1. 5

    This was a fantastic article, comparing and explaining the differences between approaches and how they impact performance.

    We should have more of these, knowing what is slow and why is so useful.

    1.  

      Indeed this was great. I’ve been struggling with our compile times in C++ lately, our full project takes about 30 minutes on my threadripper machine. We hardly use the stl, but it’s still getting included in a few places for what amounts to < 40 LOC

      1.  

        We’ve had our own issues with C++ compile times. We don’t have any C++ projects ourselves which take more than a few seconds to compile, but Chromium takes over 7 hours.

        1.  

          Yeah, I tried building llvm/clang a few weeks back and gave up when I had to stop the build 2 hours in to go to bed, never bothered to try again…

          1.  

            Chromium is about as big as all of the BSDs combined. The compile times are unfortunate, but not surprising.

            1. 8

              Chromium is about as big as all of the BSDs combined.

              Years ago, I remember we were talking about browser sizes and someone pointed out that the latest Chrome/Firefox/something download was 40MB.

              “That’s the size of a small operating system!” said one of my coworkers.

              “No,” said the grizzled elder in the room, “that’s the size of a large operating system.”

              1.  

                For some perspective, kernel (recent Linux) + userspace together are around 6 megabytes on the project I’m on at work. There’s also a few hundred KiB of bootloader (ugh, how did they get so nasty).

                1.  

                  And Solo OS was about 2,900 lines of code if just counting OS parts.

              2.  

                It’s true but meta-heavy programs in Scheme compile super-fast. That’s because the language’s design facilitates fast compiles while C++’s design hampers them. The D language showed a better design could speed up compiles without going to Scheme/CL.

                1.  

                  That doesn’t mean we should just shrug and accept it. :/

          1.  

            Great work! I was hoping someone tried to apply formal methods to Noise.

            1.  

              Thanks, Nick! You can read more about the plan for Noise Explorer here: https://moderncrypto.org/mail-archive/noise/2019/001978.html

              1.  

                I like most of that. Especially focusing on the Wireguard algorithms. One concern.

                I avoided GC-based languages in the past due to covert channels being harder to mitigate. How did you address constant-time programming for Go? Just turn off the GC with an inspection of assembly after?

            1. 9

              Ok because it isn’t documented anywhere (which is crazy) the process is:

              raw = scrypt(master pw + domain + username)

              index alphabet with bytes of raw to get random chars

              also if you use “required” characters, it looks like they’ll all be at the front of the password, which if true is a bug.

              Where is the security design doc?!

              Also it encrypts with CBC+HMAC with scrypt(master) for the keys for AEAD. “Without storing them anywhere” == in JS localStorage?

              1.  

                also if you use “required” characters, it looks like they’ll all be at the front of the password, which if true is a bug.

                Doesn’t sounds like a bug to me. If H(x) is secure, so is y + H(x).

                1.  

                  The password space is much smaller if the required characters can only be permuted at the beginning of the password. If they’re allowed to be permuted anywhere in the generated string, there are many more possible passwords. It’s not necessarily problematically small, but it’s weird to reduce the pw space so much unnecessarily.

                  Is H(x) a hash? That sentence doesn’t represent what the code is doing.

                  1.  

                    If H(x) has a more than big enough password space, trying to permute the required characters anywhere in H(x) is unneeded complexity for a few extra bits of security.

                    For what it’s worth, many time simplicity means better security, and in this case if you really want extra password space, just make H(x) better with proven cryptographic functions, don’t waste complexity on homemade algorithm that permute a bunch of characters in the password.

                    1.  

                      I guess it’s an implementation question. In my mind, my suggested version is simpler/less complex - but that’s me.

                    2.  

                      I don’t see the issue unless your password length is very limited.

                  2.  

                    “raw = scrypt(master pw + domain + username)”

                    Although not a cryptographer, I always liked indirection between secrets and public stuff. I’d rather them do something to the password before it’s combined with domain and username. Maybe something with them, too.

                    1.  

                      That’s what scrypt does. Take the secrets and public stuff, salt them, and hash it into something that’s difficult to find the preïmage for.

                      1.  

                        I know what it does. What Im talking about is an operation on the secret first. Then, that is combined with public data in another operation.

                      2.  

                        Same (regarding qualifications) but it’s historically not a terrible idea. e.g. If you’re in a context where secrets are compressed next to public values, the compression ratio can leak secrets. But it’s also important to keep things simple, so I guess it depends on context.

                    1. 7

                      I strongly agree with this. I tend to be quite hardcore when it comes to my own use of FOSS (e.g. I’m running a “Respects Your Freedom” certified laptop), but liberal when it comes to others, since it’s better to have encourage someone to try LibreOffice and let me know how they find it, rather than fail to convince them to switch their whole OS and give up a bunch of functionality they’re used to.

                      As an undergraduate I was going to set up a LUG (since there wasn’t one at that Uni), but decided to call it a “Free Software” group instead, because I didn’t want to be exclusively about Linux: most members did run Linux, but we’d also help people with Firefox, OpenOffice, GIMP, etc. on Windows and OSX. Plus I’ve always liked playing with alternative OSes like Haiku, ReactOS, etc. Basically, if it involved FOSS then it was ‘officially’ fair game; and ‘unofficially’ we had no problem if someone just-so-happened to also help someone fix Word or whatever ‘on their own time’ ;)

                      It seems like most other “Free Software” user groups are the opposite: lots of lamenting about how few people use FOSS, whilst being very inward-looking and mostly discussing how to make themselves more extreme (e.g. with BIOS replacements) rather than gently introducing outsiders (e.g. Firefox over IE/Edge). I certainly appreciate the technical content at such groups, but focusing on extremism isn’t a way to attract users; especially since these groups tend to break off from LUGs for being not extreme enough, so this isolation is largely self-imposed :(

                      1.  

                        “rather than gently introducing outsiders (e.g. Firefox over IE/Edge). I certainly appreciate the technical content at such groups, but focusing on extremism isn’t a way to attract users;”

                        Exactly. I’ve had luck with a combination of simplifying the political intent, mentioning it as opt-in, and highlighting the non-political benefits of FOSS tech. That’s anecdotally worked on a lot of people for tech that does things they already are interested in. Anything involving network effects, like Signal, is still hard for me to get adoption on. Here’s an example of what sometimes works off top of my head:

                        “Have you considered trying another browser? There’s only a few these days. Two of the main three are by companies that like spying on folks and selling what they know to snoops like advertisers, cops, or who knows who. Firefox is the only one not doing that. They do sell to advertisers but it’s just the stuff you type into in search that Google already knows about you. If you want to block that, they let you use private search like DuckDuckGo. No tricks. Firefox works fast enough for what you do, too. I think we can also import your bookmarks or favorites. You want to try it out?”

                        Got quite a few on Firefox that way.

                      1.  

                        “So am I advocating that we should we promote non-free software when it would solve the user’s problem? No! I agree with RMS that we should avoid such ruinous compromises.”

                        Change software to hardware and most of them jump right on board cuz they want that performance/watts/price ratio.

                        1.  

                          The open-source hardware ecosystem is genuinely less matuere and therefore useful for people, FOSS-enthusiasts and normies alike. I agree that it’s a compromise to run a free OS on a proprietary motherboard and CPU, just as it is to run free software on a proprietary OS. But it’s much easier for enthusiasts to write their own FOSS software than it is for them to fab their own FOSS hardware, which is why Linux exists but an open-source thinkpad equivalent doesn’t.

