1.  

    I feel Ted’s pain.

    I like solarized. Sadly inverting solarized doesn’t give a nice colour scheme.

    So this leaves me with having to update my xterm and vim settings manually.

    1. 1

      I hope they release a digital download version.

      1. 1

        Rust’s linter, clippy, is now available on stable Rust. You can install it via rustup component add clippy and run it with cargo clippy.

        Does this mean we can install clippy using cargo install too? That’d be great.

        1. 1

          I used to do that … but the compiler APIs would change here and there, so I ended up switching to the rustup managed component once that was available as a preview. It has been great.

          Why would you want to keep using cargo install?

          1. 2

            I use a tier 3 platform, so there is no rustup.

        1. 2

          This is worrying. Do I have to start looking at fastmail alternatives? Any recommendations?

          1. 2

            How do you think this will affect fastmail, specifically? They do not provide encrypted email, and already will comply with Australian government search orders.

            1. 2

              I’m not an expert, but I don’t see how it would change anything for Fastmail, they already give the govt. anything they ask for(that’s legal).

            2. 1

              There is kolabnow.com (Kolab hosted) also Migadu.com, all hosted in the nice European countries that tend to care about privacy. There are Hosting providers for Zimbra, Horde, etc out there as well.

              1. 1

                I stumbled upon proton mail the other day. Not tried it though: https://en.wikipedia.org/wiki/ProtonMail

                If you like pain, you can host your own mail server.

                1. 1

                  I stumbled upon proton mail the other day. Not tried it though: https://en.wikipedia.org/wiki/ProtonMail

                  caveat emptor regarding protonmail.

                  1. 1

                    Who or what is Duke-Cohan?

                    I’m a happy customer of ProtonMail, but I don’t like the pain of self-hosting unless it’s solely my own shit, and Google is a no-go zone.

                    1. 1

                      Oopsy!

                1. 81

                  I beg all my fellow crustaceans to please, please use Firefox. Not because you think it’s better, but because it needs our support. Technology only gets better with investment, and if we don’t invest in Firefox, we will lose the web to chrome.

                  1. 59

                    Not because you think it’s better

                    But that certainly helps too. It is a great browser.

                    • privacy stuff — the cookie container API for things like Facebook Container, built-in tracker blocker, various anti-fingerprinting things they’re backporting from the Tor Browser
                    • honestly just the UI and the visual design! I strongly dislike the latest Chrome redesign >_<
                    • nice devtools things — e.g. the CSS Grid inspector
                    • more WebExtension APIs (nice example: only on Firefox can Signed Pages actually prevent the page from even loading when the signature check fails)
                    • the fastest (IIRC) WASM engine (+ now in Nightly behind a pref: even better codegen backend based on Cranelift)
                    • ongoing but already usable Wayland implementation (directly in the official tree now, not as a fork)
                    • WebRender!!!
                    1. 7

                      On the other hand, WebSocket debugging (mostly frame inspection) is impossible in Firefox without an extension. I try not to install any extensions that I don’t absolutely need and Chrome has been treating me just fine in this regard[1].

                      Whether or not I agree with Google’s direction is now a moot point. I need Chrome to do what I do with extensions.

                      As soon as Firefox supports WebSocket debugging natively, I will be perfectly happy to switch.

                      [1] I mostly oppose extensions because of questionable maintenance cycles. I allow uBlock and aXe because they have large communities backing them.

                      1. 3

                        Axe (https://www.deque.com/axe/) seems amazing. I know it wasn’t the focus of your post – but I somehow missed this when debugging an accessibility issue just recently, I wish I had stumbled onto it. Thanks!

                        1. 1

                          You’re welcome!

                          At $work, we used aXe and NVDA to make our webcomponents AA compliant with WCAG. aXe was invaluable for things like contrast and missing role attributes.

                        2. 3

                          WebSocket debugging (mostly frame inspection) is impossible in Firefox without an extension

                          Is it possible with an extension? I can’t seem to find one.

                          1. 1

                            I have never needed to debug WebSockets and see no reason for that functionality to bloat the basic browser for everybody. Too many extensions might not be a good thing but if you need specific functionality, there’s no reason to hold back. If it really bothers you, run separate profiles for web development and browsing. I have somewhat more than two extensions and haven’t had any problems.

                            1. 1

                              I do understand your sentiment, but the only extension that I see these days is marked “Experimental”.

                              On the other hand, I don’t see how it would “bloat” a browser very much. (Disclaimer: I have never written a browser or contributed to any. I am open to being proved wrong.) I have written a WebSockets library myself, and it’s not a complex protocol. It can’t be too expensive to update a UI element on every (websocket) frame.

                          2. 5

                            Yes! I don’t know about you, but I love the fact that Firefox uses so much less ram than chrome.

                            1. 2

                              This was one of the major reasons I stuck with FF for a long time. It is still a pronounced difference.

                            2. 3

                              honestly just the UI and the visual design! I strongly dislike the latest Chrome redesign >_<

                              Yeah, what’s the deal with the latest version of Chrome? All those bubbly menus feel very mid-2000’s. Everything old is new again.

                              1. 3

                                I found a way to go back to the old ui from https://www.c0ffee.net/blog/openbsd-on-a-laptop/ (it was posted here a few weeks ago):

                                Also, set the following in chrome://flags:

                                • Smooth Scrolling: (personal preference)
                                • UI Layout for the browser’s top chrome: set to “Normal” to get the classic Chromium look back
                                • Identity consistency between browser and cookie jar: set to “Disabled” to keep Google from hijacking any Google > - login to sign you into Chrome
                                • SafeSearch URLs reporting: disabled

                                (emphasis mine)

                              2. 1

                                The Wayland implementation is not usable quite yet, though, but it is close. I tried it under Sway, but it was crashy.

                                1. -3

                                  Not really. Not to mention Pocked integration and recent vpn advertisement. Ah, and they have removed RSS support.

                                  It’s just another product made by a for-profit corporation.

                                  I think web got over-complicated. There are none usable truly independent browsers and probably will never be. It’s a read-only “opensource”.

                                  1. 16

                                    It’s just another product made by a for-profit corporation.

                                    They (Mozilla) are actually a non-profit.

                                    1. 2

                                      There is also Mozilla corporation.

                                      1. 12

                                        …which is 100% owned by the Mozilla Foundation, and:

                                        The Mozilla Corporation reinvests all of its profits back into the Mozilla projects.

                                        Forming for-profit corporations is not uncommon for NGOs, because NGOs in many countries are severely legally limited in the amount of commercial activities they’re able to do.

                                        1. 3

                                          Adding to that, funding FOSS software development is not considered 501(c)3-eligible in the US.

                                    2. 5

                                      I had the same impression with that over-complication of JS into ES6. CSS is also looking more like a programming language. HTTP/2 is now a binary protocol. So to have a modern web platform, you need to support all of these, and none are trivial anymore. On the other hand, I find it amazing to be able to do netwroking, audio, video, 3d and highly customizable user interfaces with (relatively) few efforts at a pretty good speed. As a platform for creativity and experimentation, it is without equivalent.

                                      1. 2

                                        without equivalent.

                                        Java applets - done right?

                                        1. 3

                                          Or Flash/Shockwave done openly and right?

                                          1. 4

                                            Both Java applets and Flash were actually more like trojan horses. See how Flash ( very good scenegraph at the time) became Air (ie. a tentative to take over the Web like Java) and thankfully died because Apple killed it with the iPhone. The intention was to run programs within a walled garden, not to interoperate with the Web at large. At least that’s how I read it.

                                            1. 4

                                              Good point on long-term risk. Do note I said Flash/Shockwave the tech. That was made by Macromedia, not Adobe. Macromedia was a company whose pricey tech was kick-ass but no attempt to be open or interoperate past maybe Dreamweaver. Catchy name many lay people could spell, too.

                                              I think Adobe acquiring them made me drop some F-bombs, sigh a bit, eye rolls, and so on. I knew there would be short-term improvements before the large company FUBARed its value over time. Apple’s position sealed its fate.

                                              1. 2

                                                Indeed, Macromedia had a much better stewardship than Adobe in this respect. What I find really ironic is that before the acquisition, Adobe was pushing SVG and SVG animations as an alternative to Flash, embracing and pushing the web standards. After the acquisition, everything stalled and it’s only with Apple creating the Canvas API and standardizing it through the newly created WHATWG that we started to catch up and be able to do so fast interactive graphics on the Web. What we lost, though, is one of the best tool to create vector animations with programmatic behaviour. One step ahead, two steps back some might say.

                                            2. 3

                                              I think the difference is that aplets and flash were supposed to extend the web experience, new technologies are replacing it. It’s convenient but dangerous as it promotes monoculture. I don’t know if there is a safe middle ground.

                                              1. 5

                                                There is a lot being lost with the death of Flash. It was amazingly lightweight when it started out. You can take that Homestar Runner e-mail and the original Flash, resize it to 4k, and it will still render correctly and sharply. You can’t do that when you export animation to YouTube at a set resolution. Not to mention all the games that were made in Flash that we’ll loose soon.

                                                Adobe really butchered all the Macromedia stuff when they acquired that company. It’s pretty sad.

                                        2. 2

                                          What does “removes RSS support” mean? Was it possible to use it as a feed reader before?

                                          1. 3

                                            Yeah, it was called “Live Bookmarks” and basically made your RSS feed subs show up in your bookmarks bar (or accessible from a page). It actually looked really neat, but I only found about it when/because they removed it.

                                            1. 10

                                              “Live Bookmarks” still exist, in Firefox 63.0.3 released on Nov 15th, 2018. I use them. Go to any RSS feed in FF and they will pop up. I use them for multiple Discourse forums.

                                                1. 1

                                                  Ah, sad times, thanks for the link!

                                            2. -1

                                              Sure, using live bookmarks and integrated reader. But RSS collided with the their new commercial and closed product namely Pocket.

                                              1. 4

                                                That’s not completely fair. I’m not sure if anything has happened yet, but Mozilla does have plans to open-source Pocket:

                                                As a result of this strategic acquisition, Pocket will become a wholly owned subsidiary of Mozilla Corporation and will become part of the Mozilla open source project.

                                        3. 16

                                          I switched to Firefox last year, and I have to say I don’t miss Chrome in the slightest.

                                          1. 13

                                            And those with a little financial liberty, consider donating to Mozilla. They do a lot of important work free a free and open web.

