-
Currently most of my reading has been juggling political philosophy books.
My main list is: The Origins of Capitalism, Carceral Capitalism, Why I’ve Stopped Talking (To White People) About Race, and October (by Mieville)
However, I usually keep on having to stop reading these, because, in the case of Meiksins’ book, the density, and in the case of the rest, people have a habit of being disgusting creatures when The System tells them it’s acceptable. One part of October describes how, in the run-up to the revolution, a right-wing ‘protest’ where they locked a town-full of jewish people inside a church and set it alight…
So for the inter-rim between those books, I’ve been ripping through Whipping Girl, it’s ridiculously accessible and a very good deconstruction of gender and how society deals with it. I also recently obtained a copy of Bruce Lee’s “Fighting Method” for fitness reasons.
Another book I obtained recently was Morton’s “Humankind: Solidarity with non-human people”, which rather surprisingly turned out to be a Marxist argument for the better-treatment of animals. The first five pages demonstrate the author has clearly done his philosophical research, however, so I am rather looking forward to it.
-
The Origins of Capitalism is an excellent book. The way it traces the development and solidification of institutions, and the way they channel human behavior and potential, dissolved a whole bunch of my preconceived notions about the nature of things.
You might also like A Brief History of Neoliberalism by David Harvey
-
-
Been looking for some books like this (and the Mieville has been on my list for some time), those look worth a shot - thanks. I have the same problem with political/history books, for what it’s worth’ I can only take so much depressing history before I need to clear my head with something lighter.
-
-
The bulk of my typing is on a Nyquist keyboard; it’s essentially a split Preonic. I’ve made two of them with green switches (clicky clicky clack), and find it a joy to tap on. It took me a while to get used to the ortholinear layout. When I am not typing on that, I’m probably using the keyboard on my home laptop (whichever old Thinkpad is nearby).
-
I actually find these sort of talks to be a time sink. There is the time spent on typing, the distraction as the presenter fixes typos etc. What I prefer is a set of use cases followed by highlights of software features relevant to those use cases followed by some code snippets to reinforce memory. When I need detail I just need to know the available concepts and some keywords. The slides aren’t the only docs, right? Right?
-
I’ll go one further: I think technical talks in general are a time sink. It would be better to just write up the content in an article, with code snippets where appropriate. Then, everyone can absorb the information in their own way, on their own time, at their own speed. An article is also better for accessibility; for example, blind people can’t access your projected content (at least not in real time), and making your spoken content accessible to deaf people is an extra cost.
Of course, if you’ve already decided that you’re going to present at a conference, then this doesn’t apply. But it’s something to consider if you just want to share some information and haven’t committed to a particular way of doing it.
-
For the most part I agree with you, but there are edge cases where I have absolutely loved live coding talks. (David Beazley’s series of talks on generators comes to mind.) Now, perhaps I would have liked those talks even more if they were not live coded… but I don’t know. With an interpreted language, watching a program come together makes it feel almost as if you are putting it together yourself. When a speaker is masterfully putting together something it’s almost like pairing with someone with far more skill.
-
-
Some friends of mine are leaving the city, so I am hanging out with them before they go. Otherwise I am continuing to push through Patterns in Network Architecture.
If I feel like prototyping I might mess with an elixir implementation of a raft cluster, or just keep it simple and try to come up with an elegant way to wrap a restful API around an XML over SSL RPC service that I’ve been working on at $job.
I also want to run and climb. So it goes.
-
Friend of mine is turning one year older, so we’re going to a cabin in the woods with cake and liquor. I’m also going to continue reading through Patterns in Network Architecture, which I’ve been plugging through for about two weeks but got stalled on.
-
I have some sleep to catch up, and some garden work maybe. Computer stuff will hopefully include investing some more time in automation/devops things. I also want to start blogging again.
I’ve bought some nice beer, and I’m looking forward to drinking it when everybody is asleep in the house. I can use some silent me-time after a stressful week…
-
Which beer?
-
I bought Orval and Gouden Carolus Cuvée van de Keizer. I’m not sure if they are well known outside of Belgium but I like both of them.
-
I’ve had Orval, but not the Cuvée van de Keizer. Enjoy!
-
-
-
-
Probably, I will do some climbing and cycling. I might repot a plant. And I will try to soak up some much needed sun.
-
I like understanding how things work and doing things well; I’m not sure that what I enjoy about making computers do things extends beyond that. When I first started coding (I’m a self taught, career changed developer), I really enjoyed the code aspect and coded in my spare time, all the time. Now that I code at work, I do less actual coding outside of work. But I still spend a lot of time reading about how computers work, outmoded protocols, and abstraction design outside of work. Is all that “code?” Maybe.