                        1. 0

                          I avoid the Facebook usage by exclusively using it on my phone, but only in the web browser where the UI sucks and you can’t use “messenger”. End up spending less than 10 minutes a week on the thing

                          1.  

                            So why have it at all?

                            1.  

                              My (formerly) local game store in another town has a page all the events are organised on.

                              1.  

                                For me, I’ll have to go back because some family exclusively do important stuff on it. I think a scrapper might be a nice compromise where I can read what’s on FB but reply in a more personal way with less spying and manipulation. :)

                                1.  

                                  Did you mean scraper? How would you implement this? As a browser extension?

                                  1.  

                                    I have no idea. I used to do it with standalone apps. That it’s a web application means that strat won’t work. Browser extension sounds like a good start.

                                    I know one company had a browser extension encrypting everything people put on Facebook in a way where it was plaintext for them. If that could work, then Im pretty sure a browser extension could do smaller job of handling HTML. Idk about images and video.

                                    1.  

                                      Encrypting everything on Facebook would be so cool, leaving only metadata for Facebook to harvest. Tricky, I’m sure, with JS capturing keystrokes, but cool.

                                      1.  

                                        Yeah, it was a neat product. It worked seemlessly at least in the demo. You know how that goes haha. I couldn’t find them when I tried looking them up a year or two ago. I guess hardly anyone bought the product. Add it to the list of such things in the privacy space. Oh well.

                              2.  

                                I took the opposite tack: I do not use FB at all on my phone so I only use it when I’m on my laptop at home, at most a couple of times per day for a few minutes.

                                1.  

                                  I use it like that too, and is the only thing I use Chrome for on my phone, because the UI is better than in other browsers. I only use it for a chat with a couple of friends, and only because two of them do use facebook and we coulnd’t agree on another chat software.

                                1. 5

                                  I was a bit disappointed that there wasn’t a final evolution punchline waiting at the bottom in the form of an obvious and elegant solution.

                                  1.  

                                    It was an elegant solution to the job security program. Good luck hiring another person who (a) knows Rust and (b) can maintain that pile of code.

                                    1.  

                                      Could you expand? How is Rust viewed in the security community, both as a target for attacks and as a language to possibly write safer programs?

                                      1.  

                                        It was a joke about how some people build overly-complex code on purpose to make the worker a necessity the company can’t get rid of. The Rust code toward the end could be examples.

                                        Far as security community, I cant say given Im not in mainstream, security community. I know a few here like that it prevents more code injections by default. I know security and non-security folks like the no-GC safety if they can stand the borrow-checker. Far as high-assurance systems, I’m against it other than for prototyping because C and Ada/SPARK have more tools to find/prevent errors with a certifying compiler for C. Plus, safety-critical folks might use them.

                                        Now, there’s another group among C developers that believe stopping errors is the programmer’s responsibility, that C is adequate for such people to write error-free code, optionally that its syntax/semantics are better than others, and compiler-to-binary isnt an issue (except Karger/Thompson Attack). Some people in this crowd will use some tooling, esp sanitizers. You can’t get them to switch to a safer language or use high-assurance methods due to their ideological beliefs about programming.

                                        So, I try to figure out which Im talking to fast so I dont waste our time on stuff they’ll ignore. I try to give each group what might help them, though, among methods they might want to use.

                                    2.  

                                      The good answer were hidden in the middle. “Junior Rust Programmer” and “Functional Rust Programmer”. The error pattern in “Senior Rust Programmer” is a good read too, but obviously tad complected for such a small thing.

                                      1.  

                                        I think the first one was supposed to be the right one. I don’t really read Rust, but the first one was the only one I could mostly understand.

                                      1.  

                                        This is a good example of why high-assurance security mandates proving equivalence of specs, source, and object code. The proof would fail. Equivalence testing might, too, but more uncertainty in that.

                                        1. 19

                                          Urbit’s innovations have stood in the dark shadow of moldbug’s neofeudalist writings. Every time Urbit comes up in conversations among crypto people here in Berlin, someone in the group says “but have you looked at what Curtis wants the world to look like?” and then the subject changes.

                                          I think it’s good for the project that people can say “yeah but he’s gone now, what do you think about the ___ mechanism?” since there are some interesting ideas to examine in there. They built everything from scratch. A VM, a language, a filesystem, etc etc etc…

                                          But still, this is kind of like if Terry had stepped away from TempleOS.

                                          1. 7

                                            The whole concept as I understand it seems pretty interesting, but come on - the entire ecosystem of Urbit is still absurd. Hoon, the weird new pronunciation scheme you have to learn, the obtuse naming schemes…

                                            1. 3

                                              I found the weird names annoying as well, but Curtis does come up with a valid reason for this, in that everything gets rewritten and refactored multiple times, so “…it lets the hard problem of naming get solved later, and hence better.” As the system gets more mature, and actually usable, it would be nice if they came up with some meaningful names for the bigger components (e.g. rename Ford to Build System). He also admits his biggest mistake was assigning 1 to false and 0 to true. I’m sure this was a result of his habitual contrariness.

                                              1. 4

                                                I’m sure this was a result of his habitual contrariness.

                                                Or perhaps cognitive contamination from /bin/sh.

                                            2. 10

                                              Every time Urbit comes up in conversations among crypto people here in Berlin, someone in the group says “but have you looked at what Curtis wants the world to look like?” and then the subject changes.

                                              And I find this quite baffling. It’s deeply disappointing that people whom I respect default to this gossip-driven analysis instead, that a project as ambitious and worthy as Urbit gets buried in “foogate” style rumors.

                                              Urbit is fascinating. It is the only project I know of designed to address distributed problems (viz. community moderation, censorship, identity, ownership) from an incentive-based approach instead of the typical GNU-style “sheer will and religion” approach.

                                              1. 34

                                                Since Curtis apparently wants the world to be in a certain manner and more or less spun up his own world in Urbit, maybe it’s prudent to consider what Curtis’ opinions on things are before adopting the project that likely embodies them?

                                                I’m not sure myself, but in a project like this, it may be hard to meaningfully separate creator and creation - even after the creator left (as the fundamental architecture is still shaped in his image).

                                                1. 5

                                                  I think the new primer https://urbit.org/primer/ makes a good case that there is nothing actually feudal about Urbit in practical terms. Once you own a planet, the personal level of Urbit entity, you are free to have its traffic routed by any star, the network routing level, that will accept you. This could be a problem it Facebook or some government buys up every star in the system, which is unlikely for the foreseeable future.

                                                  1. 6

                                                    Once you own a planet

                                                    Of which there will be - by design (“Any reputation system needs scarcity of identity.”) - fewer than there are people on this planet right now (4 billion in total). Given how these systems work, it will be interesting to reclaim “lost” ones, reducing supply even further over time.

                                                    Will everybody else be a sharecropper? Or will they have to spin up their own network?

                                                    Now these identities can be subpartitioned (“moons”, again 2^32, and they’re bound to their “planet”), but if global network size doesn’t matter, why setup such limits in the first place? This isn’t the 1970’s anymore (as they correctly state in their marketing material).

                                                    This could be a problem it Facebook or some government buys up every star in the system

                                                    They merely need to control the galaxies: “The galaxies form a senate which updates the logic of the Ethereum land registry by majority vote”. The platform doesn’t seem to design elections for this “senate” into the platform.

                                                    “Tlon remains the guardian of the urbit.org galaxies. We have always wanted the address space to be widely distributed.” - address space, yes. But Tlon owns the right to repartition the entire platform as they “bought back” galaxies. Even if you “own” a planet, that’s only one of Tlon’s decisions away from not being yours anymore.