                                            1. 10

                                              I recently came back to Firefox from Vivaldi. That’s another Chromium/Webkit based browser and it’s closed source to boot.

                                              Firefox has improved greatly in speed as of late and I feel like we’re back in the era of the mid-2000s, asking people to chose Firefox over Chrome this time instead of IE.

                                              1. 2

                                                I’d love to switch from Vivaldi, but it’s simply not an option given the current (terrible) state of vertical tab support in Firefox.

                                                1. 2

                                                  How is it terrible? The hiding of the regular tab bar is not an API yet and you have to use CSS for that, sure, but there are some very good tree style tab webextensions.

                                                  1. 2

                                                    The extensions are all terrible – but what’s more important is that I lost the belief that any kind of vertical tab functionality has any chance of long-term survival. Even if support was added now, it would be a constant battle to keep it and I’m frankly not interested in such fights anymore.

                                                    Mozilla is chasing their idealized “average user” and is determined to push everyone into their one-size-fits-all idea of user interface design – anyone not happy with that can screw off, if it was for Mozilla.

                                                    It’s 2018 – I don’t see why I even have to argue for vertical tabs and mouse gestures anymore. I just pick a browser vendor which hasn’t been asleep on the wheel for the last 5 years and ships with these features out of the box.

                                                    And if the web in the future ends up as some proprietary API defined by whatever Google Chrome implements, because Firefox went down, Mozilla has only itself to blame.

                                                    1. 2

                                                      The extensions are all terrible – but what’s more important is that I lost the belief that any kind of vertical tab functionality has any chance of long-term survival. Even if support was added now, it would be a constant battle to keep it and I’m frankly not interested in such fights anymore. The whole point of moving to WebExtensions was long term support. They couldn’t make significant changes without breaking a lot of the old extensions. The whole point was to unhook extensions from the internals so they can refactor around them and keep supporting them.

                                                      1. 0

                                                        That’s like a car manufacturer removing all electronics from a car – sure it makes the car easier to support … but now the car doesn’t even turn on anymore!

                                                        Considering that cars are usually used for transportation, not for having them sit in the garage, you shouldn’t be surprised that customers buy other cars in the future.

                                                        (And no, blaming “car enthusiasts” for having unrealistic expectations, like it happens in the case of browser users, doesn’t cut it.)

                                                        1. 3

                                                          So you’d rather they didn’t improve it at all? Or would you rather they broke most extensions every release?

                                                          1. 3

                                                            I’m not @soc, but I wish Firefox had delayed their disabling of old-style extensions in Firefox 57 until they had replicated more of the old functionality with the WebExtensions API – mainly functionality related to interface customization, tabs, and sessions.

                                                            Yes, during the time of that delay, old-style extensions would continue to break with each release, but the maintainers of Tree Style Tabs and other powerful extensions had already been keeping up with each release by releasing fixed versions. They probably could have continued updating their extensions until WebExtensions supported their required functionality. And some users might prefer to run slightly-buggy older extensions for a bit instead of switching to the feature-lacking new extensions straight away – they should have that choice.

                                                            1. 1

                                                              What’s the improvement? The new API was so bad that they literally had to pull the plug on the existing API to force extension authors to migrate. That just doesn’t happen in cases where the API is “good”, developers are usually eager to adopt them and migrate their code.

                                                              Let’s not accuse people you disagree with that they are “against improvements” – it’s just that the improvements have to actually exist, and in this case the API clearly wasn’t ready. This whole fiasco feels like another instance of CADT-driven development and the failure of management to reign in on it.

                                                              1. 3

                                                                The old extension API provided direct access to the JavaScript context of both the chrome and the tab within a single thread, so installing an XUL extension was disabling multiprocess mode. Multiprocess mode seems like an improvement; in old Firefox, a misbehaving piece of JavaScript would lock up the browser for about a second before eventually popping up a dialog offering to kill it, whereas in a multiprocess browser, it should be possible to switch and close tabs no matter what the web page inside does. The fact that nobody notices when it works correctly seems to make it the opposite of Attention-Deficient-Driven-Design; it’s the “focus on quality of implementation, even at the expense of features” design that we should be encouraging.

                                                                The logical alternative to “WebExtension For The Future(tm)” would’ve been to just expose all of the relevant threads of execution directly to the XUL extensions. run-this-in-the-chome.xul and run-this-in-every-tab.xul and message pass between them. But at that point, we’re talking about having three different extension APIs in Firefox.

                                                                Which isn’t to say that I think you’re against improvement. I am saying that you’re thinking too much like a developer, and not enough like the poor sod who has to do QA and Support triage.

                                                                1. 2

                                                                  Improving the actual core of Firefox. They’re basically ripping out and replacing large components every other release. This would break large amount of plugins constantly. Hell, plugins wouldn’t even work in Nightly. I do agree with @roryokane that they should have tried to improve it before cutting support. The new API is definitely missing many things but it was the right decision to make for the long term stability of Firefox.

                                                                  1. 1

                                                                    They could have made the decision to ax the old API after extension authors adopted it. That adoption failed so hard that they had to force developers to use the new API speaks for itself.

                                                                    I’d rather have extension that I have to fix from time to time, than no working extensions at all.

                                                          2. 1

                                                            Why should Mozilla care that much about your niche use case? They already have a ton of stuff to deal with and barely enough funding.

                                                            It’s open source, make your own VerticalTabFox fork :)

                                                            1. 3

                                                              Eh … WAT? Mozilla went the extra mile with their recent extension API changes to make things – that worked before – impossible to implement with a recent Firefox version. The current state of tab extensions is this terrible, because Mozilla explicitly made it this way.

                                                              I used Firefox for more than 15 years – the only thing I wanted was to be left alone.

                                                              It’s open source, make your own VerticalTabFox fork :)

                                                              Feel free to read my comment above to understand why that doesn’t cut it.

                                                              Also, Stuff that works >> open source. Sincerely, a happy Vivaldi user.

                                                              1. 2

                                                                It’s one of the laws of the internet at this point: Every thread about Firefox is always bound to attract someone complaining about WebExtensions not supporting their pet feature that was possible with the awful and insecure old extension system.

                                                                If you’re care about “non terrible” (whatever that means — Tree Style Tab looks perfect to me) vertical tabs more than anything — sure, use a browser that has them.

                                                                But you seem really convinced that Firefox could “go down” because of not supporting these relatively obscure power user features well?? The “average user” they’re “chasing” is not “idealized”. The actual vast majority of people do not choose browsers based on vertical tabs and mouse gestures. 50% of Firefox users do not have a single extension installed, according to telemetry. The majority of the other 50% probably only have an ad blocker.

                                                                1. 3

                                                                  If you’re care about “non terrible” (whatever that means — Tree Style Tab looks perfect to me) vertical tabs more than anything — sure, use a browser that has them.

                                                                  If you compare the current state of the art of vertical tabs extensions, even Mozilla thinks they suck – just compare them to their own Tab Center experiment: https://testpilot.firefox.com/static/images/experiments/tab-center/details/tab-center-1.1957e169.jpg

                                                                  Picking just one example: Having the navigation bar at a higher level of the visual hierarchy is just wrong – the tab panel isn’t owned by the navigation bar, the navigation bar belongs to a specific tab! Needless to say, all of the vertical tab extensions are forced to be wrong, because they lack the API do implement the UI correctly.

                                                                  This is how my browser currently looks like, for comparison: https://i.imgur.com/5dTX8Do.png

                                                                  But you seem really convinced that Firefox could “go down” because of not supporting these relatively obscure power user features well?? The “average user” they’re “chasing” is not “idealized”. The actual vast majority of people do not choose browsers based on vertical tabs and mouse gestures. 50% of Firefox users do not have a single extension installed, according to telemetry. The majority of the other 50% probably only have an ad blocker.

                                                                  You can only go so far alienating the most loyal users that use Firefox for specific purposes until the stop installing/recommending it to their less technically-inclined friends and relatives.

                                                                  Mozilla is so busy chasing after Chrome that it doesn’t even realize that most Chrome users will never switch. They use Chrome because “the internet” (www.google.com) told them so. As long as Mozilla can’t make Google recommend Firefox on their frontpage, this will not change.

                                                                  Discarding their most loyal users while trying to get people to adopt Firefox who simply aren’t interested – this is a recipe for disaster.

                                                              2. 1

                                                                and barely enough funding

                                                                Last I checked they pulled in half a billion in revenue (2016). Do you believe this is barely enough?

                                                                1. 2

                                                                  For hundreds of millions users?

                                                                  Yeah.

                                                            2. 1

                                                              At least with multi-row tabs in CSS you can’t dragndrop tabs. That’s about as bad as it gets.

                                                            3. 2

                                                              Are vertical tabs so essential?

                                                              1. 3

                                                                Considering the change in screen ratios over the past ten years (displays get shorter and wider), yes, it absolutely is.

                                                                With vertical tabs I can get almost 30 full-width tabs on screen, with horizontal tabs I can start fishing for the right tab after about 15, as the tab width gets increasingly smaller.

                                                                Additionally, vertical tabs reduce the way of travel substantially when selecting a different tab.

                                                                1. 1

                                                                  I still miss them, didn’t cripple me, but really hurt. The other thing about Tree (not just vertical) tabs that FF used to have was that the subtree was contextual to the parent tree. So, when you opened a link in a background tab, it was opened in a new tab that was a child of your current tab. For doing like documentation hunting / research it was amazing and I still haven’t found its peer.

                                                              2. 1

                                                                It’s at least partially open source. They provide tarballs.

                                                                1. 4

                                                                  https://help.vivaldi.com/article/is-vivaldi-open-source/

                                                                  The chromium part is legally required to be open, the rest of their code is like readable source, don’t get me wrong that’s way better than unreadable source but it’s also very wut.

                                                                  1. 2

                                                                    Very wut. It’s a weird uneasy mix.

                                                                    1. 1

                                                                      that’s way better than unreadable source but it’s also very wut.

                                                                      I wouldn’t be sure of that. It makes it auditable, but has legal ramifications should you want to build something like vivaldi, but free.

                                                                2. 8

                                                                  firefox does not get better with investment, it gets worse.

                                                                  the real solution is to use netsurf or dillo or mothra, so that webmasters have to come to us and write websites that work with browsers that are simple enough to be independently maintained.

