Threads for pepesza

  1. 5

    I always disliked how the kubernetes model conflicts with the live code deploy features of erlang. I’m sure this post will make some kubernetes purists cry though. :)

    1. 3

      Turn the code reloader into an Operator that stores state in a CustomResource and now it’s “cloud native” haha

      1. 1

        This probably the idiomatic solution. :)

      2. 2

        Could you elaborate? I don’t see how this breaks Kubernetes’ invariants. The idea of putting code into a ConfigMap is not new; there is a common sidecar, configmap-reload, which abstracts this pattern.

        1. 3

          Live code deploy in Erlang happens without losing the process’s memory state. So you can insert a new version of a function or module into the ongoing flow of a running program with stopping the VM.

          k8s works with the Unix process model which does not support such things without very strange, hard to maintain magic.

          1. 3

            Plenty of cloud-native executables support dynamically loading configuration or code without restarting the process. For example, a common use for the sidecar I linked is to reload Prometheus configuration without restarting. There is no magic here.

            1. 3

              So they have a ad-hoc informally-specified, bug-ridden, slow implementation hot code loading ;-)

              1. 1

                Please examine your meme. I’m going to reply instead of flagging you “wrong”, because I think that you should think about the words that you use. I also want less tribalism; this is not a situation where Erlang and Kubernetes should be thought of as disjoint conflicting ecosystems.

                To start at the end, Kubernetes isn’t BEAM. Kubernetes doesn’t care whether a process is an interpreter or whether a process is dynamically compiling code; it certainly doesn’t care about the structure of modules within Erlang, Elixir, or any other language within a container. When it comes to container images, Kubernetes supports hot changes to the filesystem, and the sidecar I linked earlier is designed to detect those changes and notify the main process.

                Is this ad-hoc? No, configmap-reload is a common tool. Is it informally-specified? Sure, you could complain that its documentation is lacking, but the two notification systems could be formalized relative to POSIX and HTTP respectively. Is it bug-ridden? It’s written in Go, but being written in a language with a high defect rate does not guarantee the presence of bugs. Is it slow? It’s fast enough; I’m not sure what would be slow about it.

                1. 1

                  You appear to be arguing that because some programs can be written in a way that they can manage their own code loading if properly notified and those can be run in Kubernetes, that this is equivalent to the kind of hot swapping that OTP on the BEAM provides.

                  The main things that Kubernetes provides that OTP does not are placement of replicas of pods on clusters and running arbitrary Linux containers.

                  1. 1

                    No, you’ve moved the goalposts. I’m not claiming that Kubernetes and BEAM are equivalent, as in another thread. I’m claiming that Kubernetes does not prevent container processes from hot code loading.

                    If you want to think of Kubernetes as providing features that OTP doesn’t provide, then think of Kubernetes as a construction kit with many optional parts; many of the fancier features are optional too. In the original article, the author shows how to integrate Erlang with Kubernetes in a way that doesn’t use most of the optional parts. This isn’t a conflict and it doesn’t require magic, just a sidecar.

                    1. 2

                      Looking back, you’re right. I did. I apologize.

          2. 2

            The code in the configmap is just a shell script, it’s not the code itself. That shell script pulls down the latest version of the code and deploys it to the Erlang VM. There’s nothing reproducible about it and it is effectively sidestepping the k8s deployment mechanisms.

            1. 1

              Ah, I see; if Kubernetes required container images to be reproducibly tagged, not just content-addressed and immutable, then this would be a dire conflict indeed. I’m not sure how we would combine Erlang and Kubernetes in that case. However, container images don’t need to be reproducible; tags like “:latest” are allowed to change which image they are referring to, and services like Nixery tag individual packages by name instead of reproducible hash.

              I agree that Dandelion is an alternative to common Kubernetes tools; in particular, it avoids Deployments. This would be an example of what I mean when I say that Kubernetes is a kit with many optional parts. But some portions of the system could still benefit from Deployments, like any changes to the underlying C code; it’s not a binary choice about which objects to use, but a space of possible arrangements of objects.

              Thank you for explaining your reasoning. I’m glad that we could find the root of the misconceptions and synthesize a better approach for all Kubernetes users, regardless of whether they are using BEAM.

            2. 2

              Doesn’t this require that all of your code be put into a ConfigMap, and not handle persistence of other state?

              1. 1

                That’s one way to look at it, and maybe that’s how it appears for Mnesia users; I’m not sure how Mnesia on Kubernetes would work. For applications with SQL databases or other structured persistence, the database’s state is usually stored using a PersistentVolume.

                You’re right about the limitations of ConfigMaps. The amount of code that could be changed is enough for a feature flag flip, but maybe not enough for a complete redeploy of a large monolith. Perhaps this is the “conflict” that neighboring comments are talking about. I don’t see this as a conflict; Kubernetes supports mounting multiple types of objects into Pods, including ConfigMaps, PersistentVolumes, and Secrets, but none of them are mandatory.

          1. 1

            CryFS paper is something worth reading in this context. Secure cloud file storage is hard!

            https://eprint.iacr.org/2017/773.pdf

            1. 5

              Personal: framework laptop kitted with wifi, 1 tb nvme, zfs on root, and 32 gigs of ram on one stick (for easy upgrading later to 64). I still like it, would still pick it again.

              Work: 2018 mbp 16 inches, 16 gigs of ram. Given a chance I’d upgrade to an M1. I thrash out of ram without really trying.

              1. 1

                What OS do you use? How is the battery life with non-windows?

                I’ve heard there have been battery issues under Linux.

                1. 3

                  As far as I know, the issue is with Tiger Lake being broken, not capable of entering certain sleep states. It should manifest itself on Windows too. I’ve stopped using sleep, instead I turn off my laptop every time lid is closed. Fortunately, startup time is really small.

                  1. 2

                    I’m using Fedora on my Framework, as that’s what Framework was recommending as having the best hardware support when I got it. (They now also bill Ubuntu as “Essentially fully functional out of the box.”)

                    The problem I was having was that the laptop would completely drain its battery with the lid closed in “s2idle” mode. I was able to fix this by switching to “deep” sleep, at the cost of it taking ~10 seconds to wake up, which has not really inconvenienced me. https://github.com/junaruga/framework-laptop-config/wiki/Battery-Life:-Change-sleep-mode-from-s2idle-to-deep

                    There are probably more advanced things I could do to improve battery life, but with that straightforward fix, it doesn’t lose more than 10-20% of battery charge if left sleeping unplugged overnight. That’s good enough to be usable for my purposes.

