1. 2

    I can also recommend reading the recent paper Can Applications Recover from fsync Failures? where the authors explore failing fsync due to block I/O errors and how applications fail to handle these errors correctly.

    1. 1

      Thanks for sharing, interesting talk!

    1. 4

      There’s a thing you can do to evaluate this. Take a source listing of the candinate replacement. Count up the files and lines in them. Then look up dependencies.

      If there are dependencies, count their functionality into the system and add it to the line count. If the whole compiler + runtime is larger than 50k lines, then it will never replace C.

      (Zip didn’t pass this test).

      1. 12

        Why? GCC has millions of lines of code.

        1. 2

          C spread across platforms by being simple to port. It was that because it’s not much. We’re talking about pre-GCC C here. By now GCC is so massive that vendors accommodate their platforms to fit it.

          A language striving to replace C would need to have a pioneer’s structure as well. Otherwise it’s unable to skip the principal compiler on the platform and really replace it.

          1. 7

            The possibility of a small implementation of the language and the size of the main implementation aren’t necessarily related, though. Additionally, if you want to target a new platform nowadays, you’re better off adding an appropriate backend to GCC or LLVM instead of trying to implement C (or any other language) from scratch.

            1. 2

              Of course, It’s better to not attempt to replace C. It works fairly well for what it was made for.

            2. 2

              A lot of languages use LLVM as a back-end. This contradicts your thesis by adding a huge number of dependent LOC, but making porting really easy I.e. if there’s already an LLVM code generator for your platform, you’re mostly done.)

              And these days, hopefully any compiler segregates the code generation logic enough that it can be ported without worrying how large the front-end side of it is.

              1. 1

                LLVM itself has been written in C++, and that is an extension of C. That contradicts that none of this has replaced C yet?

                Honestly though I don’t believe it to be that important. I just don’t think that people move off C before the equivalent language can stand without C. There’s also a question of why to replace C? For example why would anybody want to write coreutils in a different language?

                1. 3

                  For example why would anybody want to write coreutils in a different language?

                  https://github.com/uutils/coreutils#why

          2. 1

            Note that there is ongoing work on a self-hosted compiler instead of leveraging LLVM.

          1. 3

            This is fun. The syntax is actually very similar to what lilypond uses.

            Who recognizes the melody I transcribed here?

              1. 11

                Better than nothing perhaps, but the least secure of all 2fa methods (even in your link), as well as being cloneable/hijackable and vulnerable to “vendor social engineering”. Not to mention requires handing your phone number off to a company, to increase your targeting profile, to be added to txt spam lists, and/or sold to other companies so they can advertiser to (spam) you.

                Hardware tokens, push-message-based, even totp, all are superior. Why even spend the dev cycles implementing something marginal like SMS-2fa, paying for txt messaging (and/or integrating with an sms vendor), when you can just do something better instead (and arguably more easily)?

                1. 5

                  Not to mention requires handing your phone number off to a company, to increase your targeting profile, to be added to txt spam lists, and/or sold to other companies so they can advertiser to (spam) you.

                  It’s also a pain in areas with poor or intermittent mobile coverage.

                  1. 1

                    The criticism in the article seems to be mostly around phishing attacks. Are these other approaches more resilient to phishing? With the suggestion of randomized passwords as the best alternative, the author seems to be against any kind of 2FA.

                    1. 5

                      The author also states:

                      If you also want to eliminate phishing, you have two excellent options. You can either educate your users on how to use a password manager, or deploy U2F, FIDO2, WebAuthn, etc. This can be done with hardware tokens or a smartphone.

                      So I don’t think the author is against 2FA in general, just specifically SMS-2FA.

                      Also note the first suggestion of using a password manager is, in my opinion, a bit nuanced, because “how to use a password manager” includes having the manager fill in credentials for you, and the password manager restricting this to only on the correct domain defined for the password.

                      Are these other approaches more resilient to phishing?

                      I would say U2F, FIDO2, WebAuthn is far more resilient to phishing, yes.

                      “A good password manager”? As I mentioned above I feel this one is more tenuous. I personally feel users could easily be tricked to copy/pasting credentials out of a password manager, since users have the expectation that software in general is kind of clunky and broken so “it must not be working right so I’ll do it manually”. As such, I’m not sure I necessarily agree that just using a good password manager is sufficient to prevent phishing. It would be interesting to see stats on it though, as my hunch is just that and has no scientific basis or real evidence behind it.