                                                    Since control over your data is bound to a planet, which is contingent of (at some point) a galaxy “sponsoring” you, and they can make up all the rules, it looks like just the same kind of sharecropping to me as any of the big vendor-lock platforms that make up the modern internet. Just with more obscure ownership.

                                                    1. 5

                                                      and they can make up all the rules

                                                      This is just dishonest. The “rules” are voted on by a senate, the same way the rules of the internet are voted on by the IEEE currently.

                                                      Tlon owns the right to repartition the entire platform as they “bought back” galaxies. Even if you “own” a planet, that’s only one of Tlon’s decisions away from not being yours anymore.

                                                      False. Owning Urbit addresses is like owning a bitcoin wallet. Tlon can’t take it away from you any more than Satoshi can.

                                                      (edit:)

                                                      if global network size doesn’t matter, why setup such limits in the first place?

                                                      Global network size does matter, as you quoted, “Any reputation system needs scarcity of identity.” It seems to me like you are giving Urbit a bad-faith reading. If you try a good-faith reading, try the “principle of charity”, you might find that you agree with Urbit more than you realize.

                                                      1. 3

                                                        The “rules” are voted on by a senate

                                                        Who or what makes up the senate? I quoted the part of their marketing material already and to me it looks like absolute rule by whoever controls a majority of galaxy nodes, so 129 hosts. The rules they vote on make up the “land registry”, from which, apparently, everything else is derived.

                                                        “Any reputation system needs scarcity of identity”

                                                        Yes, I quoted that.

                                                        But how is a reputation system relevant to what you can or cannot do to your append-only data log? I prefer scuttlebutts solution to approximately the same problem: you keep your log, I keep my log, and if I decide to trust you, I also look at your log (and parse the bits you decide to share with me by giving me the keys).

                                                        No need for reputation except the reputation that already exists in the real world, that makes me decide whether to trust you.

                                                        [edit to add: the Urbit folks claim elsewhere that galaxies and stars are entirely meaningless, but since they’ve been made part of the fabric that makes up the platform, by having them spawn each other and planets, they can’t be that meaningless. Otherwise, why add them in the first place?]

                                                        1. 3

                                                          Who or what makes up the senate?

                                                          Galaxy owners. See the bottom of https://urbit.org/primer for the distribution. I don’t think anyone really knows exactly how this will work yet, the owners are pretty well distributed with nobody owning 51% of the address space.

                                                          But how is a reputation system relevant to what you can or cannot do to your append-only data log?

                                                          It’s not. A reputation system is relevant to how valuable my Urbit is. If I start spamming people with my planet, then the star that is my supervisor can stop sending me packets. I could move to another star, but if my reputation gets bad enough, nobody will want to send/receive my packets, and my Urbit will become worthless, I wouldn’t even be able to resell it. This is not the case with e.g. email addresses, which spammers can create ad infinitum. That is the only reason for the scarcity of addresses.

                                                          Re: the append log, only I can write to that, no different than scuttlebutt.

                                                          Also, nobody claimed galaxies and stars are meaningless; they are network infrastructure responsible for routing packets. They are arbitrary in that a planet doesn’t really care which star it’s getting packets from, just like you don’t care which AWS data center is serving you a website.

                                                2. 16

                                                  Paraphrasing a comment I made about Jordan Peterson’s work - learning Urbit and the weird way it is structured is a significant time investment. A simple heuristic to determine whether something is worth your time is to check what the creator of this thing is like.

                                                  In the case of JP, my impression is unfortunately only 3rd hand.

                                                  In the case of Jarvin, or rather his alter ego Mencius Moldbug, I have read some primary material, such as the following blog post:

                                                  https://www.unqualified-reservations.org/2013/01/how-bitcoin-dies/

                                                  Imagine that the BTC/USD market is perfectly liquid with no exchange overhead. Imagine also that there are two types of BTC users: Jews, who speculate (holding BTC long-term with the expectation that it will appreciate against USD); and Aryans, who only trade (and sweep all BTC balances into USD at the end of every day). These are simplifications, of course—but edifying ones.

                                                  Jarvin was (in my imperfect recollection) criticized for the use of these terms, and (again, iirc) replied that he was only being “provocative”. Fair enough, I’m sure Jarvin (and people of his ilk) have plenty of experience in discussing whether what they’re writing is only provocative or if they’re genuinely anti-Semitic (Jarvin identifies as a Jew, I believe). It’s a depressingly common occurrence online.

                                                  But from a step outside, looking at something to invest time and effort in, and seeing that a project is closely identified with a person I would never want to be associated with, it’s quite easy to choose not to delve too much further.

                                                  I also happen to believe that he (along with many cryptocurrency enthusiasts) are fundamentally mistaken about how economics work, and I discount Urbit for that reason too.

                                                  1. 0

                                                    In the case of Peterson, his work is philosophical, so that heuristic makes a large amount of sense. Although when dealing with someone so, uh, misrepresented by various groups, I’d think it would be more sensible to actually look at the (readily, freely available) source material.

                                                    I agree that it is a significant time investment to fully understand, but I think you can get a good approximation of his basic mindset by watching one of his non-combative interviews, or one or two of his (non-biblical) lectures .

                                                    1.  

                                                      Thanks for the suggestions!

                                                      I was a bit unclear when I wrote:

                                                      In the case of JP, my impression is unfortunately only 3rd hand.

                                                      I meant it in the narrow sense that I cannot offer any first-hand critique of his work. I’m really hesitant to parrot statements like “Person X holds Y views” unless I’ve verified this personally.

                                                      (I’d love to post a link to my comment but it’s really hard to find on the site, I’ll try to update if I can find it)

                                                      However, there’s a limit of how much time I’m prepared to spend just to be able to defend or criticize someone. In JP’s case, my desire to engage with his work is minimal since his most well-known public stance is vociferously anti-trans.

                                                    2. -1

                                                      if they’re genuinely anti-Semitic (Jarvin identifies as a Jew, I believe) … are fundamentally mistaken about how economics work, and I discount Urbit for that reason too.

                                                      What? You seem confused. Urbit is a technological structure, not a political one or economic one.

                                                      1. 15

                                                        Urbit is a technological structure, not a political one or economic one.

                                                        The entire premise of Urbit is the ownership of “scarce resources” (analogous to physical land) where one can seek rent. That’s both economic and political.

                                                        1. 3

                                                          Ok, but that’s no different from DNS.

                                                          Also:

                                                          Urbit’s distribution and sponsorship hierarchy of galaxies, stars and planets is not designed as a political structure, or even a social structure. The actual social layer is in userspace – one layer up.

                                                          Socially and politically, Urbit is a flat network of planets. Galaxies and stars are plumbing. No one cares which star is your sponsor, any more than your Facebook friends care who your ISP is, or you care what data center Facebook is in.

                                                          1. 5

                                                            Ok, but that’s no different from DNS.

                                                            DNS is absolutely a politic, economic and technical structure.

                                                            1. 3

                                                              You’re misunderstanding structures and the downstream implications that these structures cause. DNS is a techincal structure that has implications which are technical, political, and economic.

                                                              The US Congress is a political structure which has implications that are political and economic (and sometimes technical, in the case of, say, regulating Facebook data privacy or whatever).

                                                              1. 6

                                                                DNS isn’t just a technical structure. The distinction between structures and implications (which I don’t think is useful in this context anyway) does to economics, but DNS does make political/social choices - for example, the number of root servers, control being hierarchical rather than distributed, and so on. All of these are both technical and political choices that the project makes, and that’s after generously excluding the organisations, committees, and documents that make DNS work.