                    1. 1

                      This seems correct. I tell it to go into deep sleep, but the battery drain when suspended is still too high. Three days unplugged at most.

                      But I use my suspend to ram ability, and the battery drain there is zero. I get about 6 hours active usage if I squeeze on my entirely untuned Void Linux install. I’m comfortable using about 30 to 50 percent of the battery on my most common flight routes (2.5, 3.5 hours flight time)

                    2. 1

                       I tell it to go into deep sleep, but the battery drain when suspended is still too high. Three days unplugged at most.

                      But I use my suspend to ram ability, and the battery drain there is zero. I get about 6 hours active usage if I squeeze on my entirely untuned Void Linux install. I’m comfortable using about 30 to 50 percent of the battery on my most common flight routes (2.5, 3.5 hours flight time)

                  1. 2

                    Work: XPS with 16GB of RAM, ubuntu. Wifi started having hiccups lately, also there is a minor issue with hindge/monitor connection that sometimes causes flashes of distorted screen. Aside from that, I’m very happy with this laptop.

                    Private: Framework with 32GB of RAM on a single stick, NixOS. Would pick it again. Build quality is something else, wifi is also rock solid.

                    1. 1

                      Honest question from a person who is fascinated by cryptography but knows relatively little about it. Why is this interesting/special/newsworthy?

                      1. 1

                        Look closer at the submitters.

                        1. 1

                          …They are North Korean? Is that what’s noteworthy?

                      1. 1

                        Pretty-Good-Privacy name sounds like a joke in a world where people are being killed by drones based on meta-data alone.

                        1. 2

                          That’s a good talk. Specifically for people who know little about how Linux distributions are created.

                          1. 2

                            The content is good. What made it tick for me is I honestly just loved the speaker in this one. The humor really hit me well.

                          1. 5

                            The CLOUD Act isn’t black magic; it can only force Signal to turn over the data they actually possess. Which is, as demonstrated by a consistent paper trail of court records, almost nothing.

                            You do realize that the NSA themself stated they don’t need the content, they only need to know when somebody talked to somebody else, so IP traffic. And that we’re bombing people with drones based on that meta data ? That doesn’t really help threema, but it does make a case for hosting your stuff at least outside the US (and cloud act) if possible.

                            1. 15

                              Sure. If your threat model is “The NSA is going to bomb me if they know who I’m talking to”, Cwtch is better suited because its goal is metadata resistance.

                              1. 1

                                Have you looked into fun projects such as Vuvuzela or Pond? :-)

                                1. 2

                                  The Pond Readme recommends to use Signal instead.

                            1. 6

                              Wasn’t Travis CI sold recently to company that fired all senior devs to cut costs?

                              1. 1

                                Could be. https://news.ycombinator.com/item?id=19218036 Doesn’t seem super substantiated about exactly what levels they fired (hard to even say what senior means across companies). But does seem like they reduced their investment for sure.

                              1. 3

                                Running and exercising a lot. Playing with nix (see nixpkgs) language.

                                1. 1

                                  Are you training for a race?

                                  1. 2

                                    Not yet :-) I’m not in a shape to run a race yet. But I’m working hard to be able to do it one day.

                                1. 6

                                  Okay, that’s a few less keystrokes, but a harder mental load. I’d rather press F3 to go to the next result (or even, re-hit ctrl+f and enter) than remember if I’m in the “search” mode and hit some random button that has a different meaning in a different context.

                                  When programming, you already have to juggle so many different things in your mind - why complicate it further? I feel like all those vim/emacs articles are just written to justify the time spent learning all those keystrokes and quirks, and all the time setting up the plugins.

                                  1. 10

                                    I get that concern, but the truth is that after a couple weeks of using vim all the commands and things you use daily become second nature. I’ve had times where I couldn’t tell someone how to do something in vim without having my fingers on the keys so I see what my movements were. It’s pretty amazing how many shortcuts you can keep in your head.

                                    1. 2

                                      I’m able to mostly do that by playing the air-qwerty- keyboard. Definitely keeping most of my vim knowledge in my muscles, leaving my brain free for how I want the text to change.

                                    2. 6

                                      You’re actually looking at it the wrong way around. F3 is the random key here. Nobody would ever figure out that key without help. On the other hand, in VI most keys are part of a logical pattern, even though some of those are historical. For example: n is the key you’d press to get to the next search result.

                                      So while most shortcuts in modern day GUI have to be memorized without much context to help*, Vim commands are a language built out of related patterns.

                                      *) That’s of course not the full story. All those shortcuts have a history as well and some are an abbreviation for the action as in ctrl+f(ind) or ctrl+c(opy). But there’s no “copy a word and paste it to the next line” or anything similar one could express with those.

                                      1. 5

                                        People figure out the F3 key by seeing it in the IDE’s menus - which vim doesn’t have. With vim, you have to put in the effort and actively learn the shortcuts. But even then, I said you can just hit Ctrl+F and enter again to get the same behavior, which is obvious because most software has the same shortcuts, and work the same way.

                                        But there’s no “copy a word and paste it to the next line” or anything similar one could express with those.

                                        Ctrl+Shift+Right to select the word, then Ctrl+C, Down arrow, Ctrl+V, am I missing something?

                                        1. 2

                                          Yes, if you use GVim you get those little helpers in menus as well. That’s a different interface. But the topic should be about concepts. VIM commands are a concept, a language, rather than a list of unrelated commands.

                                          Of course you can do everything that you can do in VIM in any other editor as well. I’m referring to concepts and I might not be very good in conveying that. Sorry.

                                          1. 1

                                            In the end you can express pretty much anything in any editor with enough keystrokes: the arrow keys exist, after all.

                                            Modal editing tends to be a lot more efficient than non-modal though, and the keystrokes don’t require you to move your hands much e.g. to the arrow keys (way off the home row) or to use modifiers like Ctrl that require stretching your hands. Modal editors allow you to use the keys that are the easiest to reach: the letter keys, since the modal editor knows whether you’re intending to write vs intending to issue commands. These days I mostly use VSCode, rather than Vim, but I always have Vim emulation turned on because it’s much faster than non-modal editing once you’re familiar with it. Vim is particularly nice because it has a mini language for expressing edits; for example, w means “word,” and can be combined with deletion to delete a word (dw), selection to select a word (vw), “yank” to copy a word (yw), etc — or it can be used alone without a prefacing action, in which case it simply jumps to the next word after the cursor position. And there are many other “motion” nouns like w, and those can also be combined with the action verbs in the same manner — to copy letters, paragraphs, etc, or even more complex ideas such as letter search terms. Command sequences are first-class and your last command can be replayed with a single keystroke, and there’s even a built-in macro definition verb q, which stores up indexable lists of command sequences you issue and can replay the entire lists for executing complex but tedious refactors.

