1. 4

    I’m a big fan of “rolling your own crypto” and here I’m talking about implementing known algorithms.

    Isn’t this article a great example of why NOT to roll your own crypto?

    1. 4

      When I read the full two paragraphs around that sentence, I get the feeling it’s for educational purposes, not for real security use, which is why they encourage a security disclaimer.

      I might be projecting my own views though because I think “rolling your own crypto” is a fantastic way of learning how the system works and how things can fall apart. I’ve learned how easy it is to make mistakes and I’ve never read papers and documentation more thoroughly than with cryptography and compression algorithms since both are so incredibly hard to debug. I’ve also learned a lot about tooling to mitigate these issues.

      I’m a big fan of “rolling your own crypto” and here I’m talking about implementing known algorithms. I do it myself. I even think making it available on GitHub or similar, to ask for feedback, is good (if users are warned that no security can be expected).

      However, a problem arises when projects that don’t even uphold the bare minimum of testing test vectors, are published with no warnings at all. Had there been used test vectors in this case, it wouldn’t have left IdentityModel completely broken.

      1. 2

        When I read the full two paragraphs around that sentence, I get the feeling it’s for educational purposes, not for real security use, which is why they encourage a security disclaimer.

        Yes, this is exactly what I mean. And I totally agree with your benefits, that come from exploring it for educational purposes.

      2. 2

        Isn’t this article a great example of why NOT to roll your own crypto?

        Not why. How. Avoiding most mistakes only requires following a few rules. Those rules aren’t easy to follow, but they are pretty easy to know about.

        1. 1

          Exactly, I was going to post the same thing.

          One reason it’s not a good idea: After showing a snippet of code that calls some XChaCha20-Poly1305 crypto functions, the author notes:

          This is not a XChaCha20-Poly1305 construction.

          In other words, the APIs exposed by low-level libraries are like bags of loose components. They have to be wired up correctly in order to work right, and it’s not always obvious how to do so. Even if you know about padding and nonces, a specific cipher can have its own limitations you also need to be aware of.

          That’s why I’m a fan of the higher-level libraries stemming from and inspired by Daniel Bernstein’s NaCl (libSodium, Monocypher, CryptoKit, etc) which give you bigger building blocks like “cryptoBox” that do a specific thing and do it right, and choose appropriate algorithms under the hood. That makes it a lot easier to successfully implement a crypto construction, and in a way that’s compatible with other programs that use the same construction.

          1. 3

            That’s why I’m a fan of the higher-level libraries stemming from and inspired by Daniel Bernstein’s NaCl (libSodium, Monocypher, CryptoKit, etc) which give you bigger building blocks like “cryptoBox” that do a specific thing and do it right, and choose appropriate algorithms under the hood.

            Thanks for citing my work, appreciated. :-)

            Working on Monocypher had me realise that the NaCl family ((Tweet)NaCl, Libsodium, Monocypher) is actually fairly low level. Yes, providing authenticated encryption and clean key exchange out of the box was a huge improvement. But my work on authenticated key exchange told me that high-level protocols are often fairly delicate, and require significant effort for untrained people to get them right. (Implementing an existing protocol like Noise isn’t too bad, though.) That’s in my opinion a big reason why Latacora’s Cryptographic Right Answers still recommends freaking TLS for client/server security.

            I’d say the NaCl family of APIs is a good start. More work is needed to provide even higher-level facilities: full authenticated key exchange, PAKE, encrypted file formats (I’m leering at PURB), certificates… On top of those, we should then provide fully fledged network libraries, that actually handle the I/O (so far I’ve limited myself to manipulating buffers, to minimise dependencies and maximise portability). My, I’m afraid I still have a couple years of work ahead of me…

        1. 15

          Multithreading usually requires a bit more programming work to distribute tasks properly, but hey, this is Tesla we’re talking about — it’s probably a piece of cake for the company.

          haha hahahaha oh oh oh yeah definitely this is Tesla Motors we’re talking yeah

          1. 1

            I don’t think that thread says anything about the expertise of the team that would have to implement multithreaded code, or anything about the overall level of development expertise at Tesla, really. If you’ve worked in software for a while, you should have plenty of stories like that yourself. (If you don’t, I contend you’ve been unusually lucky with your choice of employers.)

