Where my implementation of runit (Void Linux) seems to fall flat on its face is logging. I hoped it would do something nice like redirect stdout and stderr of these supervised processes by default. Instead you manually have to create a new file and folder for each service that explicitly runs its own copy of the logger. Annoying. I hope I’ve been missing something.

The logging mechanism works like this to be stable and only lose logs in case runsv and the log service would die. Another thing about separate logging services is that stdout/stderror are not necessarily tagged, adding all this stuff to runsv would just bloat it.

There is definitively room for improvements as logger(1) is broken since some time in the way void uses it at the moment (You can blame systemd for that). My idea to simplify logging services to centralize the way how logging is done can be found here https://github.com/voidlinux/void-runit/pull/65. For me the ability to exec svlogd(8) from vlogger(8) to have a more lossless logging mechanism is more important than the main functionality of replacing logger(1).

Instead you can write the dependency directly into the service file in the form of a “start this service” request

But that neither solves starting daemons in parallel, or even at all, if they are run in the ‘wrong’ order. Depending on network being setup, for example, brings complexity to each of those shell scripts.

I’m of the opinion that a dsl of whitelisted items (systemd) is much nicer to handle than writing shell scripts, along with the standardized commands instead of having to know which services that accepts ‘reload’ vs ‘restart’ or some other variation in commands - those kind of niceties are gone when the shell scripts are individually an interface each.

Dependency resolving on daemon manager level is very important so that it will kill/restart dependent services.

runit and s6 also don’t support cgroups, which can be very useful.

I’d make the argument that in all circumstances where you need this you could probably run the command yourself. Thoughts?

It’s nice to be able to reload a well-written service without having to look up what mechanism it offers, if any.

I hoped it would do something nice like redirect stdout and stderr of these supervised processes by default. Instead you manually have to create a new file and folder for each service that explicitly runs its own copy of the logger. Annoying. I hope I’ve been missing something.

I used to use something like logexec for that, to “wrap” the program inside the runit script, and send output to syslog. I agree it would be nice if it were builtin.

IRC works really well when you have a core team who spend a lot of time in a topic-specific channel where visitors can stop by and engage with them. That’s great for channels focused on individual open source tools, as you point out. One of Slack’s strengths for community channels is that it handles low volume conversation better because you can check it intermittently and catch up on what you missed. Being able to respond to questions that were asked when you weren’t around is a big plus.

Our intention here definitely wasn’t to try to take the place of project-specific IRC channels at all. We just felt that there wasn’t really place to talk about experiences with different tools and tactics at a higher level. We get emails from people all the time about topics like this, and our hope is that making these sort of discussions public will be helpful to the community.

I am deeply concerned about the push towards Signal. I am not a cryptographer, so all I can do is trust other people that the crypto is sound, but as we all know, the problems with crypto systems are rarely in the crypto layers.

On one hand we know that PGP works, on the other hand we have had two game over vulnerabilities in Signal THIS WEEK. And the last Signal problem was very similar to the one in “not-really-PGP” in that the Signal app passed untrusted HTML to the browser engine.

If I were a government trying to subvert secure communications, investing in Signal and tarnishing PGP is what I would try to do. What better strategy than to push everyone towards closed systems where you can’t even see the binaries, and that are not under the user’s control. The exact same devices with GPS and under constant surveilance.

My mobile phone might have much better security mechanisms in theory, but I will never know for sure because neither I, nor anyone else can really check. In the meantime we know for sure what a privacy disaster these mobile phones are. We also know for sure the the various leaks that government implant malware on mobile devices, and we know that both manufacturers and carriers can install software, or updates, on devices without user consent.

Whatever the PGP replacement might be, moving to the closed systems that are completely unauditable and not under the user’s control is not the solution. I am not surprised that some people advocate for this option. What I find totally insane is that a good majority of the tech world finds this position sensible. Just find any Hacker News thread and you will see that any criticism towards Signal is downvoted to oblivion, while the voices of “experts” preach PGP hysteria.

