The divide between the “continuous deployment” world and the embedded Linux “LTS” world is interesting. Would be amazing if some company decides to merge these worlds and make, say, a phone that updates to a new nightly kernel build every day. Purism could do this :)

even the $35 Raspberry Pi doesn’t need a particularly light OS

Well, it won’t run a heavy DE for sure. Never underestimate how much A53 cores suck. (And the RAM on the RPi specifically.)

But yeah, OS distributions optimized for tiny disk and RAM footprint are not very relevant.

(cross-posting my hn comment)

As a non-commercial user, I’m okay with using stuff that’s for non-commercial use only.

The problem is when I want to, say, copy a few functions into my own project which I’m publishing under completely unrestricted terms (say, Unlicense). Or use as a dependency, etc.

So, I’d say it’s okay-ish for “product-like” stuff, for user-facing applications. But please NEVER publish libraries everyone depends upon under these terms.

That’s a heavy loading solution for… the dubious benefit of being html at the top level just for html’s sake?

I just use ES Modules with lit-element. They’re natively supported, there’s no need for anything (apart from fixing paths when serving of course)

WARNING! YOU CAN TURN YOUR VERY EXPENSIVE CPU INTO SCRAP METAL IF YOU START MESSING WITH CPU OVERCLOCKING. OVERCLOCKING MEMORY VIA XMP IS RELATIVELY SAFE, BUT OVERCLOCKING A THREADRIPPER’s CORE CPU FREQUENCY CAN BE DANGEROUS AS HELL!

Keep calm :)

It’s not that easy to kill a CPU. Sure, if you let a literal monkey press random keys in the firmware setup, it might set Vcore to 2.0V and fry the cores (watch this video to see what happens — without the monkey of course :D) but if a person with a brain in their head operates the “bios”, they’re unlikely to unintentionally kill it — it’s not the 90s anymore, everything has safety protections all over the place. (Well, some vendors manage to screw some of it up, but still.)

XMP, by the way, is eXtremely Useless. XMP is a way of storing “profiles” on the DIMMs… and all the information these profiles have is something like “3200 14-14-14-24”. So, only primary timings. The secondary timings are left at “auto”. All boards are absolute trash at figuring out timings. Ryzen DRAM Calculator is much much better.

At full load after ~15minutes I read around 55C on the VRM heatsink, 32C for the memory on the ingress side of the fans, and 55C for the memory on the egress side. ACPI shows the cpu at 52C. For me, being a dedicated overclocker, those temps are ok but I don’t think I would want to O.C. the CPU much (if at all).

This is practically ice cold for a VRM at full load. I guess he must have one of the new TR4 boards.

Syncthing does not work in a FreeBSD Jails virtualization

I’ve been running it in a jail for over a year, never heard of any problems o_0 All other instances connect to it just fine. Did you set up port forwarding properly? It needs tcp:22000 by default (you can specify any port when adding a device)

I really, really want to like Nim but there are just too many oddities for me to seriously dig in. The biggest one is probably the story for writing tests: given its import and visibility rules, it’s really awkward to test functions that aren’t explicitly exported. The official position is, “don’t test those functions,” which I find somewhat naive.

The standard library is a bit unwieldy, but maybe it’s just a maturity issue. For instance, the “futures”-like system for threads, processes and coroutine style processing are all incompatible. What?

Finally, (and maybe this is just taste), but there’s heavy use of macros everywhere. The nim web server (jester), for instance, is heavily macro-ized which means error messages are odd and pretty severely affects composability.

“A patch should arrive soon to flush the L1 cache before vmenter”

The default in separation kernels from early 2000’s was partitioning and/or flushing caches since shared resources could be covert channels. There’s now covert channels being found in the shared resources. The patch will flush L1 cache. Why not flush them all just in case more attacks are found? Are there not instructions to do that for L2 or L3?

https://unrelenting.technology more microblog than blog — I write long form articles with actual titles almost never :D

The user has to manually verify the checksum, and figure out how to do it on a phone, no less. A checksum isn’t a signature, by the way - if your government- or workplace- or abusive-spouse-installed certificate authority gets in the way they can replace the APK and its checksum with whatever they want. The app has to update itself, using a similarly insecure mechanism.