                                            Sure — the bottleneck in programming is typically not between your hands and the keyboard; it’s typically thought. But once you know what you want to express, it’s a very pleasant experience to be able to do it with such efficiency of motion. And since we do ultimately spend quite a while typing, it’s not irrational to spend some time learning a new system to have that time feel nicer.

                                            1. 2

                                              Modal editing tends to be a lot more efficient than non-modal though, and the keystrokes don’t require you to move your hands much

                                              Real gain is in reduced load on one’s muscles and tendons. Moving to vim bindings has helped me overcome pain in my wrists.

                                              1. 2

                                                I don’t see it as much for programming, but for writing prose a modal editor is great for forcing me to separate writing from editing. When I write an article / book chapter in vim, I try to write the first draft and then go back end edit. At worst, I try to write entire paragraphs or sections and then edit. I find this produces much better output than if I use an editor that makes it easy to edit while I’m writing.

                                        2. 5

                                          This is something that the article comes close to saying, but doesn’t actually say: Vim doesn’t just provide a bunch of shortcuts and keybindings for arbitrary operations, instead it provides a fairly well thought out programming language for dealing with text, that happens to also be bound to convenient keys. Crucially, operations in this language can be composed such as in the examples that the article gives, so you can build up your own vocabulary of operations even if the developers didn’t account for them. Does this take longer to learn than looking up the? Yes, probably. But I suspect that for most vim fans, there comes a “aha moment” where the power of this approach becomes apparent, and once you get used to it, you can’t live with it.

                                          1. 2

                                            I’m not sure “n” for next is “some random key”? And “N” (shift-n[ext]) for previous.

                                            And slash/question mark for search might be a bit arbitrary, but slash sorta-kinda “means” pattern/regex (as in /^something/).

                                            Ed: ok, I’m not sure why op is exited about “find” - I generally “search”.. . Or move by word (w) beginning/end of line (| and $). See also: https://stackoverflow.com/questions/12495442/what-do-the-f-and-t-commands-do-in-vim#12495564

                                            1. 1

                                              Move by word - hold ctrl, works in any textarea in any operating system.

                                              Move to beginning/end of line - press “home” or “end” keys, works in any textarea in any operating system.

                                              n is “some random key” on every other software with a text box on your computer. Vim is inferior in that aspect, not superior.

                                              1. 1

                                                ) moves by sentence and } moves by paragraph. I miss that all the time while writing prose outside of vim.

                                                Since they’re motions, you can combine them with delete/yank/replace/whatever. So di) deletes the whole sentence.

                                                1. 1

                                                  Option up/down moves by paragraph.

                                                  1. 1

                                                    I’m on Windows

                                            2. 2

                                              The mental load goes away after a while and it just becomes muscle memory. Each saving by itself is small, but they all add up over time. One I used recently was %g/^State \d/norm! f:lD: “On every line that starts with State followed by a number, delete everything after the first colon. Would have taken several minutes without that, with it it’s just a couple of seconds. When I’m constantly getting savings like that, it’s worth it.

                                            1. 2

                                              Sounds and looks very interesting. Can’t wrap my mind around the way message passing can be done, though.

                                              1. 2

                                                We use a channels abstraction to type messages, similar to Go or Rust. They can be combined to make type safe selective receives.

                                                See the OTP library for details -> https://github.com/gleam-lang/otp

                                                1. 1

                                                  IDK how Caramel does it, but one way to do it is to type functions on the messages it can receive. This type then gets “inherited” by processes that are spawned with that function. This means all match clauses inside the function’s receive / all messages sent to the process must match the function’s “receive type”

                                                  1. 2

                                                    We originally tried this but found it was too limiting. It was impossible to implement things like supervisors and gen:call, so at best you could write a thin typed layer on top of untyped Erlang code.

                                                    Gleam OTP by contrast is a small ~200 line Erlang core, and the rest is type safe Gleam.

                                                1. 3

                                                  Lots of people seems to be updating dependencies without looking into what has changed, nor any kind of audit. And we are talking about a projects that use cryptography. This is negligence.

                                                  1. 3

                                                    They only depend on PyO3. If Rust is a problematic dependency, we have bigger problems ;).

                                                    1. 1

                                                      No, most people are running into this with transitive dependencies, where a 2nd or 3rd level dependency specified something like cryptography<=2.3.0 in that project’s setup.py. I would guess that most people generally only pin first level dependencies as a matter of course. I further posit that python packaging/tooling is doing folks few favors here.

                                                    1. 87

                                                      I work at Signal, and here are my two cents:

                                                      Signal is incrementally better than the incumbents on the technology side. We do a better job encrypting message contents than most and I think we do a much better job staying ignorant about message metadata (e.g. who you’re talking to) than our competitors. I’m proud of the work my colleagues have done and I do think we have some significant differentiators, but Signal’s architecture is similar to WhatsApp’s.

                                                      The bigger shift, I think, is not technical. People know that corporations don’t always have users’ best interests in mind; Facebook is emblematic of this problem. In my view, shifting from a for-profit app to a nonprofit one is as significant as switching from a centralized platform to a federated one, if not more significant.

                                                      That’s not to say Signal gets a pass; we are far from perfect. But I think we’re a baby step towards the ideal.

                                                      I spend a lot of time on Mastodon and the cries for a better federated/decentralized system are loud there. I, too, would love to see messaging get there in the mainstream. Maybe it’s Matrix, maybe it’s Berty, maybe it’s Briar, who knows. But I see Signal as an important step to get there.

                                                      This isn’t an official response from Signal, just my opinion!!

                                                      1. 12

                                                        Thanks for the input here! I think these are reasonable ways to view things even if I periodically express frustration at the ways Signal falls short of (or operates on a philosophy that contradicts) my personal ideal. I derive a tremendous amount of value from it even if I’m uncomfortable with, say, the stances laid out in the ecosystem is moving, and I’m grateful for the utility provided in a very hard space to work in.

                                                        The bigger shift, I think, is not technical. People know that corporations don’t always have users’ best interests in mind; Facebook is emblematic of this problem. In my view, shifting from a for-profit app to a nonprofit one is as significant as switching from a centralized platform to a federated one, if not more significant.

