1. 22

    Why do we say kleenex instead of facial tissue? Branding matters a lot, and Mastodon has done a much better job of branding than the fediverse as a whole (which is largely down to, Mastodon is an entity that can brand, whereas “the fediverse” is nothing but a notional collection of OStatus/ActivityPub participators with no central branding arm).

    Besides, most non-technical users (who we’re increasingly seeing on Mastodon/The Fediverse, as opposed to the highly technical early adopters) are in the market for services, not protocols. Users never talked about being “on the XMPP federation”, it was always “here’s my AIM”, “here’s my gchat” etc. They still understood that these things worked together, but they weren’t interested in pedantic distinctions between hosting software and protocols, nor should they be.

    1. 6

      Users never talked about being “on the XMPP federation”, it was always “here’s my AIM”, “here’s my gchat” etc.

      The difference is that XMPP was primarily about having one kind of conversation, and the fediverse isn’t.

      The main use of the fediverse right now is for twitter-style interaction, and that’s fine, but Pixelfed’s photo sharing, Peertube’s video sharing, and Plume’s long-form publishing, and now even chess-over-activitypub servers are becoming an important part of the fediverse in a way that’s more than just “yet another implementation of the same idea”. So if you group all that stuff together under “Mastodon” just because it uses the same protocol, you’re missing out on a whole lot.

      1. 9

        So if you group all that stuff together under “Mastodon” just because it uses the same protocol, you’re missing out on a whole lot.

        If you’re a user, happily telling people that you’ve moved from Twitter to Mastodon, and you no longer doing Instagram but they can catch your photos over on Pixelfed, and you enjoyed some peertube videos, and doing your blogging on Plume…

        what precisely are you “missing out on” just because you’re not lumping all of these disparate services under the meaningless blanket term “The Fediverse”? It strikes me as nearly the equivalent of complaining that users talk about using Facebook and YouTube and LiChess instead of just lumping it all under the blanket term HTTP.

        1. 4

          you no longer doing Instagram but they can catch your photos over on Pixelfed, and you enjoyed some peertube videos, and doing your blogging on Plume…

          The whole point is you’re able to interoperate with all those services from a single account.

          Your friend joins a Mastodon instance and starts following your Peertube account, so they get all these videos in their stream. They’re going to be very confused if they think that they’re following only “Mastodon users” because Mastodon doesn’t offer the ability to publish videos.

          It strikes me as nearly the equivalent of complaining that users talk about using Facebook and YouTube and LiChess instead of just lumping it all under the blanket term HTTP.

          A better analogy would be if they thought they had to install a Facebook app and a Youtube app instead of realizing that they can both be accessed thru a web browser.

          1. 2

            What’s so confusing about being able to follow PeerTube publishers through Mastodon? I can follow quite a few YouTube publishers through Twitter; it’s just that it works out of the box instead of needing ITTT.

            1. 2

              Yes, that’s my point. It’s not confusing in the case you describe because you’re aware that YouTube and Twitter are different things.

              My example was about the case where someone isn’t aware that anything but Mastodon exists on the fediverse.

              1. 2

                My example was about the case where someone isn’t aware that anything but Mastodon exists on the fediverse.

                This is a marketing problem that “WELL ACTUALLY, you’re on the ‘fediverse’ silly user, not ‘Mastodon’” is certainly not going to solve, any more than “WELL ACTUALLY, you’re using GNU/Linux, Linux is the name of the kernel and GNU is…” fixed Herd adoption.

          2. 1
            s/HTTP/The World-Wide Web/
            

            Valid complaint.

        2. 8

          Yeah, it’s a bit like people who insist that other people say Gnu/Linux, and I get it, they’re right, but they’re also not going to get what they want.

          1. 1

            I’ve said it before and I’ll say it again: Mastodon is to the Fediverse what Ubuntu used to be for GNU/Linux desktop systems.

            Not a judgement call there… just an observation. This type of naming issue will come up over and over again pretty much forever :)

            1. 3

              I’m….not sure what you’re trying to say? Like, it will overshadow it for a while but then it will be cleared up? Everyone just says Linux now

        1. 3

          There’s the beginnings of a manifesto in the associated source repo too.

          1. 1

            Ah yes, heh… I need to finish writing it…

          1. 3

            Have you considered how you’ll make this virtual world accessible to people with disabilities? I’m thinking in particular of blind people. The graphical virtual worlds that I’m aware of are are completely inaccessible. The old MUDs, MOOs, etc. were accessible, because they were text-based.