                                                                Urbit’s choice to have “scarce resources” is an intentionally different political choice from the one DNS made, which never intended to hit the resource limits we currently have with IPv4 - which is why we now have IPv6, and an address space where addresses becoming scarce is almost entirely implausible for the foreseeable future. Urbit’s choice was made with full knowledge of how scarcity effects these systems, making it absolutely clear that the design decision is political, not technical.

                                                        2. 6

                                                          Is there an example of a technology that doesn’t have political or economic implications? Considering the potential scope and impact of Urbit beyond its technological contributions seems especially important since it seems to me that it’s trying to alter the current conventional paradigm for internet services.

                                                          1. 3

                                                            Is there an example of a technology that doesn’t have political or economic implications?

                                                            No. And I didn’t say it doesn’t have political/economic implications, in fact it definitely does. But in my opinion, the Urbit political implications are better than what we currently have. Consider:

                                                            Socially and politically, Urbit is a flat network of planets. Galaxies and stars are plumbing. No one cares which star is your sponsor, any more than your Facebook friends care who your ISP is, or you care what data center Facebook is in. … Because sponsorship has an escape mechanism, it is not a feudal bond (like your relationship to Facebook).

                                                            Urbit is a decentralized network of social networks. No one can regulate it. Urbit is made to blossom into an endless garden of human cultures, each of which must regulate itself, none of which can bother the others. The soil in which these flowers grow must be level and neutral.

                                                      2. 7

                                                        I agree. It’s a kind of politics that makes people weak centered on our basic instincts of us vs them. The better route is to separate the two, ignore whatever bullshit he writes on his blog, focus on his technology, identify what good/bad can come out of it, and (if good) then either adopt or clone plus compete with it. The adopt or clone decision is where you consider the person. Even then, it’s not their political ramblings so much as what they do in a development and business context day to day. A person with strange beliefs who acts civil and hard working around others in a business is fine with me.

                                                        Edit to add: Work in diverse company with piles of people each with different beliefs, some diametrically opposed. We somehow still function and mostly get along with each other. Different mindset with effort put in is all it takes. Makes job more interesting, too.

                                                        1. 4

                                                          Except Urbit is deeply rooted, in its design, by Jarvin’s beliefs about politics and economics. A technology can’t stand in isolation from its context when its a deeply social technology like Urbit.

                                                          1. 5

                                                            That’s a statement of faith, not proof. Assuming no patent risk, I can literally take his tech, distill out ideas useful to me, and use it for those things. I could’ve done that without ever knowing what his political beliefs are. I can do it while knowing what his political beliefs are. I can even do it to support things he opposes. Therefore, they provably don’t matter if I’m not partnering with him.

                                                            They matter to you or others like you who feel a need to combine a person’s political beliefs or statements with everything they do. You’re limiting yourself voluntarily for ideological reasons. I intentionally avoided limiting myself that way since it reduces what I can get done with no value in return. My opponents who control the world in damaging ways also don’t limit themselves like you: they’ll work with or fund people whose beliefs or personalities they can’t stand if it achieves common goals. Got them where they are. Defeating them to stop real damage (vs crap people write on Internet) will take all kinds of people working together despite differing beliefs.

                                                            1. 5

                                                              Oh don’t get me wrong, I’m all for appropriate parts of technology for uses outside their design. My statement wasn’t about restricting yourself. What I mean is that (and this is especially true in software) the design of a technology is better understood when looking at the “whys” and not just the “hows”. For example, why does Urbit limit its address space? It’s not a technological limitation. In fact, there are lots of parts of the system built around the idea of artificial resource scarcity. Without understanding this system “top”, which covers many lines of code in various components, how are you going to properly take what you need if say, you don’t want that silly limitation?

                                                              A person with strange beliefs who acts civil and hard working around others in a business is fine with me.

                                                              I find that a person with “strange beliefs” (to put it nicely) is also a strange person to work with. Most work is communist in nature ( in the Graeber definition of “from each according to their ability, to each according to their need”). When you ask for a code review, your colleague typically doesn’t say “I will do it but what will you do for me?”. If you need a wrench, the guy next to you doesn’t go “Only if you give me $1”. If the friction is low enough, or need great enough, people will typically do it. Any strange beliefs that stray away from this kind of work ethic typically make all work far less efficient, and even unworkable.

                                                              1. 1

                                                                In fact, there are lots of parts of the system built around the idea of artificial resource scarcity.

                                                                Ok, now I agree with you there. What you’re talking about, though, is design goals. I’m all for understanding them since I need to understand the rationale behind the decisions. I think I avoided Urbit when I saw cryptocurrencies or something mentioned. The rationales might have a political component. I can still ignore that if I choose. Sometimes, I learn from it like with privacy techs whose features might be inspired by sneaky behavior of companies or governments. One can still separate design requirements from political motivations in most cases just by filtering and/or generalizing.

                                                                “is also a strange person to work with. “

                                                                Now, now, that’s jumping to conclusions. A person should be judged on what they actually do rather than hypothesizing. I only read a little on this guy with some people saying he’s really nice at conferences with informative talks. Some people said there were problems but those posts weren’t as specific. If he’s actually disrupting people, then he’s not a good guy to have around. If he’s not and is helpful, then he is potentially a good guy to have around. That’s how I do it with coworkers. It works with some being weird on occasion but they usually just avoid uncomfortable subjects if they know it bothers someone. Unless they’re assholes which is a different thing entirely. ;)

                                                                “When you ask for”

                                                                Since I know little about him, I’d say whoever you’re describing is a person that demands something in return for his work. Presumably, the employees aren’t working for free. They’re doing that, too. I’m also aware of, experienced a lot of, people trying to be users getting others to do their work for them or get something from nothing. They’re not give and take people so much as take, take, take. One strategy for dealing with that is to be a no, extra, free work by default person who is selective about their generosity. I just read an awesome article about such a transition recently.

                                                                Now, that said, a person that acts like that can also be a drain on a business or not right for its culture. Not even political culture so much as performance standards. If they’re paid to do an app, the best team will always be supporting each other to get it out the door in whatever state the business needs. I’d not hire such a person that made everything a trade if they were already getting paid for an outcome that required that minor thing to achieve. I’d rather them be helpful by default covering for each others’ weaknesses and helping them improve on them. I’m sure you’re of the same mind on that, too. :)

                                                                1. 6

                                                                  “is also a strange person to work with. “

                                                                  Now, now, that’s jumping to conclusions.

                                                                  Re-reading what I wrote I was definitely a little obtuse. Let me elaborate, I find people with his kind of ideas usually hard to work with. But that’s just my experience. I didn’t mean strange ideas in general, but “strange ideas” as in, his ideas. Reading previous articles, it seems his co-workers basically seemed to have done what you would do, basically tiptoe around those issues to maintain a polite atmosphere. Which is fine and probably the most appropriate thing to do in that situation.

                                                                  However, I think we can agree that we should not entertain asinine ideas. If he was a flat earther and designed his software to have a 2D address space because the plane is the way to go, we would certainly find that a strange design choice that introduces complexity. But for some reason when someone thinks some races are a better fit for slavery and that democracy is bad and incorporates those ideas into his design by having an ownership model based on those ideas, we seem to say “I can work with that guy, he is fine, he likes cats as I do”. To me, that’s just a form of support and validation. Maybe you are able to compartmentalize these things, but what if the person can’t and finds your support validation of the other stuff. I’m going to call in Godwin’s Law here and say, yes, Hitler also loved his mother and painted some nice stuff, but would I work with him on chemistry projects?

