-
This really should have the tongue in cheek tag :~P
Which is why I posted it to misc@ and not tech@ :~)
-
Even if the contributor appears to have added it as a joke how can anyone claim knowledge of what OS the NSA runs internally? I wouldn’t imagine that information is declassified or known, unless it came out in some leak (did it? What Operating Systems DO they run?)
If there is a MAC prefix registered to them why not support it? If they’re on an air-gapped network and there’s no risk of leakage, why not have their systems correctly identify themselves? Why presume that OS known to be the worlds most secure isn’t run internally by the agency known to be as equally paranoid towards security as the OpenBSD team? Is there some rule that everyone except governments can run */OpenBSD?
It seems unless you have knowledge otherwise, tagging it as satire might be misinforming people.
-
-
The patch was to set the first three octets of a random lladdr to 00:20:91 which is the organizationally unique identifier for J125, National Security Agency.
The lladdr option for ifconfig(8) allows the user to set a mac address for a device - rather than use the devices mac address. This is particularly useful when you buy a batch of cheap usb ethernet adaptors and discover they all have same mac address…
This patch was in response to Ryan McBride’s tweet asking for the feature - I do not believe this is a valid useful contribution to OpenBSD’s ifconfig function, hence I posted it to misc@ - but I’m looking forward to playing with it in suitably paranoid locations.
-
Well this has led me down a fun little rabbit hole of trying to learn about MAC addresses and how they’re assigned or programmed into NIC’s. I can’t seem to find a definitive answer. Some sources say the manufacturer programs them in, yet some say that they sometimes do. More a general question than one directed to you specifically, fcbsd, but I’m curious to know more about how exactly this works if anyone wouldn’t mind jumping in. It seems feasible either way–I’d imagine even no MAC (prefix/suffix/any part or whole) could be programmed into the card, and instead it be handled entirely by the Operating System on the layer of, say, a driver. If the kernel were told to expect or recognized the presence of a D-Link adapter, for example, it could look up the appropriate MAC prefix in a table, generate a random suffix, query the network to see if it was valid, and assign it if so, (or query the network, store all addresses, and generate a valid based on randomization and exclusion). So several ways it could conceivably be implemented. And maybe it is implemented in different ways by different Operating Systems–I have no idea. Does anyone here? Searching sometimes isn’t the fastest way to find answers to the more interesting questions.
I’m also curious as to what OS’s are run internally at the NSA. In Snowden’s public statements he advertizes support for Tails. I wonder: is he saying that for the general public, or is that because the NSA uses Linux heavily?
-
-
I’m certain this cannot be the case, but for a long time I kinda figured that there was a dedicated chip on the NICs that held the MAC address, and that somewhere there was a factory that made those and that vendors would just buy them.
So, like, you’d pick up a big plastic box of like 10,000 MAC addresses.
-
-
I’m not surprised that the interwebs didn’t give a definitive answer - it was often tied to the manufacturer of the hardware. For example, old Sun boxes used to assign the MAC address to the machine not the NIC. The configuration was stored in EEPROM or NVRAM and could be changed by OpenPROM.
MAC addresses are part of the LAN standards - so they are for identifying a machine on a local network - not across networks. When the standards were being written I don’t think the standards committee had envisioned a world where people would carry multiple connected computers (watch, phone, tablet, laptop). Having said that the model has stood the test of time as MAC addresses are not a scarce resource, unlike IPv4 addresses.
-
-
-
-
-
-
Great writeup. Whoever took the time to put this all together did the FreeBSD and Open Source community a great service. Even if you don’t run a particular project’s software you can still learn from their mistakes. Other people’s mistakes are my favorite mistakes to learn from.
It looks like that David fellow he linked to has been fairly persistent in trying to get anyone he can to pay attention the those decades-old portsnap, pmirror, and freebsd-update remotely exploitable vulnerabilities [https://lists.freebsd.org/pipermail/freebsd-hackers/2016-March/049254.html]. It’s really surprising that the FreeBSD Foundation doesn’t fund the patching of these sorts of things. Someone should send David an email and preach the Good News about OpenBSD to him.
I bet if he saw this write-up he’d be grateful to the author for raising these issues and linking to his thread.
-
Web software and the “web platform” is the antithesis of portability, security, freedom, performance, robustness and good software in general.