                                                                  1. 9

                                                                    Good luck getting more than 1‰ adoption 😉

                                                                    1. 5

                                                                      good luck achieving independence from Google by using a browser funded by Google

                                                                      1. 1

                                                                        I can achieve independence from Google without using netsurf, dillo, or mothra; to be quite honest, those will never catch on.

                                                                        1. 2

                                                                          can you achieve independence from google in a way that will catch on?

                                                                          1. 1

                                                                            I don’t think we’ll ever get the majority of browser share back into the hands of a (relatively) sane organization like Mozilla—but we can at least get enough people to make supporting alternative browsers a priority. On the other hand, the chances that web devs will ever feel pressured to support the browsers you mentioned, is close to nil. (No pun intended.)

                                                                            1. 0

                                                                              what is the value of having an alternative, if that alternative is funded by google and sends data to google by default?

                                                                              1. 1

                                                                                what is the value of having an alternative

                                                                                What would you like me to say, that Firefox’s existence is worthless? This is an absurd thing to insinuate.

                                                                                funded by google

                                                                                No. I’m not sure whether you’re speaking in hyperbole, misunderstood what I was saying, and/or altogether skipped reading what I wrote. But this is just not correct. If Google really had Mozilla by the balls as you suggest, they would coerce them to stop adding privacy features to their browser that, e.g., block Google Analytics on all sites.

                                                                                sends data to google by default

                                                                                Yes, though it seems they’ve been as careful as one could be about this. Also to be fair, if you’re browsing with DNT off, you’re likely to get tracked by Google at some point anyway. But the fact that extensions can’t block this does have me worried.

                                                                                1. 1

                                                                                  i’m sorry if i misread something you wrote. i’m just curious what benefit you expect to gain if more people start using firefox. if everyone switched to firefox, google could simply tighten their control over mozilla (continuing the trend of the past 10 years), and they would still have control over how people access the web.

                                                                                  1. 1

                                                                                    It seems you’re using “control” in a very abstract sense, and I’m having trouble following. Maybe I’m just missing some context, but what concrete actions have Google taken over the past decade to control the whole of Mozilla?

                                                                                    1. 1

                                                                                      Google has pushed through complex standards such as HTTP/2 and new rendering behaviors, which Mozilla implements in order to not “fall behind.” They are able implement and maintain such complexity due to funding they receive from Google, including their deal to make Google the default search engine in Firefox (as I said earlier, I couldn’t find any breakdown of what % of Mozilla’s funding comes from Google).

                                                                                      For evidence of the influence this funding has, compare the existence of Mozilla’s Facebook Container to the non-existence of a Google Container.

                                                                                      1. 1

                                                                                        what % of Mozilla’s funding comes from Google

                                                                                        No word on the exact breakdown. Visit their 2017 report and scroll all the way to the bottom, and you’ll get a couple of helpful links. One of them is to a wiki page that describes exactly what each search engine gets in return for their investment.

                                                                                        I would also like to know the exact breakdown, but I’d expect all those companies would get a little testy if the exact amount were disclosed. And anyway, we know what the lump sum is (around half a billion), and we can assume that most of it comes from Google.

                                                                                        the non-existence of a Google Container

                                                                                        They certainly haven’t made one themselves, but there’s nothing stopping others from forking one off! And anyway, I think it’s more so fear on Mozilla’s part than any concrete warning from Google against doing so.

                                                                                        Perhaps this is naïveté on my part, but I really do think Google just want their search engine to be the default for Firefox. In any case, if they really wanted to exert their dominance over the browser field, they could always just… you know… stop funding Mozilla. Remember: Google is in the “web market” first & the “software market” second. Having browser dominance is just one of many means to the same end. I believe their continued funding of Mozilla attests to that.

                                                                                        1. 2

                                                                                          It doesn’t have to be a direct threat from Google to make a difference. Direct threats are a very narrow way in which power operates and there’s no reason that should be the only type of control we care about.

                                                                                          Yes Google’s goal of dominating the browser market is secondary to their goal of dominating the web. Then we agree that Google’s funding of Firefox is in keeping with their long-term goal of web dominance.

                                                                                          if they really wanted to exert their dominance over the browser field, they could always just… you know… stop funding Mozilla.

                                                                                          Likewise, if Firefox was a threat to their primary goal of web dominance, they could stop funding Mozilla. So doesn’t it stand to reason that using Firefox is not an effective way to resist Google’s web dominance? At least Google doesn’t think so.

                                                                                          1. 1

                                                                                            Likewise, if Firefox was a threat to their primary goal of web dominance, they could stop funding Mozilla. So doesn’t it stand to reason that using Firefox is not an effective way to resist Google’s web dominance?

                                                                                            You make some good points, but you’re ultimately using the language of a “black or white” argument here. In my view, if Google were to stop funding Mozilla they would still have other sponsors. And that’s not to mention the huge wave this would make in the press—even if most people don’t use Firefox, they’re at least aware of it. In a strange sense, Google cannot afford to stop funding Mozilla. If they do, they lose their influence over the Firefox project and get huge backlash.

                                                                                            I think this is something the Mozilla organization were well aware of when they made the decision to accept search engines as a funding source. They made themselves the center of attention, something to be competed over. And in so doing, they ensured their longevity, even as Google’s influence continued to grow.

                                                                                            Of course this has negative side effects, such as companies like Google having influence over them. But in this day & age, the game is no longer to be free of influence from Google; that’s Round 2. Round 1 is to achieve enough usage to exert influence on what technologies are actually adopted. In that sense, Mozilla is at the discussion table, while netsurf, dillo, and mothra (as much as I’d love to love them) are not and likely never will be.

                                                                      2. 3

                                                                        Just switch to Gopher.

                                                                        1. 5

                                                                          Just switch to Gopher

                                                                          I know you were joking, but I do feel like there is something to be said for the simplicity of systems like gopher. The web is so complicated nowadays that building a fully functional web browser requires software engineering on a grand scale.

                                                                          1. 3

                                                                            yeah. i miss when the web was simpler.

                                                                            1. 1

                                                                              I was partially joking. I know there are new ActivityPub tools like Pleroma that support Gopher and I’ve though about adding support to generate/server gopher content for my own blog. I realize it’s still kinda a joke within the community, but you’re right about there being something simple about just having content without all the noise.

                                                                        2. 1

                                                                          Unless more than (rounded) 0% of people use it for Facebook, it won’t make a large enough blip for people to care. Also this is how IE was dominant, because so much only worked for them.

                                                                          1. 1

                                                                            yes, it would require masses of people. and yes it won’t happen, which is why the web is lost.

                                                                        3. 2

                                                                          I’ve relatively recently switched to FF, but still use Chrome for web dev. The dev tools still seem quite more advanced and the browser is much less likely to lock up completely if I have a JS issue that’s chewing CPU.

                                                                          1. 2

                                                                            I tried to use Firefox on my desktop. It was okay, not any better or worse than Chrome for casual browsing apart from private browsing Not Working The Way It Should relative to Chrome (certain cookies didn’t work across tabs in the same Firefox private window). I’d actually want to use Firefox if this was my entire Firefox experience.

                                                                            I tried to use Firefox on my laptop. Site icons from bookmarks don’t sync for whatever reason (I looked up the ticket and it seems to be a policy problem where the perfect is the enemy of the kinda good enough), but it’s just a minor annoyance. The laptop is also pretty old and for that or whatever reason has hardware accelerated video decoding blacklisted in Firefox with no way to turn it back on (it used to work a few years ago with Firefox until it didn’t), so I can’t even play 720p YouTube videos at an acceptable framerate and noise level.

                                                                            I tried to use Firefox on my Android phone. Bookmarks were completely useless with no way to organize them. I couldn’t even organize on a desktop Firefox and sync them over to the phone since they just came out in some random order with no way to sort them alphabetically. There was also something buggy with the history where clearing history didn’t quite clear history (pages didn’t show up in history, but links remained colored as visited if I opened the page again) unless I also exited the app, but I don’t remember the details exactly. At least I could use UBO.

                                                                            This was all within the last month. I used to use Firefox before I used Chrome, but Chrome just works right now.

                                                                            1. 6

                                                                              I definitely understand that Chrome works better for many users and you gave some good examples of where firefox fails. My point was that people need to use and support firefox despite it being worse than chrome in many ways. I’m asking people to make sacrifices by taking a principled position. I also recognize most users might not do that, but certainly, tech people might!? But maybe I’m wrong here, maybe the new kids don’t care about an open internet.

                                                                          1. 3

                                                                            I’m glad to see that the author mentioned some of the downsides of Rust, as it does seem to be quite a hyped language these days.

                                                                            FWIW, I do like Rust too. I use it for my day job and enjoy the safety aspects, although I’m not so fearless. I’ve shot myself multiple times in many feet using the FFI (unsafe by nature).

                                                                            My personal Rust quibble list:

                                                                            • writing some kinds of data structures is pretty painful in Rust due to the borrow checker.
                                                                            • clippy and rustfmt now require rustup, which is not available on all platforms (i.e. OpenBSD).
                                                                            • also no nightly Rust on OpenBSD without jumping hoops.
                                                                            • stabilisation of experimental features is slow.
                                                                            • some minor Cargo niggles, e.g. it can’t express autoconf-style feature checks.

                                                                            That said, its not all bad, and the language is always improving :) Bravo Rust.

                                                                            1. 2

                                                                              “writing some kinds of data structures is pretty painful in Rust due to the borrow checker.”

                                                                              Remember that you can still do reference counting or unsafe where you value productivity and less headaches over borrow checker’s guarantees.

                                                                              1. 2

                                                                                Yeah. But I always feel like I cheated :)

                                                                            1. 33

                                                                              I’ve run into this mentality myself a couple of times, people claim in 2018 that they can write safe C/C++, it’s only those other people that can’t.

                                                                              1. 7

                                                                                I would claim that 2018 is the best time (yet) for writing memory-safe C++. We have tooling and paradigms now where we don’t need to rely on raw pointers and can make use of things like shared_ptr and unique_ptr. We can utilize the vector class which gives us OOB write protection (via the vector::at method) . We can even look to the design decisions made in Rust and see they draw their roots from modern C++ (think RIAA). All the protections of Rust already exist in C++, and are distinct enough that tooling can catch when developers don’t use them.

                                                                                1. 20

                                                                                  I agree about it being best time to write safer C++. Ill add C, too, given all the analyzers. Empirical evidence Gaynor references show vast majority of C/C++ code fails to be safe anyway. So a safe-by-default option is better to use with unsafety turned on selectively when necessary.