          1. 7

            From everything that I see on the sidelines, organizing community speakers in the tech scene seems really hard. I hear about people with really big heads, as well as people who then like to use their perceived clout to take advantage of others, professionally or otherwise. Then you’ll be getting people who have had to deal with this and are then jaded about it, and then the MRA and other trolls who will react, etc. Obviously this isn’t everyone, but yeah - seems really hard. I don’t envy organizers.

            1. 8

              I’ve organized community-run software conferences (read: not paid for by any one company or consortium) with 100 to 1,700 attendees yearly or more for seven years, and other events for 150+ people yearly since 2002, save one year that I took off to focus on finishing college. I’ve had a few things go awry but nothing ever this detractive, and hopefully I never will. I (really, we) take lots of precautions and stay up to date on the news around the events community.

              The thing I ask the most of everyone involved – organizers, attendees, speakers, sponsors, vendors, security guards, union convention center workers, everyone – is to be kind. You can be firm. You can be loud or quiet. It’s difficult to understand all of the moving parts that make a conference happen. It’s difficult to empathize when something seems to be on fire. Assume the best intentions. Thank someone every chance you get. Criticism should be constructive or remain factual and kind when you have no suggestion to offer. Above all else, be kind.

              1. 8

                We did a mistake. We did not take enough precautions. People that worked with me knew about other issues that this people had. This year I wasn’t in the details of checking every speaker. I should have asked people if the speakers had any big issue with anybody before.

                1. 3

                  don’t blame yourself; any other day and in any other situation your actions would be reasonable.

                  1. 0

                    This might be a stupid idea but have you considered re-engaging these (obviously hostile, childish) people and asking them what would satisfy them? Could there be some kind of compromise or would they only accept re-enstatment as a conference speaker and your sincere apology🙄🙄🙄?

                    It might be crazy to consider “giving in” like this but I wonder if maybe they might be more reasonable with face-to-face dialogue. AFAICT it’s probably harmless to try.

                    1. 1

                      Sure, we did think about that and we are still trying to do it. I have no problem to “give in”. I only want this to stop and continue doing productive things. On the long run with the legal justice I think things will get better. In the meantime: https://twitter.com/unbalancedparen/status/1131214746731077632

                  2. 2

                    This makes sense. And I wouldn’t be surprised if most conferences don’t have this behavior, the news is only filled with news-worthy things (so I only hear about the bad cases). It sounds like you treat this thoughtfully, which is really awesome.

                1. 6

                  Googler here, opinions are my own.

                  “coordinated plan that involved introducing small bugs on its sites that would only manifest for Firefox users.”

                  as if Googlers have time for that. I would guess simple pressure to launch fast, and not spending the eng effort optimizing for FF due to low market share.

                  1. 10

                    It wasn’t low at first. It lowered over time, due to things like these, among others.

                  1. 3

                    Canvasing for Sonja Trauss, preparing for work trip, going to Autograf & Stayloose, some personal project work of sifting through group feedback.

                    1. 2

                      That Titan chip is pretty cool.

                      1. 2

                        Canvasing for Sonja Trauss, potting some plants, catching up on sleep.

                        1. 2

                          great. one less thing that doesn’t make sense to non-tech-savy people removed from URLs.

                          1. 1

                            Unlike the utm tracker, that they are keeping. URLs make enough sense to people, so much sense in fact that it confuses people when a URL shared doesn’t give someone else an identical view.

                            It is a sign of privilege and extra knowledge to look at a URL and see what, in a perfect world, might be removed.

                            1. 1

                              I disagree. If you ever show the web to a totally new user, like in emerging markets, they look at a URL and are like “WTF is all that, I just want Facebook”. People actually download browsers based on whether it has ‘facebook’ or not (although this is a different issue).

                          1. 4

                            Avg first meaningful paint of this person’s clients webpages is 4 seconds.

                            https://www.reddit.com/r/programming/comments/9dhru3/google_wants_websites_to_adopt_amp_as_the_default/e5hstys/

                            1. 24

                              What a rollercoaster. First, I was concerned. Then interested. Then, I was struggling to figure out the problem. Then laughter. Then sadness.

