1. 9

    I really don’t want to spend my free time tracking down how the latest kernel pulls in additional functionality from systemd that promptly breaks stuff that hasn’t changed in a decade, or how needing an openssl update ends up in a cascading infinitely expanding vortex of doom that desperately wants to be the first software-defined black hole and demonstrates this by requiring all the packages on my system to be upgraded to versions that haven’t been tested with my application.

    I find it impossible to continue reading after this. Nobody is forced to run Gentoo or Arch Linux on a production server, or whatever the hipster distribution of the day is. There are CentOS and Debian when some years of stability are required. More than any of the BSDs offer.

    1. 3

      Well, the rest also mentions apt-hell with debian and package upgrading.

      Can you elaborate on the last sentence?

      1. 9

        Well, the rest also mentions apt-hell with debian and package upgrading.

        I read that section now… it seems to imply you are forced to update Debian every year to the latest version otherwise you don’t get security updates. Does the author even know Debian? apt-hell? Details are missing. I’m sure you can get into all kinds of trouble when you fiddle with (non official) repositories and/or try to mix&match packages from different releases. To attempt this in production is kinda silly. Nobody does that, I hope :-P

        Can you elaborate on the last sentence?

        I’m not aware of any BSD offering 10 year (security) support for a released version, I’m sure OpenBSD does not, for good reason, mind you. It is not fair to claim updates need to be installed “all the time” as the poster implies and will result in destroying your system or ending up in “apt-hell”. Also, I’m sure BSD updates can go wrong occasionally as well!

        I’m happy the author is not maintaining my servers on whatever OS…

        1. 18

          I read that section now… it seems to imply you are forced to update Debian every year to the latest version otherwise you don’t get security updates.

          We have many thousands of Debian hosts, and the cadence of reimaging older ones as they EOL is painful but IMO, necessary. We just about wrapped up getting rid of Squeeze, some Wheezy hosts still run some critical shit. Jessie’s EOL is coming soon and that one is going to hurt and require all hands on deck.

          Maybe CVEs still get patched on Wheezy, but I think the pain of upgrading will come sooner or later (if not for security updates, then for performance, stability, features, etc.).

          As an ops team it’s better to tackle upgrades head on, than to one day realize how fucked you are, and you’re forced to upgrade but you’ve never had practice at it, and then you’re supremely fucked.

          And, yes, every time I discover that systemd is doing a new weird thing, like overwriting pam/limit.d with it’s own notion of limits, I get a bit of acid reflux, but it’s par for the course now, apparently.

          1. 2

            This is a great comment! Thanks for a real-world story about Debian ops!

            1. 4

              I have more stories if you’re interested.

              1. 2

                yes please. I think it’s extremely interesting to compare with other folks’ experiences.

                1. 6

                  So, here’s one that I’m primarily guilty for.

                  I wasn’t used to working at a Debian shop, and the existing tooling when I joined was written as Debian packages. That means that to deploy anything (a Go binary e.g. Prometheus, a Python Flask REST server), you’d need to write a Debian package for it, with all the goodness of pbuilder, debhelper, etc.

                  Now, I didn’t like that - and, I won’t pretend that I was instrumental in getting rid of it, but I preferred to deploy things quicker, without needing to learn the ins and outs of Debian packaging. In fact, the worst manifestation of my hubris is in an open source project, where I actually prefer to create an RPM, and then use alien to convert it to a deb, than to natively package a .deb file (https://github.com/sevagh/goat/blob/master/Dockerfile.build#L27) - that’s how much I’ve maneuvered to avoid learning Debian packaging.

                  After writing lots of Ansible deployment scripts for code, binaries, Python Flask apps with virtualenvs, etc., I’ve learned the doomsday warnings of the Debian packaging diehards.

                  1. dpkg -S lets you find out what files belong to a package. Without that, there’s a lot of “hey, who does /etc/stupidshit.yml belong to?” all the time. The “fix” of putting {% managed by ansible %} on top is a start, I guess.
                  2. Debian packages clean up after themselves. You can’t undo an Ansible playbook, you need to write an inverse Playbook. Doing apt-get remove horrendous-diarrhea-thing will remove all of the diarrhea.
                  3. Doing upgrades is much easier. I’ve needed to write lots of duplicated Ansible code to do things like stat: /path/to/binary, command: /path/to/binary --version, register: binary_version, get_url: url/to/new/binary when: {{ binary_version }} < {{ desired_version}}. With a Debian package, you just fucking install it and it does the right thing.

                  The best of both worlds is to write most packages as Debian packages, and then use Ansible with the apt: module to do upgrades, etc. I think I did more harm than good by going too far down the Ansible path.

                  1.  

                    Yeah, this is exactly my experience. Creating Debian packages, correctly, is very complicated. Making RPM packages is quite easy as there’s extensive documentation on packaging software written in various languages. From PHP to Go. On Debian there is basically no documentation, except for packaging software written in C that is not more complicated than hello_world.c. And there are 20 ways of doing something, I still don’t know what the “right” way is to build packages that works similar to e.g. mock on CentOS/Fedora. Aptly seems to work somewhat, but I didn’t manage to get it working on Buster yet… and of course it still doesn’t do “scratch” builds on a clean “mock” environment. All “solutions” for Debian I found so far are extremely complicated, no idea where to start…

                    1.  

                      FreeBSD’s ports system creates packages via pkg(8) which has a really simple format. I have lots many months of my life maintaining debian packages and pkg is in most ways superior to .deb. My path to being a freebsd committer was submitting new and updated packages, the acceptance rate and help in sorting out my contributions was so much more pleasurable than the torturous process that I underwent for debian packages. Obviously everbody’s experience is different, and I’m sure there are those who have been burned by *BSD ports zealots too.

                      Anyway it’s great to see other people who also feel that 50% of sysadmin work could be alleviated by better use of packages & containers. If you’re interested in pkg, https://hackmd.io/@dch/HkwIhv6x7 is notes from a talk I gave a while back.

      2. 1

        Ive been using the same apps on Ubuntu for years. They occasionally do dumb things with the interface, package manager, etc. Not much to manage, though. Mostly seemless just using icons, search, and the package manager.

      1. 8

        Would love to see some more infos about build quality, battery life, touchpad performance, how many nits can the display deliver and so on.

        A friend bought a 2015 model (I believe) and he was not happy with the overall build quality. But I had the chance to have the newer InfinityBook model in my hands for a short moment and I have to say that it felt much better (build quality-wise).

        Glad to see more Linux-first devices. Tuxedo seems to be a smaller German manufacturer. Is this CLEVO hardware? Do they support fwupd?

        1. 3
          1. 2

            Thanks for the feedback. Since I got quite a few hardware-detail related questions, I will write a follow-up blogpost covering those. I’ve also approached the vendor to see whether there are more details that can be covered.

            1. 1

              Definitely interested in a follow up on this.

            2. 2

              A colleague of mine had a Tuxedo notebook but this thing looked rather Chinese than German. (I don’t know what version it was, though.)

            1. 3

              I’m running git+cgit on a CentOS VPS and it works great: https://www.tuxed.net/fkooman/blog/git_server_centos.html

              1. 2

                Another terrible PHP kludge from the people who’ve been bringing you PHP kludges for years

                I’m being overly negative, but this whole document reads like a justification for not making a decision and ending up with something that is still attempting to mash together a hot mess with some clean ideas - placating and attempting to artificially hold together a whole community at the expense of clarity, specificity and different groups being able to specialise into their own areas.