                                                                                  Also, the key aspects of Rust’s memory safety come from Cyclone language. It was a safer C with some temporal safety among other things. Clay was another which had linear and singleton types.

                                                                                  1. 15

                                                                                    All the protections of Rust already exist in C++

                                                                                    Unless you are claiming C++ has a way to ensure data race freedom, this does not seem true.

                                                                                    1. 10

                                                                                      Smart pointers have been around for more than a decade (in Boost before they got into std::), and STL has been around for ages of course. From the memory safety perspective, the tools have been around for a long time. Perhaps the issue is that none of these things are mandatory.

                                                                                      1. 4

                                                                                        Halfway there: C++ was built on unsafe-by-default foundation, C, with good protections added that also aren’t mandatory. It evolved from there in a lot of ways I didnt keep up with. I just know that plus its parsing/semantic headaches gave C++ a brutal start if goal was safety on average or high assurance.

                                                                                      2. 9

                                                                                        (via the vector::at method)

                                                                                        Which you have to remember to use instead of the far easier nicer looking []. I’ve seen v.at in a C++ codebase exactly once in my life. As usual, the default C++ is unsafe.

                                                                                        We can even look to the design decisions made in Rust and see they draw their roots from modern C++ (think RIAA)

                                                                                        True but not sure of the relevance.

                                                                                        All the protections of Rust already exist in C++

                                                                                        They most certainly do not.

                                                                                        tooling can catch when developers don’t use them

                                                                                        There are no tools that I’m aware of that guarantee an absence of bugs in a C++ codebase. I’ve used most of them. Bugs still happen. Bugs that don’t happen in safer languages.

                                                                                        1. 8

                                                                                          All the protections of Rust already exist in C++

                                                                                          I’m not sure that’s entirely true, but I could be wrong. I agree with what you are saying about RIAA, but a few other things pop to mind:

                                                                                          • Rust tries really hard to ensure you have either only immutable references, or a sole mutable reference. This prevents the old “iterate over a collection and mutate it” problem.

                                                                                          • It also forces you to think about sharing semantics across threads (i.e. Sync trait).

                                                                                          • In Rust you can design APIs which “consume” their parameters. i.e. you pass ownership to a callee, and it never hands it back. This is useful for scenarios where you don’t want the user to try and re-use a conceptually finalized data structure. Perhaps reuse of the structure could be unsafe for example.

                                                                                          I’m sure there will be other examples. And I’m sure the proponents of Rust will provide those in more comments ;)

                                                                                          Maybe you can do these kinds of things in modern C++?

                                                                                          1. 6

                                                                                            Problem with C & C++ is not only about memory safety. Are you 100% sure you have absolutely no chance of a signed int overflow anywhere in your codebase?

                                                                                            1. 15

                                                                                              Compile with -fwrapv to instantly unlock the same behavior as rust.

                                                                                              1. 5

                                                                                                To get the K&R C behavior not the house-of-horrors C standard.

                                                                                                1. 3

                                                                                                  Or better, -ftrapv to trap even errors that Rust won’t catch. (I don’t understand why this wasn’t made the default behaviour in Rust, to be honest; the performance hit should ultimately be negligible, and they already make some choices for safety-over-performance).

                                                                                                  1. 4

                                                                                                    The reason it is not default in Rust is that performance hit was not negligible.

                                                                                                    1. 0

                                                                                                      Got some numbers? Part of the problem is probably that the code generator (LLVM) doesn’t handle it very well; but basing a language decision on a current limitation of the code generator doesn’t seem wise. (Especially if it’s a choice between “fail to detect some potentially critical code issue” and somewhat reduced performance).

                                                                                                      1. 5

                                                                                                        I don’t have the reference for Rust handy, but NIST Technical Note 1860 is one good reference. To quote the abstract:

                                                                                                        We performed an experiment to measure the application-level performance impact of seven defensive code options… Of the seven options, only one yielded clear evidence of a significant reduction in performance; the main effects of the other six were either materially or statistically insignificant.

                                                                                                        That one option is -ftrapv.

                                                                                                        1. 1

                                                                                                          That report is specific to GCC, though, which has worse overflow checking even that LLVM.

                                                                                                          “In practice, this means that the GCC compiler generates calls to existing library functions rather than generating assembler instructions to perform these arithmetic operations on signed integers.”

                                                                                                          Clang/LLVM doesn’t do that. Needless to say, it explains much of the performance hit, but not how it would affect Rust. I’m curious about what the real numbers do look like.

                                                                                                        2. 1

                                                                                                          (actually, having done some recent ad-hoc tests LLVM seems to do ok, mostly just inserting a jo instruction after operations that can overflow, which is probably about as good as you can do on x86-64. I’d still like to see some numbers of how this affects performance, though).

                                                                                                  2. 2

                                                                                                    I agree memory safety is not the only kind of security bug, but it is the focus of this article, which is why I focused on it in my comment.

                                                                                                2. 4

                                                                                                  And how do you know they’re wrong?

                                                                                                  We see evidence all the time. Easily preventable bugs in old software everybody used but nobody wanted to make good. Bugs that would’ve been obvious if people had looked at compiler warnings or run a static analyzer, but nobody did..

                                                                                                  1. 24

                                                                                                    And how do you know they’re wrong?

                                                                                                    I don’t know about @szbalint, but I know they’re wrong because of ample experience with people who think they can write safe C code and can’t. I literally have never met or have worked with an engineer I’d trust to write C code, myself obviously included.

                                                                                                    I’ve been compiling all C and C++ code with -Wall for at least the last 15 years, and the last 10 with -Wall -Wextra -Werror. I’ve used free and paid-for static analysers on production code. Tests, extensive code reviews, valgrind, clang sanitizers, the lot.

                                                                                                    The end result were bugs, bugs, and more bugs, many of them security vulnerabilities. This problem isn’t solvable with developer discipline and tools. We’ve tried. We’ve failed.

                                                                                                    1. 2

                                                                                                      Has your experience with D been much better? I’ve been able to segfault D because I didn’t realise that SomeClass c; generates a null pointer. I really wish the language were modified to make this impossible without some extra attributes like @trusted.

                                                                                                      That’s the only way I’ve managed to really “crash” D, though. The rest of the time I get pretty stack traces at runtime whenever I mess up, much more controlled and predictable error-handling.

                                                                                                      1. 1

                                                                                                        Has your experience with D been much better?

                                                                                                        Vastly so.

                                                                                                        I’ve been able to segfault D because I didn’t realise that SomeClass c; generates a null pointer.

                                                                                                        That’s not considered an issue in D. Variables are all default-initialised so you’ll get a crash at the point where you forgot to assign the reference to a new instance. Deterministic crashes in the face of bugs is a good thing.

                                                                                                        1. 1

                                                                                                          A segfault is a pretty obscure thing, and I’m not sure it’s even exactly “deterministic”. Are all arches guaranteed to react the same way to dereferencing a null pointer? It’s not like it’s raising a D NullPointerException, if such a thing even exists, so I don’t get a stack trace telling me where the problem is, unlike every other D “crash”.

                                                                                                          I still don’t understand why making this segfaulting easy is desirable. It feels like an obvious rake to step on.

                                                                                                          1. 1

                                                                                                            A segfault is a pretty obscure thing

                                                                                                            To a scripter, maybe, but not to a systems programmer.

                                                                                                            and I’m not sure it’s even exactly “deterministic”

                                                                                                            Some are, some aren’t. The deterministic ones are of the good variety. Always crashing because of an unitialised reference is ok. Getting a segfault somewhere else in your app isn’t.

                                                                                                            It’s not like it’s raising a D NullPointerException, if such a thing even exists

                                                                                                            It doesn’t exist, or rather, its version is to just segfault.

                                                                                                            so I don’t get a stack trace telling me where the problem is, unlike every other D “crash”.

                                                                                                            % coredumpctl gdb
                                                                                                            % bt
                                                                                                            

                                                                                                            If you’re not running systemd then run the program again under gdb. Since it always crashes in the same place you’ll get the same result. If you’re on Windows you open the debugger right there and then and look at the backtrace.

                                                                                                            It feels like an obvious rake to step on.

                                                                                                            It isn’t, it always takes me 30s to fix.

                                                                                                      2. 2

                                                                                                        I don’t know what your use involves, but sometimes using e.g. Coverity is not much better than never using it. All those things have to be done in the context of a comprehensive build and test system and always done on every checkin. And there is no substitute for good programmers with solid education. I have met a number of really excellent C programmer who produce solid, trustworthy code.

                                                                                                        And, as always in such discussions, none of these assertions make sense without a “compared to”. People write unsafe C code, compared to which people who write what?

                                                                                                        1. 2

                                                                                                          using e.g. Coverity is not much better than never using it

                                                                                                          Not in my experience.

                                                                                                          And there is no substitute for good programmers with solid education.

                                                                                                          Few and far between.

                                                                                                          I have met a number of really excellent C programmer who produce solid, trustworthy code.

                                                                                                          I have not. And that includes meeting compiler writers and C++ luminaries.

                                                                                                          People write unsafe C code, compared to which people who write what?

                                                                                                          To people who write code in Ada, Rust, …

                                                                                                        2. 1

                                                                                                          The end result were bugs, bugs, and more bugs, many of them security vulnerabilities. This problem isn’t solvable with developer discipline and tools. We’ve tried. We’ve failed.

                                                                                                          Then why is it that when the bugs that relate to language level issues are dissected in the public, they nearly always seem like they’d be prevented by discipline & disciplined application of tooling?

                                                                                                          1. 4

                                                                                                            Even the best programmers have an error rate. Much lower than novice programmers, but it’s still there.

                                                                                                            1. 1

                                                                                                              You are stating the obvious here.

                                                                                                              The question is, why aren’t these errors being caught when it is so easy to do?

                                                                                                              1. 6

                                                                                                                The nature of the tooling seems like a prime candidate answer to that question. In C and C++ you often need to opt into constructs and static analyses in order to guard against memory safety bugs. Just look at all the tortured defenses in this thread alone. It’s some combination of “oh just use this particular subset of C++” all the way to “get gud.”

                                                                                                                In memory safe languages the tooling generally demands that you opt out in order to write code that is susceptible to memory safety bugs.

                                                                                                                It’s just another instance of “defaults matter.”

                                                                                                                1. 0

                                                                                                                  I think we’re going in circles here. None of what you say is evidence that people can’t write safe code. You’re just saying they (most of them) won’t, which isn’t the contentious point.