            That said, this sounds like a worthwhile project. Good luck.

            1. 2

              I’m shooting for text-based worlds first. 2d and 3d worlds may be supported later.

            1. 1

              I’m curious how something can be both anti-abuse and anti-censorship. Against whom doing the abusing/censoring?

              1. 7

                It’s a good question, and no system can be perfect. Here are the boundaries that I am interested in:

                • I don’t consider it censorship if someone is filtering out themselves from seeing your content, that’s their own freedom to filter. Communities and individuals can, and should, decide when they would rather not see certain content.
                • However, the inability to find any venue for expression of ideas I do think is censorship.
                • One current assumption I think is wrong in contemporary social networks is the assumption that everyone should be able to message you by default, or at least at no or equal cost to all parties (I go about this more in the post, and I shall go into it more later as well). Instead I think it makes sense to have multiple paths to one’s doorstep, which one may hand out judiciously. So that’s one filtering layer, the ability for people to reach you in the first place.
                • As said in the post, I think the assumption that moderation should happen at the instance level is leading to a lot of current problems on the fediverse… especially when we want as many people to run instances. It’s not sustainable, and it leads to big fights. Instead I think mailing lists are a better example of moderation: you might join many different lists with different expectations of what is and isn’t acceptable behavior for the different facets of you life.
                1. 3

                  I think censoring things by default, but indicating that something is censored (with an opt-in to view it) is a good balance. It could also work the other way, but censorship is generally expected for adoption.

                  1. 4

                    I think censoring things by default, but indicating that something is censored (with an opt-in to view it) is a good balance.

                    We do visible, expandable censorship that collapses subthreads here on Lobsters. It’s a nice compromise. For me, I can ignore that stuff to focus on high-priority content when I have little time. Later, I might expand and skim it to see whether kicking it off the thread was something every group would be behind or one group dropping another. I at least can see what everyone said if there’s no deleted comments. There’s also sometimes good info in there that was just unpopular to those viewing at the time.

                1. 4

                  It’s a good idea to symmetrically encrypt backups so that the receiving backup server is unaware of the actual contents. However, this post says they’re using a source such as the unlock PIN/pattern/passcode used to unlock the device, which is usually very low entropy for most users. Thus I suspect it would be extremely trivial to decrypt most of these backups with only a very small amount of brute forcing?

                  1. 15

                    I’ve become more and more disillusioned with NixOS over the past couple of months. Packaging things that aren’t available, or even updating existing packages, has so many little undocumented gotchas that (I guess) they assume you’ll figure out reading from reading gh issues or random blog posts. It has actually stopped me working on a few different projects because it’s not worth figuring out how to package something.

                    However, I don’t think I can go back to a traditional distro after tasting the stability and convenience of something like NixOS. Has anyone here tried both NixOS and GuixSD. or perhaps switched from one to the other?

                    Guix seems so much better documented from the brief read though I’ve given it after seeing this. The docs just have so much detail.

                    Also, I’d much rather learn a real language like scheme for making packages than the rather incomprehensible (at least to me) language that Nix invented.

                    What are the downsides of Guix that I just haven’t seen yet?

                    1. 9

                      Guix has fewer packages, because they have a smaller community. Being a GNU project, they attempt to limit the amount of non-free, or license-incompatible, software as much as possible: using linux-libre, nearly no potential ZFS support, no Intel microcode, etc. If your hardware depends on a binary blob, you might have to jump through several hoops to get it working. As of 2018-07-06, they don’t have LVM support.

                      That said, guix seems far better thought out than nix. It does not rely on a particular init ecosystem (cough, systemd, cough). It has more features available without installing additional packages, for example: guix import instead of the myriad of pypi2nix, nix-generate-from-cpan, etc packages that are separately written; guix environment makes creating an isolated container as easy as its normal environment isolation; etc. And guix is most certainly better documented.

                      If you’re comfortable packaging software yourself (and don’t mind doing so), some of these problems could be fixable. You can keep (or contribute to) a non-free guix repository (such as these, but these do not seem to be well maintained, nor will the be approved of, probably). One could also use guix import to import from a local copy of nixpkgs (though such an import is imperfect, and might require manual maintenance), or run guix atop NixOS.

                      Unfortunately, I needed a system that works with nearly-minimal hassle on my hardware, with my software, and that is what NixOS gave me. The nix language is quaint, and the reliance on bash and systemd rather annoying, but personally I can ignore that and use a working computer with a relatively nice environment management system.

