when it was big news if a commercial program was caught to “phone home” at all. It didn’t matter what the content was.

                    (Today, you’d call a ‘commercial program’ a ‘proprietary application’.)

                    It’s still a big deal today if an open source/community maintained/free software application ‘phones home’, because reasons: untrusted individuals, the value of big data, and principles of privacy.

                    Now that M$ is in the game, let’s add ‘untrusted corporation’ to that last list.

                    I don’t care what the nature of the data is–I don’t want to be observed. Especially not as I ply my craft–few activities produce measurable signals from any deeper inside myself, and every one of those is definitely on my personal ‘no, you can’t watch!’ list.

                    1.  

                      For me personally, I have no problem adding telemetry to apps I maintain. But I’m sure going to make sure users know about it and can disable it if they want. I think that’s the real issue - consent.

                    2. 5

                      That’s having to think way too hard about what they’re intercepting.

              2. 4

                Platform it’s running on, type of code being edited, frequency of use for a given feature. Heuristic data about how people interact with the UI. The list goes on. Note also that none of this need be evil. It could be seen as collecting data looking to improve user experience.

            2. 3

              I’d guess they’re after a platform. They want to build a base (using organic growth) that they might later on capitalize on, either by learning from it to invite people to use (proper) Visual Studio or by limiting VSCode’s openness.

            1. 3

              Experimenting with solar! I have a 100W panel and a cheap solar controller. Going to see if I can get this 12V fan to run on solar power.

              Also, glad to see the switch from the culture tag to programming. Now this thread should get some better visibility.

              1. 1

                I’d like to see more detail about the IoT network. What boards are they using? Which OS? How are they collating the data? What radio tech are they using?

                The article explains these are low-cost prototypes, but says nothing about how to build your own.

                1. 3

                  Sidenote: it really irritates me how the culture tag’s negative hotness modifier causes this weekly thread to drop off the front page almost immediately. It’s only 12 hours old and already halfway down page 2.

                  1. 1

                    We used to just tag it with ask and nothing more, but as it’s a meta tag now it fails validation without another tag as well. I picked culture from the list originally because it felt the “best” fit for this thread, but that also irks me how quickly it vanishes. I’m sure it makes a difference to how many people comment on the thread (although if you’re around here for any length of time you’ll know it appears on a Monday, so can go look for it.)

                    I wonder if there is a better “second” tag for these threads that wouldn’t have the negative cost attached, without mis-appropriating the tag.

                    /cc @kzisme

                    1. 2

                      practices or programming seem fine. I’d also prefer this thread not drop away so fast. /cc @kzisme who often posts these.

                      1. 1

                        How about programming? “Use when every tag or no specific tag applies”

                      1. 1

                        Is Timeless Way your first Christopher Alexander book? How are you liking it?

                        1. 2

                          I read Notes on the Synthesis of Form before, which I loved the first half, the second half sounded like a formalization of the first and wasn’t that interesting.

                          Regarding “The Timeless Way” I like it, I haven’t read “A Pattern Language” yet, but I have the impression this one is better since it explains the concept of patterns and some examples without going to the formalization that “A Pattern Language” seems to go, which was the part I didn’t like about “Notes on the Synthesis of Form” :)

                          1. 2

                            I enjoy the conceptual stuff too, although I’ve been reading Alexander’s later books and not the early ones. Pattern Language is interesting, but it’s mostly a collection of ~200 specific patterns for physical buildings.

                            I once read an book review that described The Timeless Way of Building as “underbaked,” A Pattern Language as “just right,” and The Nature of Order as “overbaked.” I’m inclined to agree, but overbaked is how I like it! Design patterns are already abstractions, but in TNOO Alexander really digs in and tries to determine what makes a good pattern. Here’s a thread from a couple years ago.

                            1. 2

                              A Pattern Language gives you examples of patterns from the level of countries all the way down to rooms in your house. It’s filled with fascinating, humanistic reasons for each pattern. Some of my favorites:

                              1. Have little hiding spaces in your house because kids like to hide in things.
                              2. As a teen gets older, give them a space of their own, perhaps a room they can go into without coming through the rest of the house. That approach develops independence with age.
                              3. There’s a really beautiful passage about building a marital bed and how it symbolizes coming together for the long future.
                              4. It’s better to build cities where cars move slowly until they get to a fast highway. Not every little road needs to be super fast or wide. You actually end up losing little time in this situation, but you gain quieter and nicer spaces.
                              5. Mixed residential and commercial development is the way to go. Downtowns are death because they are unused for half the day.

                              etc etc. I recommend getting it and reading a bit at a time, like a work of poetry.