                If you’ve got to write something like ‘this isn’t a fork’ that many times, it’ll probably fork.

                1. 3

                  To me it reads like they want to avoid another Python 3 drama,to me that makes a lot of sense!

                  I’m being overly negative

                  Yeah, you don’t like PHP, based on an opinion formed in 2003? :)

                  The worst parts of PHP, for me as a PHP developer, are the bindings to C libraries like libxml2 and openssl. They are truly horrible and not really fixable, but that’s the same in other language because those library APIs suck.

                  It is not so difficult to use PHP’s “good parts”. It is very easy to write PHP code that runs on PHP 5.4 (2012) and still works great on 7.3 (2018) without any changes.

                  1. 2

                    I still don’t like PHP, based on an opinion last revised two months ago.

                    It sounds like you believe that people, not languages, are to blame for when people write bad code in a language. But I think that the language, too, plays a role. Language helps us shape and anchor our thoughts. When a language has bad parts, not only must those parts be avoided, but they must be avoided at every junction throughout a language where we might consider using that part, or where that part intersects our thoughts. A language with bad error handling will make every call site into a hazard zone; a language with bad parsing will make a writer second-guess every usage of punctuation.

                    Keep in mind that a PHP environment is not just its version, but also its php.ini configuration.

                    As for the original article, I agree with the grandparent poster that it seems like an attempt to not confront the worst parts of PHP’s design. The language has so many misfeatures, and its core design principles are so compromised, that we really ought to not encourage any sort of backwards-compatibility. For example, the article says:

                    There are two big, substantial schools of thought in the PHP world. The first likes PHP roughly the way it is - dynamic, with strong BC bias and emphasis on simplicity; The other, prefers a stricter language, with reduced baggage and more advanced/complex features. There’s no ‘right’ or ‘wrong’ here. Both schools of thought are valid, and have a very substantial following.

                    To quote from my revised opinion:

                    Brent lists five tenets: active core development, performance, active ecosystem development, new features, and tooling. Eevee also lists five tenets: predictability, consistency, concision, reliability, and debuggability. Brent derives value from PHP by using PHP to solve problems for clients; PHP is a tool. However, Eevee considers PHP as an expressive medium, similar to natural languages or bytestrings, and asks how we might improve our ability to understand utterances of PHP.

                    It sounds like P++ is born almost entirely from Brent’s school of thought. Neither of the identified “schools of thought in the PHP world” value Eevee’s tenets at all, aside from P++ seeing concision by seeking to remove some “baggage”. However, rather than trying to improve linguistic clarity, the P++ author seeks only to remove unused language features in order to ease development and maintenance of the PHP core toolchain. In other words, this is actually a play for Brent’s desire for active core development, new features, and tooling.

                    A cousin comment points out that this proposal is somewhat analogous to use strict; directives in other languages. In those situations, namely Perl 5 and JS, strict dialects were an attempt to cut down on hard-to-compile, hard-to-analyze, hard-to-read, complicated, or underused language features. It’s easy to interpret P++ as seeking to reach an analogous house-cleaning.

                    I’m not yet being overly negative.

                  2. 2

                    They aren’t saying so, but it basically sounds the same as use strict from JavaScript and Perl. It specifically allows a single codebase to contain both PHP and “P++” code, unlike Python 3, and as a result allows you to incrementally migrate.

                    My biggest annoyance at PHP, unfortunately, is the way arrays work. And since arrays end up being part of library APIs, it’s impossible to maintain backwards compatibility while fixing it.

                    1. 1

                      as a result allows you to incrementally migrate.

                      An incremental migration that will never be complete, so you have to drag along all that previous behaviour as well which might over time bit-rot as its usage drops to a low but non-negligible amount.

                  1. 4

                    I’m still using cgit. CGI is alive and well ;-)

                    1. 1

                      I’m missing one vital point in this article: What if the risk of your data and software leaking to a competitor through the public cloud is to high or even unacceptable? For many organisations this is still a thing.

                      1. 1

                        Isn’t that easily solved by encrypting sensitive data?

                        1. 2

                          easily

                          yeah… that’s how that works ;-)

                          1. 1

                            It will certainly not be easy, but if someone else controls the machine, encryption can’t do a thing I’m afraid.

                            1. 1

                              How is that true? If I encrypt a payload and then upload it to a cloud how is it less secure? It’s still encrypted and they don’t have the keys.

                              1. 1

                                This article wasn’t just about storage. It’s about workloads as well, which means that a VM is running and that the keys are somewhere inside the datacenter of your cloud provider.

                                1. 2

                                  Threat model, threat model, threat model!

                                  If your cloud provider is not a business competitor (or a division of your competitor :-)), why treat them as an adversary? The questions for me become:

                                  1. is my data sufficiently valuable that attackers would use a difficult, expensive, or rare attack on a public cloud environment to get at it?
                                  2. OR, do I believe the security controls I can put in place on an on-premise data center are superior to those I can employ in a public cloud?

                                  For most companies I’d be quite surprised if the truthful answer to either question is anything other than “no”.

                                  I find the government example you give unpersuasive for similar reasons: if your data is sensitive enough that state adversaries are realistically dominating your threat model, you’re using airgapped networks that are accessed through terminals in SCIFs in buildings patrolled by men and women that carry very big guns and the legal justification to use them.

                                  For most people, your data is not so valuable that a cloud provider 0day would be burnt to get to it and your employees are far worse at making reliable and secure environments than theirs - mostly because companies don’t have it as an institutional focus or competency. The math doesn’t work out to do it yourself.

                                  1. 2

                                    The thing is that it doesn’t matter what you find persuasive. If you put any unencrypted Dep.V data or data of any other level somewhere else than a government server or workstation. You’ve committed a prrsecutable offense, because the fact that the data resides elsewhere is simply unacceptable and you’ll go to jail if it ends up somewhere else because of you. In other cases (like the corporations I mentioned before) it will make sure that you are fired the moment they find out about it.

                                    The scenario they are most concerned with is not one of high tech attacks, but a bribed employee of you cloud provider by the way.

                                    What I was getting at, is that the author of the OP simply states that you should default to “yes” on using public clouds and the author completely ignored these questions.

                          2. 2

                            Data encryption probably isn’t your only requirement.

                            Here is an example of policy requirements that are typical in my industry.

                            Your company has Oracle, IBM, and Salesforce as clients.
                            Each company wants their data to be stored on premises or in their cloud service.
                            Each company also requires that their data are not stored in a competitor’s cloud service.
                            You can use three separate cloud services or servers in a data center but there isn’t a silver bullet.

                            1. 2

                              Having multiple niche cloud providers as clients feels like an edge case.

                              1. 2

                                It is common for large law firms to have clients that compete with or are litigating against each other.

                                Here are a few examples for firms with a Seattle office.

                                1. 1

                                  It really isn’t. Many big organisations (for example: large corporations, government agencies or even governments themselves) have requirements on where and how the data can be stored.

                                  Take the Dutch government for example: There are four security levels for information, from lowest to highest: Dep.V, Stg.C, Stg.G, Stg.ZG. The only level of which you are allowed to use encryption is Dep.V. The other higher levels are considered to critical to be left up to even AES-256. That information stay internal on their own servers and is never taken out of the workplace and that also rules out the use of any third party cloud provider.