                      1. 2

                        It does not rely on a particular init ecosystem You are referring to Guix, the package manager here, right? Because, as far as I understand, GuixSD, the Linux distribution does depend on https://www.gnu.org/software/shepherd/?

                        1. 3

                          I was referring to the fact that neither Guix nor GuixSD rely on systemd. But you are correct, as best as I can tell GuixSD seems to rely on Shepherd.

                          Though maybe not all services seem to rely on it? Some of them don’t seem to mention shepherd at all, but I can’t tell whether or not that means anything because I’m not well versed in Guix scheme.

                          1. 1

                            https://github.com/guix-mirror/guix/blob/master/gnu/services/ssh.scm

                            Here’s one example that clearly refers to shepherd. Is there any reason to believe that shepherd is better than systemd?

                            1. 6

                              Three things, maybe:

                              • Shepherd doesn’t try to be more than an init system. Contrast to Logind, which GNOME depends on, which is tied to systemd. elogind had to be forked and extracted from systemd, because otherwise GNOME would not work without it. I don’t know of any end user applications that require shepherd to be the init system in any way that doesn’t resemble init system / daemon management usage.
                              • shepherd is also written in scheme, which means that Guix expressions can easily generate code per the user’s configuration for the shepherd file since you’re just going from scheme to scheme.
                              • I can’t remember if systemd can do this or not, but you can also run shepherd as a user to manage your user’s daemons (rather than the system-wide daemons). Convenient!
                              1. 1

                                I can’t remember if systemd can do this or not, but you can also run shepherd as a user to manage your user’s daemons

                                Yes, systemd can do that.

                                1. 1

                                  I can’t remember if systemd can do this or not, but you can also run shepherd as a user to manage your user’s daemons

                                  Systemd does have support for user services, without needing to start another daemon as your user.

                                  1. 1

                                    I should clarify that I meant being able to run one or more shepherd as a user being a feature :)

                                2. 5

                                  Shepherd isn’t an ecosystem of things that come bundled together? It isn’t Linux specific? It doesn’t (yet) slowly overtake various other components of your system, such as udev? There are definitely reasons that I still believe that Shepherd is better than systemd.

                                  However, nothing’s perfect. Upon a further examining of the documentation, it does seem that you are correct regarding Guix’s dependence on Shepherd: namely, all services do currently depend on it.

                            2. 2

                              Thanks for that Guix on NixOS link. I actually installed GuixSD in a VM at work today and noticed there were quite a few packages missing that I would like to have, so that seems like a good way to get started making son new packages before I go all in on the OS.

                              1. 1

                                What is the status of Java especially maven dependencies of a project? (which doesn’t seem to be fixed in Nix yet)?

                            1. 6

                              I want to know where Microsoft and Apple stand on AV1. I remember when all the major players were duking it out over WebM or H.264; H.264 won (and Mozilla and Opera, who were pushing WebM, got pressured into adding patent-encumbered H.264 into their browsers by market forces).

                              AFAICT, that happened for three big reasons:

                              1. Apple and Microsoft implemented H.264 and refused to implement WebM. In retrospect I guess that made more sense for Microsoft since they were still in “we blindly hate anything with the word ‘open’ in it” mode. Apple made less sense to me.
                              2. Google promised that Chrome would drop H.264 support, but never followed through. At the time <video> was new enough, and Chrome had enough market share, that I really think they would have been able to turn the tide and score a victory for WebM if they had been serious. But apparently they weren’t.
                              3. H.264 had hardware partnerships which meant decoding was often hardware-accelerated - especially important for mobile performance. But I have no idea where I know that from so Citation Needed™.

                              I dunno, I think there’s hope for AV1 but that a lot could still go wrong. Apple I am particularly worried about due to iOS’ market share. If they refuse to implement the standard, it could seriously harm or even kill widespread adoption. But OTOH, maybe I’m just a pessimist :P

                              1. 6

                                A few months ago, Apple has announced that they joined the AV1 group and Microsoft was a founding member. That makes me much more optimistic than previous open formats.

                                I think the MPEG-LA really fucked things up with the minefield they set up for H.265.

                                https://www.cnet.com/google-amp/news/apple-online-video-compression-av1/

                                https://en.m.wikipedia.org/wiki/Alliance_for_Open_Media

                                1. 5

                                  Apple and Microsoft implemented H.264 and refused to implement WebM. In retrospect I guess that made more sense for Microsoft since they were still in “we blindly hate anything with the word ‘open’ in it” mode. Apple made less sense to me.