                      TOTP as a 2nd factor is presumably just as vulnerable to phishing as a password alone, but being an extra step and relatively out of band from normal credential flow, but for preventing automated (non-phishing) attacks, seems useful. In my opinion better than SMS-2FA, but nowhere near as good as U2F, FIDO2, WebAuthn.

                      push-message-based tokens (like Okta uses for example) are, presumably (caveat I’m not a security professional) as secure as the weakest link of vendors involved: push-vendor (eg. google, apple) and token vendor (eg. okta). Generally requires server side integration/credentials to get the vendor to invoke the push, and are typically device locked.

                      1. 2

                        “A good password manager”? As I mentioned above I feel this one is more tenuous. I personally feel users could easily be tricked to copy/pasting credentials out of a password manager, since users have the expectation that software in general is kind of clunky and broken so “it must not be working right so I’ll do it manually”.

                        I can’t count the number of times I have copy/pasted a password because the Firefox password manager saved the credentials for one login form on the site, but then didn’t autofill them on a different form. Maybe that means that it doesn’t count as a “good password manager” though? I guess I should be filing bugs on these cases anyway.

                        1. 2

                          Same. I also have a few sites that don’t even work well with 1password (generally considered pretty decent). Some sites also seem to go out of their way to make password managers not work. Why?! ;_;

                      2. 5

                        Are these other approaches more resilient to phishing? With the suggestion of randomized passwords as the best alternative, the author seems to be against any kind of 2FA.

                        U2F and WebAuthn categorically prevent phishing by binding the domain into the hardware device.challenge response.

                    2. 3

                      Good link!

                      I posted this because I think it’s interesting to see articulated arguments for a position I’m surprised by.

                      1. 6

                        Google wants to know our phone numbers. From that research, we can see that a phone number is effective in deterring some attacks. The question I would ask is, can we achieve similar security through other means? For example, even Google shows that On-device prompts or security tokens are better than SMS.

                        So please, if you think you must, offer SMS. But also offer other 2FA options and especially don’t force collect phone numbers if you can avoid it.

                    1. 5

                      Another confusion easily solved by using proper units and measuring mass instead of volume, as commonly done in cooking instructions outside the US.

                      1. 6

                        For what it’s worth, even here in the EU my bag of quinoa has the same instructions in volume.

                      1. 5

                        With all the enthusiasm for zettelkasten/second-brain like systems (roam, org-roam, now this), I’m surprised that nobody has been working on I haven’t heard of an external format/tool that various UI’s can interface. VSCode, at least that’s my impression, is the kind of editor that gets displaced from it’s throne every few years by the next new thing, as has happened to Sublime and Atom before, so I certainly wouldn’t be too confident in making my “second brain” depend on it, except maybe if it’s used as a brainstorming tool for projects, but then it would have to be distributable too – but from skimming the article that doesn’t seem to be the case.

                        Edit: Fixed the first sentence, sorry for my ignorance. Also I missed that this is markdown based, so I guess the rest of the comment isn’t quite right either, but I guess/hope my general point is still legitimate.

                        1. 6

                          I’m surprised that nobody has been working on an external format/tool that various UI’s can interface

                          Checkout neuron which is editor-independent, has native editor extensions, but can also interface (in future) with editors through LSP.

                          Some examples of neuron published sites:

                          Easiest way to get started (if you don’t want to install yet): https://github.com/srid/neuron-template

                          1. 3

                            That sounds cool, but I don’t really get why LSP would help? I (personally) would much prefer a native client, in my case for Emacs, than something that forces itself into a protocol for program analysis.

                            1. 2

                              Well, neuron does have native extensions for emacs and vim (see neuron-mode and neuron.vim) - but LSP support just makes multiple editor support easier by shifting common responsibility to a server on neuron.

                              EDIT: I’ve modified the parent comment to clarify this.

                            2. 1

                              Is there any easier way to install (i.e. without nix?) I’m on a laptop and installing new toolchains is prohibitive for the low storage I have.

                              1. 1

                                Nix is the only way to install neuron (takes ~2GB space including nix and deps), until someone contributes support for building static binaries.

                                But I’d encourage you give Nix a try anyway, as it is beneficial even outside of neuron (you can use Nix to install other software, as well as manage your development environments).

                                1. 2

                                  I got a working binary with nix-bundle, that might be a simpler option. It’s a bit slow though, especially on first run when it extracts the archive. nix-bundle also seems to break relative paths on the command line.

                                  1. 1

                                    Interesting. Last time I tried nix-bundle, it had all sorts of problem. I’ll play with it again (opened an issue). Thanks!