                                  Basically: They assume that encryption is broken and not strong enough for everything other than Dep.V… And storing Dep.V information unencrypted or storing something of higher security classifications somewhere else than protected government servers, is considered high-treason.

                                  Ironically, many organisations (BlackRock, Citadel, Inmarsat, etc.) have even stricter security requirements than the regime I’ve just described above.

                          1. 6

                            How is it that Internet pages are allowed to access private network addresses? There’s a proposal to prevent this, or at least require user permission, but does anyone know why it’s not already implemented?

                            https://wicg.github.io/cors-rfc1918/

                            As far as my imagination can figure, the only reason for doing that is to circumvent something…

                            1. 7

                              There are cases where it’s required. I personally think it should be something that prompts the browser to open a permissions modal just like with notifications, web cam access, etc. That would make the end user aware of what is going on and give them the chance to allow because it’s expected or deny if else.

                              1. 2

                                There’s the OAuth use case if you want a “native app” to obtain an access_token on behalf of the user: https://tools.ietf.org/html/rfc8252#section-7.3

                                edit: on macOS and Windows you can’t do this any other way as applications can’t use “Claimed “https” Scheme URI Redirection” or “Private-Use URI Scheme Redirection” (without publishing them in the app stores).

                              1. 9

                                There is already this url: https://premium.firefox.com/

                                1. 2

                                  Well this is confusing.

                                  It looks like the VPN service for Mozilla will be a white label of ProtonVPN at the same cost.

                                  1. 1

                                    Not working for me :(

                                    1. 1

                                      Define “not working”?

                                      1. 1

                                        That page doesn’t mention anything about premium.

                                        1. 3

                                          But the url is exitst. as a official subdomain of firefox.com, which is everything @jxy said.

                                          1. 1

                                            oh 😅

                                        2. 1

                                          redirects to the homepage

                                        3. 1

                                          What? 25 hours ago, when I visit that subdomain, I got an advert for a Firefox branded VPN service. I still do. Are they serving different content in different regions? Not that there’s anything wrong with that.

                                          What do you all see at this URL? https://www.mozilla.org/en-US/about/legal/terms/vpn/

                                      1. 1

                                        I can’t seem to find out if “Strict” also blocks fingerprinting and cryptocurrency miners and all third party cookies?

                                        1. 2

                                          There’s explanations of the content blocking options linked from the article: https://support.mozilla.org/en-US/kb/content-blocking

                                          Standard: Blocks known trackers in private windows and third-party tracking cookies. This is the default setting. To restore to defaults at anytime, select Standard.

                                          Strict: Blocks trackers in all windows and third-party tracking cookies.

                                          Custom: Lets you choose what to block. You can also turn off all content blocking using the Custom radio button.

                                          “Cryptominers” (ugh, they need to change that name) is under Custom.

                                          1. 4

                                            But it seems “Strict” does not block everything that can be blocked when choosing “Custom”. This is confusing! I’d expect “Strict” to block everything possible and be as strict as possible…

                                            1. 2

                                              Perhaps along with renaming “Cryptominers” to the more correct “Cryptocurrency miners” they can rename the options to “Loose”, “No trackers”, and make “Strict” do what one would expect!

                                        1. 2

                                          I agree with the author. Overall the iOS devices are better in terms of user experience and they “just work”.

                                          But each and every time I get one of those devices handed to me, I get the feeling that I cannot do whatever I want to do with them. For example: I cannot put an mp3-file onto that phone so I can use my own music collection, without jumping through numerous hoops. I cannot seem to find an easy way to connect to a shell server, and I also cannot edit something as simple as a txt file in a proper way.

                                          I’ve been using android for quite some time, until I also got totally fed up by the fact that the phones have terrible battery life and tend to break immediately when they are dropped.

                                          That lead me to conclude that smartphones essentially are expensive “throwaway devices”. Once I came to this conclusion it was clear to me that the entire mobile ecosystem is basically a fad, made specifically for selling us expensive subpar gadgets that need to be replaced within 3 years. This also means that the entire ecosystem can disappear within just a couple of years.

                                          I figured that the money I would have spend on a smartphone, would be better allocated if I just simply got an unlimited monthly subscription plan, a new xl-battery for my decade old 10” netbook and a dumb-phone with wifi and bluetooth tethering features and an mp3-player feature that could play files from a MicroSD card.

                                          1. 2

                                            I cannot put an mp3-file onto that phone so I can use my own music collection, without jumping through numerous hoops.

                                            Yeah. The easiest way I found so far is to install VLC on the iPhone and connect it to your laptop. Nautilus in GNOME shows the IPhone as a ‘storage’ device with a VLC folder where you can drag videos and music.

                                            1. 1

                                              But then the file would only be available to VLC right?

                                              That’s still hardly a solution if you want to have that file available in other apps as well. This is a feature I would expect from anything that is a $/€300+ computer that thinks it’s a phone. The aforementioned netbook cost me about €250 a decade ago, therefore it certainly is a feature that I would expect from any iOS device.

                                              1. 1

                                                I get your perspective, but “Want to have that file available in other apps” is kind of a content-free argument that (imo) lessens an otherwise strong point. Why do you want this? Which other apps? Are you, say, an audio engineer and you’re editing tracks on the go, so you want it to show up in your audio editing app?

                                                In practice for my ios use, it’s been a mild hassle but not a huge one. Breaking inter-app sandboxing would be pretty convenient for a few things, even if it does open up new classes of attack (eg save a maliciously-formatted file where another app will read it).

                                                1. 1

                                                  It’s not about why, but it’s about what I expect from a $600 phone.

                                                  If I buy a $600 phone, I expect that I will at least be able to do some basic file operations, document reading, annotation and editing and processing of some basic file formats. Examples include downloading a config file, editing it and uploading it to a remote server again or the simple requirement that an MP3 should be playable by multiple apps and should be usable as a ringtone, while it is stored only once on a device that is short on memory.

                                                  Basically, I expect it to replace my laptop or pc for nearly all my day-to-day tasks except for writing a formal letter maybe. But as it stands, I cannot even browse, or write something on most of the internet in a proper way on a smartphone.

                                                  iOS fails at this, while android delivers with way cheaper devices. But even the lower prices of android devices do not nullify the fact that even then, functionality wise, I cannot replace a €250 10” netbook with a $600 phone or tablet. As long as this is the case, to me, these devices are just mere toys that will not be functional anymore 3 to 5 years from now, while a decade old netbook, a Sony PRS-T1 e-reader, and a feature phone, will still function. There is a myriad of other toys I can buy for $600.

                                                  That’s not to say that I am blind to the benefits smartphones and tablets provide. I’ve had a couple of those over the years, I see their upsides for use as devices to streamline all kinds of processes and I think that navigation on those devices is their true killer feature, but in the end, it just doesn’t add enough value to my life to justify that $600 purchase, while in the meantime, they give me that creepy feeling of continuously being watched, disrupted and interrupted.

                                                  1. 1

                                                    But even the lower prices of android devices do not nullify the fact that even then, functionality wise, I cannot replace a €250 10” netbook with a $600 phone or tablet.

                                                    Why on earth would you buy a $600 phone or tablet when €200 buys you a perfectly usable device [1] with an octocore Snapdragon 636 @1.8 GHz, 4GB of internal memory (which is more than your €250 netbook has) and 64GB of internal storage (again most likely more than the netbook had when you bought it), a ~6” wide HD display (smaller but higher resolution than the netbook) with touch functionality (netbook: no such thing), a missing keyboard (yes, here the netbook definitely wins so go buy an external keyboard already), 4G (not in the netbook), wifi (faster than in the netbook) and the freedom to install your own version of Android (netbook wins as it runs plain Linux I assume but Android does get things done, mostly) plus the usual load of cameras and sensors which the netbook lacks.