                                  Apple and Microsoft are both large corporations, and thus hydras; what one head said doesn’t necessarily reflect another. Still, they both have a foot in the game in three awful races: an attempt to be a monopoly without appearing to be such to regulators; both are heavily invested in software patents (a lose-lose game for everyone, but there’s a sunk cost fallacy problem here); heavy investment and affiliation with proprietary media companies.

                                  I think the rest of your analysis on why h.264 made it in is right in gneral. Also, Cisco did the “here’s an open source h.264 implementation except if you modify it we might sue you for patent violations, so it’s not free software in practice” thing, and that was enough for various parties to check a box on their end, sadly.

                                  BTW, I sat in on some of the RTCWeb IETF meetings where the battle over whether or not we would move to a royalty free default video codec on the web would happen then. I watched as a room mostly full of web activists not wanting patent-encumbered video to overtake the web were steamrolled by a variety of corporate representatives (Apple especially). A real bummer.

                                  I’d like AV1 to do better… maybe it can by being actually better technology, and reducing a company’s bottom line by having a smaller bandwidth footprint, as it looks like they’re aiming for here. Dunno. Would love to hear more about strategy there.

                                  1. 1

                                    Also, Cisco did the “here’s an open source h.264 implementation except if you modify it we might sue you for patent violations, so it’s not free software in practice” thing, and that was enough for various parties to check a box on their end, sadly.

                                    What exactly was happening there? IIRC Cisco basically said “we’ll eat the licensing costs on this particular implementation to fix this problem” so Mozilla/Opera(?) ended up using that to avoid the fees. Is that not what happened?

                                    I definitely remember Mozilla attempting to hold out for as long as possible. Eventually it became clear that Firefox couldn’t compete in the market without H.264 and that’s when the Cisco plugin went in.

                                    I watched as a room mostly full of web activists not wanting patent-encumbered video to overtake the web were steamrolled by a variety of corporate representatives (Apple especially).

                                    This is super gross.

                                  2. 3

                                    Apple made less sense to me

                                    Apple is extremely sensitive to things that affect battery life of iOS devices. H.264 can be decoded in hardware on their devices. WebM would have to be decoded in software, so supporting it would be a worse experience for device reliability (battery would drain really fast on sites with lots of WebM content).

                                  1. 3

                                    So, please forgive my ignorance but reading all the negative responses here - isn’t the fact that we now have a protocol standard for distributed social media an all around good thing?

                                    1. 9

                                      The lack of standards has never been an issue – the lack of deployments, independent implementations, momentum and actual interoperability has always been an issue.

                                      I remember implementing OStatus back in 2012 or so at Flattr, only to find that no client actually implemented the spec well enough to be interoperable with us and that people rather than spending time on trying to fix that instead wanted to convert all standards from XML to JSON, where some like Pubsubhubbub/WebSub took longer to be convert than others, leaving the entire emergent ecosystem in limbo. And later ActivityStreams converted yet again, from JSON to JSON-LD, but then I had moved on to the IndieWeb.

                                      I find the IndieWeb:s approach to document patterns, find common solutions, standardize such common solutions as small focused, composable standards, and reusing existing web technology as far as possible much more appealing.

                                      One highlight with that is that one can compose such services in a way where ones main site is even a static site (mine is a Jekyll site for example) but still use interactive components like WebMentions and Micropub.

                                      Another highlight is that one as a developer can focus ones time on building a really good service for one of those standards and use the rest of them from the community. That way I have for example provided a hosted WebMention endpoint for users during the last 4 years without me having to keep updated with every other apec outside of that space, and the same I’m doing now with a Micropub endpoint.

                                      Composability and building on existing web technologies also somewhat motivates the entire “lets convert from XML to JSON” trend – HTML is HTML and will stay HTML, so we can focus on building stuff, gaining momentum and critical mass and not just convert our implementations from one standard to the next while fragmenting the entire ecosystem in the process. That also means that standards can evolve progressively and that one can approach decentralized social networks as being a layer that progressively enhances ones blog/personal site one service at a time. Maybe first WebMention receiving? Then sending? Then perhaps some Micropub, WebSub or some Microformats markup? Your choice, it all doesn’t have to happen in a day, it can happen over a year, and that’s just okay. Fits well into an open source scene that wants to promote plurality of participants as well as implementations while also wanting to promote a good work/life balance.