                                                                  1. 2

                                                                    If he was a flat earther and designed his software to have a 2D address space because the plane is the way to go, we would certainly find that a strange design choice that introduces complexity.

                                                                    I don’t know about you, but I would judge the idea as strange if I would not see the benefits of it, not because its author has different political views. If 2d addresses would solve many issues than it might be a good idea regardless of who came up with it.

                                                                    1.  

                                                                      “But for some reason when someone thinks some races are a better fit for slavery and that democracy is bad “

                                                                      Those are actually specific examples where I’d consider not working with someone. Especially if the project was about individual empowerment and decentralization. I’ve still worked with people who had a white supremacist background. We’d occasionally have to call them out on their behavior if a discussion between them and black folks involved race. They’d make an advance which we sane, white people would block. They almost always walk off. Then, it’s done. They and the black folks usually get along day-to-day with one we just fired being missed a lot. Might shock you with the stuff you read on tech forums about what blacks, Jews, etc believe and need for inclusive environments, eh?

                                                                      “To me, that’s just a form of support and validation. Maybe you are able to compartmentalize these things, but what if the person can’t and finds your support validation of the other stuff.”

                                                                      Which brings me to this. Down here in the South, we know there’s lots of racists on each side. As we might say it, we know everyone has a bit of bullshit or crazy shit in their head. With a Christian majority, we’re also taught that people are inherently sinful with us needing to admonish it, be forgiving, and be patient in helping them get better. So, what of these people who think other races are inferior and individual decisions are worthless? How to get them further away from these beliefs?

                                                                      There’s only one thing that works that I can tell from observing where the South was and is today. That’s getting different people in one place forced to be around each other, tolerating each other, for long periods of time. For us, it starts in public schools where racist whites and blacks along with people in the middle are stuck together. Then in the workplaces. The process over time lowered that racist bullshit down to tolerable levels where the KKK-style people are fairly uncommon or rare depending on the area. They mostly hide from us. Even they often like black people where they are compartmentalizing what they learned to like vs what they were taught to hate.

                                                                      What you’re advocating is essentially enlightened people pushing out those who still need to learn stuff away from those who will teach them. Then, they cluster into groups of racists who continue reading garbage, hating on people, plotting, and planning. Many such shunned groups ended up voting for Trump last election since he was only one pretending to care about them. There was no way to reach them since the radical-leftist liberals succeeded in censoring them off as many forums as possible. They similarly created their own recruiting locals and drowning out opposition. Division and siloing at an all-time high on the net like it used to be in meat space in the South. (slow clap for radical liberals)

                                                                      We’re not showing support for these idiots: we’re showing them that people are better than they think. We’ll call them out where needed. If they disrupt too much and ignore warnings, we’ll eject them from that position so they know we mean business. They’ll have another chance to do better. Contrast that to radical-liberal doctrine behind CoC’s where statements on any medium or place will get people blocked from all places with similar CoC. See paragraph above for where that shit leads. My reaction is more patient and measured with a chance for people to learn over time. And it always takes time.

                                                                      1.  

                                                                        That’s getting different people in one place forced to be around each other, tolerating each other, for long periods of time.

                                                                        I think this is absolutely right. I’m not advocating for people to splinter of and shun each other. What I’m advocating is people should not ignore bad ideas and make sure the other party knows. I’m not a moral relativist. And you are right about Trump folks feeling left out. You are also right that the liberals basically ignored them.

                                                                        However, You are wrong that radical-leftists are liberals because they are not liberals. Radical leftists despise liberals just as much as the right does. But you won’t find that kind of discussion on Fox News or NY Times.

                                                                        1.  

                                                                          I forgot about the definition dispute. My bad. Yeah, OK, your position seems a lot more reasonable. I like that. :)

                                                                  2. 1

                                                                    The reason for network address scarcity is to make spamming cost-ineffective.

                                                                    Compare that with the state of email spam, where email addresses are basically free.

                                                                    1. 2

                                                                      Alternatively, they could do something like bank-level verification checking government ID’s and requiring a deposit to create an account. Then, maybe fining whoever is spamming. Then, it should go down. Worst case with low or now fines, whoever is compromised will find out about that changing their credentials or reinstalling their system.

                                                                      Jumping from “there’s spam cuz addresses are free” to “need network address scarcity” is the kind of unnecessary, risky solution that crowd is fond of. Better to just fix the problems in existing systems or design new ones with methods proven in existing ones. They have an irrational aversion to doing that for some reason.

                                                                      1.  

                                                                        Relying on government ids is a centralized solution. Urbit is decentralized, thus needs a decentralized reputation system.

                                                                        1.  

                                                                          It could be bootstrapped that way. The different organizations become part of the reputation system. Hell, it might even become a new service from banks and credit unions. They already often act as notaries.

                                                                          1.  

                                                                            Yeah, I’d rather not have banks regulating my computer usage…

                                                                            1.  

                                                                              Are you using burst transmission or a mesh network not connected to the Internet (doubtful)? Otherwise, you already use a centralized service via one of the big ISP’s that ID’d you and took payment with centralized currency. They also regulate your computer usage far as the network goes. Although they got issues, they’re still less volatile than most of these decentralized systems. The most popular ones, esp Bittorrent, operate over the centralized ones, too, for their benefits. That’s despite decentralized options being available for a long time. They’re too slow and unreliable.

                                                                              It always interests me that you rely on centralized services on one hand with justifications but tell me in other areas there can be no justification for relying on centralized service. Make up your mind. Meanwhile, the inconsistency suggests to me that we can leverage centralized services as a component in these decentralization schemes.

                                                                              1.  

                                                                                Decentralized computing infrastructure is something valuable we should work toward. We’re not there yet, but Urbit is a step in the right direction. Ofc sometimes its better to centralize some things, but in computing I’d rather have decentralized infra.

                                                                      2. 0

                                                                        Spamming is not the main motivation. The main motivation is to provide a source of funding to the company by selling the space. Oh, and the designer was a neo-feudalist which probably inspired the whole enterprise.

                                                                        1.  

                                                                          The main motivation is to provide a source of funding to the company by selling the space.

                                                                          I’ll add that I’m skeptical of all companies that look like pyramid schemes or at least just funnels of money to the creators in exchange for tech that’s highly risky. Throw in any cryptocurrencies to that list since they’re usually structured in an elitist way for founders. If it’s a money system, I want it done fairly by non-profits or public-benefit companies whose incentives will protect the currency, exchange, and so on. Preferably one that’s already profitable from another revenue stream where they don’t have to worry about trying to monetize the financial project. It can just breakeven with a slight surplus or donations to cover expansion.

                                                                          1.  

                                                                            You are right on the money here.

                                                                            1.  

                                                                              Great pun haha.

                                                              2. 7

                                                                Lol no one owes moldbug respect

                                                              3. 5

                                                                Whatever his political stance he’s still as excellent a writer as he was one the old Usenet. One of the more memorable flames on talk.bizarre was from his hand.

                                                                1. 11

                                                                  I found him self-aggrandizing and subject to an inescapable superiority complex. When he writes philosophy he is unnecessarily verbose, so everything said seems tainted by trivial matters such as the author ego and it leaves me wondering whether the actual ideas expressed are self-sufficient or tainted by this ego: trying to project, to present himself: keeping at the marketing speak level and building an idea of himself, instead of leaving his ideas laid bare.

                                                                  It’s not precise, and he just reads like an insufferable prick. I found Urbit rather interesting though, but I can only rejoice that the project is now without this guy.