I don’t know if that’s technical enough.
-
I’ll go one further: the web has set back the practice of programming at least 25 years, probably more. It promotes speed over contemplation, which means we ignore the history of the discipline and repeat mistakes far too quickly. Hell, we don’t even know they’re mistakes.
-
As an extension of this: all browsers are absolutely beyond horrible.
Why does a document viewer require more code (despite using more concise languages) than an entire operating system? Why does it take orders of magnitude longer to compile one web browser than it does to compile every single other piece of software on my computer? Why do browser vendors spend all their time implementing features whose sole purpose is for webdevs to make their pages obnoxious as hell? Don’t forget all the security holes!
The best recent example of garbage nobody cares about I can think of at the moment is allowing .everythingunderthesun domains. Can’t wait for there to be 400 million clones of my bank’s website, which my browser will helpfully never warn me about. Even something like the following would be useful:
+-----------------------------------+ | This webpage is probably terrible | | | | Nobody in the world has made a | | website worth visiting using | | a .botanicalgarden.museum TLD. | +-----------------------------------+-
Strongly agreed. Regardless of which browser I try to use, they’re consistently bug-ridden and crash-prone, bog down after running for a while, suck up unbelievable amounts of RAM (which they then proceed to leak all over the place like the proverbial sieve), and do utterly idiotic things with their UIs. Remind me why we want this as our application-delivery platform of choice? (Oh right, because the damned things are everywhere.) Sigh.
(And incidentally, while I agree with you on the recent TLD population explosion, .museum, perhaps somewhat oddly, has actually been around since the early days.)
-
-
I agree that it causes a lot of problems, but it solves many too. You are wrong about portability, I can open Gmail on Windows, Mac OS X, and Linux and it looks exactly the same. Run Thunderbird on all of those platforms, and it’s completely different.
Also, data portability. If I were to run Thunderbird on 3x machines, I’d have all the data cloned and it would be syncing to the internet anyway.
-
You are wrong about portability
How many million lines of code is your browser and all its deps, plus the compiler and other infrastructure needed to actually compile and run it? And how much pressure does it put on your OS, as far as system calls, library functions and other features (including nitty gritty implementation details) go? How far does it go about assuming commodity hardware and being a pain on everything else?
You can call it portable if your definition of portability is that – over the decades – the code has already been ported to some specific systems. Along that line of arguing, you’d also have to declare every other system irrelevant. That declaration however doesn’t make it a single bit easier to port that 50Msloc stack of software to other systems.
For me, portability is something that involves taking source code and porting it to a system it doesn’t run on yet. I don’t really want to be the guy who ports (and maintains a port of) a modern browser along with all the other stuff it requires, on some non-mainstream system. It’s too much.
Oh yeah, you also have to declare older computers (including mine, even though it’s only four to five years old) irrelevant. I can open Gmail on my little netbook and soon enough it’ll either crash the browser or just swap so much I wish I never did that.
-
-
-
-
-
-
-
Playing around with elance to see if I can cheaply and successfully outsource any of the projects on my TODO list that I haven’t been able to get to in a while. I’ve had mixed results with elance in the past so I’m not quite sure what to expect.
-
At work, I’m adding per process resource tracking (CPU, memory, disk, network) for all of our application’s processes to our internal logging/recording infrastructure.
For fun, I’m writing/wrote a markov text generator to practice coding in Common Lisp. It’s just about done, so I’ll probably start on another small CL project later in the week.
-
Very cool. Resource tracking is one thing I need to work on too. My goal is to implement a sort of “adaptive scaling” feature in a resource heavy application I’m working on (back-end data processing). I’d like to be able to dynamically scale the number of threads in the application based on resource availability. Not only would it be a cool feature to add, but it would allow me to deploy my project in different environments without having to tune them individually to each system’s unique capacity.
-
-
WM is a project for the Windows environment that allows you to move windows using alt+left-mouse-button, and resize them using alt+right-mouse-button. It’s definitely not as feature-full as Hydra, but it’s something I’ve found handy.
http://www.codeproject.com/Articles/2706/X-Window-Manager-like-dragging-and-resizing-of-win
-
metatron
4 years ago
|
link
| on:
N.I.H. Seeks $4.5 Billion to Try to Crack the Code of How Brains Function
Details on the Brain Initiative (what they’re focusing on, how much money they’re allocating, and who will be receiving the funding) can be found here: http://www.whitehouse.gov/share/brain-initiative.