                              1. 7

                                Alexander wrote the following in his preface to Richard P. Gabriel’s book Patterns of Software:

                                In my life as an architect, I find that the single thing which inhibits young professionals, new students most severely, is their acceptance of standards that are too low. If I ask a student whether her design is as good as Chartres, she often smiles tolerantly at me as if to say, “Of course not, that isn’t what I am trying to do. . . . I could never do that.”

                                Then, I express my disagreement, and tell her: “That standard must be our standard. If you are going to be a builder, no other standard is worthwhile. That is what I expect of myself in my own buildings, and it is what I expect of my students.” Gradually, I show the students that they have a right to ask this of themselves, and must ask this of themselves. Once that level of standard is in their minds, they will be able to figure out, for themselves, how to do better, how to make something that is as profound as that.

                                Two things emanate from this changed standard. First, the work becomes more fun. It is deeper, it never gets tiresome or boring, because one can never really attain this standard. One’s work becomes a lifelong work, and one keeps trying and trying. So it becomes very fulfilling, to live in the light of a goal like this. But secondly, it does change what people are trying to do. It takes away from them the everyday, lower-level aspiration that is purely technical in nature, (and which we have come to accept) and replaces it with something deep, which will make a real difference to all of us that inhabit the earth.

                                I would like, in the spirit of Richard Gabriel’s searching questions, to ask the same of the software people who read this book. But at once I run into a problem. For a programmer, what is a comparable goal? What is the Chartres of programming? What task is at a high enough level to inspire people writing programs, to reach for the stars? Can you write a computer program on the same level as Fermat’s last theorem? Can you write a program which has the enabling power of Dr. Johnson’s dictionary? Can you write a program which has the productive power of Watt’s steam engine? Can you write a program which overcomes the gulf between the technical culture of our civilization, and which inserts itself into our human life as deeply as Eliot’s poems of the wasteland or Virginia Woolf’s “The Waves”?

                                1. 3

                                  This passage is really beautiful and encouraging, thank you!

                              2. 1

                                Sounds like I will skip A Pattern Language and go with The Nature of Order then :)

                                Thanks!

                        1. 4

                          The First Amendment covers more than literal speech: source code and technical data is a form of expression just as much as a poem or song, and are equally protected.

                          There is no principled endpoint to this – if you followed this sort of reasoning, then everything would be protected under free speech, including all physical objects. That being said, I am not optimistic for the government’s prospects in this case. At least two appeals courts, the 9th circuit (Bernstein v. US), and the 6th circuit (Junger v. Daley) have already explicitly held that source code is free speech. It is only a matter of time before CAD files (imo, incorrectly) will be interpreted as closer to source code than physical objects.

                          1. 2

                            if you followed this sort of reasoning, then everything would be protected under free speech, including all physical objects

                            Source code, technical data, poems, and songs are all intangible; you could conceivably speak the information aloud. Where is the slippery slope to physical objects?

                            1. 1

                              If you agree with the following three statements:

                              • Source code is free speech.
                              • CAD files are a form of source code.
                              • The government should not restrict free speech.

                              then, I think, you are logically forced into accepting that it will be impossible to regulate any 3D printed objects, since it is (both legally and practically) infeasible to restrict what people do on their own 3D printers in their own homes.

                              1. 3

                                …you are logically forced into accepting that it will be impossible to regulate any 3D printed objects, since it is (both legally and practically) infeasible to restrict what people do on their own 3D printers in their own homes.

                                It’s not legally impossible to restrict use of 3D printers anymore than it is to restrict use of CNC machines. “Shop guns” are a thing and if unregistered are manifestly illegal in California.

                                1. 2

                                  I don’t think that logically follows, free speech doesn’t mean you can say anything you want.

                                  1. 1

                                    Absent imminent lawless action, I think it does. What do you think it means?

                                    1. 2

                                      Imminent lawless action is one of a few categories of unprotected speech. Others include libel and false advertising.

                                      1. 1

                                        This is in the context of safety/secuity-based restrictions on free speech (i.e. guns). Should have made that clearer.

                                  2. 2

                                    Oh, I see what you mean. That doesn’t lead to “everything” being protected by free speech; 3D printed objects are a subset of all physical objects. You can’t 3D-print uranium, for instance.

                                    It would be impossible to regulate plastic shapes… but so what?

                              1. 5

                                if you have a HiFive Unleashed board as I do, this is more immediately useful: https://wiki.debian.org/InstallingDebianOn/SiFive/HiFiveUnleashed

                                Still really excited that my favorite distro supports my most recent offbeat hardware purchase!

                                1. 3

                                  How are you liking the board? What well-known system would you compare its overall performance to? And is it working reliably?