                                      1. 1

                                        Unfortunately every time an ActivityPub thread makes it to a news aggregator like this, it always seems like there are some negative comments in the feed from some folks from the indieweb community. It kind of bums me out… part of the goal of the Social Working Group was to try to bridge the historical divide between linked data communities and the indieweb community. While I think we had some success at that within the Social Working Group, clearly divisions remain outside it. Bummer. :(

                                        1. 1

                                          Sorry for the negativity – it would help if posts like these presented the larger context so that people doesn’t interpret it as if “ActivityPub has won” which as you say isn’t at all the case, but which this thread here has shown that it can certainly be interpreted as and which the title of this submission also actually implies.

                                          This gets even more important with the huge popularity of Mastodon as that’s a name many has heard and which they might think is the entirety of the work in that working group, which isn’t the case and is something that everyone has a responsibility in adequately portraying.

                                          So sorry for the negativity, but it’s great that we both feel that it’s important to portray the entirety of the work of that group!

                                      1. 6

                                        A lot of DRM arguments have been around slippery slope arguments like this, but I don’t feel like it gives the current context enough weight.

                                        DRM on the web exists already, people install plugins to watch streaming services. This is giving a way to avoid having to install arbitrary plugins, instead boxing things into a bit of a safer environment.

                                        Meanwhile , no one seems to be clamoring for hiding their CSS stylesheets , mainly because no tech company is under contractual obligations from Hollywood to do so.

                                        1. 12

                                          A lot of DRM arguments have been around slippery slope arguments like this, but I don’t feel like it gives the current context enough weight.

                                          We’ve been sliding down that slippery slope for about two decades now. And it has been getting considerably worse. In the early 2000s we saw people outraged about the first appearances of DRM’ed music and movies. Nowadays people seem to accept it, and are even moving towards accepting even more dramatically absurd forms of DRM from coffee makers to cars.

                                          And every time someone complains about DRM someone says “well yeah but people are okay with this one step that’s not as bad, what’s so bad about this one step worse”, which is exactly how the slippery slope works.

                                          1. 4

                                            My recollection of things is that the DRM situation has gotten better, not worse, over the past 15 years. Not for everything but for a lot of things

                                            It used to be that when you bought music from an online store, you had a DRM mess. Streaming video had to go through weird windows Media player DRM, which ended up being a whole virus vector.

                                            Nowadays I don’t ever see DRM’d MP3s, and video tends to work relatively sanely. Lots of games still have anti piracy stuff, but most companies just opt for some Steam DRM . I remember rootkit DRM.

                                            Granted it’s not always forward progress. But it’s felt more effective for my personal situation

                                            1. 3

                                              My recollection is that DRM itself has gotten better, and more pervasive. It’s still there, it just happens to work without getting in your face or breaking your system, so people accept it.

                                              I’ll reserve judgement on whether that is a good thing.

                                              1. 3

                                                It was really cool that we won the DRM’d MP3 battle, but I think businesses don’t even care because they can DRM up their music easily now because everyone uses streaming services.

                                                1. 1

                                                  Other than, say, the iTunes store (which sells high quality recordings without drm).

                                                  No major providers though, right?

                                                  1. 1

                                                    From what I understand, Google Play Music gives you the option to download music you buy DRM-free a total of 3 times. However, you don’t have any rights to the music which you save for offline play, but don’t buy, in the Play Music app.

                                                2. 1

                                                  I agree. Things improved a lot on content availability. Whereas, the UEFI and App Stores were a step back on the technical side.

                                              2. 3

                                                A lot of providers don’t do that, though. Whereas, a default DRM in the browser would probably make the number go up since the worst part is already there.

                                                1. 1

                                                  This is giving a way to avoid having to install arbitrary plugins, instead boxing things into a bit of a safer environment.

                                                  Do you have to install any plugins for Netflix? EME already works without being in the standard, it’s supported by all major browsers.

                                                  1. 1

                                                    Just because malware already exists and will continue to exist doesn’t mean we should make things easier for malware authors.

                                                    The correct response to DRM plugins is exactly the opposite of what you said: browser vendors should constantly break DRM plugins by changing the unofficial APIs those plugins use.

                                                  1. 4

                                                    This stuff again.

                                                    I fully expect with EME that we will see application authors begin to lock down HTML, CSS, Javascript, and every other bit of their web applications down with DRM.