PGP will never be used by ordinary people. It’s too clunky for that. But it’s used by some people very successfully, and if you try to dissuade this small, but very important group of people to move towards your “solution”, I can only suspect foul play. Signal does not compete with PGP. It’s a phone chat app. As Signal does not compete with PGP, why do you have to spend all this insane ammount of effort to convince an insignificant amount of people to drop PGP for Signal?

As I understand it, the case against PGP is not with PGP in and of itself (the cryptography is good), but the ecosystem. That is, the toolchain in which one uses it. Because it is advocated for use in email and securing email, it is argued, is nigh on impossible, then it is irresponsible to recommend using PGP encrypted email for general consumption, especially for journalists.

That is, while it is possible to use PGP via email effectively, it is incredibly difficult and error-prone. These are not qualities one wants in a secure system and thus, it should be avoided.

Until this better implementation appears, an abstract recommendation for PGP is a concrete recommendation for GPG.

Imagine if half the effort spent saying PGP is just fine went into making PGP just fine.

When people tell me to stop using the only cryptosystem in existence that has ever - per the Snowden leaks - successfully resisted the attentions of the NSA, I get suspicious, even hostile.

Without wanting to sound rude, this is discussed in the article:

The fact of the matter is that OpenPGP is not really a cryptography project. That is, it’s not held together by cryptography. It’s held together by backwards-compatibility and (increasingly) a kind of an obsession with the idea of PGP as an end in and of itself, rather than as a means to actually make end-users more secure.

OpenPGP might have resisted the NSA, but that’s not a unique property. Every modern encryption tool or standard has to do that or it is considered broken.

I think most people unless they are heavily involved in security research don’t know how encrytion/auth/integrity protection are layered. There are a lot of layers in what people just want to call “encryption”. OpenPGP uses the same standard crypto building blocks as everything else and unfortunately putting those lower level primitives together is fiendishly difficult. Life also went on since OpenPGP was created meaning that those building blocks and how to put them together changed in the last few decades, cryptographers learned a lot.

One of the most important things that cryptographers learned is that the entire ecosystem / the system as a whole counts. Even Snowden was talking about this when he said that the NSA just attacks the endpoints, where most of the attack surface is. So while the cryptography bits in the core of the OpenPGP standard are safe, if dated, that’s not the point. Reasonable people can’t really use PGP safely because we would have to have a library that implements the dated OpenPGP standard in a modern way, clients that interface with that modern library in a safe and thought-through way and users that know enough about the system to satisfy it’s safety requirements (which are large for OpenPGP)

Part of that is attitude, most of the existing projects for implementing the standard just don’t seem to take a security-first stance. Who is really looking towards providing a secure overall experience to users under OpenPGP? Certainly not the projects bickering where to attribute blame.

I think people kept contrasting this with Signal because Signal gets a lot of things right in contrast. The protocol is modern and it’s not impossibly demanding on users (ratcheting key rotation, anyone?), there is no security blame game between Signal the desktop app vs signal the mobile app vs the protocol when a security vulnerability happens, OWS just fixes it with little drama. Of course Signal-the-app has downsides too, like the centralization, however that seems like a reasonable choice. I’d rather have a clean protocol operating through a central server that most people can use than an unuseable (from the pov of most users) standard/protocol. We’re not there yet where we can have all of decentralization, security and ease of use.

the only cryptosystem in existence that has ever - per the Snowden leaks - successfully resisted the attentions of the NSA

I’m pretty ignorant on this matter, but do you have any link to share?

There is a lot wrong with the GPG implementation

Actually, I’d like to read the opinion of GPG developers here, too.

Everyone makes mistakes, but I’m pretty curious about the technical allegations: it seems like they did not considered the issue to be fixed in their own code.

This might have pretty good security reasons.

If you ever let your computer unlocked, it takes me 4 second to retrieve a passwords from chrome built-in password manager:

3-dot option button > settings > search for “pass” > click on the eye to see the password.