                                  1. 2

                                    The board seems fine, but the fan failed. The forums imply I should not have moved the board around while the fan was active. New fans just arrived, hopefully it’s fine this time.

                                    I do wish the board would have arrived with debian already installed, but I understand this isn’t for the same market as the BeagleBone / Raspberry Pi / etc

                                    No real thoughts on performance, I’m biased by the Xeons in my laptop.

                                  2. 2

                                    Please write about your experiences with the board in the weekly “What are you working on?” thread! I’m very interested in hearing about it.

                                  1. 2

                                    Although I’m pro-bitcoin and disagree with this article’s conclusions, there are a lot of good points here. I will cover the points I disagree with.

                                    I disagree that the electric consumption is a real problem. The author notes that power demand for bitcoin mining increases with bitcoin’s price, because the block reward is worth more. Well, every few years the block reward is cut in half (“the halvening”), and mining activity subsequently decreases (as does power consumption). Eventually new BTC emissions will cease, and miners will only be rewarded with transaction fees. Mining activity will certainly scale to compensate.

                                    Low transaction throughput is a valid complaint, but does not take the lightning network into account. Lightning transactions are fast, cheap, and work today. More and more lightning nodes are being deployed. There is a tradeoff between decentralization/security and transaction throughput. The two-layer solution is actually better than scaling Bitcoin directly, because we get fast transcations without compromising decentralization.

                                    Private key theft is a concern, but I think that’s a stronger indictment of our current security practices than it is of cryptocurrencies. We need trustable devices capable of securely storing private keys.

                                    Regarding bitcoin’s value, the author seems to contradict themselves. They assert “most sensible recipients of a Bitcoin payment immediately convert their payment into dollars,” but they also say “The only rational behavior for someone holding a deflationary currency is to never actually spend it.” So which is it, should you hold bitcoin or dollars? I disagree with their assertion anyway. Stocks appreciate over time, but I will still sell stocks when I want to make a large purchase. It makes sense to cash out when you want to purchase something.

                                    1. 2

                                      Gotta wonder if this might actually work in our favor with the current de-regulation crazy administration and congress in control?

                                      Thinking about it, I think they’re even MORE BigCorp crazy, so that will Trump the first impulse.

                                      1. 5

                                        People that want open systems actually buying open systems would be a start. Right now, they buy the closed systems for various advantages they have. Most didn’t start that good, though: they got there through years of R&D and improvements fueled by selling their product. The open products can only get there with our help.

                                        Although RISC-V is current favorite, there was also non-Intel CPU’s with Open Firmware. A few were even GPL at various times. People didn’t buy them when they were available since a volume product from Intel/AMD/ARM/MIPS was (insert trait here). Between that and prior failures (eg BiiN, Itanium), investors stopped fabbing them since they thought nobody would buy them. Advocates of ethical, open hardware didn’t pool money together to get that started either.

                                        Absent regulations, it looks like the market is getting exactly what it should expect buying goods from evil, scheming companies. Then, some of them gripe about the evil schemes that follow. The market side of solution remains: start and/or buy open and/or ethical solutions. For long-term assurances, buy from companies or nonprofits chartered to stay open, avoid lock-in, etc.

                                        1. 3

                                          Although RISC-V is current favorite

                                          I looked at Risc-V boards, but all the currently available devices have firmware blobs for various non-CPU components on the board. From a purist perspective, Hi-Five’s board is hardly better than most ARM boards. I am very hopeful for the future of Risc-V, though.

                                          The market side of solution remains: start and/or buy open and/or ethical solutions.

                                          This is arguably happening. The problem is that so few devices meet a purist’s standards, so you typically have to compromise in one way or another. There are a few online stores that traffic in Thinkpad X200s and Asus KGPE-D16s. And of course the Talos II has finally made it to market.

                                          1. 2

                                            Although true for purists, pragmatists might take the blobs if the open core had stuff like IO/MMU to mitigate some risk. There’s definitely stuff happening on demand side. That’s good news.

                                          2. 2

                                            I’m always super cautious about ascribing concepts like good or evil to corporations. Corporations exist to make money. Some corporations have figured out that maximizing value to their customers can also mean being good citizens in the ecosystems, nations, and PLANETS in which they operate.

                                            I mean, what this really boils down to is: Is capitalism inherently bad? I almost feel like this impulse towards “Profit = EVIL” should go down as one of the biggest geek social myths of all time.

                                            While I’d love to live in some kind of luxury space communism based society where material things are essentially valueless and we can all have whatever we want whenever we want, we’ve a long way to go before we get there.