                                                        As someone who works for a nonprofit on a public good that’s extremely centralized in architecture (I’m an employee of the Wikimedia Foundation), I tend to share this view. The way software labor gets paid for is crucial, and if there might be better models than a foundation, then there are certainly also far worse ones.

                                                        That said, though I’d far rather work for a donation-supported nonprofit than most of the realistic alternatives, our centralization sure is a vulnerability that keeps me awake at night. All institutions are vulnerable to capture, corruption, or collapse, and I wish we had better models for mitigating that risk. I’m pretty sure federation / distribution of architecture is an important piece of the puzzle, but it’s often difficult to discuss that in a way that’s also clear-eyed about the benefits and affordances of centralization.

                                                        1. 4

                                                          That’s not to say Signal gets a pass; we are far from perfect.

                                                          Out of curiosity, in what ways would you hope the project would improve?

                                                          1. 4

                                                            Maybe it’s Matrix

                                                            Matrix’s future is encouraging, because they tackle not only centralisation but also moderation.

                                                            The answer is to remove the centralisation. Users should be able to make up their own minds and make their own censorship decisions - something that we’re actively working on and supporting via Matrix’s decentralised reputation work. – https://element.io/blog/2021-escalated-quickly/

                                                            1. 3

                                                              I don’t think we automatically get a pass because we’re a nonprofit. I’d trust a nonprofit’s incentives over a corporation’s, but we could still do plenty of bad things. I’m not aware of us doing anything like this, but I want to avoid saying “nonprofits = always pure and good”.

                                                              The most obvious improvements I see are with the desktop app, which is what I work on day-to-day. It’s no secret that the app is buggy, consumes a lot of resources, and isn’t at feature parity with the mobile apps. I joined in an effort to improve those things, but there’s still a ways to go. Turns out it’s hard to build a good native app for three different operating systems (especially when no two Linux installations are the same)!

                                                              1. 1

                                                                For what it’s worth, there’s no love lost between me and the Electron end-user experience in the general case, but Signal at least manages to be the one Electron app I run routinely. On my fairly new and expensive desktop system I don’t usually have performance complaints and I can’t remember it crashing much. That may sound like damning with faint praise, but then again if you’ve used the typical Electron-based chat app maybe not…

                                                                1. 1

                                                                  Tangent on this, a lot (or at least some) would like to know if OWS has a stance on making bots and clients for unsupported operating systems. That bear has to be poked eventually and we can only hope for a positive response! :)

                                                              2. 4

                                                                I know you can’t answer this (and might not be fair for me to ask) but what’s your opinion of the Radio Free Asia (CIA spin off) funding that seeded Signal? I’m not trying to create FUD, just not seeing much talk about it. How do you convince a skeptic like me?

                                                                Also, why isn’t Signal investing in p2p? Maybe you can answer the second question…

                                                                1. 16

                                                                  You are swallowing FUD from the same people that has been trying to discredit the Tor project for the past 6-7 years on the same reasons.

                                                                  Inherently it doesn’t matter if CIA throws money on secure crypto. Because it’s secure. The double ratchet algorithm has had eyes on it for years and considering the fairly good track record of people finding suspicious crypto I’m not even batting an eye on the conspiracy some people are trying to push.

                                                                  1. 6

                                                                    If a US government run conspiracy exists around Tor I would be far more worried it relates to the laughably low count of active nodes and the potential that a not so insignificant count of them are being run by malicious parties.

                                                                    1. 11

                                                                      You don’t need a conspiracy to point at the multiple successful attacks against the Tor network and active sybil attacks people have used on it though.

                                                                      1. 3

                                                                        Who brought up conspiracy theories? Is it a conspiracy to think that the intelligence community would be more likely to fund a project that they can crack?

                                                                        1. 5

                                                                          When a large group of people with disparate goals and interests are treated as though they were all cooperating on a single unified goal, yeah, that’s conspiracy. At the very least, the intelligence community is divided into two very different groups: “attackers” and “defenders”.

                                                                          It’s quite plausible that the “attackers” group would want to fund vulnerable crypto systems in the hope that more useful traffic would be unprotected. However, it’s also quite plausible that the “defenders” group would want to fund very strong crypto systems, so that their agents’ communications would be secure, and hidden among a flood of equally-secure civilian communications.

                                                                          Just saying “Ah, this was funded by a spin-off of the CIA!” is not in itself evidence of vulnerability or security. If you could prove whether that funding came out of the “attackers” or “defenders” budget, that would be interesting and useful.

                                                                          For me, the fact that the CIA money was part of the seed funding (not when Signal was already popular) suggests that the money came from the “defenders” budget — they hoped it would get big enough that their own agents’ traffic would go unnoticed. I’d expect a donation from the “attackers” camp to come later on, once they had found a weakness, to help Signal establish a lead over competing apps without known weaknesses. That’s not proof, of course, but without hard evidence nothing’s certain.

                                                                          1. 1

                                                                            When a large group of people with disparate goals and interests are treated as though they were all cooperating on a single unified goal, yeah, that’s conspiracy.

                                                                            is anyone saying that?

                                                                            Just saying “Ah, this was funded by a spin-off of the CIA!” is not in itself evidence of vulnerability or security.

                                                                            …or that?

                                                                            1. 1

                                                                              There are people saying that. Which is why this is being discussed in the first place.

                                                                              1. 1

                                                                                who/where?

                                                                    2. 6

                                                                      What FUD are they swallowing exactly? They only stated that a CIA spin off initially funded Signal, which is true. It’s reasonable to ask why the U.S. intelligence apparatus would want to fund projects like Signal and Tor.

                                                                      1. 2

                                                                        Sure but in some cases, the CIA’s and the public’s interests can be aligned. Strong crypto, safe communication, identity hiding proxies are needed for both.

                                                                        1. 3

                                                                          sure, for some definitions of “the public.” during periods for which we have records of CIA activities, the peasants of southeast asia probably would’ve preferred the CIA to be less able to secure identities and communications.

                                                                        2. 1

                                                                          The FUD is that this somehow compromises the integrity of signal.

                                                                          1. 1

                                                                            Depends what you mean by integrity and what you think of Radio Free Asia.

                                                                          2. 1

                                                                            Well, when someone asks on lobste.rs, where they know that the chances of getting a factual answer to this question are zero, you might reasonably think that the question isn’t a straightforward request for factual answer. What else might it be? FUD and innuendo are among the possiblities.

                                                                            Personally my first guess for that funding would be someone at the CIA used some money in a way that helped their own performance reviews and maybe get them promotions, without regard to what effect it would have on other people at the CIA or NSA.

