Threads for jmw

  1. 4

    If you want a similar friendly humanist monospaced font without going overboard on the Comic Sans look, the same designer (Toshi Omigari) made Codelia, which I’ve been using as my daily use editor and terminal font.

    1. 1

      Since struct and class are so similar, I choose to consider class to be the keyword in excess, simply because struct exists in C and not class, and that it is the process of the keyword class that brought them both so close.

      This is an interesting perspective on the history. I would consider struct to be the keyword worth removing, since that would change the default access qualifiers to be safer.

      1. 5

        I may be misremembering but I am reasonably sure that backwards compatibility with C was one of the early design goals of C++. Removing struct would quickly break compatibility. That is, presumably, why the default access qualifier is different from class‘s (and identical to C’s struct).

        1. 1

          It’s always irked me that this C compatibility was only one-way because of support for member functions (at least).

        2. 3

          Removing struct would create a lot more C code that is not C++, and making the default “safer” doesn’t improve things since, as noted, it’s standard practice to be explicit with access qualifiers.

          1. 4

            Yeah, I don’t think that can be understated. This would destroy one of the biggest reasons C++ was successful, and one of its main advantages to this day. It would even make most C headers not C++ compatible, which would be an absolute catastrophe. Even if the committee did something so egregious, no compiler could or would ever implement it (beyond perhaps a performative warning).

            I think the real mistake is that the keywords are redundant at all. We’ve ended up with this near-universal convention that struct is for bags of data (ideally POD or at least POD-ish) because that’s a genuinely useful and important distinction. Since C++ somehow ended up with the useless “class except public by default” definition, we all simply pretend that it has a useful (if slightly fuzzy) one.

            1. 1

              Because of its incremental design and the desire to make classes seem like builtin types, C++ has a Moiré pattern-like feel. A lot of constructs that are exceedingly close, yet different.

        1. 27

          I used to work at Facebook, and for a while, on the nearby friends product, which let you see where your friends were, with a similar type reporting of “2 mi/km away.” We were aware of both of the main problems pointed out in this post from the beginning and took similar steps to prevent practical trilateration. Later on, I worked on getting location data encrypted at rest and locked down — not even the main backend system (which was what ordinary engineers in the company worked on) could see real location data, only ask a highly-protected service for the sanitized distance and place name information. I was 1 of roughly a dozen people in the company who had access to that system. Not to defend FB in other areas, but we took the security of that data seriously and it’s amazing how sloppy other companies are with it. Our threat model was a lot darker than just stalking people too — think state-level coercion and infiltration of employees.

          1. 4

            Very cool, both at a technical and aesthetic level! One question: you said that the zero-point is sunrise, but if the sunset is marked by the blue dot, what does the 100 indicate? Midnight?

            1. 13

              100 is tomorrow’s sunrise, and when the progress bar will roll over. Other interesting points in time: solar noon is halfway between zero and the blue dot, solar midnight is halfway between 100 and the blue dot.

              1. 2

                I suppose that would be the next sunrise?

              1. 2

                If I understand: you have some TeX documents which when passed through the TeX compiler produces PDFs. You want people to have both the TeX source and PDFs for personal enjoyment but they should not redistribute the same for profit. Can they modify and redistribute for profit? Can they distribute without profit? Can they distribute as part of a larger package of things?

                It seems to me that this is just copyrighted work (copyright is automatic with publication in the US) with copyright retained. You can remind people of this by putting a copyright notice along with your intent that you are not charging for personal enjoyment and use of these creations.

                1. 1

                  You want people to have both the TeX source and PDFs for personal enjoyment but they should not redistribute the same for profit.

                  Sure. After reading about Creative Commons licenses, the closest CC license is probably CC BY-NC-ND (the most restrictive), but it goes too far in terms of restricting use. The printed documents are basically tools, and if someone uses them in the advancement of a commercial project that is ok. What I want to reserve is the right to sell the printed form.

                  I understand copyright protection automatically applies with publication, but any grant beyond “All rights reserved” is a kind of license, and I’m wary of writing my own.

                1. 17

                  It’s night-and-day between working at a company that prioritizes infrastructure and internal tooling (one of companies Rachel worked for - we overlapped in time but worked on different things) and those that are on the opposite end of the buy vs. build spectrum. There’s no comparison between the coherent experience of using tools that are built to solve the real problems of the organization (probably experienced by the same people building the tools), to something that was designed externally by committee to address what some business team believes “the market” needs. I also worked at a place where the company had seemingly went on a buying spree tour of SoMa software vendors to patch together their internal infrastructure. I could not believe how much money was being spent on these crappy 80% solutions, and how leadership would nod their head about the value of tooling while letting this advice go in one ear and out the other. I did not last long there.