                                                    Why do people spend so much on mobile devices? Is it a lack of knowledge, some form of peer pressure or just affluence signalling?

                                                    [1] https://en.wikipedia.org/wiki/Redmi_Note_5 - many other devices exist in this category, this is only an example I happen to have experience with

                                                    1. 1

                                                      Yet it would still not provide me with all the functionality that my old netbook provides me with. It’s about the ability to run the software that enables me to do things. Not the features of the hardware.

                                            2. 1

                                              I can’t really argue on the point of mobile devices being fragile, the ever-bigger touch screens in combination with the scratch-but-not-crash-resistant glass lenses being the main cause of this. Some phones are more fragile than others but all of them have a hard time resisting that stone which happened to be the first thing meeting them on their way down from your hands or pocket.

                                              On the subject of battery time I do have to differ though. I currently use two devices, a Xiaomi Redmi Note 5 and a Motorola Defy+. The Xiaomi lasts around a week on a full charge, the (8 years old) Motorola used to last about 5 days but now has gone down to 2 - with an 8 years old battery, playing audio all day (listening to netcasts and lectures while working on the farm etc.). Both devices cost me around €170 new, both run Google-free AOSP-derivatives. They connect to my own server for syncing whatever I deem in need of such, no need for any external ‘services’. Playing that mp3 or editing that file is no problem (apart from the horrid typing experience on a touchscreen that is - I could use an external keyboard (wired or wirelsss, both work, a mouse works as well for those who prefer those over touchscreens).

                                            1. 9

                                              While reading this all I thought about was Bullshit Jobs. Great example :-)

                                              1. 2
                                              1. 5

                                                I like PHP. It is very mature, well understood, and easy to deploy. One of the things I like a lot is that is is possible to write PHP code that works on PHP 5.4 (CentOS) up to PHP 7.3 with minimal difficulty. Add a few polyfills for the old version and you are good to go, e.g. libsodium works on PHP 5.4.

                                                Even on old systems you can get decent performance with PHP, e.g. on CentOS 7 with some tweaks. Using the tools mentioned, especially the static code analysis tools, it is possible to write high quality software.

                                                An additional benefit is that most webshit hipster are located elsewhere, so you can just focus and get stuff done :)

                                                1. 25

                                                  “We let you down and what happened might have shaken your confidence in us a bit, but we hope that you’ll give us a chance to earn it back.”

                                                  Just wanted to emphasize this. Your feedback was heard. Using the Study system to deploy the fix caused some discomfort. All data collected due to people grudgingly signing up for the system will be deleted.

                                                  (Technical Note: We did not measure your grudge! Data for those signing up non-grudgingly will be removed just as well :))

                                                  1. 9

                                                    Why wasn’t the direct link to the XPI with the fix shared by Mozilla?

                                                    1. 6

                                                      I, for my part, will keep on using Firefox. It takes a lot of work to set it up to respect your privacy, though, and I’d love to see maybe a privacy-by-default-profile you can set by choice instead of having to fiddle a lot with user.js and so forth.

                                                      But apart from that, in my opinion the 1000-percenters should really consider if it really helps to erode the frontier just because of a single mistake. Firefox is a great browser and I’m glad to use it.

                                                      1. 4

                                                        I, for my part, will keep on using Firefox

                                                        Me too. But to be fair, there are not really many options left on Linux/BSD if you don’t want to use Google’s browsers. You can either go retro or use questionable (security-wise) forks of WebKit/Blink.

                                                        1. 2

                                                          Well, https://webkitgtk.org/ is security supported.

                                                            1. 5

                                                              You are right about stretch, but this is about to change in buster. To quote https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#browser-security,

                                                              The webkit2gtk source package is covered by security support.

                                                              1. 1

                                                                Oh, that’s great news, looking forward to it. Thanks.

                                                        2. 1

                                                          I’ll add they can make a profile that does everything except change the search engine. That lets them leave on their revenue stream by default. Anyone worried about privacy then just has one step to do. Just a tad shady but way better than current situation.

                                                      1. 3

                                                        This about sums it up: https://wiki.debian.org/AndroidTools

                                                        There does not seem to be a way for the Debian volunteers to keep up with properly packaging the Android SDK, not to mention NDK or however they are called now. That’s a clear enough sign to stay away from Android development if you want to remain sane.

                                                        1. 3

                                                          It would definitely be more helpful for user privacy to enable uBlock Origin by default instead of this…

                                                          1. 2

                                                            Is there anything worth paying special attention to for this release, or should it be a smooth upgrade?

                                                            1. 4

                                                              Excellent post! I’ve used IndieAuth to authenticate using PGP previously (through OpenID delegation) but unfortunately not many sites support it. Once I put my profile URL in a Wordpress blog comment and was surprised they did ask me to use OpenID to authenticate my post (cool!).

                                                              If there’s enough interest, I might clean both scripts up a bit so you can plop them in a Netlify site and have IndieAuth.

                                                              I’d gladly see the code either cleaned up or as-is (I usually get the idea and re-implement it myself anyway).

                                                              1. 4

                                                                I once (4 years ago it seems) built indiecert.net (now domain squatted) an IndieAuth.com compatible server using X.509 client certificates: https://www.tuxed.net/fkooman/blog/indiecert.html but the lack of adoption (of IndieAuth in general) made me lose interest in it…

                                                                1. 2

                                                                  That was my main provider before it folded.

                                                                  1. 1

                                                                    I used it! Was surprised/annoyed when it stopped working :( It’s even mentioned in the readme to my CA management tool

                                                                  2. 2

                                                                    Thank you! I posted the code on the page as-is, you’ll just have to tune out the atrocity that is the error handling code.

                                                                    1. 2

                                                                      No worries, all code is ugly first before it’s refined. I actually did rewrite parts of people’s code here on Lobsters, even got scolded for that :)

                                                                  1. 14

                                                                    This is a good thing, right? DRM is bad, so a browser that can’t include it is better than one that does. I think there’s a certain irony in complaining that you aren’t free to make an unfree browser.

                                                                    1. 7

                                                                      This isn’t quite true. Firefox, for instance, sandboxes widevine out of the host system. Although it’s shitty that DRM is now standard, there are ways to avoid it becoming a mess.

                                                                      As the web continues to be so focused on video, this requirement will continue to be more and more pervasively fighting against peoples’ ability to make a free browser.

                                                                      This is standard now, so even a free browser requires it.

                                                                      1. 16

                                                                        This is standard now, so even a free browser requires it.

                                                                        Yes. Unfortunately. Because we have DRM/EME, the Dutch Public TV organization, NPO, thought it was acceptable to turn on DRM for all their content. Because the technology is there, they decided to use it. Had Firefox not supported EME/DRM it would have been easier to argue against them enabling it, or they may even have decided not to do that… Now that ship has sailed I afraid and people using “obscure” platforms or plain don’t want to enable the DRM plugin in their browser are just out of luck… This really sucks.

                                                                        1. 6

                                                                          Some context: NPO/Uitzending gemist has been trying to hide/“poor man DRM” their content for years. I maintained a NPO download script for years and they’ve been using they’ve been using some JavaScript-fu for as long as I recall. It was always trivial to circumvent.