                                            (And don’t start talking about how we can 3D print everything now, because we can’t. We can 3D print more and more things every day, but it’s neither easy nor cost effective when you get away from the kinds of plastics that have been commoditized for that purpose.)

                                            There exist companies like System76 and Purism that cater to the “truly open” market, but the fact is most people simply don’t care and arguably they SHOULDN’T care so long as their needs are being met.

                                            “totally open” only matters to us mad scientist types who want to tinker with EVERYTHING. I agree that our needs should be met too, but we shouldn’t project our needs onto the market at large.

                                            1. 2

                                              “totally open” only matters to us mad scientist types who want to tinker with EVERYTHING

                                              Openness also seems to matter to the cloud business? Judging by Google’s interest in things like LinuxBoot and POWER at least.

                                              1. 1

                                                The topic of this article (and hopefully this discussion :) is general purpose computers. As in, a computer you can walk up to and run random programs on.

                                                Nobody disagrees that openness is important. Lobsters wouldn’t exist without open source, and the Linux universe a huge chunk of us make our living off of depends upon it as well, but SPECIFICALLY talking about general purpose computers that humans buy to perform every day tasks, I’d argue that having a 100% open architecture is utterly meaningless to easily 99% of their userbase.

                                                1. 1

                                                  Do remember the cloud business is already customizing boards and maybe even chips on a regular basis. Intel and AMD allow that through their semi-custom service. The ARM and MIPS suppliers stay doing that. They’re seriously performance, feature, and cost competitive on top of it with low-level optimizations being part of that. Put it all together, there’s good reasons for cloud market to look into open CPU’s. I think they’ll need to be fully-built, cost-effective performance, and support easy addition of acceleration engines. Cavium is in best position to do a RISC-V SoC like this but they did MIPS and ARM for ecosystems instead.

                                                2. 2

                                                  (Waited till I got home to respond to this. It deserves more effort. :)

                                                  It’s good to be cautious about it. There’s all kinds of ways to look at morality. I feel you on that. As I thought about it, I realized there was a lot of common ground among the majority of people. Focusing on that could help.

                                                  So, an easy one to leverage that’s already established in our intuition and legal system is fraud. An evil company promises one thing to the seller but doesn’t deliver it at all or as promised. This might be performance, quality, support/service, or something where screwups are easy to assess. An extension of this is the company tries to use legal or technological means to prevent customers from assessing that or shut down negative reports. I mean, a fundamental assumption for the market for goods is you should know what you’re getting, have a chance at assessing its value, and complete a transaction on it.

                                                  We could nail lots of companies with just that rule. Especially in EDA or embedded SoC’s where they try to use NDA’s on all kinds of things. From there, I might add protocols or storage formats have to be open to block lockin. It also preserves competitiveness by allowing solutions to be plug and play. We might also reduce copyright, patent, or EULA restrictions on basis that owners only get such protections if they’re acting reasonable. One example is Oracle wanting a billion dollars for a few lines of code in a system depending on millions of them or twenty something per phone when profit is around thirty with their patent being one of 250,000. Obviously, these numbers in no way represent Oracle’s contribution to the platform. Even a dollar a patent would be more than the funding of a startup in that sector. We can look at stuff like that, even progressive schemes where people pay as they grow. We can be flexible. Thing is, the greedy companies are so epically full of shit that even basic, common sense stuff will knock out lots of their schemes while minimally affecting well-run companies or true innovators.

                                                  “Is capitalism inherently bad?”

                                                  Yes if you’re going by the interpretation of always increasing gain for yourself at expense of others with no limit. It provably leads to evil on a massive scale. When you combine that with capitalist media, it gets worse in a self-sustaining way. One [biased] source I like on it just for the anecdotes is the documentary The Corporation. I listed some highlights from it in this comment answering a similar question.

                                                  “There exist companies like System76 and Purism that cater to the “truly open” market, but the fact is most people simply don’t care and arguably they SHOULDN’T care so long as their needs are being met. “totally open” only matters to us mad scientist types who want to tinker with EVERYTHING. “

                                                  The people who built the proprietary systems of the richest, tech companies usually had source and/or hardware control. The creatives probably wouldn’t do as good a job if their already-paid service started showing them ads more often. The TPM-powered solutions industry wanted stopping most forms of sharing, making you pay for stuff multiple times, not letting you record stuff, and so on would probably be opposed by the masses. Most companies locked in to inferior products that they built stuff on long ago don’t like that fact so much as tolerate it out of necessity. It hurts their ability to move fast and profit off of things.