                                                                                                                  1. 5

                                                                                                                    Seems like a distinction without a practical difference. You asked a question, “why aren’t these errors being caught when it is so easy to do,” and I answered with, essentially, “maybe it’s not as easy as you think.” I proposed a reason why it might not be easy.

                                                                                                                2. 4

                                                                                                                  The question is, why aren’t these errors being caught when it is so easy to do?

                                                                                                                  It isn’t easy. If it were, they’d be caught. The litany of security vulnerabilities everywhere shows us that we’re doing it wrong.

                                                                                                                  1. 1

                                                                                                                    Right. Why not?

                                                                                                                3. 2

                                                                                                                  Did I claim developer discipline wouldn’t prevent bugs? What I’m claiming is that it’s humanly impossible to manage that level of discipline in any large codebase. And I’m claiming that because we have decades of experience telling us that it’s the case.

                                                                                                              2. 3

                                                                                                                You raise a good point. I think anyone who thinks their own code is perfect is wrong, but I can’t prove it. I suppose, also, that it could be vacuously true in the sense that maybe their own code is perfect, but they haven’t written production systems entirely by themselves. Was that what you were suggesting?

                                                                                                                1. 2

                                                                                                                  You raise a good point. I think anyone who thinks their own code is perfect is wrong, but I can’t prove it.

                                                                                                                  Can you write one line of code that is perfect? Why not two? Why not ten? Why not a thousand?

                                                                                                                  Even then, there’s a continuum between perfect and unmitigated disaster. I’ll grant you that I don’t really believe in large scale software ever being perfect in a literal sense of the word. Not even bug free. However, I believe there are individuals who can produce safe software in C. And if given enough control over the platform the code runs on, they can lock things down to virtually guarantee that language level issues are not ever going to turn into full compromise (RCE) or secret leaks.

                                                                                                                  If you need something for a case study, why not take a look at qmail? The fun thing is that the papers and writeups about qmail’s security practices don’t really mention things such as extensive use of static analyzers, fuzzers, and formal verification. Despite that, it has an incredible track record. I think there is much more that could be done to raise the bar.

                                                                                                                  I suppose, also, that it could be vacuously true in the sense that maybe their own code is perfect, but they haven’t written production systems entirely by themselves. Was that what you were suggesting?

                                                                                                                  Security costs time and isn’t sexy. Worst of all, you can’t measure it like you can measure performance or the length of the list of features. So even if someone out there is producing “perfect” code, it’s likely that the project goes mostly unheard of. If one were to dig up and point out such a project, people would just call it a toy / academic exercise / “nobody uses it.” People might say they care about security but they really don’t, they just use whatever is convenient or popular. And when you point out the bugs in that, well, developers being developers, they just pat each other on the back. “Dude, bugs happen! Give ’em a break!”

                                                                                                                  It’s especially bad in any commercial setting, which is why I think it is indeed the case that the people who are capable of writing secure software are, in the end, not doing that, because they don’t get to write an entire production system on their own terms. I don’t think it’s a coincidence that the project I just mentioned is essentially a solo project by one person.

                                                                                                                  I’m in that boat too, sort of. At day job there’s so much code that’d get you kicked out if it were my personal project with a security guarantee. I’m not at liberty to rearchitect and rewrite the software. The markets opt out of security.

                                                                                                                  1. 6

                                                                                                                    Can you write one line of code that is perfect? Why not two? Why not ten? Why not a thousand?

                                                                                                                    It depends on the line. Perfection isn’t just about the semantics the code has to the compiler, but about how a future reader will interpret it. Even the shortest snippet of code can have subtleties that may not be obvious later, no matter how clear they seem to me today. Concretely, in the 90s, “everyone knew” that system() was a huge security vulnerability because of how it adds to the attack surface, and it wasn’t a big deal because code that was thought of as needing to be secure was hardened against it. But those very same semantics came as a very unwelcome surprise to “everyone” when Shellshock was publicized in 2014.

                                                                                                                    Lots of vulnerabilities can be traced to people misunderstanding single lines of code.

                                                                                                                    I very much agree with your point about it being hard to sell security. I think that’s by far the biggest factor in how horrible the current state of affairs is.

                                                                                                                    1. 3

                                                                                                                      Wasn’t the key shellshock problem that bash executed environment variables? 99% of these failures seem to come from parsing errors, eval, and convenience components. Why bash designers felt it was good to allow arbitrary functions to be passed in environment variables and then executed baffles me but probably came from feature creep. The same functionality could have been achieved more safely by include/load like mechanisms (not 100% safe either, but easier to lock down) or, better, running other programs.

                                                                                                                      BTW: Bash scripts are memory safe.

                                                                                                                      1. 2

                                                                                                                        It depends on what you see as the most unexpected part of it. The reason it was such an emergency to patch it was that bash was exposed to unauthenticated incoming network connections in the first place.

                                                                                                              3. -3

                                                                                                                Where are all the safe Rust based applications and operating systems?

                                                                                                                  1. 6

                                                                                                                    I mean, so what? The pool of talented systems programmers is vanishingly small, and also going to be dominated by people using C/C++, so its not that surprising that it hasn’t eradicated all the competition yet. And as a sibling commenter pointed out, its doing pretty well for being all of 3 years old.

                                                                                                                    1. 0

                                                                                                                      There is a big difference between “has not eradicated the competition yet” and “still can’t point to 5 widely used and superior applications”.

                                                                                                                      1. 10

                                                                                                                        how many did python have within 3 years? Or ruby for that matter. How about clojure? None of those had “5 widely used and superior applications” within 3 1/2 years. It was probably a decade before python had 5, maybe a little less for ruby. And you didn’t respond at all to my point about the quantity of systems programmers. Rust is a kind of weird language, attempting to fill a very tight ecological niche with few potential adoptees in terms of actual programmers. I’m not in the least surprised that its still very much in an embryonic state in regards to a community and the works that would flow from that. And, fwiw, Servo and Fuscia aren’t exactly small scale applications, not to mention all of the companies using it internally for whom we have no data/reports other than job board postings.

                                                                                                                        1. 1

                                                                                                                          I’m not at all saying Rust is a failure - I don’t find it appealing, but that doesn’t mean anything. But it’s still in the experiment stage. You can declare C obsolete when you have that body of large successful, less buggy, products to point at.

                                                                                                                          1. 9

                                                                                                                            The whole point of the article is that literally decades of experience have shown that it is effectively impossible to write safe secure code in C/C++. The goal in fact is to to declare C/C++ a security nightmare. Does that make it obsolete? Maybe, maybe not. There are options out there that give you far more safety guarantees than C/C++ will ever be able to do.

                                                                                                                            Knowing that it is quite possibly flat our irresponsible to use it for any new project where security is important. Oh, and security is nearly always an important concern for a software project.

                                                                                                                            1. 1

                                                                                                                              Let me try again: To make that claim be anything more than marketing, you’d need some (a) data and (b) some indication that C programs were WORSE than some alternative. In the absence of both, it’s just weak marketing. The evidence seems to show more that it is very difficult to develop large software systems that are safe and secure and, at the same time, find an appreciative audience - no matter what the language. As I pointed out before, until there are significant examples of safe/secure/successful Rust programs to compare with, such claims are just blowing smoke.

                                                                                                                              1. 2

                                                                                                                                While it’s not as strong a claim as you seem to want, I don’t think it’s incorrect to say that C and C++ in the hands of not superhuman developers tends to result in a whole class of bugs that Rust makes nearly impossible to create. Bugs that have appeared numerous times and continue to keep appearing in critical internet infrastructure.

                                                                                                                                It’s purely anecdotal but Rust has prevented multiple use after free, use before initialized, and buffer overrun errors in my own code multiple times just while playing around. It’s a bit disingenuous to suggest that C/C++ don’t have a problem and that Rust which provably prevents most of those problems isn’t a promising solution.

                                                                                                                                This isn’t blowing smoke it’s a recognition that there is a problem and possible solution to that problem that doesn’t involve cloning Dan Bernstein and firing all the other programmers.

                                                                                                                                1. 2

                                                                                                                                  I kind of like the idea of cloning Dan Bernstein and firing all the other programmers. It’s a big idea with some verve and panache.

                                                                                                                                1. 4

                                                                                                                                  I agree the comment overstated by saying “effectively impossible.” Really hard with higher failure rates than safe languages would be more accurate. Yet, it seems misleading for you to use Bernstein and Hipp since most people are nowhere near as good at QA as them. Bernstein is also a security genius.

                                                                                                                                  C defenders countering with the vulnerability results of security geniuses in minimalist apps instead of what average C coder achieves vs average user of safe language isnt a good comparison.

                                                                                                                                  1. 0

                                                                                                                                    Hence my quest for examples rather than handwaving. Examples of real applications that are not minimalist. Specific examples.

                                                                                                                                    1. 2

                                                                                                                                      Ripgrep? Firefox? The former is shipped and used for search in VS Code, the latter is pretty rapidly moving to using rust where it can to improve performance, and reduce security issues. Just two projects I can name off the top of my head as a non rust programmer.

                                                                                                                                      1. 0

                                                                                                                                        The same two projects everyone names and I’m not dismissing either of them. I’m just pointing out that the triumphal declarations of the obsolescense of C and dawn of the Reign of Rust lack sufficient backing. If we just got enthusiastic reports about what people wrote in Rust and how well it worked that would be interesting and impressive. But this overblown marketing stuff is just irritating.

                                                                                                                          2. 5

                                                                                                                            Well, I guess ripgrep qualifies? Hopefully there will be more such applications.

                                                                                                                            1. -1

                                                                                                                              Ripgrep is interesting. Is it considerably less bug ridden than ag ? Is it considerably less bug ridden than grep?

                                                                                                                              https://www.cvedetails.com/product/23804/GNU-Grep.html?vendor_id=72 Well grep doesn’t seem so bad.

                                                                                                                              Come on, people need to do better than this.

                                                                                                                              1. 7

                                                                                                                                Is it considerably less bug ridden than ag ?

                                                                                                                                Yes, by a very very large margin across at least a couple different spectrums.

                                                                                                                                Is it considerably less bug ridden than grep?

                                                                                                                                Unlikely.

                                                                                                                                Come on, people need to do better than this.

