1. 27

    Sometimes I like to think that I know how computers work, and then I read something written by someone who actually does and I’m humbled most completely.

    1. 11

      A lot of this complexity seems down to the way Windows works, though. As a Linux user, the amount of somewhat confusing/crufty stuff going on in a typical Windows install boggles the mind; it’s almost as bad as Emacs.

      1. 11

        I guess to me it doesn’t feel like there’s much Windows specific complexity here, just a generally complex issue; a bug in v8’s sandboxed runtime and how it interacts with low-level OS-provided virtual memory protection and specific lock contention behavior, which only expressed itself by happenstance for the OP.

        Some of this stuff just feels like irreducible complexity, though my lack of familiarity with Windowsisms (function naming style, non-fair locks, etc.) probably doesn’t help there.

        1. 5

          How does CFG work with chrome on linux?

          1. 2

            Do you mean CFI?

            CFG is MS’s Control Flow Guard, it’s a combination of compile-time instrumentation from MSVC and runtime integration with the OS. CFI on Linux (via clang/LLVM), in contrast, is entirely compile time AFAIK, with basically no runtime support.

            See:

            for more details on the differences.

            1. 2

              Yes and no. :) The linux CFI implementation doesn’t include the jit protection feature in CFG that’s implicated in the bug, so I’m not sure it’s fair to characterize this as “cruft”.

              1. 2

                The CFI implementation in llvm isn’t a “linux CFI implementation.” :)

                As OpenBSD moves towards llvm on all architectures, it can take advantage of CFI, just as HardenedBSD already does. :)

              2. 1

                llvm’s implementation of CFI does have the beginnings of a runtime support library (libclang_rt.cfi). HardenedBSD is working on integrating Cross-DSO CFI from llvm, which is what uses the support library.

            2. 4

              Linux just hasit’s own weirdnesses in other places.

              That said, memory management seems to be a source of strange behaviour regardless of OS.

            1. 3

              Holy crap, this is actually something I’ve wanted for such a long time! I can’t wait to test it out…

              1. 8

                At work, it’s review time, so I have to do that. I’m in a good position where my team is extremely good, and we’re getting loads of cool shit done, so it’s not that I have to have The Talk with any of my people; but it’s still this sort of ugly kabuki nonsense. I’m looking forward to being done with it for another six months as soon as humanly possible.

                At home, I had the baby to myself all weekend as the wife and the big girl went camping. It was amazing, but I’m very glad that everybody is home now. We’re in a really good spot with the girls; they’re 18m and 3y and are tight as thieves.

                I’ve started assembling a “new” PC out of parts I’ve had lying around, and I got it all hooked up and … bupkis. The motherboard is getting power (there are LEDs on the ethernet jack that light up) but the fans don’t start and the power switch does nothing. So I have a couple of evenings “fun” swapping parts around to try and narrow down what’s busted. At the very least, it’s not the CPU, so that’s a $1200 relief.

                I’m also playing around with NixOS on the one working computer; I stand by my declaration that this is the only sensible way to configure and maintain a computer, but I am increasingly disenchanted with the nix/nixos specific experience. I hate the language, and the tooling is pretty weak, and the documentation is not good at all. I think I should start blogging about it, so that someone coming after me will have additional documentation, but that smacks of work and I am so very tired.

                1. 4

                  I’m also playing around with NixOS on the one working computer; I stand by my declaration that this is the only sensible way to configure and maintain a computer, but I am increasingly disenchanted with the nix/nixos specific experience. I hate the language, and the tooling is pretty weak, and the documentation is not good at all. I think I should start blogging about it, so that someone coming after me will have additional documentation, but that smacks of work and I am so very tired.

                  I’ve been meaning to try GuixSD/NixOS for a while as it seems a lot more sane than the current way of doing things. Have you tried GuixSD? What are the problems you’ve found with the nix language/NixOS? To me it seems that guile lisp is better than the nix language, but I don’t know how the ecosystem compares between both systems.

                  1. 3

                    nix-the-language is just a shittier, untyped version of Haskell, with terrible, terrible documentation. The tooling is bad, but improving. I haven’t tried Guix, which I would expect to like better because scheme, but be less useful to me because of maturity and the strict approach to software freedom.

                    1. 2

                      nix-the-language is just a shittier, untyped version of Haskell, with terrible, terrible documentation. The tooling is bad, but improving.

                      As a newbie trying really hard to figure things out in NixOS, this si so damn true.

                      1. 2

                        why didn’t they just create a minimal version haskell? (instead of inventing a whole now, subpar, language)

                        1. 1

                          I don’t know. The people behind nix and NixOS are very smart, however, so I would expect them to have a good reason (Chesterton’s Fence, and all).