                                                                            “Tasks accomplished this year:

                                                                            • Blah that helps Chinese/Burmese/Indonesian blah blah against state wiretapping”

                                                                            This is a guess, not a factual answer. I’m just assuming that the CIA is no better coordinated than the places where I’ve worked. That people at the CIA will put their own department’s tasks and goals above those of other people in other buildings, just like… I could digress into frustrated rambling here.

                                                                            1. 1

                                                                              so you’re insinuating through innuendo that the only reason they would ask for an open ended opinion on this topic, is to spread FUD

                                                                          3. 4

                                                                            A union election is about to start in the Amazon facility in Bessemer, Alabama. Amazon wanted the election to run on their internal voting system instead of mail in ballots. The union reps declined because they were suspicious about running a union vote on the companies own platform for what seems to be like a good reason. Of course Amazon made the same arguments, that their software is secure an anonymous.

                                                                            The question is it legitimate FUD? Because it seems to me, if people are getting on Signal because they are worried about US government monitoring, then it would seem like a legitimate concern that the CIA funded the same software they are trying to use.

                                                                            Just because it’s FUD doesn’t mean it’s illegitimate. Just like just because it’s a conspiracy theory doesn’t mean there isn’t a conspiracy. I personally think this is a legitimate concern and there is no reason to believe Signal at face value given it’s history.

                                                                            Let’s also point out that technically, it’s very easy to shut signal down. Look at the recent outage. Look at the fact they are renting AWS hardware. Even if you don’t believe the FUD, nothing technically about signal seems robust.

                                                                            1. 5

                                                                              A union election is about to start in the Amazon facility in Bessemer, Alabama. Amazon wanted the election to run on their internal voting system instead of mail in ballots. The union reps declined because they were suspicious about running a union vote on the companies own platform for what seems to be like a good reason. Of course Amazon made the same arguments, that their software is secure an anonymous.

                                                                              How does this apply to signal? Union workers that has consistently been under threat and pressure in the US are completely sane to consider something else. For this argument to make sense then you are just suggesting signal is in direct opposition to the goal of their users. This feels like constructing some strawman.

                                                                              The question is it legitimate FUD? Because it seems to me, if people are getting on Signal because they are worried about US government monitoring, then it would seem like a legitimate concern that the CIA funded the same software they are trying to use.

                                                                              I disagree that some undocumented donation from a government agency is funding anything. The article Yasha has written is pay walled. Whatever donation they made years ago doesn’t matter as they have created a non-profit and gotten a significant donation from the whatsapp founder.

                                                                              Just because it’s FUD doesn’t mean it’s illegitimate. Just like just because it’s a conspiracy theory doesn’t mean there isn’t a conspiracy. I personally think this is a legitimate concern and there is no reason to believe Signal at face value given it’s history.

                                                                              The argument needs to be stronger then “some government agency gave a donation”.

                                                                              1. 3

                                                                                The union comparison is correct because there is a long history of vulnerable groups being targeted by the US government. Isn’t it sane for the same groups to be suspicious of tech funded by their oppressors?

                                                                                1. 1

                                                                                  Are you saying that any organization taking donations from the US government is ultimately working for the US government to do their bidding?

                                                                                  Isn’t it sane for the same groups to be suspicious of tech funded by their oppressors?

                                                                                  This is inane. How much money was given how many years ago?

                                                                                  1. 2

                                                                                    Obviously if the USPS funded it, or national park service, or the NSF, I wouldn’t be really be that concerned…

                                                                              2. 3

                                                                                The term FUD is only honestly used to describe disingenuous propagandising. Amazon’s voting software is not widely used FLOSS, unlike Tor and Signal. You are actively spreading FUD by making this misleading comparison.

                                                                                1. 3

                                                                                  What if it doesn’t matter if the messages are encrypted. What if the metadata, who talks to who when is what they’re trying to capture? Because getting the rest of the conversation is easy… Simply arrest them and get access to the phone.

                                                                                2. 3

                                                                                  I don’t think that a donation from the CIA is sufficient enough reason to worry. However it would have surely been smart for a project like Signal not to accept it, given the clear conflict of interests at play.

                                                                                  1. 2

                                                                                    Or alternatively that money would’ve enabled a lot of good and may not have come with significant strings - after all, I’m sure the CIA would use Signal too if it met their needs.

                                                                                    Ultimately we just don’t know. That’s what breeds the conspiracy theory. I’m not convinced we’re entitled to an answer, but it is something that could be easily disspelled if the project wanted to.

                                                                                    1. 3

                                                                                      You underestimate conspiracy theorists’ ability to do mental gymnastics if you think this can be easily dispelled. Look at how insistent mempko is being about factually incorrect assertions about metadata.

                                                                                      Bottom line, historical funding is not evidence of ANYTHING. It’s clear (to me) why the CIA might want something like Signal to exist and be rock solid, but that will never satisfy some who choose to see opportunity for conspiracy.

                                                                                      1. 1

                                                                                        As far as I know, only contact discovery is in the SGX enclave. Signal themselves made it clear they are working on not knowing who sends messages to who but as far as I know, they aren’t there yet. Am I factually wrong here? I would love to see the evidence. I’m a big boy and can admit when I’m wrong.

                                                                                        Signal set themselves up on a huge up hill battle by insisting on a centralized architecture. They could have gone p2p and would have no idea when people are talking and who they are sending messages to. They decided against that because it’s easier to upgrade the client with shiny new features. In other words they chose ease of development over security.

                                                                                        And you know what? It worked! They are really popular now and have a really nice client.

                                                                                  2. 2

                                                                                    I think people are more worried that facebook selling their data than US gov wiretapping. The latter happens anyway.

                                                                                  3. 1

                                                                                    The double ratchet algorithm has had eyes on it for years

                                                                                    The double ratchet algorithm is also fairly simple, and quite obviously correct. Any student in applied cryptography can examine it and convince themselves there’s nothing fishy there.

                                                                                    1. 2

                                                                                      I’ll repeat what I said above. What if it doesn’t matter if the messages are encrypted. What if the metadata is what they are trying to capture. Signal knows who is connected and who talks with who, when. Getting the rest of the conversation is easy, just get physical access to the phone.

                                                                                      1. 5

                                                                                        Signal knows who is connected and who talks with who, when.

                                                                                        They don’t.

                                                                                        https://signal.org/blog/sealed-sender/

                                                                                        https://signal.org/bigbrother/eastern-virginia-grand-jury/

                                                                                        1. 3

                                                                                          additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development.