                                                                  1. 2

                                                                    I tried reading the linked post and couldn’t make heads or tails of it. Maybe because it’s written “in-universe” so to speak and therefore addresses those people familiar with the specialized terminology of the Urbit system.

                                                                1. 7

                                                                  I ran a mailing list for myself and my friend group for years, and it went really well (anywhere from 5 to 50 emails a day) until a…spat…over two of my friends’ shared love interest fractured the whole thing. I now have two completely distinct friendship circles that don’t interact (people took sides) as a result and the mailing list is dead.

                                                                  I suppose the lesson there is that Facebook drama doesn’t need Facebook, and now lobste.rs is the only social networking I do….

                                                                  1.  

                                                                    Start a new list! :)

                                                                  1.  

                                                                    Highlight: “we have developed a collection of 32 benchmarks, ranging in size from 17 to 539 LOC, to illustrate various features of civl and for regression testing as we evolved the verifier. In addition to microbenchmarks, this collection also includes standard benchmarks from the literature such as a multiset implemen- tation, the ticket algorithm, Treiber stack, work-stealing queue, device cache, and lock-protected increment. The civl verifier is fast; the entire benchmark set verifies in 20 seconds on a standard 4-core Windows PC (2.8GHz, 8GB) with no benchmark requiring more than a few seconds.”

                                                                    1.  

                                                                      Lots of folks here don’t actively read HN since it’s fast moving and has a lot of noise. This thread is packed with events with some comments being veterans educating people on how to properly design CTF’s. Some folks here might enjoy it.

                                                                      1.  

                                                                        Indeed. Having co-organized some (hack.lu ctf) and played in many more (team FluxFingers), this is an interesting read. Thanks!

                                                                      1. 10

                                                                        I don’t really care to what extent Yarvin is a cryptofascist (he might be) or a windbag (he is) or if he should learn to trim down his writing (he should).

                                                                        No, no, I want to complain specifically about his technology. Because that’s why we’re here: to discuss technology.

                                                                        First, let’s look at some hoon:

                                                                        ++  peer-scry-x
                                                                          |=  pax/path  ^+  done
                                                                          :_  +>
                                                                          =+  pek=(peek-x pax)
                                                                          ?^  pek
                                                                            ?~  u.pek  ~|(bad-scry+x+pax !!)
                                                                            ~[[ost %diff u.u.pek] [ost %quit ~]]
                                                                          =+  usr=`~.  ::   =^  usr  pax  (user-from-path pax)
                                                                          ?.  ?=(twit-path pax)
                                                                            ~|([%missed-path pax] !!)
                                                                          =+  hiz=(pear-hiss pax)
                                                                          ?~  hiz  ~                          :: already in flight
                                                                          ::?>  (compat usr -.u.hiz)                  ::  XX better auth
                                                                          [ost %hiss scry+pax usr +.u.hiz]~
                                                                        ::
                                                                        ++  peer  |=(pax/path :_(+> (pear & `~. pax)))       ::  accept subscription
                                                                        ++  pear                              ::  poll, possibly returning current data
                                                                          |=  {ver/? usr/(unit user:eyre) pax/path}
                                                                          ^-  (list move)
                                                                          ?.  ?=(twit-path pax)
                                                                            ~|([%missed-path pax] !!)
                                                                          =+  gil=(pear-scry pax)
                                                                          %+  welp
                                                                            ^-  (list move)
                                                                            ?:  ?=($full -.gil)  ~       :: permanent result
                                                                            =+  hiz=(pear-hiss pax)
                                                                            ?~  hiz  ~
                                                                            ::?>  (compat usr -.u.hiz)                  ::  XX better auth
                                                                            [ost %hiss peer+pax usr +.u.hiz]~
                                                                          ^-  (list move)
                                                                          ?.  ver  ~
                                                                          ?-  -.gil
                                                                            $none  ~
                                                                            $part  [ost %diff p.gil]~
                                                                            $full  ~[[ost %diff p.gil] [ost %quit ~]]
                                                                          ==
                                                                        

                                                                        To me, this language looks like an unfortunate cross-breeding of Scheme, J, and a dash of diff syntax for good measure.

                                                                        The official way to pronounce Hoon characters is awkward. Further, the name for the different structures in the language–“wing”, “cell”, “tall rune”, “flat rune”, “gate”, “face’. It feels needlessly obtuse.

                                                                        The C [source] for Urbit makes choices that I don’t really approve of:

                                                                        
                                                                          **/
                                                                            /* Canonical integers.
                                                                            */
                                                                              typedef uint64_t c3_d;
                                                                              typedef int64_t c3_ds;
                                                                              typedef uint32_t c3_w;
                                                                              typedef int32_t c3_ws;
                                                                              typedef uint16_t c3_s;
                                                                              typedef int16_t c3_ss;
                                                                              typedef uint8_t c3_y;   // byte
                                                                              typedef int8_t c3_ys;   // signed byte
                                                                              typedef uint8_t c3_b;   // bit
                                                                        
                                                                              typedef uint8_t c3_t;   // boolean
                                                                              typedef uint8_t c3_o;   // loobean
                                                                              typedef uint8_t c3_g;   // 32-bit log - 0-31 bits
                                                                              typedef uint32_t c3_l;  // little; 31-bit unsigned integer
                                                                        typedef uint32_t c3_m; // mote; also c3_l; LSB first a-z 4-char string.
                                                                        

                                                                        There’s an elaborate reasoning for ignoring stdint (it’s too long to type). There’s the use of kitchen-sink headers. There’s the lack of include guards or pragmas.

                                                                        And lastly, there’s the fact that a lot of dependencies are kinda farming all the interesting OS work out. Like, I’d be really impressed by a bootable distribution of Urbit, but they kinda skipped that.

                                                                        Let’s talk about those things, not whatever it is moldbug is up to.

                                                                        1. 3

                                                                          I’m with you on that. This looks like the kind of crap no software developer should ever have to deal with. The hoon especially.

                                                                          1. 3

                                                                            The thing I dislike the most about hoon and the whole urbit system is how it revels in using unfamiliar names and syntax for everything. I don’t really buy the “late binding” argument they give, and given Yarvin’s oversized ego I’d be more inclined to believe that the renaming of things is just to make it look foreign and to steal ideas and still give himself credit for them.

                                                                            1. 1

                                                                              I’m not great at hoon but the type system is very similar to clojure’s spec, except built into the compilation and every level of the rest of the system. I think it’s a great idea and wish I had more time to study it.

                                                                              1. 1

                                                                                Hoon is the higher level language Tlon is committed to developing, and given the scarcity of resources and everything else about the system Tlon is committed to developing it makes sense they will not develop any other language.

                                                                                The community (this is an OSS project, after all) can still develop a transpiler from any other language.

                                                                              1. 1

                                                                                Some people argue that closed platforms are intrinsically better than open ones? I’ve never heard of such people before. I suppose I should be glad of that.

                                                                                1. 9

                                                                                  Depending on what exactly you mean by open and closed platforms, I can totally see cases where that is the case.

                                                                                  One of the easy points is incentives: closed platforms tend to be for-profit, and that can incentivize better artifacts. By comparison, in some cases, open platforms focus on cleverness, novelty, or community over quality of product.

                                                                                  1. 3

                                                                                    I don’t know about people, but Apple, Microsoft, and Google all seem to.