                      2. 2

                        This comment reminded me to submit this story, which pretty much summarized my Nix experience; while the idea of declarative OS config did seem cool at first, it quickly gave way to frustration with the obscure and under documented tooling…

                        1. 1

                          This comment reminded me to submit this story, which pretty much summarized my Nix experience; while the idea of declarative OS config did seem cool at first, it quickly gave way to frustration with the obscure and under documented tooling…

                    1. 6

                      Great article! I wonder whether the future of HTML escaping libraries will lie with something like ammonia, which actually parses the HTML before emitting a sanitized version, instead of simple text-replacement - at a certain point, I guess it becomes a better idea to just do what a browser would do in order to ensure that your sanitation worked…

                      1. 5

                        Yeah, I prefer using DOM functions for everything, including templating. With the DOM, everything gets escaped in proper context and you can do other sanity checks, like always outputting strictly well-formed stuff. A HTML document isn’t really a string and I prefer to avoid pretending it is.

                        1. 2

                          Do you have a link or example for this method?

                        2. 3

                          Related; DOMPurify, uses DOM APIs exposed to JavaScript to ensure that browser and sanitizer show the we parsing behavior.

                        1. 2

                          It’d also probably help if Tesla and other automakers designed their UIs to minimize this problem, perhaps by creating certain fixed buttons which don’t move in order to make critical functions always accessible. Better yet, they could allow the user to add their own shortcuts, if they really wanted to be fancy. As an example of behaviour that goes against this, the Tesla v8 software introduces auto-hiding for the top applications/status bar - something which clearly prioritizes aesthetics (having slightly more space for a map) over functionality.

                          1. 7

                            Sweet. There is a similar community here https://github.com/hashbang/hashbang. They provide free shell accounts and I’m told their infrastructure runs on a combination of VPSes/dedicated servers.

                            1. 6

                              I’m going to start this message the same as I am the Disroot one:

                              I’ve heard of them, and I’m pretty sure I have an account! It’s great that there are multiple communities in this space (Hashbang, Disroot, SDF, etc.), it fits perfectly into my philosophy that there should be many communities rather than single organizations serving tons of people.

                              It looks like Hashbang is pretty narrow-focused, though. They have shell, chat, and mail, whereas Asymptote’s focus is anything FLOSS that might be useful to a community, so much wider. Both philosophies have their merits, and I don’t believe that one is better than the other, but they’re certainly different.

                              1. 1

                                I haven’t heard of hashbang.

                                The ones I am familiar with are freeshell and tilde.town.

                                1. 3

                                  tilde.town is less of a free shell/hosting provider and more of a social space, though. Asymptote/Hashbang/Disroot are different things to tilde.town.

                              1. 5

                                As a programmer who does the stuff as a hobby, this struck a chord - it’s not about doing things The Right Way, it’s about enjoying it. Sure, sometimes doing things Correctly can make things more enjoyable, but, as the article says, that doesn’t imply that Correctness should rule over everything.

                                See also: this post from eev.ee.

                                1. 11

                                  Nice! For the uninitiated, what’s the difference between this project and corrode?

                                  1. 14

                                    Corrode is completely implemented in Haskell and handles a smaller set of code. This project uses Clang to handle parsing, pre-processing, and type-checking the code. It also takes advantage of Clang’s libtooling library so that we can understand all of the clang command-line flags when processing a C file. This allows us to handle a lot more code.

                                    1. 3

                                      I ran across your tweet but would have mentioned you in the post if I’d known you were a lobster! (I probably should have checked the user list first)

                                      1. 5

                                        No worries, I joined after you posted this :-)

                                        1. 1

                                          glad to see you here, glguy

                                        2. 3

                                          glguy came in to IRC asking for an invite after seeing your post.

                                        3. 2

                                          Makes sense, thanks for the reply! (In fact, I believe this is the same method that rust-bindgen uses, and, as far as I know, rust-bindgen works pretty well, so it’s a good idea…)

                                      1. 8

                                        Somehow, this reminds me of shoutboxes from back in the day.

                                        1. 1

                                          Yeah, I get those vibes. - also quite like the extremely restrained design which adds to that perception. I wish a lot of webshits could be like this one in that sense.

                                          1. 4

                                            a lot of webshits

                                            Had a bit too much n-gate today?

                                            1. 2

                                              I recently configured my RSS reader to email me n-gate on a regular basis. It’s not a good idea: help, I’m becoming too cynical…!

                                              1. 2

                                                Thanks for reminder to check it. The repealing net neutrality one w/ “executive fiat’ was great haha.

                                                1. 0

                                                  No such thing in our industry, regrettably, due to the extensive marketing and cultural issues.

                                              2. 1

                                                So it’s “IRC meets nothing else”?

                                              1. 2

                                                I’m not sure whether the situation has improved recently, but this reminds me of Stefan Esser’s presentation about the abysmal security in iOS 6-8: https://papers.put.as/papers/ios/2015/SyScan15_Stefan_Esser_-_iOS_678_Security_-_A_Study_in_Fail.pdf The proposed solution in the article should work, though - that is, if they prevent against exploits during phone boot or DFU mode…