                                                                                          “area of ongoing development” means “we have no solution for this yet”

                                                                                          1. 2

                                                                                            And? They removed a whole class of metadata, pushing an attack from a trivial lookup to the statistical realm. Is your complaint that they haven’t done enough? That the CIA protected you from everyone but them?

                                                                                            I’d love a chat app that advertised itself as “literally only the CIA can read your messages.”

                                                                                            1. 1

                                                                                              I was responding to /u/Foxboron’s claim that Signal doesn’t know who talks with whom. My understanding is that the IP address logging and traffic correlation can be done by Signal, so they could figure out who talks with whom.

                                                                                            2. 2

                                                                                              There are solutions for this problem. Examples - Pond by imperialviolet and Vuvuzela. Both hide the fact that you are sending the message. The cost - your device sends data all the time. Most of the time it’s white noise, sometimes it’s encrypted message. Observer can’t distinguish. Obviously, this does not work on mobile because of power requirements.

                                                                                              Alternatively, you can introduce random delays. This means you are no longer in chat territory - you are operating mailing service.

                                                                                              Anything short of two solutions above makes correlation attacks directed at contact network discovery very doable. And decentralization does not help - it will leak the same or greater amount of metadata, depending on implementation.

                                                                                              1. 1

                                                                                                In this case I think the attacks are a lot easier than with e.g. Tor because all messages go through Signal’s servers and they know the identity of the recipient.

                                                                                                1. 1

                                                                                                  https://signal.org/blog/sealed-sender/

                                                                                                  They know the identity of the recipient, but not the identity of the sender.

                                                                                                  There is an argument to be made, that by partitioning users into federated servers (or relay nodes, without permanent residence) you partition your anonymity set.

                                                                                                  1. 1

                                                                                                    Correct me if I’m wrong but it seems really easy to deduce or guess with high confidence who the sender is, based on the information that Signal servers have access to. For example if you receive a message and reply to it immediately, Signal could get a pretty accurate mapping from your IP address to your identity for that message, no?

                                                                                                    If I’m right it’s quite interesting that this blog post is being spread around as evidence that Signal doesn’t know who talks to whom.

                                                                                                    There is an argument to be made, that by partitioning users into federated servers (or relay nodes, without permanent residence) you partition your anonymity set.

                                                                                                    I don’t see an argument for that. In this case it seems like your “anonymity set” is the group of people who could plausibly use the same IP address as you at the time you are sending a message, which is quite small if not a group of one.

                                                                                                    1. 1

                                                                                                      Correct me if I’m wrong but it seems really easy to deduce or guess with high confidence who the sender is, based on the information that Signal servers have access to.

                                                                                                      Yes. Definitely. But that is also true for an attacker who just controls the routers around signal’s servers, which is cleaner way to attack the network (hard to get caught!).

                                                                                                      In this case it seems like your “anonymity set” is the group of people who could plausibly use the same IP

                                                                                                      That would be trying to hide the fact that you are using the communicator.

                                                                                                      No. I’m speaking about hiding whom is talking to whom. Imagine your server handling high amount of traffic. And we have a hostile router that can see packets and their destinations, but not packet contents. When router does time correlation attack to identify whom is talking to whom, the worst thing server can do is immediately forward messages from sender to the receiver. This makes connecting the dots trivial. Now, if multiple pairs of people talk at the same time, server can introduce a small random delay (lets say below 1s) between receiving and forwarding to confuse the router. More people talking - more possible permutations there is. AFAIK this method of confusing the observer is not a very good one. I recall seeing papers about de-anonymization of Tor users via capturing and analyzing traffic data for a long period of time. But that is a problem of every low latency communication method. To work around that you would need to lots of wasted bandwidth (as in vuvuzela) or long delays (as in mixnet).

                                                                                                      1. 1

                                                                                                        I think we are talking about two different things. It’s easier for Signal because for each message they know the IP address of the sender (at the time of sending) and the identity of the recipient. If they can figure out who maps to the IP address for a given message, they know the identity of the sender and the recipient for that message – not just that the sender is using their service.

                                                                                                        1. 1

                                                                                                          My real point - you wont get much in terms of privacy just by distributing servers :-)

                                                                                                          1. 1

                                                                                                            probably true, but you do get interface stability and independence

                                                                                              2. 1

                                                                                                That still means Signal does not know though. You would only get the information with a global adversary which is fairly hard to protect against.

                                                                                                IP (still) does not correlate to a person though.

                                                                                                1. 1

                                                                                                  It’s not even a global adversary. You just need an adversary sitting in AWS. And who is bigger a global adversary than the USA?

                                                                                                  1. 1

                                                                                                    are you saying U.S. intelligence funded a project with vulnerabilities that could only be reasonably exploited by a hegemonic adversary? :)

                                                                                                    1. 1

                                                                                                      To add to my snarky reply, I don’t think you are right that Signal doesn’t know. If you reply to a message within a few seconds of receiving one, your IP address probably hasn’t changed, so Signal would know your identity as a sender. That’s just one example, and it’s not hard to think of ways that Signal could figure out the sender and receiver in most cases (or at least have a confident guess).

                                                                                          2. 5

                                                                                            You’ve expressed confidence in Signal’s message encryption. It’s open, well analyzed, and widely used.

                                                                                            You’ve expressed concern about Signal retaining metadata. Your only specific threat of “who talks to who when” has been specifically and repeatedly addressed: https://signal.org/blog/sealed-sender/

                                                                                            Well over a year after that announcement, I looked at their code to see how it worked. It didn’t. It wasn’t on. And I don’t care enough to look again because…

                                                                                            Signal is still strictly more secure than every other major messaging app.

                                                                                            Finally: both the autobahn and the US interstate highway system were national defense projects. Should I be skeptical of them?

                                                                                            1. 1

                                                                                              Moxie doesn’t like p2p and decentralization. He made an entire talk about that during 36c3 and the recording of that talk was promptly deleted after a wave of backlash and criticism since apparently Moxie didn’t actually agree to have the talk recorded.

                                                                                              edit: I was wrong and posted rumors.

                                                                                              1. 5

                                                                                                that talk was promptly deleted after a wave of backlash and criticism.

                                                                                                That’s not true. The talk was deleted because Moxie asked for the talk to not be recorded and to not be made public: https://twitter.com/moxie/status/1211427007596154881

                                                                                                I just prefer to present something as part of a conversation that’s happening in a place, rather than a webinar that I’m broadcasting forever to the world. I have less faith in the internet as a place where a conversation can happen, and the timelessness of it decontextualizes.