-
tl;dr: favor cosine, jaccard/tanimoto, or pearson over euclidean
-
when uml comes up in discussions, i find i am one of the few people to have used it at all (years ago now). and i never used it at this level of detail. does anyone here still use uml? in what context? one of the authors (odell) is a “father' of uml so i guess that explains the continued interest.
i wonder if some of the ideas about describing behaviours could usefully be applied to describing programming execution in parallel by default languages. or maybe that’s where these ideas first came from.
-
I do, though not as much as I’d like to. There seems to be a lack of adequate tooling to efficiently integrate it into any development workflow. Years ago when I was in school we used a package called Rhapsody for a software design class to experience design-driven development. It allows you to sketch out state diagrams, object models, sequence diagrams, etc, and generate code templates based off of them. IIRC it was also an IDE. It was INCREDIBLY useful for managing large projects, and the reverse engineering tools (code -> UML) made picking up any large code-base an absolute breeze. I truly miss working with it. I’ve looked around for similar packages for the BSD environment but haven’t had much success. If you know of any projects please let me know!
Nowadays I mainly use UML when I start a new project, before I begin coding. I like to build a general idea of the programs structure and flow using state charts and class diagrams. For me, for any reasonably complex program state diagrams are an absolute must.
-
-
to be fair that’s not the uk’s ivy league; that would be oxbridge.
does it work? i’m using firefox on linux and i’ve disabled all blockers and i still don’t hear anything. many “players” seem to disappear completely. none seem to produce sound.
-
Thanks for the clarification.
It should work, though roughly a third of the streams are down (all of the Ivy League streams are up, aside from Cornell’s). In terms of FF compatibility, they’re not working for me either (FreeBSD). I’m not sure why. Chrome, Opera, and IE load them just fine.
-
-
This has been a pretty sweet resource for me, especially now that Turntable.fm no longer helps me find new indie music.
Dartmouth’s station is always just playing top 40 though. Not sure where you’re seeing the effort there! Yale and Harvard have been the best streams for me personally so far.
-
Hey! Thanks for the positive feedback! I’m glad someone other than me thinks it’s cool. I just put up the Russell Group Radio Network at http://www.russellgroupradio.net. The Russell Group is the UK’s equivalent of the Ivy League. I also linked the sites together so you can jump back and forth between them if you like. I was going to wait to post the RGRN until I’d listened to the stations more and had built a small list of universities I could recommend, but since we’re off in a little corner here and no one else will probably find this I’ll share it with you now. I hope you like it!
-
-
[Comment removed by author]
-
I suppose it depends on what they’re doing, doesn’t it? Getting the wrong answer sometimes can be worse than not delivering the feature, or vice versa, depending on the situation.
My preference, though, given a mediocre team of programmers, would be to improve their skill level until they’re not mediocre any more.
-
“My preference, though, given a mediocre team of programmers, would be to improve their skill level until they’re not mediocre any more.”
In some cases this is certainly a good solution, I agree. Another alternative though is: given a mediocre team of programmers, fire them all and hire a team who can get the job done well.
The reality at most smaller companies and startups is that the luxury of investing time (money) into turning mediocre developers into high performers does not exist. There is no “training” budget.
I, myself, only hire developers who can get the job done, and can get the job done quickly. I’m on a tight budget and a tight schedule.
-
-
OpenBSD has a well deserved reputation for security of the base system. However, Firefox’s sandbox doesn’t have any support for sandboxing on OpenBSD, as far as I’m aware, neither does Chromium. This seems like it makes OpenBSD a pretty bad choice if your goal is a secure desktop environment.
[Comment removed by author]
I didn’t realize that OpenBSD maintained patches to add pledge support, that does indeed improve the situation substantially.
NetBSD does have W^X and once 8.0 is released, it will be a default. However, it doesn’t work for firefox.
It lacks custom sandboxing from firefox, but security-conscious people run firefox as another user in a chroot and use Xnest/Xephyr.
It would be nice to find a “security-first”-minded OS that would go so far as to take responsibility for an included fully-featured web browser.
I dream of the day a ports inclusion criteria is to meet some reasonable security auditing standard.
I wonder if there is a way to “translate” seccomp into pledge…