I don’t think that’s how app updates work on Android??

I’m pretty sure it’s TOFU. CAs are not involved. You install an APK from somewhere, Android remembers the key that signed it. You get an APK that updates an app you already have, Android checks if it’s signed by the same key.

I don’t understand how/if webmentions are significantly different from the pingbacks everbody used to have on their WordPress blog (because I think they were enabled by default?) and then promptly disabled because of too much spam.

I dislike CloudFlare because they’re making the internet more centralized (the more small websites use them as a proxy, the less direct connections to small websites are made) and because of some infamous abuse handling incidents, but I would trust them 100000% more than my local ISP.

The local ISP knows where I live, the local ISP has to comply with local laws, the local ISP has monitoring installed by the local equivalent of the NSA. The local ISP didn’t even promise any privacy at all, which is worse than CloudFlare’s privacy policy for this resolver.

Hm. Azure was available there, even though Microsoft is also a US company?? How?

With JavaScript it seems the simpler the programming model gets, the more complex the build system and tooling becomes

No! We’re actually pretty close to not needing any build process!

The only thing browsers can’t do is resolve package-based import paths. (And I have a small on-the-fly rewriter for that.) Other than that, the only reason you “need” to have a bundler that calls babel which calls plugins and so on is backwards compatibility.

(Oh, also another reason is JSX. Consider lit-html/LitElement instead of JSX based… stuff!)

If you don’t have to support ancient browsers, you SHOULD ship raw ES6 with async/await directly to browsers without any compilation steps.

A better test bed. Although my work focus on developing programs on Linux, I will try to compile and run applications on OpenBSD if it is possible.

I feel like the lack of valgrind does hurt OpenBSD as a testbed. I know there’s malloc.conf(5), but that doesn’t seem to help much in the case of, say, out of bounds access of a stack-allocated variable.

a) Patches. Although most of them are trivial modifications, they are still my contributions.

Don’t claim it’s just trivialities. The small things and adding polish is what really makes OpenBSD stand out (or any software project, really), and every “trivial” modification helps.

aws kms create-key

I think that costs a little bit of money? IIRC I saw a dollar or so from KMS on my bill… Damn Bezos :D

Anyway, fetching from a service that always reveals the secrets to your machine is not that different from a local file on that machine. It’s good against random people trying disk recovery on a volume (though that’s not a problem on EC2, they do wipe all data) and accidental backups/snapshots (“your VM is cast into an AMI” as you mentioned), but fundamentally it’s still secrets-on-your-machine.

I think it might be reasonable for these services to support additional protection — not just based on secrets, but also, say, IP address whitelisting. So that if someone gets your secrets from an AMI you accidentally included secrets into and made public, they couldn’t access your accounts because they’re not accessing from your machines.

I’m interested in the pretty impressive performance delta – I wouldn’tve thought that Zen could outperform Broadwell quite so handily!

“ in a world where I can rent a machine that tries billions of MD5 calls per second.” wouldnt the test for a successful hash operation involve using the hash to decrypt the data on each try? This would make MD5 cracking prohibitively expensive.

This is really a non-issue as far as I’m concerned.

Browsers (either standalone or with plugins) let users turn off images, turn off Javascript, override or ignore stylesheets, block web fonts, block video/flash, and block advertisements and tracking. Users can opt-out of almost any part of the web if it bothers them.

On top of that, nobody’s twisting anybody’s arm to visit “heavy” sites like CNN. If CNN loads too much crap, visit a lighter site. They probably won’t be as biased as CNN, either.

Nobody pays attention to these rants because at the end of the day they’re just some random people stating their arbitrary opinions. Rewind 10 or 15 or 20 years and Flash was killing the web, or Javascript, or CSS, or the img tag, or table based layouts, or whatever.

Huh. I’d been wondering why GNOME crashing tended to exit the whole session in beginning in Ubuntu 17.10(ish); now I know. Is this true for all Wayland-backed desktops?