-
How about Drip?
-
very surprising that the BSDs weren’t given heads up from the researchers. Feels like would be a list at this point of people who could rely on this kind of heads up.
-
The more information and statements that come out, the more it looks like Intel gave the details to nobody beyond Apple, Microsoft and the Linux Foundation.
Admittedly, macOS, Windows, and Linux covers almost all of the user and server space. Still a bit of a dick move; this is what CERT is for.
-
-
Right.
And it’s worse than that when looking at the bigger picture: it seems the exploits and their details were released publicly before most server farms were given any head’s up. You simply can’t reboot whole datacenters overnight, even if the patches are available and you completely skip over the vetting part. Unfortunately, Meltdown is significant enough that it might be necessary, which is just brutal; there have to be a lot of pissed ops out there, not just OS devs.
To add insult to injury, you can see Intel PR trying to spin Meltdown as some minor thing. They seem to be trying to conflate Meltdown (the most impactful Intel bug ever, well beyond f00f) with Spectre (a new category of vulnerability) so they can say that everybody else has the same problem. Even their docs say everything is working as designed, which is totally missing the point…
-
-
-
Wasn’t there a post on here not long ago about Theo breaking embargos?
-
Note that I wrote and included a suggested diff for OpenBSD already, and that at the time the tentative disclosure deadline was around the end of August. As a compromise, I allowed them to silently patch the vulnerability.
He agreed to the patch on an already extended embargo date. He may regret that but there was no embargo date actually broken.
@stsp explained that in detail here on lobste.rs.
-
-
I expect there’s some kind of risk/benefit assessment. Linux has lots of users so I suspect it would take some pretty overt embargo breaking to harm their access to this kind of information.
OpenBSD has (relatively) few users and a history of disrespect for embargoes. One might imagine that Intel et al thought that the risk to the majority of their users (not on OpenBSD) of OpenBSD leaking such a vulnerability wasn’t worth it.
-
Even if, institutionally, Linux were not being included in embargos, I imagine they’d have been included here: this was discovered by Google Project Zero, and Google has a large investment in Linux.
-
-
-
-
Actually, it looks like FreeBSD was notified last year: https://www.freebsd.org/news/newsflash.html#event20180104:01
-
By late last year you mean “late December 2017” - I’m going to guess this is much later than the other parties were notified.
macOS 10.13.2 had some related fixes to meltdown and was released on December 6th. My guess is vendors with tighter business relationships (Apple, ms) to Intel started getting info on it around October or November. Possibly earlier considering the bug was initially found by Google back in the summer.
-
Windows had a fix for it in November according to this: https://twitter.com/aionescu/status/930412525111296000
-
-
-
A sincere but hopefully not too rude question: Are there any large-scale non-hobbyist uses of the BSDs that are impacted by these bugs? The immediate concern is for situations where an attacker can run untrusted code like in an end user’s web browser or in a shared hosting service that hosts custom applications. Are any of the BSDs widely deployed like that?
Of course given application bugs these attacks could be used to escalate privileges, but that’s less of a sudden shock.
-
-
-
Presumably these don’t all have a cron job doing
cvsup; make world; rebootagainst upstream *BSD. I think I understand how the Linux kernel updates end up on customer devices but I guess I don’t know how a patch in the FreeBSD or OpenBSD kernel would make it to customers with derived products. As a (sophisticated) customer I can update the Linux kernel on my OpenWRT based wireless router but I imagine Apple doesn’t distribute the Airport Extreme firmware under a BSD license.
-
-
-
-
[Comment removed by author]
-
Linux certainly has the corporate backing(1), popular mindshare, and lots of workforce, but there is something about the general cohesive feeling of BSD systems that some people really like. I do at least!
I consider the BSDs as more “cathedral” while Linux is more “bazaar”. Linux is also a kernel with a base GNU user-space (written by other people), and now systemd, all packaged by a distro. In BSD-land the base user-space is released by the same team as the kernel. So it is different, and some people enjoy that difference.
If you were a FreeBSD user, you may also wonder why use DragonFly? As a FreeBSD user, I love that DragonFly is trying new things and focusing on cluster computing and high performance. Diversity is great!
(1): something like 90+% of contributions to the Linux kernel are apparently corporate sponsored
-
Why can’t someone just implement a Linux patch to bring that level of SMP to Linux?