                                                  You can find a lot of damage that always-closed platforms do vs open, tinkerable ones if you focus on peoples needs, wants, and goals. A well-designed, commercial platform that had source where third-parties can extend or integrate it will always have more potential for those people than one that’s arbitrarily limited. People don’t care since tech people don’t speak their language focusing on their goals. I’ve been learning to do that over past few years. I mean, it will still be an uphill battle. I’m just saying things like I just wrote get “Oh yeah, that’s aggravating!” or “That could be really cool!” reactions from people instead of blank stares wondering whether to be impressed, confused, or annoyed by impenetrable jargon or politics that can’t mean anything in real world. If value proposition was same, people almost always prefer the device which also let them fix it cheap, customize it easily (maybe via friend or company), not leak their stuff, and not force unnecessary upgrades. Or make them buy a new charger. ;)

                                                  1. 1

                                                    There are more people that care about “totally open” than tinkerers. You have a coalition between tinkerers, people who believe closed source software and/or lockdown is unethical, and people for whom blobs pose an unacceptable security hazard.

                                                    Raptor is apparently a major customer of their own Talos II product, due to untenable security concerns around unauditable blobs on x86.

                                                    1. 1

                                                      As to the confluence you speak of - the people in your first paragraph still amount to no more than 1% of the consumer computing market.

                                                      As to the next paragraph about companies embracing open - speaking as a worker bee in the employ of a rather large corporate overlord, I can say from experience that there are many varieties of “open”.

                                                      There’s “We have published full specs, firmware, circuit diagrams, and microcode on Github”

                                                      And then there’s “We will provide YOU, $MEGACORP with source code and materials to all of our products so you can conduct a full security audit”. This happens a LOT.

                                              1. 2

                                                My preference is Topre switches. Cherry MX never felt quite right to me. MX browns are supposed to be quiet, but I think they sound rattly.

                                                I also prefer tenkeyless boards. My hand doesn’t have to travel over an unused numpad to get to the mouse.

                                                1. 6

                                                  All the parts are here; it’s finally time to set up the Talos II server!

                                                  Since POWER9 is so new, there are only a few OSes to choose from: Debian/Ubuntu, RedHat/Fedora/CentOS, and maybe a couple others. No BSDs yet to my knowledge.

                                                  First priorities for the server are setting up a ZFS array, and getting KVM working with guests.

                                                  1. 18

                                                    Part of that means that there’s absolutely NOTHING on your computer that isn’t planned.

                                                    2018: Install security patches, also get Candy Crush

                                                    1. 3

                                                      I was going to write the same :) I’m pretty sure it is still true for the MS engineers as they most likely have a version of Windows (Enterprise?) that has none of that crap, so they never see it and doesn’t affect them.

                                                      1. 5

                                                        It affects me too, but these decisions are all made at the management level. I’ve just formed a habit of uninstalling/disabling misfeatures as they appear.

                                                        The biggest benefit of Enterprise edition is that you’re allowed to disable things. But they usually enabled by default regardless.

                                                    1. 6

                                                      Yeah, I know someone who runs a keyserver and they are getting absolutely sick of responding to the GDPR troll emails.

                                                      Love the idea to use activitypub (the same technology involved in mastadon) for keyservers. That’s really smart!

                                                      1. 16

                                                        Offtopic: Excuse me.

                                                        I think it depends on some conditions, so not everybody is going to see this every time. But when I click on medium links I tend to get this huge dialog box come up over the entire page saying some thing about registering or something. It’s really annoying. I wish we could host articles somewhere that doesn’t do this.

                                                        My opinion is that links should be links to some content. Not links to some kind of annoyware that I have to click past to get to the real article.

                                                        1. 11

                                                          Use the cached link for Medium articles. It doesn’t have the popup. Just the content.

                                                          1. 1

                                                            Could you give an example? That sounds like a pleasant improvement, but i don’t know exactly what you mean by a cached link.

                                                            1. 3

                                                              There is a’ cached’ link under each article title on lobste.rs

                                                              1. 1

                                                                Thanks.

                                                          2. 7

                                                            I started running uMatrix and added rules to block all 1st party JS by default. It does take a while to white list things, yes, but it’s amazing when you start to see how many sites use Javascript for stupid shit. Imgur requires Javascript to view images! So do all Square Space sites (it’s for those fancy hover-over zoom boxes).

                                                            As a nice side effect, I rarely ever get paywall modals. If the article doesn’t show, I typically plug it into archive.is rather than enable javascript when I shouldn’t have to.

                                                            1. 2

                                                              I do this as well, but with Medium it’s a choice between blocking the pop-up and getting to see the article images.

                                                              1. 6

                                                                I think if you check the ‘spoof noscript>l tags’ option in umatrix then you’ll be able to see the images.

                                                                1. 1

                                                                  Nice trick, thanks!