                                                                                                                                Right. Nothing will ever be good enough. This is a classic Internet debate tactic. No matter what example anyone gives you, there will always be a reason to dismiss it. I don’t say that flippantly necessarily. Satisfying your standard (mentioned in another comment) to a high degree is nearly impossible. There will always be differences and variables that cannot reasonably be controlled for.

                                                                                                                                It’s totally fine to have high standards that are impossible to satisfy (it’s your choice), but at least state that up front explicitly and don’t be coy about it. And don’t accuse people who are trying to hit a lower standard of evidence as just “blowing smoke,” because that’s a bunch of bullshit and you know it.

                                                                                                                                1. -2

                                                                                                                                  Oh come on: ripgrep is the example I’m given. Yet, grep, written in horrible pathetic C, has very few security bugs. Are there CVEs for ag even? I am ready to be persuaded and I don’t need ironclad proofs - I just want to see a number of examples of complex applications/systems written in XYZ that are significantly better than the standard C versions in terms of security. Until those are available it’s just marketing. Maybe Rust is a brilliant advance that will lead to the creation of highly reliable secure applications - maybe it is not. Without evidence, all this claim that C has been obsoleted by Rust or whatever is exactly that - just blowing smoke. Read software jewels by Parnas, this is not a new problem.

                                                                                                                                  I’ll give you a good example: the OP makes a big deal about security issues in ImageMagick! Of all things. I cannot imagine that anyone involved in the development of ImageMagick worried about security at all - it was a tool people could use to manipulate images. Now it is being dragged into service as an online utility exposed to the open internet or used on images that come from anywhere and - lo and behold - because of C it’s insecure! Great, let me see a Rust program designed without any attention to security employed similarly and we’ll compare.

                                                                                                                        2. 1

                                                                                                                          Quite a few swift based applications out there though, so it isn’t like new languages aren’t being used for things.
                                                                                                                          Go is quite popular in certain spaces too, for what it’s worth.

                                                                                                                        1. 23

                                                                                                                          Not particularly well cloaked, honestly.

                                                                                                                          1. 14

                                                                                                                            It’s a Rust plug, but I don’t think any of the content is incorrect, is it?

                                                                                                                            1. 14

                                                                                                                              and? you say this like a rust plug is a slam. It will never cease to amaze me the number of people who think they’re shedding light by pointing out that people advocating a language designed to replace C/C++ is …..being advocated by pointing out the deficiencies in C. No one is being enlightened here with these comments.

                                                                                                                              1. 7

                                                                                                                                We could test that by running some kind of fuzzer to see how many piles of exploitable bugs we find in C that arent in safe languages. That would test his C point. He’d be wrong if nearly same number of memory bugs or races in languages designed to mitigate them.

                                                                                                                                Then, if it’s proven, we have to use one thst fits in C’s domain with active development and preferably significant ecosystem/community. Something he thinks is best one, too. (His bias.) Narrows options way down. Which safe, efficient languages do you prefer he entice C/C++ developers with that match Rust’s memory and concurrency safety? And maybe type-safe abstractions, too?

                                                                                                                                1. 5

                                                                                                                                  pretty sure the author has a side project which is entirely dedicated to doing almost exactly that with AFL. Maybe, just maybe this person is speaking from a place of experience.

                                                                                                                                  1. 6

                                                                                                                                    Yeah, he says it’s like shooting fish in a barrel.

                                                                                                                              1. 1

                                                                                                                                If an attacker managed to compromise your home network, protecting IoT devices would be the last of your worries.

                                                                                                                                1. 1

                                                                                                                                  Sorry, that doesn’t excuse this :P

                                                                                                                                  1. 1

                                                                                                                                    Unless your IoT devices include the camera you use to keep an eye on your house, or your door lock.

                                                                                                                                  1. 8

                                                                                                                                    https://imgur.com/a/Cv5KXOE

                                                                                                                                    Two virtual desktops.

                                                                                                                                    Despite my perennial curiosity about acme, I think the only thing I’m really into is its color scheme. There’s two kakoune windows with acme colors, and an es session with a little CLI weather app I wrote for myself. The terminal emulator is kitty.

                                                                                                                                    The second desktop is a couple vimb windows, where I do as much browsing as I can.

                                                                                                                                    The WM is spectrwm, which has a couple annoying bugs, but thus far the best tiling behavior I’ve found.

                                                                                                                                    1. 3

                                                                                                                                      I used to use spectrwm!

                                                                                                                                      1. 2

                                                                                                                                        Rock on, dude! It seems pretty unsupported which is a bummer. It makes me think maybe I should go back to i3. Except I don’t remember why I switched from i3 to spectrwm in the first place so I don’t know what I can check on.

                                                                                                                                      2. 1

                                                                                                                                        I moved from spectrwm to awesome partly as I was using at work, and partly as it works well on OpenBSD.

                                                                                                                                      1. 4

                                                                                                                                        there were multiple times during my learning process in which I was transported back in time to when I was initially trying to learn how to program

                                                                                                                                        I totally agree. When you start out learning Rust, you feel like a total beginner all over again. It’s a really hard language to learn, even for an experienced software engineer.

                                                                                                                                        I’m about a year and a bit into my Rust excursion, and I’ just about productive now.

                                                                                                                                        1. 1

                                                                                                                                          Oh my goodness, lander. That was great!

                                                                                                                                          1. 1

                                                                                                                                            It was a sad day when the demo disk for lander broke at junior school.

                                                                                                                                          1. 5

                                                                                                                                            I’ve been trying to get a patchfix into OpenBSD with no luck. No response to my patch on tech@openbsd.org. This isn’t the first time. Can any OpenBSD contributor help me out?

                                                                                                                                            1. 7

                                                                                                                                              If you didn’t get any feedback, just keep asking the list for feedback every two weeks by replying to your own post. There’s a bit of luck to it because each patch has to catch someone’s interest in a moment when they have time to deal with it.

                                                                                                                                              1. 4

                                                                                                                                                Cool I can do that, thanks for the tip.

                                                                                                                                                1. -1

                                                                                                                                                  just keep asking the list for feedback every two weeks by replying to your own post.

                                                                                                                                                  What a ridiculous response. Not even an apology. That’s no way to run a welcoming community or encourage people to contribute.

                                                                                                                                                  1. 9

                                                                                                                                                    Nothing to apologize for - what did you expect? Sending reminders is a common idiom on tech@ where a mail gets drown easily by other threads.

                                                                                                                                                    Making sure your submissions are well tested and reasoned helps getting a response, but you cannot demand anything.

                                                                                                                                                    1. 1

                                                                                                                                                      what did you expect?

                                                                                                                                                      Maybe this is how OpenBSD runs things, if that’s the culture there, that’s fine, but don’t expect it to attract very many contributors.

                                                                                                                                                      1. 5

                                                                                                                                                        It does attract contributors. In fact, this culture is one of the reasons joined the project.

                                                                                                                                                        So I eventually started reviewing the diff but failed to do so because it was both malformed (did not apply) and broken (did not compile). That is, instead of focusing on the intented changes, reviewers get thrown back because they did not test it. Note how I explicitly mentioned this in my previous reply.

                                                                                                                                                        Edit: I mixed you up with the OP/diff author, text adjusted.

                                                                                                                                                        1. 4

                                                                                                                                                          Thank you for the review kn, very much appreciated. I hastily reposted an old version of the patch. I’ll make sure the diff applies cleanly in my reply and fix up the SIGCHLD typo.

                                                                                                                                                        2. 6

                                                                                                                                                          Maybe this is how OpenBSD runs things, if that’s the culture there, that’s fine, but don’t expect it to attract very many contributors.

                                                                                                                                                          Ah but whose job is it to reply to every mail? Whose job is it to apologize if whoever had the first job failed to deliver? What is this sentient entity called OpenBSD that supposedly runs things? Does it have the power to appoint an individual for such a role?

                                                                                                                                                          1. -2

                                                                                                                                                            What is this sentient entity called OpenBSD that supposedly runs things?

                                                                                                                                                            It’s called the OpenBSD Foundation. You can read about it on its website. This year, it has about half a million to spend on answering your other questions.

                                                                                                                                                            1. 8

                                                                                                                                                              You gotta be joking. They provide funding for the project. They don’t run the project.

                                                                                                                                                              1. 0

                                                                                                                                                                I assumed that in order to provide funding for a project you need to decide what to fund and what not to fund, and that sort of decision-making is called “running the project”, but I guess I was mistaken, my bad.

                                                                                                                                                                1. 7

                                                                                                                                                                  I just decided to fund you as my personal assistant. Your salary is $20 a month, you work 24/7, aren’t you so glad that I run you now? Hand over the keys to your house by the way, because with this decision, I run it…

                                                                                                                                                                  Actually the OpenBSD Foundation isn’t the OpenBSD Project. The OpenBSD Foundation doesn’t own OpenBSD, and there are things it cannot do because it does not own OpenBSD. It can’t hand out commit bits, it can’t change the website, it can’t turn people into mailing list admins.. it does not run OpenBSD. If someone or something really “runs” OpenBSD, I’d say it’s Theo… and no, Theo doesn’t run the Foundation. The Foundation doesn’t run Theo either. The Foundation doesn’t decide what Theo or the individual developers (volunteers mainly!) of the project do, though they can choose to support whatever it is by providing funding.

                                                                                                                                                                  1. -1

                                                                                                                                                                    What is this sentient entity called OpenBSD that supposedly runs things?

                                                                                                                                                                    If someone or something really “runs” OpenBSD, I’d say it’s Theo

                                                                                                                                                                    1. 5

                                                                                                                                                                      Which leads to the follow up question.. you want him to force the volunteers to reply to every mail and apologize for every mail that wasn’t responded to? Or you want him to employ people for that purpose? Out of his own pocket?

                                                                                                                                                                      Sorry, I just don’t see the issue of some messages directed at a volunteer-driven software group going unresponded to because the volunteers happened to be volunteering their time for something else at the time (or whatever the reason).

                                                                                                                                                                      If people are so entitled to responses, I no longer wonder why some people get burned out on OSS development. I wouldn’t, at least not for that reason, because I have no trouble ignoring issues I don’t have time for. It is my own time.

                                                                                                                                                                      IMHO kn is right, there is nothing to apologize for.

                                                                                                                                                                      1. 0

                                                                                                                                                                        I’ve seen small businesses provide better support to their users and developers on far less budget than OpenBSD has.

                                                                                                                                                                        For the past 5 or so years they’ve received hundreds of thousands of dollars each year, and each year they had a surplus averaging ~$100k that they didn’t seem to use for anything.