                                                    It’s literally called “Encrypted Media Extensions”. It’s directly tied into HTMLMediaElement, and the whole point is that encrypted video frames get passed through HDCP and decrypted on your display.

                                                    It WILL be contained to movies. Because it’s IMPOSSIBLE to use for anything else.

                                                    Look at the prevelance of DRM in proprietary applications elsewhere

                                                    What prevalence? Professional applications like, say, AutoCAD still use a simple serial number, and every new release gets cracked on day one. Some games use DRM, but often just drop it after it’s been cracked.

                                                    Anyway, here’s a real actual threat to the free open web where you can view the source of everything. It’s called… proprietary code on the server side, and it’s been there since forever.

                                                    1. 13

                                                      So first off, I was talking more about the endorsement of DRM for images/video/audio will open the floodgates for DRM’ing of other technology. Whether or not it uses EME isn’t the point as much as the ok of DRM for the web from the W3C.

                                                      Second, while EME provides interfaces directly into HTMLMediaElement, the payload delivery mechanism seems like a reasonably generic DRM’ed message bus, and it isn’t hard to see how it could be used as a foundation to deliver other DRM’ed content. Am I wrong that interfaces couldn’t be exposed to use EME for other things as well?

                                                      1. 12

                                                        The strategy is called Fate Accompli where they break a larger goal into smaller ones that seem individually justifiable. Companies such as Microsoft have used devious techniques like that many times. The Trusted Computing Group was a good example where they told the masses TPM-like stuff was about security where it was mostly about DRM. So, there’s plenty of precedent for anything aiding DRM to be a stepping stone to much worse things.

                                                        1. 9

                                                          It’s fait accompli. <3

                                                          1. 1

                                                            Funny thing is I originally wrote that but though I misremembered spelling. It seems I did but only when I “fixed” it. Haha.

                                                          2. 4

                                                            TPMs are about security. And some of the most amazing TPM usage comes from Free Software. Check out tpmtotp and its usage in Heads.

                                                            Modern movie DRM uses HDCP — passing encrypted video frames to your monitor to be decrypted there.

                                                            1. 5

                                                              TPM’s were a product of the Trusted Computing Group that involved a number of monopolist, defense contractors pursuing their goals. The security claim, done for NSA’s IAD, was that the device could supplement a security-enhanced endpoint such as General Dynamics TVE or Dell Secure Consolidated Solution by protecting the boot process or any pre-OS software such as disk encryption. It was also pushed by entertainment industry asking Microsoft et al to make it technically impossible for users to view content without authorization. In other words, copyright monopolists would partly dictate what runs on our computers to suck more money out of us. They had already bribed politicians for DMCA for legal part. Now they just needed the technical part.

                                                              Let me illustrate what it was conceived to do to let you decide if it was more about security or companies’ profits (esp DRM & lockin):

                                                              1. The TPM ensures secure boot of BIOS’s made by (two?) companies that kept their products insecure on purpose for extra profit. These companies are an oligopoly with OEM deals that try to shut out competition. Initially, only their products will be signed as “trusted.”

                                                              2. The next, major part is an OS designed by monopolists who kept their product insecure on purpose for extra profits. This company was battling free software everywhere it could. Initially, only its OS would be signed for x86 systems as the “trusted OS.”

                                                              3. The OS then loads apps from various companies, esp Microsoft, that are deliberately left insecure to keep profits high. If it’s an app for movies or music, peripheral projects will force it to use a “protected media path” to ensure nobody can record it. Proposals of the time also included using virtualization or separation kernels to run media player outside the OS so no user software could touch it at all. Microsoft begins implementing whatever was cheapest/easiest.

                                                              So, it looks like a board-level, whitelisting solution designed by monopolistic and oligopolistic companies to force users to either use their DRM-laden, expensive software or switch to “insecure boot” modes with no protection at all. Your example of HDCP is one of many forms they had planned that were mostly closed-door discussions but slipped to public in various ways. Those slips led to a big backlast plus campaigns against them on DRM and user control side. We succeeded in forcing them to back way down from original goals.

                                                              The resulting chip barely does anything since it was designed to be dirt cheap above all else per what a member of Steering Committee told me. He said limiting it to weak form of trusted boot in special-purpose ASIC was only way to get Intel & desktop vendors to go along. Nonetheless,lots of CompSci and FOSS work built interesting stuff on it with the commercial sector moving first on that. Most of the better teams doing R&D have switched focus to TrustZone now given how mobile is still laying groundwork for how it does security. Lots of prestige, maybe profit, to be had if Apple or Samsung picks up a team’s solution. TPM-related schemes continue to get investment, though.