                                                            2. 6

                                                              How timely! Someone at the office just shared this with me today: http://makemediumreadable.com

                                                              1. 4

                                                                From what I can see, the popup is just a begging bowl, there’s actually no paywall or regwall involved.

                                                                I just click the little X in the top right corner of the popup.

                                                                But I do think that anyone who likes to blog more than a couple of times a year should just get a domain, a VPS and some blog software. It helps decentralization.

                                                                1. 1

                                                                  And I find that I can’t scroll down.

                                                                  1. 3

                                                                    I use the kill sticky bookmarklet to dismiss overlays such as the one on medium.com. And yes, then I have to refresh the page to get the scroll to work again.

                                                                    On other paywall sites when I can’t scroll, (perhaps because I removed some paywall overlay to get at the content below,) I’m able to restore scrolling by finding the overflow-x CSS property and altering or removing it. …Though, that didn’t work for me just now on medium.com.

                                                                    1. 1

                                                                      Actually, it’s the overflow: hidden; CSS that I remove to get pages to scroll after removing some sticky div!

                                                                2. 3

                                                                  What is the keyserver’s privacy policy?

                                                                  1. 5

                                                                    I run an SKS keyserver, have some patches in the codebase, wrote the operations documents in the wiki, etc.

                                                                    Each keyserver is run by volunteers, peering with each other to exchange keys. The design was based around “protection against government attempts to censor keys”, dating from the first crypto wars. They’re immutable append-only logs, and the design approach is probably about dead. Each keyserver operator has their own policies.

                                                                    I am a US citizen, living in the USA, with a keyserver hosted in the USA. My server’s privacy statement is at https://sks.spodhuis.org/#privacy but that does not cover anyone else running keyservers. [update: I’ve taken my keyserver down, copy/paste of former privacy policy at: https://gist.github.com/philpennock/0635864d34a323aa366b0c30c7360972 ]

                                                                    You don’t know who is running keyservers. It’s “highly likely” that at least one nation has some acronym agency running one, at some kind of arms-length distance: it’s an easy and cheap way to get metadata about who wants to communicate privately with whom, where you get the logs because folks choose to send traffic to you as a service operator. I went into a little more depth on this over at http://www.openwall.com/lists/oss-security/2017/12/10/1

                                                                    1. 5

                                                                      Thanks for this info.

                                                                      Fundamentally, GDPR is about giving the right to individuals to censor content related to themselves.

                                                                      A system set out to thwart any censorship will fall afoul of GDPR, based on this interpretation

                                                                      However, people who use a keyserver are presumably A-OK with associating their info with an append-only immutable system. Sadly , GDPR doesn’t really take this use case into account (I think, I am not a lawyer).

                                                                      I think what’s important to note about GDPR is that there’s an authority in each EU country that’s responsible for handling complaints. Someone might try to troll keyserver sites by attempting to remove their info, but they will have to make their case to this authority. Hopefully this authority will read the rules of the keyserver and decide that the complainant has no real case based on the stated goals of the keyserver site… or they’ll take this as a golden opportunity to kneecap (part of) secure communications.

                                                                      I still think GDPR in general is a good idea - it treats personal info as toxic waste that has to be handled carefully, not as a valuable commodity to be sold to the highest bidder. Unfortunately it will cause damage in edge cases, like this.

                                                                      1. 3

                                                                        gerikson you make really good points there about the GDPR.

                                                                        Consenting people are not the focus of this entirely though , its about current and potential abuse of the servers and people who have not consented to their information being posted and there being no way for removal.

                                                                        The Supervisory Authority’s wont ignore that, this is why the key servers need to change to prevent further abuse and their extinction.

                                                                        They also wont consider this case, just like the recent ICANN case where they want it to be a requirement to store your information publicly with your domain which was rejected outright. The keyservers are not necessary to the functioning of the keys you upload, and a big part of the GDPR is processing only as long as necessary.

                                                                        Someone recently made a point about the below term non-repudiation.
                                                                        Non-repudiation this means in digital security

                                                                        A service that provides proof of the integrity and origin of data.
                                                                        An authentication that can be asserted to be genuine with high assurance.
                                                                        

                                                                        KeyServers don’t do this!, you can have the same email address as anyone else, and even the maintainers and creator of the sks keyservers state this as well and recommend you check through other means to see if keys are what they appear to be, such as telephone or in person.

                                                                        I also don’t think this is an edge case i think its a wake up call to rethink the design of the software and catch up with the rest of the world and quickly.

                                                                        Lastly i don’t approve of trolling, if your doing it just for the sake of doing it “DON’T”, if you genuinely feel the need to submit a “right to erasure” due to not consenting to having your data published, please do it.