                              Am I wrong here:

                              1. Outreachy would potentially fund people to work on llvm / internships
                              2. It doesn’t cost LLVM any money or resources to be a part of Outreachy
                              3. No one is even participating in llvm outreachy https://www.outreachy.org/communities/cfp/llvm/

                              Seems rather overblown and dramatic. Maybe the drama was the point? I’m seeing a lot of ‘one-size-pie’ people. We can grow the pie! There is an infinite pie here!

                              1. 11

                                It doesn’t cost LLVM any money or resources to be a part of Outreachy

                                Besides the mentor’s time. Other than that I think you’ve accurately summarized this teapot tempest.

                                1. 7

                                  In summary, LLVM got nothing, but also lost a contributor who contributed a lot to LLVM for more than 10 years. What a disaster.

                                  1. -1

                                    Perhaps LLVM gained in the sense that they lost someone who promoted toxic working culture. My only data is this letter though - I wonder if there are any other primary sources.

                                    1. 8

                                      Chris Lattner himself posted a primary source, which is now merged to this thread. I recommend reading it.

                                      You have no evidence of Rafael promoting toxic working culture. This is bordering on libel. I have been on llvm-dev since 2007 and my experience indicates otherwise.

                                1. 3

                                  What’s the current status here? I’m excited about this project.

                                  1. 8

                                    disclaimer: I’m not a Mill employee, I’m just summarizing what I’ve found out from a bit of recent reading

                                    They’re at least 1-2 years from having something that the rest of us can really mess with, outside of attempting to verify that what they’ve currently put out could work via an online compiler. Due to a change in how patents were awarded (from first to invent to first to file), the company had to shift gears from developing the CPU tech in stealth to getting patents filed on all of their relevant advances so that they stand a chance in the current market.

                                    @angersock will probably feel a bit snarky about this post, but I’m bullish on the Mill CPU bringing something pretty revolutionary to the table. It’s just going to take 3-5+ years before we’ll see any actual fab of the chip, since the startup has been trading time for money until this past year.

                                    I can see this potentially becoming a big deal on either servers or phones, since those are both markets where MIPS/Watt matter a lot, and where superscalars are starting to peter out. Moore’s law is slowing, though new chips are still markedly faster than tech from 5-6 years ago (as I’ve been made rather brutally aware on my aging laptop), trying different ideas like this is where we’re going to see a lot of advancement in the next 25 years, barring a change from silicon to some other computing media.

                                    The other reason I’m bullish on Mill being realized is that the company has not been avoiding scrutiny once they had enough to show people. If a properly solid rebuttal to the arch exists, I’m not aware of it. I’ve seen a lot of people suggest that because the Mill has shades of the Itanium in it’s design that it’s likely to have a similar ill fate. Nobody has given a conclusive argument as to why, however.

                                    What Mill Computer Inc have is rather crazy by conventional standards, but they seem to be focusing on the right problems (Tool chain, porting Linux Kernel, LLVM integration, flexible arch so they can find a niche) with the right attitude (asking for scrutiny and welcoming skeptics). They still have quite a few hurdles to overcome, but I’m excited to see just how far they’re able to take this arch. If in 15-25 years it have ends the dominance of undefined behavior and makes context switches much better, that alone would be a huge win.

                                    1. 2

                                      I too hope that it works out–it’d be great to see a new and novel architecture!

                                      I’m just a bit worried about their getting of good compiler support.

                                      See? No snark. :)

                                      1. 1

                                        I mean, compiler support is going to be a challenge, though since they are developing one themselves that should at least be a start.

                                      2. 1

                                        Interesting. Thanks for the update/info! I wasn’t able to find any news / updates from the team after 2015 or so. If you found a email list or update stream that isn’t dead let me know.

                                        1. 1

                                          https://millcomputing.com/topic/mill-computing-in-2017/

                                          That’s the most recent I’ve seen, combined with the marked visual update.

                                    1. 10

                                      This is how the DMCA works. Google has to take the thing down within like 24 hours or something ridiculous by law. Fuck the DMCA

                                      1. 9

                                        The DMCA does not require them to ignore all emails about the takedown or send inaccurate canned responses.

                                        1. 1

                                          No, it just encourages it.

                                        2. 1

                                          Surely they could disable instead of destroy, then let the content creator plead a case or at least click a button, “This is a mistake”? After a few weeks it would otherwise be destroyed.

                                          1. 2

                                            I think everyone would click the button