                                                                                                                                                                        Are you telling me they can’t afford to pay someone to say, “we’re looking into this”, or “we’re sorry the patch didn’t compile”, or even setup an automated patch submission system? Because if you are, according to their public finances page, that would be a lie.

                                                                                                                                                                        1. 3

                                                                                                                                                                          The OpenBSD Project isn’t a business. I think you’re just trolling here and it’s dumb.

                                                                                                                                                                          1. -1

                                                                                                                                                                            I’m not trolling, and I’m done with this conversation because it’s clear it’s going nowhere fast.

                                                                                                                                                                            EDIT: and to be clear, from the OSS projects I’ve seen — even those that do not have a half-million dollar budget and a foundation — still somehow manage to reply to developers who’ve put in the time and effort into submitting a pull request. They also have pull requests. And automated build systems. And aren’t stuck in 1990 with their version control system.

                                                                                                                                                                            1. 6

                                                                                                                                                                              You are generalizing from one example and you don’t know our comunity well enough to judge it.

                                                                                                                                                                              During almost 10 years now I have committed many patches from other contributors and never had my own patches go ignored, which is why I stuck around in OpenBSD in the first place.

                                                                                                                                                                              1. 0

                                                                                                                                                                                You are generalizing from one example and you don’t know our comunity well enough to judge it.

                                                                                                                                                                                And how do you know how well I know the OpenBSD community? You have no clue.

                                                                                                                                                                                Over on Mastodon I pointed out that OpenBSD “perpetuates false and negative stereotypes that security people don’t care about usability, or that security must come at a cost of usability”.

                                                                                                                                                                                That’s a fact. And then OpenBSD developer @mulander jumped in to call me a troll, and on top of it, demand that I work for free to submit patches to the project. So I pointed out to him how the OpenBSD community treats those who work for free and submit patches.

                                                                                                                                                                                I’ve observed this project for many years, and I think it gets a bit too much hype on Lobsters lately for delivering a terrible user experience. Sure, there are lots of things to praise about it, but I don’t see anyone criticizing it for its glaringly obvious faults, so the end result is a community that is delusional, and a harmful role model.

                                                                                                                                                                                1. 4

                                                                                                                                                                                  Link the thread so people can judge by themselves.

                                                                                                                                                                                  Also link yourself trying to spin the thing around on Mastodon and on twitter.

                                                                                                                                                                                  1. 0

                                                                                                                                                                                    I did, see my reply below from before your comment. But sure I should have linked it here as well.

                                                                                                                                                                                  2. 1

                                                                                                                                                                                    Your opinions are not facts. I don’t think the “community” is what’s delusional here.

                                                                                                                                                                                    1. -1

                                                                                                                                                                                      It’s not an opinion, it’s a fact, and one OpenBSD fanbois don’t dispute.

                                                                                                                                                                                2. 1

                                                                                                                                                                                  Great. I hope you feel better now that you’ve got this all out of your system.

                                                                                                                                                          2. 4

                                                                                                                                                            There is nothing to apologize for. It is a volunteer project. Developers are people who live lives, not borg drones assimilating other people’s patches.

                                                                                                                                                            1. 4

                                                                                                                                                              All of your comments in this thread of inappropriate. They are inappropriate regardless of whether other folk’s comments are or are not appropriate and regardless of whether they do or do not contain true statements.

                                                                                                                                                              Please drop the issue, do not bring it back up, and do not engage in this style of discussion again on lobste.rs.

                                                                                                                                                          3. 3

                                                                                                                                                            What stsp said, but also, can you link us to the thread?

                                                                                                                                                              1. 2

                                                                                                                                                                I just get

                                                                                                                                                                I expected an e-mail address, but none was defined.

                                                                                                                                                                1. 2

                                                                                                                                                                  Sorry I’m not entirely sure what the best way is to post a link to a thread on the OpenBSD listserv. If you log in you should be able to see the thread.

                                                                                                                                                                  EDIT: use this http://openbsd-archive.7691.n7.nabble.com/lib-libfuse-Handle-signals-that-get-sent-to-any-thread-tp352472p353099.html

                                                                                                                                                                  1. 2

                                                                                                                                                                    marc.info works pretty well. I’d say it’s the preferred interface for most people.

                                                                                                                                                                    1. 1

                                                                                                                                                                      thanks for the pointer

                                                                                                                                                            1. 2

                                                                                                                                                              Not a contributor, but I figure it might help to point out what patch you sent.

                                                                                                                                                            1. 4

                                                                                                                                                              Telegram and WhatsApp for people I know in person (and Telegram channels/bots/messages-to-self/etc), Matrix (self-hosted Synapse instance) as a glorified IRC bouncer. (Actually there are some Matrix-native channels too.)

                                                                                                                                                              Fractal as the desktop Matrix client, Riot on Android.

                                                                                                                                                              1. 1

                                                                                                                                                                What are your thoughts on using Matrix for personal/family?

                                                                                                                                                                1. 2

                                                                                                                                                                  Not OP, but I tried this some year ago. The UX-issues related to E2E made it impossible. They should make E2E non-optional, that should give enough momentum to fix it properly.

                                                                                                                                                                  I’ve also tried and abandoned XMPP, Wire, Whatsapp, Signal and probably some others. We used IRC for quite a long time, but the modern messengers steamrolled over it.

                                                                                                                                                                  I compromised to Telegram. I know they don’t E2E, but I trust them enough for now. If something happens to break that, I’ll probably try to move everyone to XMPP or Matrix (if it’s usable by then).

                                                                                                                                                                  1. 2

                                                                                                                                                                    I use Matrix with my partner, but the e2e user experience is really disappointing at the moment.

                                                                                                                                                                    I found multiple device support in Signal annoying also.

                                                                                                                                                                    1. 1

                                                                                                                                                                      Don’t want to put all eggs in one basket, don’t want them to deal with reliability issues of a 0.x product (and even more, the reliability issues of me hosting my own server :D)…

                                                                                                                                                                  1. 6

                                                                                                                                                                    When it first was posted to HN I was incredibly disappointed. There is no cryptography, user accounts are completely controlled by the server owner, there isn’t an easy way to have accounts on multiple servers, discoverability on a single person server is near impossible, etc.

                                                                                                                                                                    After looking past it’s faults though, it probably is the first modern federated network to become popular. That’s an achievement. The UI/UX is good enough for people to actually want to use it. There is even enough diversity (in terms of interests) for lots of interesting conversations and people outside the tech world.

                                                                                                                                                                    It also probably kicked off the creation of other decentralized services based on activitypub (like PeerTube). There was even an active effort to bring ActivityPub to Lobsters for a while.

                                                                                                                                                                    Very excited for the next two years of Mastodon.

                                                                                                                                                                    1. 8

                                                                                                                                                                      There is no cryptography

                                                                                                                                                                      Where would you be expecting cryptography? I’m not the kind of person who advocates for cryptography, for it’s own sake, so I’d be curious to see where you think it’s missing. To validate identities? To protect data (but then again, nearly everything is public)?

                                                                                                                                                                      user accounts are completely controlled by the server owner, there isn’t an easy way to have accounts on multiple servers

                                                                                                                                                                      Well there is account redirection and profile metadata. Both can be used to create a ad hoc system for multiple accounts. Again, what would you (or anyone else, especially critics) be imagining this could or should look like?

                                                                                                                                                                      discoverability on a single person server is near impossible, etc.

                                                                                                                                                                      This is true, maybe an external service (or protocol) could be set up for this, to help people find others. Until then this is a good starting point.

                                                                                                                                                                      1. 3

                                                                                                                                                                        Where would you be expecting cryptography?

                                                                                                                                                                        I was imagining every user with a public/private key so that…

                                                                                                                                                                        • public posts are signed
                                                                                                                                                                        • DMs are encrypted
                                                                                                                                                                        • key could easily move from instance to instance and be cryptographically proven to be the same

                                                                                                                                                                        Again, what would you (or anyone else, especially critics) be imagining this could or should look like?

                                                                                                                                                                        Just a specific piece of machine readable metadata that says “I am also x, y, z.” Does this already exist?

                                                                                                                                                                        Until then this is a good starting point.

                                                                                                                                                                        Thanks for that! Found some interesting users.

                                                                                                                                                                        1. 3

                                                                                                                                                                          Just a specific piece of machine readable metadata that says “I am also x, y, z.” Does this already exist?

                                                                                                                                                                          Apparently it does! Just checked on my https://mastodon.social/@isagalaev, the links to my web site and flickr on the right have rel="me".

                                                                                                                                                                          1. 1

                                                                                                                                                                            Neat, could’ve sworn that wasn’t there before.

                                                                                                                                                                            1. 1

                                                                                                                                                                              It’s a very new feature!

                                                                                                                                                                              1. 1

                                                                                                                                                                                Well, the original post is pretty much about how much Mastodon changed over the 2 year period. :-)

                                                                                                                                                                            2. 3

                                                                                                                                                                              Actually every user has a public/private key and all public posts are signed.

                                                                                                                                                                              Check this out, a random user:

                                                                                                                                                                              $ curl -H"Accept:application/activity+json" https://apoil.org/users/nasa | jq
                                                                                                                                                                              {
                                                                                                                                                                               ...
                                                                                                                                                                                "publicKey": {
                                                                                                                                                                                  "id": "https://apoil.org/users/nasa#main-key",
                                                                                                                                                                                  "owner": "https://apoil.org/users/nasa",
                                                                                                                                                                                  "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/oA+ovirWaOy84/ulTs\nyagWc9ktVQXo6qFxVdryz2zLN2WCtk82GnfiQKQZ3bk9kN8WArRUBfFF6Rx038SU\nFfB950DVr8MBnCOeE6uy/48pU5ER2UY0Sz3lPDBgLWrjQRL+e3cg05cO+aY3J+l8\nOrzme9wVqn48e4DG1AnJnbIdNb9i5QKQa/q1LaaAyGUwS8T/jIGecRZowT4I874k\nikVwpWbOIg+P2zoi40HqPj+DJlCSs3hh3P/zK7p4Vn8fDcqQkUO82zkRU4sSphOi\ndcAFJ2M2bxEpDghxv0MQMjY+WTrEepLT+YJFBbxFJYdCrbHzYErOkYfvJReMmkb4\n4wIDAQAB\n-----END PUBLIC KEY-----\n"
                                                                                                                                                                                },
                                                                                                                                                                                "endpoints": {
                                                                                                                                                                                  "sharedInbox": "https://apoil.org/inbox"
                                                                                                                                                                                }
                                                                                                                                                                              }
                                                                                                                                                                              

                                                                                                                                                                              And the notes are signed using Linked Data Signatures. (I personally don’t like LD signatures for various reasons but that’s another matter).