                                                                          It’s also been against their ToS for as long as I know, although I’ve always felt their ToS were against Dutch law, since it states that public television should be available to as much of the population as possible according to the mediawet.

                                                                          Fun fact: trying to use the old (obfuscated but non-DRM) method will result in downloading a clip from the Office Space film.

                                                                          Also find it somewhat funny that people are saying “DRM doesn’t work” here, while others are complaining they can no longer download stuff :-)

                                                                          1. 1

                                                                            Fun fact: trying to use the old (obfuscated but non-DRM) method will result in downloading a clip from the Office Space film.

                                                                            I wonder if they got copyright clearance to distribute that clip …

                                                                          2. 5

                                                                            I did some more digging, and it seems to be against the law

                                                                            Artikel 2.1

                                                                            1 Er is een publieke mediaopdracht die bestaat uit:

                                                                            a. het op landelijk, regionaal en lokaal niveau verzorgen van publieke mediadiensten door het aanbieden van media-aanbod dat tot doel heeft een breed en divers publiek te voorzien van informatie, cultuur en educatie, via alle beschikbare aanbodkanalen;

                                                                            b. het verzorgen van publieke mediadiensten waarvan het media-aanbod bestemd is voor Nederlanders die buiten de landsgrenzen verblijven; en

                                                                            [..]

                                                                            2 Publieke mediadiensten zijn in overeenstemming met publieke waarden, waarbij zij voorzien in democratische, sociale en culturele behoeften van de Nederlandse samenleving. Zij verzorgen daartoe media-aanbod dat:

                                                                            [..]

                                                                            f. voor iedereen toegankelijk is.

                                                                            Summary for non-Dutch: the law governing the public broadcast system states it should be “accessible for everyone” and states that “public media services should be available for citizens outside of the Dutch borders”. So for me, a Dutch citizen residing in New Zealand, I have no option to use cable, and no option to use the website unless I stick to a limited set of Google-prescribed platforms, which is a rather narrow definition of “everyone”.

                                                                            Unfortunately, the petition misses this point.

                                                                            I think the only way to reverse this is either to find a sympathetic MP to ask questions (kamervragen stellen), or take legal action.

                                                                            1. 2

                                                                              Firefox pushed hard to argue against DRM and it didn’t work out. The implication here that Firefox had an option isn’t really fair.

                                                                              Edit: Wait…. How did we end up talking about some random news agency?

                                                                              1. 2

                                                                                Edit: Wait…. How did we end up talking about some random news agency?

                                                                                It’s not a random news agency, it’s the Dutch public television (i.e. Dutch BBC). They’ve made their broadcasting available online for many years (like BBC iPlayer); first using Windows Media Player plugins, then Silverlight, then HTML5, and now HTML5+EME DRM.

                                                                                fkooman’s argument is that now DRM is widely available, people will start using it because “why not?” The pre-HTML5 versions were obscure/annoying, but not DRM protected, so you could still download it for platforms that didn’t support DRM.

                                                                                Especially for public broadcast systems this is rather objectionable, since it’s not easily available through other means (e.g. DVDs). In my opinion, it’s even against the Dutch law (see other comment).

                                                                                1. 1

                                                                                  tbh I don’t have a problem with DRM aside from the fact that it requires closed source software. If someone is using it because “why not?”, it’s most likely due to bigger issues in their decision making.

                                                                                  Maybe they just want to be the distributor for their own content? This is probably not a popular opinion, but I think that is a right that a lot of people should have the choice to make.

                                                                                  1. 2

                                                                                    I suspect the chief motivation is that they want to display ads, which aren’t “baked in” but added with a different system (like YouTube).

                                                                                    My general attitude towards DRM is fairly relaxed, especially for streaming content (see my other comments on this page), but in this case it’s a bit different as it’s public television with critical content that is not easily available elsewhere, such as political debates for example. This is why the Dutch law explicitly states that the broadcasts “should be accessible for everyone”.

                                                                                    1. 1

                                                                                      I guarantee you that nobody cares even the slightest bit whether you copy and share someone’s ads. That’s only free marketing. Ads are absolutely not going to necessitate DRM.

                                                                                      It’s more likely that they moved to a new video service that does DRM by default.

                                                                                      1. 1

                                                                                        No, the problems is you don’t get to see the ads, as they’re not part of the video itself but a separate played beforehand (like YouTube does).

                                                                                        1. 1

                                                                                          Ah. Well, lucky you then I’d you get the videos and not their ads. :)

                                                                                          A lot of video providers that ads are distributed on video providers that do DRM. I still feel like we’re neck deep in a tangent here, though. 🤷🏻‍♀️

                                                                              2. 1

                                                                                FWIW, the same happened at their southern neighbors. vrtnu requires it as well.

                                                                            2. 4

                                                                              But is DRM worse than restricting people’s choice of browser and operating system?

                                                                              The fact of life is that DRM is required for most mainstream content services. I agree this is not a good thing, but I also don’t think it’s going away any time soon. Dealing with it in the best possible way is (e.g. a truly open standard) is better than not dealing with it.

                                                                              1. 5

                                                                                But is DRM worse than restricting people’s choice of browser and operating system?

                                                                                yes, it is. it is a random binary blob doing unknown things.

                                                                                The fact of life is that DRM is required for most mainstream content services. I agree this is not a good thing, but I also don’t think it’s going away any time soon. Dealing with it in the best possible way is (e.g. a truly open standard) is better than not dealing with it.

                                                                                DRM doesn’t even work, it never did. it has no value other than comforting decision makers and lawyers who have no idea about how technology works.

                                                                                1. 15

                                                                                  DRM doesn’t even work

                                                                                  It does. I have no idea how to save a video from Netflix. Perhaps it can be done, but it doesn’t seem trivial (like regular HTML5 in browser, or using youtube-dl). This is like saying your front door “doesn’t work” because it can be lock-picked, or the window can be thrown in. Just because it’s not 100% fool-proof doesn’t mean it “doesn’t work”.

                                                                                  I think this kind of inflexible position is exactly why we’re stuck to the whims of Google now.

                                                                                  it is a random binary blob doing unknown things.

                                                                                  I’m sorry, but almost no one cares. Proof: popularity of Windows, macOS, a number of binary Linux applications (Spotify, Steam, etc.) And it’s not a kernel module, so can be isolated reasonably easily (Firefox already does this, I believe).

                                                                                  And if you don’t want to use it: no problem, your choice. But please don’t take away my option to make a different choice.

                                                                                  1. 4

                                                                                    just like almost no one cares about any browser other than chrome. wanting a nonfree alternative browser is just as niche as wanting a free alternative browser. more so, in fact.

                                                                                    1. 7

                                                                                      We could have said the same thing about Internet Explorer not too long ago, yet here we are.

                                                                                      In any case, it’s not a comparable situation at all. The problem with Widevine is that new browsers will have an extra catch-22 hurdle to pass. To be considered by the Widevine/Google gatekeepers they must achieve some popularity, but to achieve this popularity they must work well with all major sites – including DRM-protected ones.

                                                                                      So if I have a whizbang new idea for a browser – like the Metastream thing from the OP – then I must first convince my major competitor to allow me to enter the market. This is, crudely put, all sorts of fucked up.

                                                                                      1. 2

                                                                                        your argument in favor of binary blobs was that “almost nobody cares.” if you think that argument applies to the free software question, why doesn’t it apply to the DRM for all question?