I did steal password this way, and anyone who can use a GUI can do it.

https://i.imgur.com/y7TkAy0.png

Do note that Firefox Sync has a pretty nasty security flaw: your passwords are ultimately protected by your Firefox Account password — so you need to make sure that it’s a high entropy one (like 52ICsHuwrslpDl6fbjdvtv, not like correct horse battery staple). You also need to make sure that you never log into your Firefox Account online: Mozilla serve the login UI with JavaScript, which means that they can serve you malicious JavaScript which steals your password (this is worse than a malicious browser, because someone might actually notice a malicious browser executable, but the odds of detecting a single malicious serve of a JavaScript resource are pretty much nil).

I use pass, with git-remote-gcrypt to encrypt the pass repo itself (unfortunately, pass has a security flaw in that it doesn’t encrypt filenames).

i agree with what you wrote but how do you use thoses passwords in an iphone/android/ipad/tablet?

I do something similar but I could not wrap my head around gpg yet: I have a 2GB pendrive that I always mount to /mnt/key and have /mnt/key/ssh /mnt/key/pop3… files encrypted with enchive. It have a --agent flag to make it act as an ssh-agent.

Maybe “all platforms” means all versions of Windows, most OS X, and latest Debian stable.

I sincerely don’t understand this hate against Microsoft.

Yeah sure, Ballmer days sucked and they really screwed up. But since Natya picked up the role, there seems to have been quite a shift in the company’s mindset. Plus all the OS things they’ve been doing in the past few years.

That’s a description of what they want to extend and eventually extinguish.

Absolutely doesn’t resonate with me. Came here to complain about this quote actually.

I don’t understand this reasoning. Having one toolkit that scales from a few buttons to GIMP/Inkscape is the point of any reasonable toolkit. And it’s not like GTK always requires a complicated setup or whatever. Creating a window is really simple. Adding a button looks like, well, adding a button.

By the way, the problem with OCaml is that no one made a working gobject-introspection library, and it’s stuck with GTK2 :(

Unlike GTK (at least I think) some GUI are built as a separate rendering program that communicate through a stream, so it is possible to change that program for another. But does it solve the problem?

The web grew way too complex to permit a trivial implementation.

Ncurses somehow feels bloated too. Though it can be bypassed: ANSI escape sequences seems to be supported by most (if not all) emulators.

https://github.com/antirez/kilo

The only exception I can think of is with Racket; writing cross-platform code that uses GTK is quite pleasant with that tool set. https://gitlab.com/technomancy/world-color/blob/master/world-color.rkt

Once I saw a designer who gave advises such as “internal margin always 5px”, “everything clickable this colour”, “no space between these kind of elements”, along with illustrations and mockups to give an idea.

One can quite put these into a CSS stylesheet and attach it to any kind of HTML content and then it works!

iOS and apple being less evil for their “Security White Papers”, why not, but quoting them as a decent alternative, I don’t know:

These Internet services have been built with the same security goals that iOS promotes throughout the platform. These goals include secure handling of data, whether at rest on the device or in transit over wireless networks; protection of users’ personal information; and threat protection against malicious or unauthorized access to information and services. Each service uses its own powerful security architecture without compromising the overall ease of use of iOS. – https://www.apple.com/business/docs/iOS_Security_Guide.pdf page 49

This looks like as every company, they do their best to not let the data leak in the hands of bad evil hackers. That does not presume that they do not have a peek on their own.

Also, how can one quote MacOS without quoting any BSD regarding privacy?

Ok, now I have iOS 10, MacOS, an Apple Home Pod, and I am using Siri everywhere. I am protected by the Apple Privacy Policy, which says:

When we use data to create better experiences for you, we work hard to do it in a way that doesn’t compromise your privacy. One example is our pioneering use of Differential Privacy, where we scramble your data and combine it with the data of millions of others. So we see general patterns, rather than specifics that could be traced back to you. These patterns help us identify things like the most popular emoji, the best QuickType suggestions, and energy consumption rates in Safari. – https://www.apple.com/privacy/

So data are being gathered and analyzed and used by Apple (but not other companines).

Your iOS device can collect analytics about your iOS device and any paired Apple Watch and send it to Apple for analysis. The collected information does not identify you personally and can be sent to Apple only with your explicit consent. Analytics may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. When it’s collected, personal data is either not logged at all, removed from reports before they’re sent to Apple, or protected by techniques such as Differential Privacy.