                                                                                    1. 3

                                                                                      I’m not going to say intrinsically. I will say they can be with some specific platforms exceeding open ones in some attributes. Examples:

                                                                                      The LISP machines were among best at productivity, live debugging and modification with nothing mainstream matching that I know of (Smalltalk partly). The REBOL apps were similarly concise or extensible with tiny downloads on top of it. The VMS and NonStop clusters had reliability that beats most clouds. QNX was best at individual node reliability vs speed vs features at least before Minix 3 came (who knows now). The GEMSOS, STOP, LOCK, and KeyKOS OS’s beat out all the others in security in their time. In assurance activities, still better than current ones that are popular. In hardware design, the Big Three of EDA are the default since nobody trusts an open design to do commercial ASIC’s. Similar for high-performance FPGA’s w/ Big Two. For cross-platform UI that’s web-like, sciter is way more efficient than Electron. In well-regulated software, a whole ecosystem of products sprang up with more quality, even graphics drivers/stacks. Those always sucked before, right? ;)

                                                                                      Just a few off the top of my head.

                                                                                    1. 14

                                                                                      Satire completely aside, I would deliberately avoid buying a real fridge with any kind of computer system in it sophisticated enough to show things on a large screen/use a camera/do anything that involves connecting to my home network. I would assume that the computer system in any smart fridge that I could realistically commercially buy is riddled with software vulnerabilities and would probably phone home to some company with information about my food buying habits and probably video/audio of the inside of my home. If I had no choice but to use such a fridge I would physically break every computer-looking thing I could find on it.

                                                                                      1. 1

                                                                                        I deliberately avoid buying any new appliances for these reasons. Mine last a long time with no spyware. Some are also noisy enough to provide privacy protection. I didn’t need that feature, though. ;)

                                                                                      1. 17

                                                                                        Somebody needs to solve the mismatch between the value generated by free software and the inability to get paid. Programmers shouldn’t have to take a huge pay cut to work on libre software.

                                                                                        Having to ask for ‘donation’ is an insult to the dignity of a competent programmer who can otherwise get a very lucrative offer for his/her skills.

                                                                                        1. 10

                                                                                          I honestly think to a large degree this has been solved if we follow the example of SQLite. Rather than trying to reach out all all possibly users of SQLite, trying to get a monthly donation of like $1/$2/$5 from each user, they focus on the corporate users of the software and ask for significant investment for things that corporate users specifically care about and aren’t “donations”:

                                                                                          • Email Support: $1500 a year.
                                                                                          • Phone Support: $8000 a year base, for SLA response time goes up to $50,000.
                                                                                          • Consortium Membership: $85,000+
                                                                                          • Title/License: $6000
                                                                                          • AES Custom Version: $2000
                                                                                          • CEROD Custom Version: $2000
                                                                                          • ZIPVFS Custom Version: $4000
                                                                                          1.  

                                                                                            Note that this doesn’t work if the software isn’t going to be used by companies. For instance I have a hard time picturing a company pay for sway or aerc.

                                                                                            1.  

                                                                                              Absolutely, stuff that is of no use to a corporation is harder to deal with this way. I would argue that at certain levels of corporate dependency, even niche products like text editors and diff tools can get widespread financial backing. I have seen both (text editors and diff tools) get major contributions in terms of cash from corporations.

                                                                                          2. 9

                                                                                            Donations are difficult to justify by companies both legally and in terms of business. They also cannot guarantee any continuity to the recipient. Moreover, donations are inherently unfair to donors VS non-donors.

                                                                                            Public funding has been invented exactly for this.

                                                                                            1. 2

                                                                                              Moreover, donations are inherently unfair to donors VS non-donors.

                                                                                              Could you elaborate “fair” a little?

                                                                                              I cannot settle on a definition of fairness around donations (esp. to develop open source software) that I, myself, would use in this situation, and so I would surely fail at assuming the definition intended in your comment.

                                                                                              1. 4

                                                                                                Forgive me for the platitude: If a company donates a lot and a competitor does not (while still benefiting from the same shared public good), the latter has an advantage. This little prisoner dilemma around donations encourage greed over cooperation. That’s why taxes are mandatory.

                                                                                                1. 2

                                                                                                  If a company donates a lot and a competitor does not (while still benefiting from the same shared public good), the latter has an advantage.

                                                                                                  That sounds right but might not be. IBM backed Linux when Microsoft and SCO were going to patent sue everyone trying to use it. IBM both was donating labor to Linux and would counter-sue to keep it open. The result over time was IBM got massive benefit from Linux while proprietary offerings folded or went into legacy mode over time.

                                                                                                  I mean, IBM and Linux are both kind of unique. That success might not extrapolate. It might for companies who can stand to gain a lot from a community around their product. The community might be bigger if the company significantly invests in open source and community activities.

                                                                                                2. 3

                                                                                                  I assume the rational is that open source code is a public good in the same way that clean water or science is. If you spend a lot of money making sure that your local river has clean water, or a lot of money to study physics then the benefits are shared by everybody but the costs were incurred by just you.

                                                                                                  “Fairness” in the context of shared resources generally means that the costs of providing the resource are shared by the users of the resource in proportion to the benefit those users each receive.

                                                                                                3. 2

                                                                                                  I agree that public funding was meant to solve problems much like this, but that doesn’t make it an easy solution.

                                                                                                  There are thousands of new libraries created every day, which ones will you fund? How much money should you give Pixie Lang?

                                                                                                  The NSF gives grants to researchers who are motivated to publish papers, which journals will only accept if the papers reveal something new and important. If you give money to open source developers do they have any external motivation to produce useful things? What is preventing them from adding a million new features to OpenSSL rather than carefully auditing the code and fixing tricky bugs?

                                                                                                  If ruby is given enough public funding to hire 10 developers, won’t that make the developers who weren’t chosen feel like they’re not as important? Would they continue contributing as much as they have when they know somebody else is getting paid?

                                                                                                  Many open source projects have contributors from many different nations. Is the agency doing public funding okay with giving money to non-nationals?

                                                                                                  1. 2

                                                                                                    public funding was meant to solve problems much like this, but that doesn’t make it an easy solution

                                                                                                    It worked better than other alternatives during the last 100 years to develop phones, early computers, semiconductors, satellites, a lot of medicine, aeronautics, chemistry… Anything that does not have a short or medium-term return.

                                                                                                    Is the agency doing public funding okay with giving money to non-nationals?

                                                                                                    A lot of long-term scientific research is funded through global nongovernmental organizations.

                                                                                                4. 5

                                                                                                  Not a great comfort to a libertarian, I’m sure - but for those who believe in government intervention, taxpayer-funded work on core infrastructure is an obvious way to share the load (since broadly speaking, society at large benefits from access to improved technology).

                                                                                                  IIRC at least one of the OpenSSL core team was funded - for years - off the German social security pension. RMS’s work at MIT was largely funded through the US government. DARPA paid for a ton of computing infrastructure.

                                                                                                  1. 4

                                                                                                    Who is this somebody who needs that?

                                                                                                    Describing your own desires as someone else’s needs is a cop-out.

                                                                                                    1. 1

                                                                                                      I discuss this a lot. It usually breaks the moment I bring in the notion that this somebody should probably be paid, at around, say, 10-20% if what the developers get.

                                                                                                    2. 1

                                                                                                      If the software is valuable, you can license it such that you can sell it for money.

                                                                                                      1. 5

                                                                                                        This is a pretty often mentioned, but not every FOSS software has a straight forward business model attached. For example, programming languages are far too remote from an actual product for people to actually invest in them on large scale. Yet, they certainly have huge value! If you see the struggle to get a widely used project as MRI funded…

                                                                                                        Sure, I could get my money by consulting in that programming language and being an expert in it, but there, the incentive is actually again to have other people developing it and just run around using their stuff.