                                                                                        if google was nice and let you integrate their malware into your application, we still have a situation where developing a maximally compatible browser requires running a competitor’s code which could be doing god knows what. i don’t claim that people care about it, but i feel it’s more intolerable than restricted distribution of digital restrictions.

                                                                                        1. 3

                                                                                          I am not in “favour” of binary blobs in browsers; I said that it’s better to at least have the option, rather than not having it, which was in reply to tedu’s comment that “a browser that can’t include it is better than one that does”.

                                                                                          developing a maximally compatible browser requires running a competitor’s code which could be doing god knows what. i feel that this is more intolerable.

                                                                                          As I understand it, Widevine is implemented as a decryption module for the EME standard. I don’t think that can do “god knows what” since at a glance it seems to have a clear API and, as mentioned before, Firefox already sandboxes this code. Not all binary blobs are the same.

                                                                                          1. 2

                                                                                            in principle developers would have marginally more freedom for the time being if DRM were easier to include. but in practice, enabling the use of DRM enables more money to flow to companies that have a stake in DRM, and accelerates the process of closing down the web. resisting this requires that we draw a line in the sand and create our own alternatives that do not depend on the consent of our enemies.

                                                                                            1. 2

                                                                                              I don’t share your “enemies”. This also shows the problem with the entire DRM debate, because you end up in a “we must radically change the way society works”-kind of debates real fast. This is not a battleground for massive social change as far as I’m concerned; I just want to use Netflix on my OpenBSD laptop.

                                                                                              1. 2

                                                                                                There is a hint right there: You can’t use Netflix on your OpenBSD laptop right now, and it is unlikely you will ever be able to. To use Netflix on your OpenBSD laptop, society needs to radically change. Or, OpenBSD people can implement (resurrect?) Linux system call emulation and you can run emulated Linux binary.

                                                                                                1. 2

                                                                                                  Or we can just change the tech so it can run on all platforms. There are a few concerns, but it’s all doable if we’d try.

                                                                                                  What is Google, Widevine, w3c, or any other party interested in making a DRM system that works well to do with comments like yours? “lol”, shrug, and ignore. Unfortunately far too much “community feedback” consist of non-constructive and off-topic noise like yours.

                                                                                                  I wonder what would have happened if we had fought for an as open DRM system as possible, instead of just an inflexible and unrealistic “#NeverDRM (and oh btw, down with capitalism)” attitude. I think we’d have a system that would be a whole lot better than what we have now.

                                                                                                  1. 1

                                                                                                    Or we can just change the tech so it can run on all platforms. There are a few concerns, but it’s all doable if we’d try.

                                                                                                    I am very interested in your concrete proposal for this, because it seems to me it’s not very doable, or, even if doable not clearly superior to Linux system call emulation on OpenBSD.

                                                                                                    1. 1

                                                                                                      An open source solution would be ideal. I realize that open source DRM is tricky as allowing modification of the code allows you to do, well, anything that DRM is supposed to stop you from doing. One possible solution to that might be to create a system that verifies that the binary was compiled from the unmodified source. I’m not sure if something like this exist already; anti-cheating systems for games are probably something to start investigating for this.

                                                                                                      Another possibility would be a “mostly open” solution with a platform-independent closed part. The current EME is kind of already that, except without the platform-independent part.

                                                                                                      Like I said, there are a few concerns, and it’s not something we can just pick up from the shelf today. But I’m reasonably confident it’s possible.

                                                                                                2. 0

                                                                                                  so all you care about is using openbsd? would it bother you if your facebook and reddit and twitter started depending on DRM? your email? online vendors? banking website?

                                                                                                  1. 7

                                                                                                    We are not talking about DRM on Facebook, banking, or email. This is a pretty disingenuous “argument”.

                                                                                                    I believe I have stated my position clear enough, but to summarize: like it or not, copyright holders want DRM for streaming media. I have little hope in changing that any time soon, and they will add it one way or the other. I am merely concerned in making sure this DRM is done well so it’s available on a wide range of browsers, operating systems, and other platforms, so maximize consumers freedom in choosing their platform of choice, instead of being locked to a limited set of software.

                                                                                                    This is not an endorsement of DRM. It’s just accepting that you can’t always have your way, and that it’s usually best to work within the confines of what’s achievable.

                                                                                                    If you want to convince people that we don’t need DRM: go for it. But in the meanwhile, let’s use some DRM that doesn’t completely suck.

                                                                                                    1. 0

                                                                                                      how do you propose we control the scope of DRM in a browser? if we’re fine with DRM for some aspects of the web, where do we draw the line so that we as users won’t accept a browser with DRM for other things? if you’re not okay with DRM for uses other than streaming video or music, you will eventually have to argue against the idea of “let’s just get this working on OpenBSD so I can at least check my bank account”

                                                                                                      or do you not think this issue will arise? surveillance companies will stop pushing for more control over our computing?

                                                                                                      1. 1

                                                                                                        Can you use Widevine to “DRM your bank”? No. So it’s already “scoped”. What would “DRM for banks” even look like?

                                                                                                        This entire preposition is unrelated to what we’re discussing and hypothetical. Show me someone actually making a case for “DRM for banks” and we can continue. Until that time, I will dismiss that argument as a non-argument.

                                                                                                        If that’s really the best argument you can make then you have only re-affirmed my thinking that DRM for streaming content is, at least in principle, not all that bad.

                                                                                                        1. 1

                                                                                                          it is in the interest of companies to have fuller control over how we interact with them, including being able to show us ads and measure our response. if you don’t want to consider the possibility that a company would pursue its interest, so be it.

                                                                                                          if i thought the consolidation of capital and the closing of the digital systems we use would stop on its own accord, i would not be concerned about this either.

                                                                                      2. 5

                                                                                        I have no idea how to save a video from Netflix

                                                                                        That’s irrelevant. Enough people do know how to do that that their stuff is all over the torrent sites. A bunch of potential customers now go there. For the onss that went there anyway nothing changed. So DRM doesn’t achieve anything, except make it more annoying for paying customers and excluding some other customers.

                                                                                        1. 2

                                                                                          DRM does achieve the result that you have to use BitTorrent to save a video. This is inconvenient enough to motivate DRM pushers to push it. “DRM doesn’t achieve anything” is wrong.

                                                                                          1. 1

                                                                                            Having to pay actual money is arguably less convenient than using BitTorrent :)

                                                                                            1. 4

                                                                                              Depends on how much money you have. The ones with zero disposable income were never going to be Netflix’s customers anyway.

                                                                                            2. 1

                                                                                              DRM does achieve the result that you have to use BitTorrent to save a video. Without DRM those that wanted to view the content without being subscribed go to torrent sites as well.

                                                                                              Even if my neighbour, Joe Random, could easily record a Netflix film from his account, I wouldn’t inconvenience him to copy a whole series of episodes he wasn’t interested in. I would just go to a torrent site. ‘Personal’ ‘direct’ sharing also doesn’t scale. [1]

                                                                                              This is inconvenient enough to motivate DRM pushers to push it.

                                                                                              That may be what DRM pushers argue, and perhaps actually believe, but per the previous point it is actually false.

                                                                                              [1] This is hypothetical: I’m actually a paying Netflix customer

                                                                                              1. 1

                                                                                                Don’t move the goalpost. You claimed DRM doesn’t achieve anything. I gave an example of what DRM achieves. You backtrack and claim DRM doesn’t really achieve what DRM pushers want, which is a different statement.