-
Looks like I will be migrating off from Github onto something self hosted, for peace of mind.
-
Yea, looks like I need to do that too.
-
Until now I treated self-hosting with “well I know it’s best to control my own files and code, but I can probably vaguely trust BigCompanies.”
Thanks to the acquisition I finally got off my ass and got a DO droplet to use as my source of truth (didn’t take long to set up at all).
Gitlab is my primary mirror. I will keep GitHub as a source of truth for a handful of projects - namely the ones with contributions from other developers.
-
-
-
jake-jake-jake
5 months ago
|
link
| on:
Containers Patterns | There are thousands of ways to use containers
Very cool. I especially liked the aliasing of the container as a command line tool. Has anyone seen a cookbook for this sort of thing? That would be useful.
-
At work, looking into our task scheduling system and making aspects of it more resilient and scalable.
Outside work, I’m beginning the gardening season by starting some seedlings; I’m also considering building a space bucket, because I’m curious to try peppers produced under those conditions alongside those grown in a container on a porch. I’m also going to put together a second Nyquist keyboard… and I might start reading Chateaubriand’s memoirs.
-
-
The system is not Luigi… it’s an ad hoc thing built around APScheduler… We need decide whether to invest more effort making that work for a bit or look into the best way to move toward something else. It’s an interesting problem!
-
-
-
We just rolled out MDM at work, and I just removed all work data from my personal phone.
-
I always enjoy your updates! And I’m really looking forward to the next post on lexing.
-
Thanks, and feedback taken! Unfortunately I might not get back to lexing until February or March… The long HN thread on this blog post [1] reminded me how many people are confused about Oil and confused about shell in general. So there are a bunch of things I want to clear up before the next release.
The next release announcement should have a link to “why write a new shell?”
And then hopefully I can get back to lexing! The lexing style has continued to pay dividends. I mentioned very briefly in this post the sharing between
echo -eand$'\n', which worked very nicely. I just dropped in this additional lexer mode and everything worked, and I was able to share part of it between runtime and parse time (static vs. dynamic)
-
-
This is off-topic, but do you live in Sunset Park? I live here too and was surprised by the blog name.
Anyway, great post. It’s going to take me a few reads to process but there’s a lot of interesting stuff here. Thanks.
-
-
South(ish) BK represent!
-
-
-
I recently did this with keyb.io’s Nyquist PCB. It was a lot of fun. Getting used to the ortholinear layout is no mean feat, but I would say I am up to about 80% speed after 2 weeks.
-
Really enjoyed the bit about trying to bodge a Cavalier’s PCM into ignoring the anti-theft logic. It told a good story, and covered every level of experience. I learned some stuff, which is what PoC || GTFO is all about (often, what you learn is cosmic horror).
-
Cosmic horror is edifying.
-
-
Workwise: only in the office a single day this week; I am going to try to close some issues that can’t wait till next week (essentially tweaking some xpaths) and then think about adding a feature our customer success team might be able to use.
Otherwise: travel and leisure, essentially. Lots of eating and down time. I’ll do some reading (I am working through Category Theory for Programmers and the three most recent issues of Poetry) and perhaps some coding. I want to write a simple CMS that serves the site through IPFS, and I am thinking about the best way to do that.
-
Workwise: focusing on adding CI to some of our other workflows and doing some code cleanup by replacing ad hoc caching with a more systematic approach.
Otherwise: I am going to try to strip ME out of an old x61s I have; if that succeeds I may try to install Middleton’s BIOS on it. It’s too bad Coreboot doesn’t work on x61s, because they really are great machines.
-
Interesting that the x61s doesn’t work, since I’m currently using LibreBoot on an x60s from Minifree (née GLUGLUG).
TBH I don’t completely grok Libre/CoreBoot: it’s booting into GRUB 2, but I haven’t worked out how to alter the config; the documentation says it can be overridden by a
libreboot_grub.cfgfile, but that doesn’t work (maybe my install is too old?). I’m too chicken to reflash it myself, in case I brick the machine :)It’s annoying to manually select stuff in GRUB on every boot (it tries to boot Trisquel by default, which I swapped out for NixOS years ago; so I have to scan for and chainload another GRUB from /dev/sda1 instead), but at least I can access GRUB’s CLI when I want to. I had my first experience with EFI recently, when trying to boot Linux from a USB drive; after about 20 attempts to navigate the boot menu I gave up. I have no idea how any tech-savvy person can put up with it.
Very sad to see OpenFirmware die off :(
-
“Very sad to see OpenFirmware die off :(”
Sadder that I have to keep telling people it existed at all in all the big discussions on ME’s and alternatives. The RISC workstations died hard apparently. You can still get it with PPC Mac’s on eBay alongside no backdoors in the hardware. They’re pretty usable if you’re doing native apps on Linux instead of the Web.