                                                              Far as the projects you bring up, they’re both really cool. I’ve bookmarked them for future evaluation or use. :)

                                                        2. 0

                                                          WebAssembly, on the other hand, is a legitimate threat to View Source. I think the OP is paying attention to the wrong W3C working group…

                                                          1. 7

                                                            No, it’s not. It doesn’t do anything new. It was always possible to compile native code to JS. (Or manually write “low level” JS that used one TypedArray of integers for all of its memory, LOL.) Wasm is a performance optimization, like asm.js was, but now with an efficient binary representation instead of messy JS code annotated with | 0 (or whatever it was) everywhere. Devtools could show the decoded source tree – that’s better view source than asm.js code.

                                                            1. 4

                                                              WebAssembly is just faster asm.js which is just faster compiled JS. That problem has existed long before WebAssembly has.

                                                              1. 1

                                                                But asm.js was not the topic of a W3C working group…WebAssembly is. We’re talking about being outraged because the W3C endorses an idea.

                                                              2. 2

                                                                WASM is just a way to encode JS into bytecode in a form that is just more handy in terms of encoding, decoding and compilation. It may even translate verbatim into JS.

                                                            1. 3

                                                              I did a bit of work on the OStatus stack that Mastadon currently uses. There’s definitely room for improvement, but I think it’s better to get there through incremental changes to functionality and composing protocols. Having one all-encompassing spec locks you into a single set of use-cases, which hinders growth and adoption long-term.

                                                              1. 3

                                                                ActivityPub’s main design, as you know I think, was done by Evan Prodromou who did most of the design on OStatus. ActivityPub was written, with the initial design also by Evan, to try to overcome some of those limitations.

                                                                Meanwhile Mastodon did try to incrementally improve OStatus by adding extensions, but that upset people as well because they were deemed as incompatible with the rest of the fediverse (privacy isn’t easy to add-on after the fact in OStatus for one). Now that ActivityPub is moving from OStatus to ActivityPub there’s complaints from much of that same group (not saying that encompasses you)… catch-22…

                                                                BTW, heya Brett! Remember a very naive young programmer helping with a command line frontend in Python briefly to one of your projects at the Goog back in the day with bgoudie and friends for like… a month? That was me. :) I’ve meant to catch up with you for unrelated reasons, mainly because of some exploration of actor model stuff since then… watch the video on: https://www.gnu.org/software/8sync/

                                                                1. 3

                                                                  Meanwhile Mastodon did try to incrementally improve OStatus by adding extensions, but that upset people as well because they were deemed as incompatible with the rest of the fediverse (privacy isn’t easy to add-on after the fact in OStatus for one). Now that ActivityPub is moving from OStatus to ActivityPub there’s complaints from much of that same group (not saying that encompasses you)… catch-22…

                                                                  This is not true. Privacy on the level of AP would have been very easy to add, by just using a different salmon endpoint for private messages. This was discussed at length back then, but Mastodon still chose to implement the leaky-by-default changes. The complaints about the move to AP is because Mastodon breaks old ostatus functionality while doing it, but that’s a whole different topic.

                                                                  1. 1

                                                                    Maybe this is true, though I never saw a concrete proposal of how to do it or implementation efforts to show how it could be done? So it still seems theoretical to me. Do you have a link to where the proposed approach was laid out / outlined?

                                                                  2. 3

                                                                    Oh additionally, if you want a more minimal system that isn’t as “all in one” as ActivityPub is, Linked Data Notifications uses the same inbox endpoint and basic delivery mechanism that ActivityPub does, with a lot less of the social networking structure.

                                                                    1. 2

                                                                      Hey good to hear from you! Do you have a link to the part about “upset people as well because they were deemed as incompatible with the rest of the fediverse”? I’ve been out of the loop for a while but I’d be curious to see that.

                                                                      1. 1

                                                                        It’s kind of hard to find a good summary, but this blogpost talks about it. Basically since there was no nice way to add privacy features to the existing distribution mechanisms, Mastodon kind of tacked it on and would advise the next server as to its privacy level. This lead to complaints that Mastodon was implementing “advisory privacy” since you’d send what was theoretically a private post from a Mastodon server, but everyone on a GNU Social (that’s the new name for StatusNet) server would see it. It could be that there was a way to do it in OStatus, but it wasn’t really worked out.