                            3. 3

                              Isn’t the markdown that this thing runs on exactly that external format, and one that has been getting adoption across a wide range of platforms and usecases at that?

                              1. 3

                                There is tiddlywiki and the tiddler format.

                                1. 2

                                  I wish the extension used the org format instead of markdown (so if something happens to vscode, I can use it with emacs), but otherwise I totally agree with your comment!

                                  1. 2

                                    You can use markdown files with org-roam in emacs by using md-roam. I prefer writing in Markdown most of the time, so most of my org-roam files are markdown files.

                                1. 19

                                  Worth reading to the end just for the totally evil code snippet.

                                  It was kind of foreshadowed to be evil when the author named it “skynet.c” I guess.

                                  1. 4

                                    Reminds me of the Java-code we used to see around 2000.

                                    With a RuntimeException try-catch at the top and then just print it and continue like nothing happened.

                                    How much bad bugs, data corruption and weirdness did that practice cause?

                                    1. 1

                                      How is that any different from kubernetes and “just restart it”? Its mostly the same practice ultimately, though with a bit more cleanup between failures.

                                      1. 2

                                        I guess it depends on whether you keep any app state in memory. If you’re just funnelling data to a database maybe not much difference.

                                    2. 2

                                      Here’s a more correct approach: https://git.saucisseroyale.cc/emersion/c-safe

                                      1. 2

                                        Now I start to wonder, how the correct code should look like (as opposed of jumping 10 bytes ahead).

                                        Read DWARF to figure out next instruction?

                                        Embed a decompiler to decode the faulty opcode length?

                                        1. 4

                                          Increment the instruction pointer until you end up at a valid instruction (i.e., you don’t get SIGILL), of course ;)

                                          1. 7

                                            I have code that does this by catching SIGILL too and bumping the instruction pointer along in response to that. https://github.com/RichardBarrell/snippets/blob/master/no_crash_kthxbai.c

                                            1. 2

                                              Brilliant. I’m simultaneously horrified and amused.

                                            2. 1

                                              SIGILL

                                              That’d be a pretty great nerdcore MC name.

                                            3. 1

                                              If you want to skip the offending instruction, à la Visual Basics “on error resume next”, you determine instruction length by looking at the code and then increment by that.

                                              Figuring out the length requires understanding all the valid instruction formats for your CPU architecture. For some it’s almost trivial, say AVR has 16 bit instructions with very few exceptions for stuff like absolute call. For others, like x86, you need to have a fair bit of logic.

                                              I am aware that the “just increment by 1” below are intended as a joke. However I still think it’s instructive to say that incrementing blindly might lead you to start decoding at some point in the middle of an instruction. This might still be a valid instruction, especially for dense instruction set encodings. In fact, jumping into the middle of operands was sometimes used on early microcomputers to achieve compact code.

                                            4. 1

                                              Just don’t compile it with -pg :)

                                            1. 2

                                              Ironically, I installed BIOS and Intel ME updates from Lenovo this morning using fwupdmgr update, something I’ve done many times before on my T480s.

                                              Except this time around, it wiped everything except the preinstalled ‘Windows Boot Manager’ entry from my UEFI Boot Order List, which stopped me rebooting after the firmware update completed until I fished out a USB drive with an Arch ISO so I could re-run grub-install and restore the entry.

                                              To me, this means they simply didn’t test the update with Linux/UEFI systems, I’ll give them the benefit of the doubt and assume they did check BIOS boot, given it’s still more common.

                                              I hope they sort out this sort of issue as a part of this ‘certification’ process!

                                              1. 2

                                                I did the same thing on my T480s (also running Linux/UEFI) yesterday without issues, so it’s most likely a more complicated problem than “only Windows is supported”.

                                              1. 5

                                                Does hermes require $HERMES_STORE be consistent across machines to take advantage of caching?

                                                Nix lets you change where the store is located, but nobody ever does it because you lose the enormous community cache at cache.nixos.org. Tons of those binaries have hard-coded paths to their dependencies with the /nix/store/... prefix, which affects their hashes.

                                                1. 5

                                                  This is one limitation that is shared with Nixos. For now I am building all software myself as there is not that much of it.

                                                  1. 4

                                                    I was wondering about this as well. Both Nix and Hermes advertise installation in addition to a system package manager. This especially comes in handy if you’re on a system where you don’t have root access, but then you can’t create a store at the standard location and thus have to build everything from source. This often takes more time than just building the stuff you need manually and linking to system libraries.