-
Ah, I forgot that Apple used OFW in the PPC era. I’ve never owned a Mac, although I briefly had an x86 Macbook as a work machine (I used it to run Linux in a VM; someone promptly asked if I’d swap with their Thinkpad ;) ).
Before getting my current x60s I used an OLPC XO-1, which ran OpenFirmware. I still use it semi-regularly due to the decent battery life and sunlight-readable screen :)
-
Yeah, it’s just another PPC box so it used Open Firmware like a lot of them. The SPARC’s were the other ones doing it IIRC. The laptop was pretty decent for $80. How was using the XO-1? I thought the OLPC’s would’ve been a crippling user experience. Never even tried them.
-
The GTK UI is a bit clunky, and I instinctively want to reach for the underlying filesystem rather than the “journal” abstraction, but those aren’t a problem when I spend most of my time in the terminal :)
Some of the bundled applications are a bit gimmicky, the “view source” concept was never fully realised and the bundled mozilla browser is far too heavyweight to run comfortably with 256MB RAM. Dillo and Netsurf run perfectly well though. One thing that’s very nice is the bundled Squeak/EToys system, although some of my projects were ambitious enough to hit a memory limit, such that trying to save to disk seems to hangs the machine :(
A USB drive or SD card is almost required, for extra storage and swap (although the latter will hasten the death of any flash memory). The OS still gets occasional updates, which are eating away more and more of the 1GB onboard storage. As I understand it, most hardware-specific tweaks have been pushed upstream, although booting into a separate OS like Debian does have a noticable impact on things like battery life.
The sunlight-readable screen makes it really great for reading from; especially when twisted into “tablet mode” (extra cursor and “game” keys are provided, which allow scrolling and navigation)
-
Thanks for the detailed write-up. Interesting. I also keep looking at Squeak recently since (a) it comes from the LISP/Smalltalk machine tradition of doing everything in one, consistent language that’s productive and memory-safe and (b) it’s an easy-to-use language with quite a bit of tooling and apps for something we don’t see posted often. Given I’m semi-disabled in remembering new things, I did consider taking a break from my focused on static typing or DbC to see what Smalltalk experience is like. Might bite me having dodged learning OOP all this time, though. I’m not sure if I’d get the full value out of it if I emulated structured, functional-ish programming in it using objects. What you think?
Note: The other route I’m considering is How to Learn Programs with Racket. Probably one I’ll do. This is more interim where I’m thinking if I should relearn Python for quick prototyping or try Squeak/Smalltalk.
-
Despite reading a lot about it (e.g. from Viewpoints Research Institute, among others)I’ve actually written very little “real” Smalltalk.
The EToys system (which I used on my XO) is a drag&drop programming system built in Squeak, much like the early versions of Scratch (I believe Scratch now uses JS), although it more closely follows OOP and IMHO it’s a ‘richer’ approach than Squeak’s.
If you’re going down the OOP rabbit hole for the first time, I think the most important thing to keep in mind is the difference between Smalltalk-style systems, which we might characterise as:
- Everything is an object, including numbers, code, classes, etc
- Method calls act like “message passing”, i.e. extremely late binding; we don’t know what will happen until the call is made; the behaviour may be dynamic (e.g.
messageNotUnderstood) - Control flow, like
if/then/else,for, etc., are just method calls (e.g. on boolean or array objects). Users can make their own control flow in the same way.
And Java-style systems:
- Classes, methods, etc. are mostly a static convenience for organising code; they’re not first-class values. Data relies heavily on a few special “primitive types” like booleans and ints, which are also not objects.
- Method calls act like jump instructions; their behaviour is constrained statically, e.g. using annotations and
finally; dynamic behaviour likemessageNotUnderstoodis discouraged and, rather than being default, requires heavy wizardry to pull off. - Since code isn’t first class (Java recently gained lambdas, but they’re still a distinct language construct), and “primitive data” aren’t objects, lots of control flow is just structured programming.
if/then/else,for, etc. are special syntactic keywords which compile down to certain instructions (e.g. branches). Adding new ones, or shadowing/overloading existing ones, requires hacking the compiler.
The merits of each can be argued at length, but the most important aspect is how this affects the style of code written in each language. For example, there might be “OO practices” which build up elaborate design patterns, towers of reflection, inversions of control, etc. which are actually just workarounds for one style of language, and a different language might just e.g. pass in a continuation.
Other nuances include e.g. classes (Smalltalk, Newspeak) versus prototypes (Self); reflection vs introspection; etc.