                                                                        One major thing that ActivityPub added is email-style addressing… every post is delivered to an individual’s inbox. Of course, like in email, you’re trusting the receiving server to actually do the right thing (and thus you could accuse this of being “advisory privacy” as well, but anything that isn’t end to end encryption can be accused of that), but I don’t get other peoples’ emails in my inbox because the addressing is baked in to the standard so it’s expected that all servers implement that.

                                                                    2. 0

                                                                      Yeah. OStatus is very well done, a nice unity of existing technologies that have been proven to actually work.

                                                                    1. 3

                                                                      Here’s the documentation on the new (ice-9 sandbox) module. It includes a pretty great quote:

                                                                      Sometimes you would like to evaluate code that comes from an untrusted party. The safest way to do this is to buy a new computer, evaluate the code on that computer, then throw the machine away. However if you are unwilling to take this simple approach, Guile does include a limited “sandbox” facility that can allow untrusted code to be evaluated with some confidence.

                                                                      1. 1

                                                                        Physical separation as default was in a comment I just posted:

                                                                        https://lobste.rs/s/8fdigq/computer_security_safe_sex/comments/qbv0mi#c_qbv0mi

                                                                        Unpopular but safest option. Wise of them to say that albeit it looks like a joke, too. A modification of that idea that goes way back is to use ROM’s for all firmware w/ removable storage. Then, the most they can do is damage the hardware (DOS attack). Their changes go away when you reboot the machine. Might have to do a custom job for that these days unless you’re fine with embedded boards. Some of them still have ROM in combination with flash that can store a signed image.

                                                                      1. 12

                                                                        https://lists.gnu.org/archive/html/emacs-devel/2016-12/msg00387.html

                                                                        “the byte stack implementation relies on using pointers to freed storage”

                                                                        Wow.

                                                                        1. 9

                                                                          Wait, so they were relying on undefined behavior in the C standard that just happened to work on their target platforms? Geez. This is exactly the sort of stuff one shouldn’t be doing in C.

                                                                          1. 7

                                                                            It seems worse than that. It sounds like this byte stack thingy was removed because of this dangling pointer issue, but then readded for some reason to get concurrency working.

                                                                            I don’t know the details so I’ll refrain from judging the matter. But code using pointers like this usually ends up with a CVE number assigned to it. Big red flag.

                                                                            1. 10

                                                                              I don’t know the details so I’ll refrain from judging the matter. But code using pointers like this usually ends up with a CVE number assigned to it. Big red flag.

                                                                              Using dangling pointers is Not Good, without question, but I don’t think it’s likely much of a security issue in this case simply because Emacs makes no attempt to sandbox elisp code – any exploit you could write using this pointer could almost certainly be written just as easily in straight emacs lisp, which can touch anything on the host it wants with the editor’s privileges.

                                                                              1. 1

                                                                                Pardon my ignorance, but is code the only thing that’s at risk here? I sift through tons of data in Emacs. Could data be used in some way to create an exploit? A nastily crafted email perchance? Because if that’s the case, that seems like a concern.

                                                                                1. 2

                                                                                  No, to exploit this would require running elisp.

                                                                                  1. 1

                                                                                    Ah okay, in that case no worries! :)

                                                                            2. 4

                                                                              Keep in mind that there are a bunch of perfectly reasonable implementation techniques for interpreters that are undefined behavior when written in C. Things like “I’m going to use the bottom four bits of pointers as a tag. If it’s 0, it’s actually a 60-bit integer, 1 is a heap pointer, etc.” *(val*)((uint8_t*)pointer-1) is, I’m fairly sure, undefined, but no C compiler is going to break it because it’s the job of a C compiler to be practical, not just a strict interpretation of the C standard.

                                                                              So while in this example it sounds like they’re doing something silly that should be fixed, in general strict C standard conformance is a non-goal of something like Emacs.

                                                                              1. 2

                                                                                Alignment isn’t really undefined (though you could probably make the argument that it’s architecture dependent - I’ve only fiddled with alignment on x86). If you control how an initial chunk of malloced memory is aligned, you can guarantee alignment throughout a program. A pointer is just a value then - no undefinedness there - it’s just pointing to the wrong part of the data if the tag isn’t removed.

                                                                                1. 1

                                                                                  I’m not an expert on the C standard, but I think the issue is to do with aliasing and misaligned conversions; see e.g. http://stackoverflow.com/a/28895321/499609