The information we gather from Differential Privacy helps us improve our services without compromising individual privacy. For example, in iOS 10, this technology helped improve Lookup Hints in Notes.

We now identify commonly used data types in the Health app and web domains in Safari that cause performance issues. This information will allow us to work with developers to improve your experience without revealing anything about your individual behavior.

If you give your explicit consent, Apple can improve intelligent features by analyzing how you use iCloud and the data from your account. Analysis happens only after the data has gone through privacy-enhancing techniques so that it cannot be associated with you or your account. – https://www.apple.com/privacy/approach-to-privacy/

So apple collects data and use them to improve their services without letting human read the names, but machines can. Google does this too: never any human ever read the name of one of its client, and privacy is preserved right?

This does also does not keep Apple from using the data to sell advertizing themself: the data will not be used by 3rd party companies, the advertizing itself will come from 3rd party companies.

Apple harnesses machine learning to enhance your experience — and your privacy. We’ve used it to enable image and scene recognition in Photos, and more. Now we’re allowing developers to use our frameworks to create powerful new app experiences that don’t require your data to leave your device. That means apps can analyze user sentiment, classify scenes, translate text, tag music, and more without putting your privacy at risk. – https://www.apple.com/lae/privacy/approach-to-privacy/

How can one put in the same sentence “analyze user sentiment” and “privacy”?

So that means Apple hold a whole lot of the user’s data and still have access to it. Yet again, it can not do anything against the NSA:

U.S. National Security Orders demand that Apple provide information in response to U.S. National Security legal authorities. They are not counted as Device Requests or Account Requests. In the second half of 2016, Apple received between 5,750 and 5,999 National Security Orders. Apple reports National Security Orders to the extent allowed by law. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose. – https://www.apple.com/lae/privacy/government-information-requests/

To me, privacy is not only about who have legal access to user’s data, but where data is on the first place.

Telegram group messages aren’t even e2e encrypted, Telegram has access to full message content. The only thing Telegram is good at is marketing, because they’ve somehow convinced people they’re a secure messenger.

I’m much less worried about the source code than I am the incentives of the organization behind the software. YMMV, of course.

Even if you have source code, it’s difficult to verify a service or piece of software (binary) matches that source code.

I was checking email SaaS providers last weekend as the privacy policy changes at current provider urge me not to renew my subscription when it ends. I have found mostly the same offers, and to be honest neither seemed convincing to me.

For example the Tutanota offer seemed questionable: They keep me so secured that the email account can only be accessed by their email client, no free/open protocol is available. Only their mail client can be used, they use proprietary encryption scheme for my own benefit… OK, it is open sourced, but come on… I cannot export my data in a meaningful way to change providers. So what kind of encryption scheme is it? It is RSA-2048+AES, not using GPG/PGP “standards”, and is hosted in Germany, pretty much a surveillance state… This makes their claims questionable at least.

I use OverbiteFF on Firefox. Lynx also supports gopher. But where was the author’s gopher site? If it’s so easy (and it is [1]) why did he not do it himself? Seems odd.

[1] Not only do I run gopher but I wrote my own server, mainly to serve up my blog.

You can use elinks, lynx, cgo, sacc (that you can try via ssh at ssh://kiosk@bitreich.org), clic, curl to download…

Most browsers can start an external program after downloading a file, (xdg-open by default). Gopher has text-menu but is not text-only.

Even plain netcat/telnet, given how simple is the protocol. If all you want is getting a document from gopher: printf '/0/%s\r\n' "$url" nc "$host" 70 > file.

Firefox dropped the gopher:// protocol support. moz :/ la…

Indeed it isn’t (and I think even the Firefox add-ons that added back support don’t work anymore…)

Haiku’s network protocol client layer has first-class Gopher support, and since our WebKit port uses our internal protocol stack, you can browse Gopher in WebPositive.

Thanks for the thoughtful reply. Yes, I intended “you are not an individual” to be provocative. It’s built into the way the industry even talks. “We can target individual profiles,” “We have a database of 50 million profiles,” etc. Switching from “people” to “profile” makes it easier to do things that are morally questionable.