                                                    I suppose absolute paths (usually into /usr/lib, /usr/share and so on) are very common. I believe AppImages enforce binary-relative paths, which might work here as well, but would mean lots of extra work with packaging. Detecting absolute paths is easy, but patching them out is not.

                                                    1. 3

                                                      This often takes more time than just building the stuff you need manually and linking to system libraries.

                                                      In the medium term I want to make it easy for someone to get access to a remote build on extremely powerful build machine, currently google is offering 96 cores for cheap at spot prices. These could potentially help for such situations.

                                                      For me the most expensive hermes package (gcc) builds in about 4 minutes on my desktop. It is definitely an annoyance at times I want to solve.

                                                      I also want to setup a way to export hermes packages as appimages that can work at any path.

                                                  1. 1

                                                    Is this actually an issue people come across? All the home routers I’ve come across so far had firewalls blocking incoming connections (for both IPv4 and v6). Most of them (especially the ISP-issued ones) don’t even allow configuring that firewall. Company and University networks will always have a firewall as well. On University networks, there’s a high chance of getting a public IPv4 address anyways.

                                                    And a comment regarding the (pretty neat) tool itself: with IPv6, you’ll probably use different addresses for incoming and outgoing connections. For firewall configuration, you usually need a static address (e.g., EUI-64) , but for privacy reasons, the preferred address for outgoing connections should be randomly generated. As your tool (as far as I can see) only can check the address the user connects from, it would miss the address services would usually listen on.

                                                    1. 4

                                                      There’s another, more recent paper from this year’s EuroSys where the authors try to achieve something Unikernel-like using Linux configuration options. At some point you really have to wonder whether it’s still a Unikernel.

                                                      1. 8

                                                        sorry folks but can someone explain to me why SMR is bad, please? I’m not arguing, I know nothing about this and I am curious.

                                                        1. 5

                                                          SMR is not bad per se, it’s actually pretty cool technology (higher density, cheaper drives, …) - if the drive allows the operating system to manage the SMR data. For example, it’s generally not an issue if a drive in a ZFS pool is not available temporarily for some planned maintenance operation.

                                                          However, the WD drives here pretend to be normal CMR drives, so there’s no way to manage SMR regions from the OS and you end up with very surprising performance (slow writes and long pauses).

                                                          1. 4

                                                            blocksandfiles.com is one of the websites that AFAICT looked into the issue, they have an article explaining it in detail [0]. TL;DR from memory: While the drives are busy reorganizing the data internally, the performance will obviously drop and they might not report back for more than a minute which will cause them to be dropped from RAIDs.

                                                            [0] https://blocksandfiles.com/2020/04/15/shingled-drives-have-non-shingled-zones-for-caching-writes/

                                                            1. 2

                                                              Thanks a ton.

                                                          1. 3

                                                            “CIDR calculation” seems to be something that is completely obsolete with IPv6 - just assign public addresses to every system (which will never overlap) or alternatively generate random prefixes for each subnet for use in ULAs (which are long enough so that collisions are very unlikely).

                                                            1. 3

                                                              I wonder if this is something a city community center or local beer hall can solve, both often have sizable rooms for events.

                                                              1. 3

                                                                Not really, as this would not be our space. The co.up model works well, but rent needs to be paid.

                                                                Investing the money into our space has never been the problem and I’m glad it worked. Investing more is now the problem.

                                                                1. 2

                                                                  Any place that serves alcohol would preclude attendance by people of less than legal drinking age, and would be inappropriate for people from cultures where alcohol is frowned upon.

                                                                  1. 1

                                                                    I think this is mostly am American issue? There are mostly no such restrictions in Germany, and people under 16 are not very likely to attend anyways, I guess. Not that I think that meetups that require attendees to buy (expensive) drinks would be a great idea.

                                                                    1. 2

                                                                      It is. Under a certain age, you need to have a guardian in such places, though that can even be an older minor.

                                                                      But yeah, spaces that need consumption are not good.

                                                                1. 7

                                                                  How can you claim with a straight face that Go is better at concurrency than Java and C# when Go only has green threads, and no user-level control whatsoever on the execution model? That is particularly important for server-side applications where you might need to separate IO-bound tasks from CPU-bound tasks inside the same process.

                                                                  1. 22

                                                                    Go is excellent at writing server-side applications where you need to separate IO-bound and CPU-bound tasks in the same process. The runtime does it all for you, without requiring you to complect your application code with irrelevant details like thread execution models.