                                                                                            2. 2

                                                                                              Get to work unionizing so you can force Signal to allow third party clients and federation!

                                                                                            1. 24

                                                                                              Horrible, horrible article.

                                                                                              However, here’s something to think about: while privacy preserving tech is commendable, does it have to come at the cost of user freedoms? Hint: it doesn’t, and it shouldn’t.

                                                                                              What user freedoms are being trampled? Author does not seem to specify any.

                                                                                              I don’t mean to sound conspiratorial, but what’s to say that the server in production hasn’t been backdoored? In fact, the Signal server code hasn’t even been updated since April 2020. You’re telling me it’s undergone no changes?

                                                                                              Serious accusation. Completely unfounded one. Two points are made. First, that backdooring the server would achieve something. Hint, it would not. E2E is exactly for that. Contact list crosschecking is being done inside SGX enclave, and clients are validating if SGX enclave is running particular version of code. What would server backdooring achieve? Author is clueless. Second accusation. “You are telling me it’s undergone no changes?” For half a year? On a platform where almost everything happens client-side? Server just shuffles cryptotext around. Nothing to see here.

                                                                                              1. 11

                                                                                                What user freedoms are being trampled? Author does not seem to specify any.

                                                                                                Two come to mind: Freedom to distribute software, eg. in the F-Droid store, even if this means that not everyone has the newest version. Freedom to use my own Server, instead of trusting someone else, at the conscious expense of my security.

                                                                                                1. 5

                                                                                                  You can distribute the software in the F-Droid store. You can’t use their trademark (the name signal) or servers while doing it.

                                                                                                  You also can run your own server with your own build of the app in the F-Droid store.

                                                                                                  Presumably what you want is to use the network they’ve built with your own client. I agree that would be nice-to-have, but AFAIK not even Stallman wants OSS licensing to require it.

                                                                                                  1. 5

                                                                                                    I can distribute, but I can’t actually cause people to use it. Like spam filters: I can send my email all right, it’s getting it received that’s more problematic. I can run my own server, but it won’t talk to the official one. It has to be a separate network, that, understandably, nobody will use.

                                                                                                    So yes, using their network with different clients would be very nice.

                                                                                                2. 14

                                                                                                  Ad hominem much? Seriously, it hurts any argument you’re trying to make.

                                                                                                  The problem they allude to is that we have to trust that moxie is running the server code that he claims to run. It does seem suspicious that the server code has seen 0 changes in almost 1 year.

                                                                                                  People like to point out that signal has e2ee, and that the server doesn’t have to be trusted, but they (conveniently?) forget that signal collects a fair amount of information from users (phone numbers, contacts, other meta data), and has the potential to collect a lot more on the server side.

                                                                                                  1. 6

                                                                                                    Contact list crosschecking is being done inside SGX enclave, and clients are validating if SGX enclave is running particular version of code.

                                                                                                    Could you expand more on that? If I’m sending my contact list to a Signal server for crosschecking, how can I trust that server to keep the list private?

                                                                                                    1. 5

                                                                                                      Signal’s own description of the problem and what they are doing with it: https://signal.org/blog/private-contact-discovery/

                                                                                                      SGX page: https://en.wikipedia.org/wiki/Software_Guard_Extensions

                                                                                                      Long story short - it’s guaranteed by Intel. It’s a piece of the processor that user can load with code, lock and burn the key. Metaphorically - since there was never a key. Next, external application can talk to https server running from the enclave, and validate enclave’s claims about code that it runs with a help from Intel’s service.

                                                                                                      This tech has it’s limitations - it’s still buggy, exploits being published every year, but it will mature some day. It also has some limitations in it’s threat model - it does not cover de-capping and RAM page replay attacks.

                                                                                                      1. 15

                                                                                                        Signal’s own description of the problem and what they are doing with it:

                                                                                                        The problem still exists, you have to trust that they are doing what they say they do, and since it’s 100% centralized you have no way of knowing for certain that the server code they are running is what they say they run. And you can’t run it yourself since moxie is 110% hostile towards any sort of decentralization of his baby.

                                                                                                        1. 6

                                                                                                          you have no way of knowing for certain that the server code they are running is what they say they run.

                                                                                                          The server code is able to send a verification code derived from intels private key, the current time, and the hash of the built server code.

                                                                                                          In order to do that, they’ve either A) somehow gotten hold of intels private SGX key, B) successfully used an SGX bypass, or C) run code with a hash matching the one they’ve published, which comes from a reproducible build.

                                                                                                          I think that list is roughly in order of least to most likely.

                                                                                                          1. 5

                                                                                                            I’d say an SGX bypass is more likely than any other. Intel’s opsec regarding their keys was flawless so far, hash collisions are hard (I think SGX uses SHA256 which is still unbroken in the general case?), but SGX and every other bolt-on “security” technology that Intel implemented since protected mode has been an utter disaster.

                                                                                                          2. 5

                                                                                                            you have to trust that they are doing what they say they do

                                                                                                            You’re trusting Intel OR Signal. That’s the whole point of SGX. A successful attack means they have to conspire together.

                                                                                                    1. 4

                                                                                                      What worries me is that, basically, there is no real solution to messaging right now. So anything I might choose and decide to recommend is me betting that it take a bad turn. But at the same time, I can’t betray people’s trust all the time by saying X was bad, Y is better (for now). And putting it as it is, “X appears to be good enough for now” doesn’t sound confident enough to motivate friends into switching. So all that is left between alarmism and realism appears to be cynically advocating for something like Signal, not because it is the best, but because it is the most probable to disrupt the current landscape held together by the network effect. Until then, you can just hope that there will be a proper solution, i.e. something secure, with a specification and without dependence on a single organization.

                                                                                                      1. 9

                                                                                                        Until then, you can just hope that there will be a proper solution, i.e. something secure, with a specification and without dependence on a single organization.

                                                                                                        Maybe it’s time to start wondering whether a decentralized or multi-organizational tool is actually worse. So far, any attempt at them has not worked and the outlook is not good.

                                                                                                        What worries me is that, basically, there is no real solution to messaging right now.

                                                                                                        What is a “real” solution? Something with a spec and decentralized, as the quote earlier suggests?

                                                                                                        …the most probable to disrupt the current landscape held together by the network effect.

                                                                                                        I posit that any messaging system will require the network effect. Making a good protocol, for example, is not nearly enough.