                                                                                                        Also, not every programmer wants to become a salesperson or build end-user products.

                                                                                                        1. 3

                                                                                                          You can also license it freely and sell it for money. There’s no inherent contradiction in “commercial free software”. Indeed, sr.ht seems like it fits this category.

                                                                                                          1. 1

                                                                                                            Great example (and congrats again) :)

                                                                                                            In my experience, most such software is very hard to deploy for yourself (since the primary maintainer has no real reason to work on that aspect and nobody else tends to step up).

                                                                                                            This is in no way a jab at your fantastic work - merely an observation of how this, like every funding structure, exerts a pull on the project funded.

                                                                                                            1. 1

                                                                                                              Congrats? For what? I’m not Drew.

                                                                                                              1. 1

                                                                                                                Huh, somehow I got my wires crossed, sorry.

                                                                                                          2. 1

                                                                                                            I wonder if that’s true, and if not, why.

                                                                                                            You’ve done it. And perhaps I have too (although one might tell my own story in different ways). But the people who manage to create functioning open source software from scratch have failed to earn real money from it with such frequency that I wonder whether there’s some blocker. That some personality trait that’s necessary to create that software also blocks generating income from the software.

                                                                                                            1. 1

                                                                                                              I absolutely believe this is the case, personality traits that draw people to open source software tend to push them away from the obvious avenues of income. I think they also fear angering their communities if they start to value corporate users over regular users. I think this fear is misguided, if regular users get much a much better product because of that corporate support, I believe they will be very understanding / support (ala sqlite).

                                                                                                              1. 1

                                                                                                                That some personality trait that’s necessary to create that software also blocks generating income from the software.

                                                                                                                I don’t believe this is the case. FOSS comes out of a culture where many people could make their ends meet. Either by being employed by MIT or by having a paid day job.

                                                                                                                It’s something our community - as a whole - could easily ignore and not build structure around. That’s falling on our feet now. Those structures will take years to build.

                                                                                                          1. 4

                                                                                                            So this is neat and all, but involves someone compromising the ssh server and using said modified server to attack clients.

                                                                                                            If someone can modify your sshd, you’re in deep sneakers :)

                                                                                                            1. 11

                                                                                                              If someone can modify your sshd, you’re in deep sneakers

                                                                                                              Yes and no, I think.

                                                                                                              Before this vulnerability, if someone is root on my web server, they’ve compromised my ability to share my website. This doesn’t move the needle on my threat meter: I’ll destroy that VM and spin a new one up.

                                                                                                              If someone is root on my web server with this vulnerability, and they add a bash alias so that when I ls on my laptop I’m actually running wget evil.virus/trojan.sh |sh && ls, my threat meter has broken from the needle spinning so fast.

                                                                                                              Someone will probably say “this shouldn’t be news, your ssh client should always be seen as vulnerable”, and they’d be right - but I dare say most people see risk as something flowing into sshd, not out!

                                                                                                              1. 4

                                                                                                                “Someone will probably say “this shouldn’t be news, your ssh client should always be seen as vulnerable”, and they’d be right”

                                                                                                                In security parlance, a SSH client is a “trusted” app in the Trusted, Computing Base (TCB). These are privileged, security-critical components that can bypass the security policy of the system. Anything in the TCB should use every security engineering technique you can afford to use. Both SSH client and server should be bulletproof much as we know how to do.

                                                                                                                That sounded pretty hard to me. So, I instead pushed for high-strength implementations of port knocking which created secure tunnels in the reply. Then, privileged traffic over that. Means only a tiny part of the SSH client and server need to be trusted. Small enough to be in realm of formal verification.

                                                                                                              2. 3

                                                                                                                The first works with a MITM, too, which just requires someone not paying close enough attention, after getting in the middle, of course.

                                                                                                              1. 7

                                                                                                                you might enjoy this article describing some of the steps taken

                                                                                                                1. 3

                                                                                                                  It just sunk in that reproducible is a new word for deterministic. Having deterministic systems has always been desirable in real-time and high-assurance systems. Lets you know stuff about the system statically before it’s even run. Now, determinism is applied to builds to solve a new problem. The pattern is determinism by default for the win, sacrificing it only where needed (e.g. high performance or obfuscation).

                                                                                                                  1. 14

                                                                                                                    An algorithm that takes the current time as an input is deterministic but not (meaningfully) reproducible. Although https://reproducible-builds.org/ and most other resources conflate the two, I think it’s useful to attach stronger semantics to “reproducible”.

                                                                                                                    1. 4

                                                                                                                      Oh damn, you’re right. Ive read that before, too. Looks familiar. Maybe there was a good reason they were separate in my mind. Prolly just need to do big refresher using all yalls’ links.

                                                                                                                      Thanks!

                                                                                                                      1. 2

                                                                                                                        That’s a good point. In other words, an algorithm is reproducible if it is deterministic and all its inputs are explicit. This is similar to the nature of pure functions in functional programming. I think NixOS exploits this quite nicely for reproducible package builds.

                                                                                                                  1. 3

                                                                                                                    I saw once again someone mention online that we shouldn’t trust FBI or whoever due to Snowden leaks. I was telling people about surveillance long before the Snowden leaks. The word was ECHELON. It showed anyone worried about NSA or Five Eyes needed high-assurance security at least at links between networks or end-to-end crypto if possible. They got busted out by Europeans in a report but strangely not much happened. Always wondered about that.

                                                                                                                    The leaked file in the article shows NSA bragging about how Congress tricked the European investigators into chilling out about it. Then, Five Eyes just kept using the tech on them and everyone else from there. Quite a weak ending to one of the biggest leaks in that part of history. At this point, it’s reasonable for Europeans to treat anything U.S. supplied as untrustworthy plus encrypt and harden everything they can. Most of that advice they should’ve been already following, though. They also have the talent and money to build high-assurance or just security-focused components they need.

                                                                                                                    1. 2

                                                                                                                      You might be interested in this talk from a few years ago from the reporter

                                                                                                                    1. 2

                                                                                                                      What does declarative mean in this context/how is Guix more declarative than alternatives? The term is mentioned twice, in ways that don’t really convey anything to me.

                                                                                                                      1. 4

                                                                                                                        You declare your system configuration and the distribution tools take care of realizing it.

                                                                                                                        The most obvious example is that you maintain a list of packages to be installed, instead of running “install” and “remove” commands—but it goes deeper than that.

                                                                                                                        Take a look at the manual’s examples of system configurations.

                                                                                                                        1. 3

                                                                                                                          Yeah, “maintain a list of packages to be installed” is great. I am doing that on Debian with apt-mark and it’s so much better than installing and removing packages.

                                                                                                                          1. 3

                                                                                                                            I guess I should’ve been clearer: I have an idea of what that means, but how does that relate to everything about using scheme and hating on DSLs? Unrestricted scheme isn’t declarative in the programming language sense. Is this just a case where there are two unrelated meanings?

                                                                                                                            1. 1

                                                                                                                              The thing that gives LISP’s their power are that the code is simultaneously an easy-to-parse, data structure and an executable program optimized for handling that data structure. It’s why language extensions are so easy that people throw DSL’s around in LISP’s/Scheme’s. Wise programmers restrict their use a bit, though, just to keep the programs maintainable. Especially by other people.

                                                                                                                              Although I don’t know Guix, I imagine it takes advantage of the fact that Scheme can describe structures (eg builds), issue commands, and simultaneously be as easy to parse and interpret as a basic, configuration file. People that know it would have to chime in to tell me if my intuition is correct.