                                                                      2. 2

                                                                        Thank you for the link: http://www.openwall.com/lists/oss-security/2017/12/10/1, its a fantastic read and makes some really good points.

                                                                        Its easy for anyone to get hold of recent dumps from the sks servers, i have just hunted through a recent dump of 5 million + keys yesterday looking for interesting data. Will be writing an article soon about it.

                                                                    2. 3

                                                                      i totally agree, it has been bothering me as well, i am in the middle of considering starting up my own self hosted blog. I also don’t like mediums method of charging for access to peoples stories without giving them anything.

                                                                      1. 3

                                                                        I’m thinking of setting up a blog platform, like Medium, but totally free of bullshit for both the readers and the writers. Though the authors pay a small fee to host their blog (it’s a personal website/blog engine, as opposed to Medium which is much more public and community-like).

                                                                        If that could be something that interests you, let me know and I’ll let you know :)

                                                                        1. 2

                                                                          lmao you don’t even get paid when someone has to pay for your article?

                                                                          1. 1

                                                                            correction, turns out you can get paid if you sign up for their partner program, but i think it requires approval n shit.

                                                                          2. 2

                                                                            hey @pushcx, is there a feature where we can prune a comment branch and graft it on to another branch? asking for a friend. Certainly not a high priority feature.

                                                                            1. 3

                                                                              No, but it’s on my list of potential features to consider when Lobsters gets several times the comments it does now. For now the ‘off-topic’ votes do OK at prompting people to start new top-level threads, but I feel like I’m seeing a slow increase in threads where promoting a branch to a top-level comment would be useful enough to justify the disruption.

                                                                        1. 8

                                                                          I haven’t read the GPDR. According to this post, Article 17 requires a data deletion mechanism.

                                                                          Did anybody tell the various blockchains about that?

                                                                          1. 8

                                                                            The decentralized chains don’t really have a “controller” per se.

                                                                            ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

                                                                            1. 2

                                                                              Regarding the nature of the chains, of course.

                                                                              Regarding that insight, thank you!

                                                                              1. 3

                                                                                Wouldnt that just impose these rules on the block chain participants?

                                                                          1. 2

                                                                            how does waterfox differ from pale moon?

                                                                            1. 5

                                                                              Waterfox is based on Firefox ESR, whereas Pale Moon is more of a true fork and is based on older code.

                                                                              I believe Waterfox intends to rebase on top of the next Firefox ESR release when that comes out. There’s some discussion about project direction here

                                                                              1. 5

                                                                                That was some time ago. Current Waterfox is based on Firefox 56, which is not ESR. Firefox 57+ does not support XUL extensions.

                                                                                My understanding is that current Pale Moon is based on Firefox ESR 38.

                                                                            1. 5

                                                                              This one really blew my mind on the sheep facts and opinions. Totally different way of looking at it.

                                                                              1. 4

                                                                                Thank you! This article is fantastic. Do you read Epsilon Theory? Do you recommend following the blog?

                                                                                1. 3

                                                                                  I do, and I do. All their posts are great, but I really enjoyed Too Clever By Half.

                                                                                  1. 2

                                                                                    (Replying to you and gerickson together)

                                                                                    I occasionally look at the stuff in New on HN to give a 1-5 vote article a chance. The supervote lets us boost them to front page briefly. Reposted it here since we talk a lot about herd mentality in developers, businesses, or VC’s plus their impact on tech. I thought it might give deeper insights into that metaphor and/or behavior.

                                                                                    I dont follow the blog but Im definitely gonna look at it now. ;)

                                                                                1. 1

                                                                                  I respect Arch Linux’s wiki and its commitment to simplicity, but I’ve always wished they would support more architectures. There is more in the world than x86_64.

                                                                                  1. 2

                                                                                    Which architectures in particular?

                                                                                    1. 1

                                                                                      ARM is the biggest one. I know there is a separate project that supports ARM, but it’s just that - a separate project. I’m also interested in MIPS and POWER.

                                                                                      Here are some examples of interesting hardware that I can’t use with the base Arch Linux project:

                                                                                      Eliminating lesser-used architectures goes along with simplicity, so I guess the decision makes sense. When I started using Arch, the focus on i686 and newer (eliminating i386 compatibility) was part of the appeal. These days I default to Debian for the architecture support.

                                                                                      1. 2

                                                                                        ALARM is good, why dismiss it as “just a separate project”? What’s wrong with that?

                                                                                        1. 1

                                                                                          ALARM certainly looks a lot more complete than when I first encountered it a couple years ago. The device support page in particular looks nice. The ARM-specific wiki pages are somewhat meager.