Software is soft so yes, someone could do this. But it’s not like a 10 line patch, it’s a fairly large architectural change in how the kernel works. This is the cause of the DragonFlyBSD and FreeBSD split, the FreeBSD leads didn’t want to make those changes.
So it would be a lot of code to change plus the political battle to get people into it.
-
They go into detail in this whitepaper:
https://www.dragonflybsd.org/presentations/dragonflybsd.asiabsdcon04.pdf
-
-
what is my usecase for such an operating system?
I think only you can answer that. What is your usecase for Linux or the distribution you use?
Why can’t someone just implement a Linux patch to bring that level of SMP to Linux?
I think in this case it’s largely about design decisions and how hard migrating to new code is. There is just more than way to do many areas of IT. Operating Systems, a bit like programming languages differ mostly in those different design decisions, philosophies and user interface (or syntax).
Have you seen this post by Matt Dillon yet? I am sure this could be done in Linux, even in a more Linux-y way. That doesn’t mean it will be done. In the end that might not even be a bad thing, as going in different directions when developing software sometimes leads to an overall worse system, where you run into bugs, have a lot of complexity, have to make all sorts of compromises, etc.
Again comparing this to programming languages might make this more clear, since philosophies and design decision are more dominant there, even in general purpose languages, where in general purpose OSs these seem to be exceptions (OpenBSD for example has a strong emphasis on what it considers good). When it comes to programming languages you see JavaScript and Perl as two programming languages that took ideas and philosophies from pretty much everywhere else - Perl did that more outside of stdlib though thinking about Perl Moose. At the same time we see languages like Go, Python and some functional languages that try to keep certain philosophies and opinions dominant. Note that neither programming languages nor operating systems prevent doing it different however, people are still opposed.
In the Linux world this actually is a big part of why patch sets exist. They both show it can be done, and sometimes still won’t be taken into to main source repository, for various reasons, technical and philosophical - and that despite Linux likely being way more open minded about ideas that might or might not be forgotten about in just a few years.
-
-
-
Needs an RSS feed!
-
-
FYI - the bug is somewhere over 6 months old; fixed in released version. The article doesn’t mention this until the end.
-
I’m going to start investigating fixes tonight for HardenedBSD. It seems more than just portsnap and freebsd-update would be affected (anything that uses libarchive. hint: the ports extract target). So any FreeBSD box that handles tarballs obtained through (now untrusted) third parties.
On a slightly unrelated note but still worthy of a mention, downloading tarballs through HTTPS wouldn’t help, either. The problem’s not the transport layer, but the file itself. If the server hosting the content is compromised, it could serve up malicious tarballs.
I wonder if DragonFlyBSD is affected as well.
-
DragonFly doesn’t use portsnap (well, you probably can, but you’d have to add it yourself), so that immediate avenue is closed.
I don’t know if pkg checks the downloaded, unextracted file, but that would be safer, too.
If someone’s downloading a compromised file that also has the correct checksum, well… not much you can do about it on the client side at that point.
-
-
Interesting to see the project brag about the integration of GCC 5 in such a manner.
-
-
-
DragonFly has always had 2 compilers in the base system - before GCC5, it was GCC 4.4 and GCC 4.7. With this change, it’s 4.7 and 5.0. The next change will probably be GCC 5 and clang (i.e. GCC 4.7 out, clang in) . So, it wasn’t that GCC was chosen over clang, it’s more just “not yet”. Compiler work ain’t easy.
-
-
-
-
Most BSDs have moved to LLVM or retained GCC 4.2.1 over GPLv3 licensing. Nothing wrong with the compiler on a technical level, that I know of.
-
-
Is anyone else bothered by the use of the term ricing? As far as I know it is co-opting the automotive term which has racist origins.
If somebody brings up ricing and linux, I have to think of this old site making fun of gentoo users w/o a clue:
https://web.archive.org/web/20080830031318/http://funroll-loops.info/
This thread got pretty ugly. It started out good talking about the history of the term and what it means to people but has sunk into personal attacks. If someone would like to cite academic sources on the history of the term in tech or racing, go ahead, but otherwise we’ve stopped adding new information and this thread is done. Please don’t post further comments.
I’m also going to delete the comments with personal attacks. Please don’t do this. If you’re right, being mean doesn’t make you more right. Nobody has ever taken incoming vitriol and abuse are a sign that someone must really be worth listening to and seriously considering, and they’re not appropriate here.