I’ve actually been playing quite a bit with Racket recently; it’s a nice system, if a little slow. It’s a shame that the PLaneT packaging system has recently been replaced by raco; it forces code to depend on ambient, OS-controlled, shell-scripted environments :(
Whilst I’ve written and used plenty of macros, I’ve not yet delved into call/cc or defining my own languages :)
-
Great writeup. Thanks! Far as Racket, you have to get on creating DSL’s to appreciate real power of the language per what its users tell me. Maybe do some HTML-like web programming, state machine stuff like recent Haskell article, or a low-level one that extracts to C or C++ similar to Ivory language.
-
-
-
-
-
-
-
-
I found this note about OpenBSD issuing a silent patch ahead of the embargo date somewhat amusing:
To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.
-
No worries. We will likely still patch on time of public announcement anyway. We just cannot patch problems we don’t know about yet.
What happened is that he told me on July 15, and gave a 6 weeks embargo until end of August. We already complained back then that this was way too long and leaving people exposed.
Then he got CERT (and, thus, US gov agencies) involved and had to extend the embargo even further until today. At that point we already had the ball rolling and decided to stick to the original agreement with him, and he gave us an agreeing nod towards that as well.
In this situation, a request for keeping the problem and fix secret is a request to leave our users at risk and exposed to insiders who will potentially use the bug to exploit our users. And we have no idea who the other insiders are. We have to assume that information of this kind leaks and dissipates pretty fast in the security “community”.
We chose to serve the needs of our users who are the vulnerable people in this drama. I stand by that choice.
-
And, by the way, here is another part of the original patch, which we didn’t release until today: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net80211/ieee80211_pae_input.c.diff?r1=1.30&r2=1.31
-
What is the rationale on extending the embargo so long? To give vendors a chance to patch? It seems like once people in the know know about a vulnerability, the shorter an embargo time the better.
-
There’s a couple of different interests at play.
For instance:
Researchers want to make a timed media splash.
Security agencies want to evaluate the problem and make sure they get patched before anyone else.
Vendors want time to prepare patches, yes, but that alone does not justify such a long delay.
Reviewing the patch, testing it, and preparing it for commit and publishing erratas took only a couple of hours of my free time.
-
-
Which still doesn’t sound nice, though. Over three months of hoping that nobody who was informed and has any malicious intent and that nobody rediscovers it and nobody that might have discovered it earlier.
Now while WPA2 will in most cases require you to be physically close to exploit a lot of remote vulnerabilities mean that anyone hearing about it has over three months to scan the whole internet. And that’s a process that might take just some hours with tools like zmap.
For stuff like finance, healthcare, etc. 3 months of “free access” seem everything but reasonable, regardless of what any project does.
Coordination is a good thing. Maybe however making this processes faster is a good idea. Currently people are assuming that all insiders (known or unknown) have just the best intents. This feels very unreasonable. As an entity intending to exploit vulnerabilities this is probably one of the first circles I’d want to get into.
I am not an OpenBSD user, but I think stsp/the OpenBSD project didn’t do anything wrong, by sticking to an original deadline, as well as considering the deadline as too long. At least for said vulnerability. It should be a per-case decision though, since routers aren’t browsers that you nowadays can just kick out updates for.
-
-
-
-
-
FWIW, I think you made the right choice. Appreciate the integrity and concern for users overriding the institutional politics.
-
On the other hand this kind of behaviour tend to reduce trust with security researcher. They should not complain once they get notified last for the next critical security disclosure. Unless someone has proof this was exploited in the wild, patching a security bug involving many stakeholder might put your users first, but put all the other system’s users at risk.
-
-
How can anyone be certain that all of these many stakeholders are trustworthy
You don’t, but the call is not yours to make. If they see them as not trustworthy, it’s the security researchers to chose notify those stakeholder closer to the end of the embargo.
Find your own bug and choose to go full disclosure if you want to, but OpenBSD have no part in finding this security issue, they were trusted by someone else to hold on a patch (for 90 days FFS). By acting the way they did they only showed that they could not be trusted with this privileged information.
-
It’s easy for you to say that, not having been in a situation where you had to actually make that choice yourself.
It seems you would trust the NSA/CIA to not abuse a bug like this? I wouldn’t.
Edit: Also, let me reiterate that: WE WERE GIVEN PERMISSION BY MATHY TO DO THIS.
-
-
-
-
-
-
-
I spent several weeks recently wrapping a godawful cryptographic RPC service with a pythonic interface, only to discover later that vendor for said service was not forthright about their pricing or licensing restrictions. So this week I get to finish rejiggering my nice pythonic interface to work with a different, far less ugly cryptographic service.
Link to the good and bad one please. No need to say which is which.
One or the other: https://www.gemalto.com And another: https://aws.amazon.com/kms/