                  1. 1

                    I’m still struggling to understand how exposing every device to the internet is more secure on IPv6 than a NAT. It seems like the reason is because it is exceedingly hard to ‘guess’ the IP, but that sounds an awful lot like ‘security through obscurity’ to me.

                    1. 5

                      You are not exposing every device to the Internet, you are making every device routable on the Internet.

                      The article states you use a firewall, as you should be already, on the Internet. A pc-world/walmart/… $40 home router already utilises a stateful firewall (that happens to also do NAT) in it so there is no additional cost/complexity here for anyone.

                      Actually the complexity goes down as you do not have to handle port forwarding, centralised discovery/rendezvous services or ‘intelligent’ NAT application helpers which have in the past had their own good share of security vulnerabilities.

                      As for the point of ‘guess the IP’, as the article points out, is not so much to hide your IP its to make unfeasible to just brute force scan for potential vulnerable targets; it will slow down (maybe even stop) a whole class of worms style spreading.

                      1. 1

                        Does not reducing complexity also peel off one layer of security? With NAT, you can use a router to kill port requests before they even get to a system on the network. I’ve always considered things like upnp to be ‘bugs’ and never use them. shrug

                        Granted, my understanding of how all this works is pretty basic, so I could be wrong (and welcome corrections!), but it sounds like with IPv6, it’s up to every individual system, each with potentially its own OS, patch level, applications (and their patch levels) to implement the first line of defense. While I don’t advocate that people just set up NAT and toss insecure systems behind it and call it good, it does happen.

                        As for the point of ‘guess the IP’, as the article points out, is not so much to hide your IP its to make unfeasible to just brute force scan for potential vulnerable targets;

                        Why couldn’t you just ‘detect’ the IP a request from the system to your system (e.g. user hits a website you are hosting, or opens an email with html that fetches some asset from your server, because this is still a thing that mail clients like to do, unfortunately), or use any other techniques to get a system to reveal its IP? And when it does, you can pound on it directly. With NAT, you at least have to get through some first level of defense.

                        1. 5

                          Does not reducing complexity also peel off one layer of security? With NAT, you can use a router to kill port requests before they even get to a system on the network. I’ve always considered things like upnp to be ‘bugs’ and never use them. shrug

                          Granted, my understanding of how all this works is pretty basic, so I could be wrong (and welcome corrections!), but it sounds like with IPv6, it’s up to every individual system, each with potentially its own OS, patch level, applications (and their patch levels) to implement the first line of defense. While I don’t advocate that people just set up NAT and toss insecure systems behind it and call it good, it does happen.

                          You can have a stateful firewall without NAT. And the firewall is what you actually want: the “security” you get from NAT is equivalent to a stateful firewall rule that rejects inbound packets that are not classified as either ESTABLISHED or RELATED.

                          You still have a box that sits between the internet your network, it still provides a firewall, but it doesn’t need to provide NAT.

                          1. 1

                            The way it’s been explained to me is that NAT requires a stateful firewall, but you can have a stateful firewall, which is the actual secure part, without NAT

                        2. 4

                          IPv4 NAT is also at best “security through obscurity” - at worst it just happens to be obscurity that’s so obscure it breaks the end-to-end routability model, adds connection state fragility and takes down a whole class of peer-to-peer applications with it. If anything, getting rid of NAT is a good thing purely because it removes a layer of misunderstanding and complexity – we can fall back to the correct tool for protecting networks which is, and always has been, a firewall.

                          Incidentally, one of the benefits of the IPv6 address space being so big is that devices have a much bigger space in which they can consume addresses even for short periods of time. Most modern operating systems have the concept of “temporary”/“secured” auto-configured addresses in which the host portion is near-enough random and can change at a given interval (often related to the lifetimes specified in the router advertisements). You might not want servers doing that but it’s perfectly acceptable for most clients.

                          1. 1

                            “we can fall back to the correct tool for protecting networks which is, and always has been, a firewall.”

                            Close. A guard and endpoint security is the strongest default. Weaker approaches like firewalls if one can’t obtain or build a guard.