Tagging so everyone in the thread sees this: @fimad @fs111 @voronoipotato @djsumdog @mjtorn @nebkor @brendes @btaitelb @dz @vhodges @leolambda
Sorry, I missed this because I was writing the post and went out to the food truck. honest mistake, wasn’t trying to be a butt. I got a little reactionary there, it won’t happen again.
Let’s etch that in bronze and hang that over every discussion area on the Internet, please.
Exactly.
Hmm, I didn’t know about that at all. Would be nice to have a better term. Customization seems too general.
“Tweaking” seems to capture it pretty well.
I considered that, but “tweaking” also means being high on stimulants, which is just common enough in the hacker community that I think it would be confusing.
Perhaps modding, but that’s already a massively overloaded term: game modding, hardware modding, etc.
I’m inclined to use “dotting”, as in “dotfile”, but also with the connotation of meticulousness (as in “dotting i’s and crossing t’s”. Its alternate definitions are pretty tame, as well.
Dotting sounds what a dotard does, but I guess that’d be “doting”.
Yeah, good point. I like “styling”.
tuning, maybe?
That looks more apropriate: https://en.wikipedia.org/wiki/Tuning
“Fine tuning a computer environment” could be your job. “Like car tuning but for software” would be the hobby.
from other communities: Hot Rodding (cars - more Chip Foose than useless spoilers on the back) and Modding (computer cases)
Given that there’s a lot of style at work, maybe “peacocking”, spiffing up”, “turning out”, something riffing on fashion.
It’s like styling, but like even more so. Stylizing?
Styling is good, yeah. “Stylize” actually means “to depict or treat in a mannered and nonrealistic style”, so I don’t think it’s really applicable here.
I had never seen it used in the Linux desktop. The term ricer may not have the same racist meanings as before but two things are common about ricers in my area:
My personal view is that, even when a word has no racist origins, if there is a specific ethnicity that it applies to, it will quickly become a racist word anyway. Luckily there are more and more white dudes who bought their first car and became a ricer 🍚
My perspective is exactly the opposite – I have never heard this term in connection to cars, just with *nix customization, especially in and around the Linux/Unix community. In over 4 years I’ve never heard anyone use it in any other context, nor was I in any sense aware that it had this other meaning. And I would suppose that most people, especially non-car enthusiasts like me would have probably never found out, nor use the term with this connotation.
All in all, it seems like a fantastic starting point for a horrible confusion…
Yes, and yes. :( . It’s unfortunate when a racist term becomes so normalized that it’s just vernacular. Then the people who want to use it xenophobically basically get to do so and nobody speaks up because it’s just a word everyone uses. The term in guns is “Tacticool”. Perhaps there’s a good word for this that is less regressive and a little more general.
It doesn’t have racist origins; or at least not in the context we used it in back when I was in various SCCA and use to race. A ricer is just someone who adds all kinds of shit to their car. Each sticker adds 2hp. The K&N air filter adds 10hp. Big cardboard wing adds 90hp. Fart can exhaust adds 30hp. That carbon fibre hood? 120hp right there.
Most ricers were white. They were just kids who didn’t know dick about cars and pretended they did. They’d fill the parking lot and hang out in their riced out Hondas while the rest of us raced. I mean if you stretch, some people might trace ricer back to the term wigger referring to white people enacting black culture.
Ricers had nothing to do with race and more to do with shitty car mods like these: https://www.reddit.com/r/Shitty_Car_Mods/
Ricer aka rice burner kinda does though because it was about japanese cars. Yes this is where the term comes from and no I’m not shitting you.
I’ll be honest terms like wigger are also regressive. I’m not telling you how to speak or trying to say this is what you meant by it. Obviously you can use a word with racist or ethnocentric origins non-racistly. Just keep in mind that not everyone who uses it is using it the way you’re using it. Also keep in mind that someone who sees you using it might think you have it out for a specific ethnicity until they get to know you a bit better.
Frankly the title evokes a “Yikes” from me but in a “Yikes they don’t even know how bad that sounds” way. Like people who know you will probably go “Oh but that’s djsumdog, he doesn’t mean it in a racist way”, but wow it is just a really bad idea to lead with a racially loaded term in your article title to the general public.
[Comment removed by author]
[Comment removed by moderator pushcx: https://lobste.rs/s/es3acm/how_i3_vim_ricing_enhance_my_developer#c_u525ta]
[Comment removed by author]
Someone can be unaware of how racist language affects thoughts and opinions without “being a racist”. Being said yea just because you heard the term from a person of the affected group does not mean it’s cool to say. Case in point if you dropped the n-word because you saw a black person doing it you’d probably get some frowns.