                                                                                                1. 1

                                                                                                  What?! You’re the one moving goalposts by making it about what DRM pushers claim it achieves, what they would like to achieve, instead of what it actually achieves. It doesn’t achieve what the DRM pushers want, because it achieves nothing.

                                                                                                  It’s really very simple: if DRM achieved something, there would be less pirating, less unauthorized sharing. There isn’t less pirating or less unauthorized sharing due to DRM. Pirated content is as easily accessible and as widely available as it was five years ago.

                                                                                                  There’s vastly less pirating and unauthorized sharing for one simple reason: the affordability and convenience of Spotify, Netflix and other streaming services.

                                                                                            3. 1

                                                                                              Copyright holders will respond to that by saying that torrent sites are illegal, and that something should be done about that, and they are doing something about it, with varying degrees of success. Also see my comment from last week regarding torrent sites.

                                                                                              DRM doesn’t achieve anything, except make it more annoying for paying customers

                                                                                              I think that for a lot of people DRM for streaming media doesn’t affect them all that much (it’s a bit different for purchased media).

                                                                                              1. 1

                                                                                                I view that response by content providers as burying their heads in the sand. Torrent sites will still be here a decade from now.

                                                                                                I think that for a lot of people DRM for streaming media doesn’t affect them all that much

                                                                                                When it works flawlessly that is true. When it sometimes prevents them from using the service due to location, device or some other detail…

                                                                                            4. 3

                                                                                              As an aside you can simply take a capture card, hook it to the output of your video, record. It’s borderline trivial to bypass the whole point of DRM. A digital watermark would be more effective at accomplishing the goals and aims you set out to achieve.

                                                                                              1. 3

                                                                                                simply take a capture card, hook it to the output of your video, record

                                                                                                None of this is simple; it requires specialised equipment, knowledge, time.

                                                                                                “I can ‘simply’ throw a brick through your window and steal your laptop. It’s borderline trivial to bypass the whole point of your front door.”

                                                                                                A digital watermark would be more effective at accomplishing the goals and aims you set out to achieve.

                                                                                                They’re not my goals; they’re the content holders’ goals. I’m just trying to be pragmatical and make sucky things suck a bit less, rather than refuse to any cooperation because it sucks (which, thus far, has been spectacularly ineffective, and probably counter-productive).

                                                                                                As for watermark, sure I guess? But I’m not the one you need to convince.

                                                                                                1. 2

                                                                                                  Actually it’s uh extremely simple, you can get an external capture card and it’s basically plug in and press record. A VCR recorder by this definition is also “special equipment”. If you tried to act on the analogy of throwing a brick through a window you might understand what the differences are, and why a watermark might actually help you achieve your content holder’s goals. If you threw a brick through my window, my security system would go off, my neighbors might call the cops, I might be armed and waiting. If you record a video there won’t be any security system, or neighbors, or firearms. There’s nothing you the content holder can do short of a panopticon surveillance state to prevent me from recording the video. Instead you should focus on the thing you can better control which is the sharing of recorded video.

                                                                                                  1. 2

                                                                                                    err, HDCP is supposed to prevent any random capture card from recording DRM’d video. Devices that can break HDCP are a bit more “special” than regular capture cards.

                                                                                                    1. 2

                                                                                                      I mean sure I guess but any analog output can be recorded anyway so it’s somewhat moot. HDCP has been cracked since 2012 as well, so it’s mostly just “Security through obscurity”. I think it’s reasonable to infer through the repeated failure both economically and technologically that it’s a big sham to trick shareholders.

                                                                                                      1. 1

                                                                                                        analog output

                                                                                                        DRM players won’t output high quality video to your analog output. Low resolution versions of videos are usually not protected by DRM anyway. (I think Netflix does <=720p without DRM?)

                                                                                                      2. 1

                                                                                                        there are some rather cheap devices now to capture HDMI signals >720p, non shady reference: https://lars.ingebrigtsen.no/2019/02/14/adventures-in-netflix/

                                                                                                2. 1

                                                                                                  No one cares until it becomes a national security issue and then everyone cares.

                                                                                                  1. -1

                                                                                                    It does. I have no idea how to save a video from Netflix. Perhaps it can be done, but it doesn’t seem trivial (like regular HTML5 in browser, or using youtube-dl). This is like saying your front door “doesn’t work” because it can be lock-picked, or the window can be thrown in. Just because it’s not 100% fool-proof doesn’t mean it “doesn’t work”.

                                                                                                    Confusion wrote it good, DRM is useless as soon as a single user can circumvent it.

                                                                                                    DRM and the lock on my front door have the same purpose: keeping lawyers / insurance companies happy. someone who wants to steal my property will just knock in a window. if my door was locked the insurance pays. DRM is more a peace of conscience thing for decision makers.

                                                                                                    I’m sorry, but almost no one cares. Proof: popularity of Windows, macOS, a number of binary Linux applications (Spotify, Steam, etc.) And it’s not a kernel module, so can be isolated reasonably easily (Firefox already does this, I believe).

                                                                                                    ah, the good old “no one cares”. “no one cares” is the blight of our culture. but hey, as long as one can netflix and chill..

                                                                                                    And if you don’t want to use it: no problem, your choice. But please don’t take away my option to make a different choice.

                                                                                                    i’m not sure who takes anything from you, but google and drm?

                                                                                                  2. 5

                                                                                                    DRM totally works. Saying DRM doesn’t work is like saying security hardening doesn’t work. It’s all about increasing cost.

                                                                                                    1. 3

                                                                                                      DRM totally works, but I don’t think it works in the way it’s presented. It’s completely ineffectual at stopping copyright violation, but it opens up new revenue streams to selling patented technologies, signed keys and other DRM implementing technology to vendors of playback devices.

                                                                                                      1. 2

                                                                                                        If something costs more that the revenue it nets you I think it’s safe to say it doesn’t work. If you want to know why the content provider purposely takes a loss here it’s to pull wool over the eyes of the shareholders. DRM doesn’t work, it’s a genuine risk to national security, and possibly more importantly it puts pain on the honest consumer and none on those who are breaking the law. DRM can’t meaningfully work as long as someone still needs to record new content, because those recording tools can simply record existing content.

                                                                                                        1. 2

                                                                                                          Something can be unprofitable and working. As a technology, DRM totally works. Whether DRM is net gain or net loss to content providers is a separate question with unclear answers.

                                                                                                          1. 1

                                                                                                            DRM can be defeated trivially with a capture card 100% of the time as I stated in a previous comment. Any technology that relies on projecting a sensory experience is completely unprotected from technologies that record sensory experience. If I can perceive it, I can use a device that records it. There actually have been many impartial studies that have evidenced pretty firmly that it is a net loss to content providers, however I’m at work and I really can’t afford to enumerate them right now. If someone is feeling particularly generous maybe they’ll link some here. One of the studies I can grab offhand suggests that DRM actually increases the rate of infringement due to the undue pain it puts on legitimate consumers.

                                                                                                            http://static.arstechnica.net/2011/10/11/mksc.1110.0668-1.pdf

                                                                                                            1. 3

                                                                                                              Something can be defeated and working. ASLR comes to mind.

                                                                                                    2. 1

                                                                                                      Practically speaking, Widevine team does need to draw the line somewhere. It does sound reasonable to me that Widevine should support FreeBSD, but what about Haiku? If supporting FreeBSD and not supporting Haiku is okay, how is that different from supporting Linux and not supporting FreeBSD?