                                                                                                                                                                              The keys in a normal user’s case are of course completely handled by the server, but they don’t have to be. I’ve built a prototype ActivityPub client/servers where clients held the private keys themselves and it worked very fine.

                                                                                                                                                                              As for end-to-end security see for example this ticket which is about adding OpenPGP. There is also a ticket about persistent identifiers (public keys etc.) but sadly I can’t find it now.

                                                                                                                                                                              1. 1

                                                                                                                                                                                I was imagining every user with a public/private key so that…

                                                                                                                                                                                • public posts are signed
                                                                                                                                                                                • DMs are encrypted
                                                                                                                                                                                • key could easily move from instance to instance and be cryptographically proven to be the same

                                                                                                                                                                                What would be interesting, if I wouldn’t use mastodon in my web browser – I just wouldn’t trust it. As an optional extension that could be worth while talking about, but I have the feeling that it would have to be done on a lower level (ActivityPub), rather than just on one implementation.

                                                                                                                                                                                1. 1

                                                                                                                                                                                  Encrypted DMs would be neat.

                                                                                                                                                                                  I’ve been using Matrix/Riot as a e2e encrypted instant messenger, but so far I’ve been disappointed with the user experience. If Mastodon added e2e DMs in real time, i’d happily give that a shot as a replacement.

                                                                                                                                                                                  1. 1

                                                                                                                                                                                    Matrix is a whole ’nother can of worms. Client support is okay now (we have native desktop clients), but the server is still incredibly slow.

                                                                                                                                                                                    There are a few efforts at alternative servers, but none are usable yet. Hopefully they will be usable soon enough.

                                                                                                                                                                                    1. 1

                                                                                                                                                                                      I agree with your points, but I was specifically talking about e2e.

                                                                                                                                                                                2. 1

                                                                                                                                                                                  Well there is account redirection and profile metadata. Both can be used to create a ad hoc system for multiple >accounts. Again, what would you (or anyone else, especially critics) be imagining this could or should look like?

                                                                                                                                                                                  The dumb thing that happens on reddit a lot is some subreddit mod’s account gets hacked and then they can vandalise anything. Account redirection can be controlled by the owner, as well as profile metadata.

                                                                                                                                                                                  Basically the mastadon model isn’t very good at handling the fact that trust in a host can change over time. We all have that old gmail account we can’t quite shut down but wish we could just move somewhere else.

                                                                                                                                                                                  There’s a potential model here where user accounts themselves could be controlled at an individual level, and the accounts could then connect to a network (but the primary account info is still hosted by you). So instead of saying that your identity is “somemastadon.instance/username” you say it’s “myown.website/mastadon”, and in “somemastadon.instance” it knows to poll you for information/put you in the proverbial phone book.

                                                                                                                                                                                  This is quite complicated but could also be left to power users, with most people just opting to have their account be hosted on the instance. Meanwhile the nerds can have fun and host their timeline themselves without having to have a full blown instance to run.

                                                                                                                                                                                  1. 1

                                                                                                                                                                                    There’s an open issue on mastodon ( https://github.com/tootsuite/mastodon/issues/2668 ) and plume ( https://github.com/Plume-org/Plume/issues/94 ) to let you point a domain at an existing instance and have it host your toots.

                                                                                                                                                                                    Would that do what you are looking for?

                                                                                                                                                                                    1. 2

                                                                                                                                                                                      Yep, that sounds right!

                                                                                                                                                                                      Some of those threads seem to cover the trickiness around identity but, ironically, e-mail providers have gotten most of this pretty right over the years.

                                                                                                                                                                                      EDIT: actually, I think there is another model of this, a bit more interesting, where I actually host my own data and the larger network is simply mirroring my data. That way I don’t have to rely on them to be holding onto all my data in the case I decide to leave. This is a bit more tricky, granted, but it’s a model that would be more durable to trust-breaking scenarios

                                                                                                                                                                                      I think the one thing that mastodon would need to get right is around usernames. My username should be rtpg@myown.domain, even if it’s being hosted on mastadon.social. There might be a lot of trickiness involved in making sure other instances respect that mechanism (ultimately allowing for host redirection)

                                                                                                                                                                                3. 4

                                                                                                                                                                                  I run my own instance. It’s not trivial, although it’s not too challenging since Mastodon releases an official docker container (you have to run the same container three times, one of web, one for streaming and one for sidekiq/jobs). Here’s what I wrote to maintain everything:

                                                                                                                                                                                  https://github.com/sumdog/bee2/

                                                                                                                                                                                  I generally like Mastodon, although I’m glad I run my own instance. With all the crazy drama that happens on some of these instances, I’m glad I’m in total control of my own data (although this leads to its own problems, like people not running security upgrades).

                                                                                                                                                                                  Any other crustaceans on a Mastodon instance? Post your user Ids and I’ll follow you: @djsumdog@hitchhiker.social.

                                                                                                                                                                                  1. 2

                                                                                                                                                                                    Any other crustaceans on a Mastodon instance?

                                                                                                                                                                                    There was a thread asking that question a while back: https://lobste.rs/s/7qazoc/crustaceans_mastodon_where_are_you

                                                                                                                                                                                    Post your user Ids and I’ll follow you: @djsumdog@hitchhiker.social.

                                                                                                                                                                                    I’m on zge@icosahedron.website. There’s a little issue that lobste.rs’ markdown interprets this as an email address by default, so you should probably use a markdown link to make it easier for people to open your profile. Maybe something could be done to make it easier to post ActivityPub addresses, but they’re rather easy to mistake for email addresses.

                                                                                                                                                                                    1. 1

                                                                                                                                                                                      ayeee lol issa me!

                                                                                                                                                                                    2. 1

                                                                                                                                                                                      I mean, there’s cryptography in the sense of HTTP Signatures. What kind of use of cryptography (or rather did you expect some kind of PSK stuff going on) did you expect?

                                                                                                                                                                                      It’s amazing how far it’s gotten so far - excited to see how far it can go.

                                                                                                                                                                                      1. 2

                                                                                                                                                                                        Yup, I expected something like this - even if it were to be opt-in.

                                                                                                                                                                                    1. 1

                                                                                                                                                                                      Is there an ebook for sale (not rent) somewhere? I imagine if there was one it’d be really expensive given that it costs $49.80 to rent for 12 months.

                                                                                                                                                                                      My heart always sinks when I see a super expensive computer science book.

                                                                                                                                                                                      1. 12

                                                                                                                                                                                        The PDF is free. See the left column on the MIT page where it says “Open Access Title”, or alternatively download it here.

                                                                                                                                                                                        1. 1

                                                                                                                                                                                          Ah ha! Thanks. I was hoping for an E-book, but I can do PDF :)

                                                                                                                                                                                      1. 4
                                                                                                                                                                                        1. 4

                                                                                                                                                                                          Congratulations on the funding!

                                                                                                                                                                                          1. 1

                                                                                                                                                                                            Thank you much!

                                                                                                                                                                                          2. 1

                                                                                                                                                                                            Can it be used with GnuPG? Cheers

                                                                                                                                                                                            1. 2

                                                                                                                                                                                              We’re working on it, it’s currently the top feature request. We’ll have an easy way to upgrade firmware, so you can enable support for gpg/ssh/etc. as soon as they’re ready.

                                                                                                                                                                                              (edit) P.S: this could be an interesting stretch goal

                                                                                                                                                                                              1. 1

                                                                                                                                                                                                Cool. And can you tell us a little about the manufacturing process? Where will the hardware be assembled? In light of the supermicro story, how are you ensuring that you can trust your manufacturer?

                                                                                                                                                                                                Thanks

                                                                                                                                                                                                1. 1

                                                                                                                                                                                                  The ST processor is fabricated in Europe. The PCBs are assembled in China. The programming and testing is done in the US.

                                                                                                                                                                                          1. 2

                                                                                                                                                                                            Make sure you configure your R/W NFS server correctly!

                                                                                                                                                                                            1. 3

                                                                                                                                                                                              Brilliant! I’ve wanted to know how to do this for some time!

                                                                                                                                                                                              It’d be great if we could get these drivers on the default install media. Any Debian developers around?

                                                                                                                                                                                              1. 2

                                                                                                                                                                                                I recently found that IPv6 HTTP traffic was unable to flow to my OpenBSD bytemark VPS (on a /56 netmask) unless I allow ICMP6 through the packet filter.

                                                                                                                                                                                                Perhaps someone knows why that might be?

                                                                                                                                                                                                FWIW, the bytemark docs are here: https://docs.bytemark.co.uk/article/finding-your-ipv6-address/

                                                                                                                                                                                                1. 5

                                                                                                                                                                                                  And just as I posted this, I received an email from Bytemark saying that they’d updated their docs in light of my support request. The docs now say:

                                                                                                                                                                                                  The role of ICMP has changed a little for IPv6. If your firewall has a default policy of deny then you may struggle to get traffic to or from your server without allowing traffic for certain ICMPv6 types. Types 1 – destination unreachable, 2 – Packet too big, 3 – Time exceeded and 4 – Parameter problem, for reporting errors to other devices. Types 128 – echo request, 129 – echo reply, for testing connectivity. Types 133 – Router Solicitation, 134 – Router Advertisement, 135 – Neighbor Solicitation, 136 – Neighbor Advertisement, for neighbour discovery. More information can be found at Wikipedia.

                                                                                                                                                                                                  So if you are having routing/visibility problems with IPv6, then ICMP might be your problem!

                                                                                                                                                                                                  Good show Bytemark.

                                                                                                                                                                                                  1. 2
                                                                                                                                                                                                  2. 5

                                                                                                                                                                                                    ICMP6 takes the role of ARP (neighbor discovery). If you block it, you’ve just removed the ability for any other v6 nodes on the local network from being able to see you.

                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                      I’ve done some experimenting with determining the maximum MTU in IPv6 for an UDP application and if your host doesn’t process ICMPv6 Packet Too Big messages you’ll never be able to learn how to reach the other side in cases where your packets are too big (since v6 routers don’t fragment). These packets are effectively black holed.