[Comment removed by author]
I think that’s a really good definition of a microaggression, a term that people don’t knowingly use offensively, but which has offensive origins and still conveys that offensiveness to some.
Growing up, I’d use the term jip [sic] all the time as a synonym for screwing someone over in a deal. I actually thought it was less offensive to say than to say screw. Then I learned that the word has racist origins about stereotypes for Gypsies, so I went through the process that I think a lot of us go through. At first I was defensive because there was a discongruity in my reality between how I saw myself and how others might see me, so I rationalized that the word didn’t really mean that any more. And if someone happened to be offended by it, they were probably just being overly sensitive and should get a thicker skin.
But over time, I realized I had the choice when using words, and that it’s not up to me to dictate how others should feel. So I slowly started correcting myself, because when given the choice, I’d rather not use words that offend a group of people, especially when I’m not part of that group.
I didn’t think you meant that, sorry I was responding to the intense reaction to your post. Yeah I do think that’s the case. The root problem is like when you use a word that has racist origins, and a racist takes it as like “Ah they also hate the japs” validation for their racist attitudes. Which is bad. It also sucks because words that are that way primarily the racists, and the marginalized know what it means because they grew up in an environment where the intention behind the origin was more clear.
I hope you understand I do not agree with painting you as a bad guy simply because you grew up in an area where a word was the norm and you didn’t see harm with it. Doesn’t mean there isn’t harm? It just means it was the norm and you were used to it and it would be exceptional for you to escape that norm, and not the default expectation. At least you’re not shutting down the discussion.
Suffice to say, normal people have likely forgotten it, racists remember these things with a death grip and will use it to dehumanize people as much as physically possible.
You quoted it yourself: it’s pejorative, not racist. The difference is significant, yet the whole point is moot, because so few people are neurotic about political correctness in slang etymology[citation needed]
Things can be both pejorative and racist? Many racist things are pejorative. The term is racist because it uses East Asian products as a way to describe inferiority. To put in in a more personal way it would be like me saying “oh that’s snake code” as a pejorative for python programmers.It tries to illogically assert that since you’ve seen a python programmer make bad code, that a python programmer can never write good code. This is of course is horseshit, and is bigoted against python programmers. I’m merely trying to dislodge bullshit like that from the public consciousness.
[Comment removed by moderator pushcx: https://lobste.rs/s/es3acm/how_i3_vim_ricing_enhance_my_developer#c_u525ta]
[Comment removed by moderator pushcx: https://lobste.rs/s/es3acm/how_i3_vim_ricing_enhance_my_developer#c_u525ta]
[Comment removed by moderator pushcx: https://lobste.rs/s/es3acm/how_i3_vim_ricing_enhance_my_developer#c_u525ta]
[Comment removed by moderator pushcx: https://lobste.rs/s/es3acm/how_i3_vim_ricing_enhance_my_developer#c_u525ta]
[Comment removed by moderator pushcx: https://lobste.rs/s/es3acm/how_i3_vim_ricing_enhance_my_developer#c_u525ta]
There’s nothing wrong with LeoLambda’s article, I liked it too. The title gave me a yikes, but that doesn’t mean that they’re a bad person it probably just means they either didn’t know about the origin of the word, or they knew about it but thought it wasn’t used that way anymore. I also like talking about culture, it doesn’t mean I’m virtue signaling. Though frankly I think you are virtue signalling to the pc-panic crew. You basically pooped your pants when you read the word racist like christ himself was being crucified. Exploring alternative words that are less racist isn’t virtue signalling it’s called not being actively hostile to an entire demographic for no reason.
Potentially ironically, “hysterical” has sexist origins.
This whole conversation is a little frustrating to me. I hope @mjtorn and @brendes are just reading past what’s being said to them, due to defensiveness and confirmation bias. The responses to their comments aren’t being worded to tiptoe around their feelings, which is also pretty understandable—these conversations are an emotional investment, and there are lots of aggressive racists out there who will throw that investment back in your face. I don’t really have a solution, but I think the situation is regrettable. The path to realization that subtle racism is everywhere always seems to involve an epiphany after the fact, not careful reading and understanding of the arguments.
From my experience it is probably racist. Case in point: In Edmonton they call riced cars ‘Nip’d up’ (racial slang for Japanese) since it would be mostly Asian drivers doing the mods.