                                                                                                      1. 11

                                                                                                        Ideally the Widevine team shouldn’t have to draw any lines; the technology should be built in such a way that FreeBSD and Haiku can make their own ports/implementations, as can browser vendors.

                                                                                                  1. 1

                                                                                                    PHP requires that application is initialized from scratch for each request, so this can really decrease response latency. But this is also a problem for JIT: how generated code and tracing information is preserved between requests? Usually it starts from blank state, source files are re-read for each request, each function and class definitions re-create functions and classes. How will it change with adding JIT?

                                                                                                    1. 2

                                                                                                      source files are re-read for each request

                                                                                                      With an opcode cache like APC, you try to only re-read and re-parse the source files when they change (when their mtimes change, I presume).

                                                                                                      IME, if you turn on APC’s opcode cache, turn off debug mode and change absolutely nothing else, WordPress on running on Apache/mod_php used to become perceptibly quicker. (Note I haven’t checked this in at least 4 years.)

                                                                                                      1. 1

                                                                                                        Apache/mod_php is dog slow. I hope nobody is using this anymore… Better use Apache MPM event + PHP-FPM, that is quite acceptable! :)

                                                                                                        1. 1

                                                                                                          MPM event wasn’t officially considered stable yet back when I did this. FPM wasn’t in the distro repos ;). The Wordpress site was not the slow part of the whole product anyway. We had a much slower website alongside it, which the WP site was effectively a giant landing page for. Also I had Varnish in front of the WP site so it went fine.

                                                                                                        2. 1

                                                                                                          As I remember, using these caches (there was plenty of them) always wasn’t easy and standardized, and now documentation for APC says:

                                                                                                          This extension is considered unmaintained and dead. However, the source code for this extension is still available within PECL GIT here: https://git.php.net/?p=pecl/caching/apc.git.

                                                                                                          Alternatives to this extension are OPcache, APCu, Windows Cache for PHP and the Session Upload Progress API.

                                                                                                          Adding JIT will probably require intermediate code/native code cache that really works out of the box. Working bytecode cache also was the main selling point of commercial Zend Platform/Zend Accelerator (renamed several times), and if mainline PHP will have cache out of the box, it may reduce its sales.

                                                                                                          1. 1

                                                                                                            I remember APC only taking about an hour or so to set up, most of which was reading docs.

                                                                                                            Fwiw this was somewhere around 4 to 6 years ago on a one off job. Never touched it since.

                                                                                                        3. 1

                                                                                                          JIT will increase the bootstrap time for the first request so this may reduce response latency. May as in, it will also speed up long-running processes. As the author says you’ll probably see no performance gains from JIT for web applications.

                                                                                                          1. 1

                                                                                                            But PHP’s current execution model does not have long-running processes. Only interpreter/compiler may be preserved as long-running process, but application starts and terminates with each request. Almost like in CGI.

                                                                                                        1. 4

                                                                                                          I’m still sad it requires JS, would be much nicer if the browsers handled it directly, with e.g. a special form/input type and have the JS stuff be optional. I’m not really interested in implementing this in my service, although TOTP is less secure (phishing), it is much simpler.

                                                                                                          1. 4

                                                                                                            We had a “special input type” for keys with the <keygen> element. It turns out web developers still want to style the input to be consistent with the rest of the page. Additionally WebAuth is a challenge/response mechanism where a challenge to be signed can be fetched from your server, then it is signed where a concrete algorithm to be used is selected from a list of alternatives. Then you’ve got waiting for user gesture. Optionally you can store the credentials on WebAuth token… and a lot more edge cases.

                                                                                                            Of course one could design it as a “kitchen-sink” HTML element with multiple attributes and a mini-language to describe how the user agent would react to all that but it would be ugly and complex. On the other hand they provided a clean API that can made decisions at runtime about the authentication process.

                                                                                                            1. 3

                                                                                                              Additionally WebAuth is a challenge/response mechanism

                                                                                                              Well, so is <keygen>. The browser would generate a private key, sign a challenge and send it back to the server:

                                                                                                              and a lot more edge cases.

                                                                                                              My point, why are there edge cases?

                                                                                                              but it would be ugly and complex.

                                                                                                              Well, that depends on who you ask I guess. A HTML element with 2 or 3 attributes doesn’t sound so bad to me! I’m not saying there shouldn’t be the option to style stuff using CSS (or maybe JS), but it could be made optional. Having to handle the crypto stuff youself in JS? Recipe to shoot yourself in the foot.

                                                                                                              they provided a clean API

                                                                                                              Well…

                                                                                                              Seems to me like yet another “designed by committee” standard where simplicity was not an explicit design goal.

                                                                                                              1. 1

                                                                                                                My point, why are there edge cases?

                                                                                                                The standard documents them.

                                                                                                                A HTML element with 2 or 3 attributes doesn’t sound so bad to me!

                                                                                                                2 or 3? That’d be a lot of data if all supported features would be compressed in them.

                                                                                                                https://www.imperialviolet.org/2018/03/27/webauthn.html

                                                                                                                Nice description, thanks!

                                                                                                                https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet

                                                                                                                Quotes from that post:

                                                                                                                Since this blog post was referenced in a ZDNet article about WebAuthn and ECDAA, it’s made the rounds on social media and some people have been exaggerating its contents. (…) If you were already doing so, you should still use WebAuthn.

                                                                                                                End of quotes.

                                                                                                                Seems to me like yet another “designed by committee” standard where simplicity was not an explicit design goal.

                                                                                                                You said it yourself “that depends on who you ask”. Look from the perspective of companies that rolled that standard: it’s designed to be seamlessly used in browsers by regular users, not people that are happy re-typing digits from their phone. Regular people are not even aware that the secure element protects their credentials and they can’t be easily phished. On the other hand TOTP in hands of non strongly technical users still can be stolen by phishers (as it doesn’t incorporate the domain into the protocol) and thus can give them false sense of security.

                                                                                                                Google reports that since they started using security keys none of their employees were phished.

                                                                                                                1. 2

                                                                                                                  I’m not arguing against the usefulness of a (hardware) security token that is easy to use for end-users, I agree with you there! I’m arguing against, in my opinion, the (way too) complicated specification and implementation requirements of a protocol to implement 2FA and prevent phishing. Start from the use case and come up with the simplest, yet secure, way to accomplish that, no knobs!

                                                                                                                  1. 1

                                                                                                                    Start from the use case and come up with the simplest, yet secure, way to accomplish that, no knobs!

                                                                                                                    Yep. I think it would be useful to bring this matter on fido-dev mailing list especially if you have ideas how to achieve something simple yet secure. I’m sure the working group would be interested!

                                                                                                                    1. 1

                                                                                                                      I’m sure the working group would be interested!

                                                                                                                      Yeah, from reading the resources I linked to above, I’m sure that will work out when even crypto experts are ignored! ;)

                                                                                                            2. 3

                                                                                                              I agree. We have a strict rule that no JS be allowed on our login page(s), and our security headers tell browsers to enforce it. We just don’t trust JS enough.

                                                                                                              We now have to weigh the benefits of webauthn with the benefits of not running JS on our login pages. Plus trusting people to get webauthn JS correct? I suspect there will be loads and loads of horribly broken JS abusing the webauthn API. (having never seen the API, I have no idea how easy it is to misuse) but if I know anything about JS developers, they are very good at finding them.