                                                                    1. 0

                                                                      complect your application code with irrelevant details like thread execution models.

                                                                      It’s very disingenous to dismiss threading control as “irrelevant”. If that would be the case, what’s this?

                                                                      In a web server that simultaneously does some non-blocking and blocking IO (files and the like) and then also some CPU bound stuff, how can the Go scheduler guarantee the web server can function independently and not be interrupted by the scheduler trying to find a thread that isn’t blocked? This is not a terribly complex thing to solve with user-level control on threads and thread pools, but it becomes quite daunting with only green threads and pre-emption.

                                                                      I’m not saying this can’t be done using green threads but it is difficult. GIven user control on threading you can implement your own runtime for fibers and continuations, but you can’t do that if you only have access to green threads!

                                                                      1. 1

                                                                        I don’t see how the linked issue is relevant. It’s about how Linux does not support non-blocking file I/O, so Go needs a kernel-level thread for each goroutine with a blocking file I/O operation. It’s exactly the same thing in Java and C#: If you want to run tons of file I/O in parallel, you will need tons of kernel-level threads.

                                                                  1. 4

                                                                    What does BC mean here?

                                                                    There are two big, substantial schools of thought in the PHP world. The first likes PHP roughly the way it is - dynamic, with strong BC bias and emphasis on simplicity

                                                                    1. 5

                                                                      “Backwards compatibility” would be my guess.

                                                                    1. 3

                                                                      Ah, from the days when we believed in sufficiently smart compilers. :)

                                                                      1. 4

                                                                        Putting our trust in sufficiently smart processors hasn’t exactly gone well either to be fair.

                                                                        1. 2

                                                                          I think the bigger issue here is that software is usually compiled once per ISA and not per processor, so the compiler never gets the chance to be very smart.

                                                                        1. 1

                                                                          Within Google, we have a growing range of needs…

                                                                          Something smells fishy. And Fuchsia.

                                                                          1. 6

                                                                            There’s a reply by someone on the Fuchsia team in the email thread - doesn’t look like it’s created with Fuchsia in mind so far.

                                                                            1. 2

                                                                              No kidding, since they aren’t even planning to support aarch64 in the initial implementation.

                                                                          1. 4

                                                                            It warms the heart to know that some people push back against adding syscalls just to be convenient for one set of programs. Progress needs to have reasons and be reasoned about.

                                                                            Are minimal syscall OSes akin to RISC?

                                                                            1. 5

                                                                              Are minimal syscall OSes akin to RISC?

                                                                              Microkernels have minimal functionality and thus also very few system calls. In fact, some microkernels only have a single system call for inter-process communication.

                                                                              I’m not sure whether it’s useful to reduce the number of system calls in a big monolithic kernel. I think it might lead to a complex system call interface with system calls that perform multiple (possibly unrelated) functions. This is already reality, for example with the ioctl system call in Linux that is used for lots of very different tasks.

                                                                              1. 3

                                                                                RISC no longer has anything to do with a reduced instruction count, but instead reduced instruction complexity.

                                                                                1. 1

                                                                                  Somewhat relevant to the orthogonality of instruction count/complexity: https://alastairreid.github.io/papers/sve-ieee-micro-2017.pdf

                                                                              1. 1

                                                                                The built-in PEG parser is neat, but for such simple parsing tasks, a regular expression seems to be easier to write to me.

                                                                                I’m also wondering: Why is (import sh) necessary? Isn’t it implied that you want the shell functions by running janetsh?

                                                                                1. 1

                                                                                  The built-in PEG parser is neat, but for such simple parsing tasks, a regular expression seems to be easier to write to me.

                                                                                  When the parsing task get’s more complicated I think the PEG module will scale better. This post is just an educational demonstration intended to be understandable.

                                                                                  I’m also wondering: Why is (import sh) necessary? Isn’t it implied that you want the shell functions by running janetsh?

                                                                                  I agree, I may fix this in the future. It is just an implementation detail/limitation currently.

                                                                                  1. 1

                                                                                    When the parsing task get’s more complicated I think the PEG module will scale better. This post is just an educational demonstration intended to be understandable.

                                                                                    Yeah, alright. I was mostly writing that because Janet doesn’t appear to support regex (yet?) and I’m wondering whether that’s an intentional omission to make people use PEG.

                                                                                    1. 1

                                                                                      We were discussing adding regex via a non core but possibly official library.

                                                                                      Actually in janetsh you could also pipe the output of ls-remote to grep too.