                                                                                          The FAQ on the official wiki explicitly states “You may not want to use Arch if you require support for an architecture other than x86_64,” and I take that at face value. All the official wiki pages assume x64, although I’m sure much of the information is transferable.

                                                                                          1. 1

                                                                                            My issue with ARM is, it’s a totally different ecosystem and you need the specific hardware to reasonably support it. I would love to support ARM, but that would be only mainline and not all the closed source gpu’s and BSP kernels. Users probably would not like this.

                                                                                            Just supporting the RaspberryPi would be neat, but I believe aarch64 is still not 100% supported and requires a custom kernel :-(. And adding another kernel to our repo’s requires even more work when security issues pop up, which is already an issue currently.

                                                                                  1. 23

                                                                                    I believe we are beginning to see the downfall of YouTube as we know it. They are really going way and beyond to ruin their own platform/reputation.

                                                                                    1. 8

                                                                                      That has been happening for couple years now. All the content that made youtube popular are nowadays shunned and banned by recommendation algos. In short, if it cannot be monetized by US linear TV standards, it cannot be found in search or recommendations. So unless you already have several hundred thousand followers (and ads enabled), your content is family friendly and you have used thousands of dollars worth of equipment there are no new viewers.

                                                                                      This did hit people filming motorcycle related videos pretty hard, as apparently that is very media unsexy content in US. Which happens to most of my youtube subscriptions, from most I watch every video they produce. And my youtube “home”/“recommended” section is full of everything that is not related in any way to my most watched stuff.

                                                                                      1. 7

                                                                                        yes. This is the straw that breaks the camels back. The blocking of help videos of a 3D modeller is going to be the downfall of YouTube. Unable to learn how to use their 3D modelling software, the masses will wander off to different venues in droves.

                                                                                        /s

                                                                                        (without snark: nobody outside of our little circle here cares about this. Not the advertisers, not youtube, not the general audience, not the press. The is entirely inconsequential to youtube’s future)

                                                                                        1. 4

                                                                                          You might compare it to gentrification. You cater to the middle ground, the cool stuff around the edges is pushed out, the really creative people abandon the platform, you’re left with the most generic content. Blender is just the latest victim of a broad trend.

                                                                                          Most people may not “care” about Blender specifically, but they should care about an opaque platform that caters to the IP needs of multinationals in overly broad ways and incentivizes some really messed up behavior.

                                                                                        2. 4

                                                                                          It will be awesome to see what the video hosting landscape will be like when PeerTube reaches its height of popularity!

                                                                                          1. 3

                                                                                            I was checking peertube yesterday and it’s a huge change from youtube user experience. A lot more involved, and a lot less intuitive. I have hard time imagining mass adoption with what I saw. Are there any good beginner friendly tutorials/intros to peertube out there?

                                                                                            1. 3

                                                                                              Take a look at https://d.tube/ too. It’s much closer to the youtube experience.

                                                                                              1. 1

                                                                                                You can always checkout this I guess: https://joinpeertube.org/en/#how-it-works

                                                                                          1. 1

                                                                                            So they’re doing a bunch of unnecessary work so that they can get an RYF checkbox, but doing this extra work doesn’t really make the platform any more or less open.

                                                                                            1. 6

                                                                                              If you can’t get rid of the firmware blobs, isolating them seems like the next-best option to me.

                                                                                              1. 5

                                                                                                AFAIK, RYF was designed with the goal of changing the market by influencing what consumers demand. If some commercially viable device can attribute its success to RYF, then a big company might aspire to get RYF on its devices… and the big company can pressure the upstream manufacturer to provide blobless hardware (perhaps by releasing the source material for the blobs, for example).

                                                                                                I admire the FSF’s optimism enough to give them money.

                                                                                                1. 1

                                                                                                  I guess it makes more sense when you think about it like that. Thanks.

                                                                                              1. 8

                                                                                                I use LineageOS for microG, not compiled from source currently, but I did compile CyanogenMod (LineageOS predecessor) a couple times in the past (when a new version was available, but official builds for my device weren’t).

                                                                                                microG is the only real substitute for Play Services, it provides a FOSS client for Google push notifications and stuff.

                                                                                                1. 1

                                                                                                  I mention this fairly frequently so I hope I don’t sound like a broken record - one security downside to MicroG is that you need to enable signature spoofing so that it can impersonate the official Google Play Services.

                                                                                                  Personally, I’m willing to give up push notifications for proprietary apps. There are plenty of FOSS apps that don’t depend on Google Cloud Messaging.

                                                                                                  1. 5

                                                                                                    But the impersonation also requires a permission. Only microG is allowed to impersonate Play Services, not any random app you have installed. I’m perfectly fine with that.