                                                                                                        1. 3

                                                                                                          Maybe it’s time to start wondering whether a decentralized or multi-organizational tool is actually worse.

                                                                                                          The advantage of a non-centralized network is that there is no central point of failure, neither technical nor social, which I think is important. But of course, it is more difficult to implement, which I believe is the reason why attempts at this have historically been worse. I’m cautiously optimistic about Matrix though.

                                                                                                          What is a “real” solution?

                                                                                                          To oversimplify: Something that isn’t a compromise.

                                                                                                          I posit that any messaging system will require the network effect.

                                                                                                          Conversely, by weakening the network effect of already existing networks makes it easer for newer solutions to compete.

                                                                                                        2. 10

                                                                                                          I would totally prefer to build on top of a incentive aligned protocol enabling secure and cheap communication. Signal is not that.

                                                                                                          But bitching about some fringe theoretical gripes of technical folk at the moment when alphabet-soup groups syphon out all the communication data.. it’s just shortsighted. Signal is a tool ready for mass consumption. Alternatives are really not even close. Including everything Matrix and XMPP.

                                                                                                        1. 3

                                                                                                          Can anyone suggest a xscreensaver alternative that doesn’t pull a bunch of dependencies?

                                                                                                          resolving dependencies...
                                                                                                          looking for conflicting packages...
                                                                                                          
                                                                                                          Packages (21) gdk-pixbuf-xlib-2.40.2-1  glu-9.0.1-2  libglade-2.6.4-7  perl-clone-0.45-2  perl-encode-locale-1.05-7  perl-file-listing-6.14-1  perl-html-parser-3.75-1
                                                                                                                        perl-html-tagset-3.20-10  perl-http-cookies-6.10-1  perl-http-daemon-6.06-2  perl-http-date-6.05-3  perl-http-message-6.27-1  perl-http-negotiate-6.01-8
                                                                                                                        perl-io-html-1.004-1  perl-libwww-6.52-1  perl-lwp-mediatypes-6.02-8  perl-net-http-6.20-1  perl-try-tiny-0.30-5  perl-www-robotrules-6.02-8
                                                                                                                        xorg-appres-1.0.5-2  xscreensaver-5.44-3
                                                                                                          

                                                                                                          I mean, is this reasonable for everyone?

                                                                                                          1. 10

                                                                                                            I use i3lock. Its direct dependencies look reasonable, although I don’t know what they recursively expand to.

                                                                                                            With that said, I don’t know whether it is “secure” or not because my threat model doesn’t really care if it is or not. I only use it to prevent cats and children from messing around on the keyboard. And for that, it works well.

                                                                                                            1. 4

                                                                                                              Try slock, which has no dependencies except X11 itself.

                                                                                                              1. 2

                                                                                                                Build from source and disable the savers/hacks that require the dependencies you aren’t happy about.

                                                                                                                1. 1

                                                                                                                  I don’t want any screensaver, just want my screen to lock reliably. I guess I’ll try that.

                                                                                                                    1. 2

                                                                                                                      It’s a great compromise when using X11, but the whole concept of screen savers on X11 is just so fragile. Actually suspending the session even if the screensaver should crash would be much cleaner (which is how every other platform, and also wayland handle it).

                                                                                                                      What I’m even more surprised about is that you said this compromise is possible with 25yo tech - why did no distro actually do any of this before?

                                                                                                                    2. 0

                                                                                                                      What about physlock?

                                                                                                                      1. 5

                                                                                                                        No idea about physlock or any other alternative, I am asking because this sentence kind of make me think:

                                                                                                                        If you are not running XScreenSaver on Linux, then it is safe to assume that your screen does not lock.

                                                                                                                        Though this person’s attitude kind of bothers me, if you run ./configure on xscreensaver you read stuff like:

                                                                                                                        configure: error: Your system doesn't have "bc", which has been a standard
                                                                                                                                          part of Unix since the 1970s.  Come back when your vendor
                                                                                                                                          has grown a clue.
                                                                                                                        

                                                                                                                        hm. Ok? I guess I don’t have to like it, I just don’t see the need for that.

                                                                                                                        1. 19

                                                                                                                          jwz ragequit the software industry some 20 years ago and has been trolling the industry ever since. Just some context. He’s pretty funny but can be a bit of an ass at times 🤷

                                                                                                                          1. 18

                                                                                                                            He’s also pretty reliably 100% correct about software. This may or may not correlate with the ragequitting.

                                                                                                                            1. 3

                                                                                                                              While ragequitting may not correlate with being correct about software, being correct about software is absolutely no excuse for being an ass.

                                                                                                                              1. 7

                                                                                                                                It’s not his job to put on a customer support demeanor while he says what he wants.

                                                                                                                                He gets to do as he likes. There are worse crimes than being an ass, such as being an ass to undeserving people perhaps. The configure script above is being an ass at the right people, even if it does editorialize (again, not a problem or crime, and really software could use attitudes!)

                                                                                                                                1. 4

                                                                                                                                  Lots of people in our industry seem to think that being a good developer you can behave like a 5 years old. That’s sad.

                                                                                                                                  1. 4

                                                                                                                                    Especially in creative fields, you may choose to portray yourself any way you choose. You don’t owe anybody a pleasant attitude, unless of course you want to be pleasant to someone or everybody.

                                                                                                                                    For some people, being pleasant takes a lot of work. I’m not paying those people, let alone to be pleasant, so why do I demand a specific attitude?

                                                                                                                                    1. 2

                                                                                                                                      Being pleasant may take work, but being an asshole requires some effort too. Unless you are one to begin with and then it comes naturally of course. :D

                                                                                                                                  2. 3

                                                                                                                                    How is the bc comment being an ass at the right people? Plenty of distros don’t ship with bc by default, you can just install it. What is a “standard part of unix” anyway?

                                                                                                                                    1. 9

                                                                                                                                      bc is part of POSIX. Those distros are being POSIX-incompatible.

                                                                                                                                      1. 8

                                                                                                                                        As a developer for Unix(-like) systems, you should be able to rely on POSIX tools (sh, awk, bc etc.) being installed.

                                                                                                                                    2. 2

                                                                                                                                      It sounds like you view software as an occupation. It is not. It’s a product.

                                                                                                                                2. 2

                                                                                                                                  Physlock runs as root and locks the screen at the console level. AFAIK the problems affecting x-server screenlockers aren’t relevant to physlock.

                                                                                                                        1. 17

                                                                                                                          Very interesting, in a way I’m curious about how this will evolve, but the Ethereum integration is a huge turn-off.

                                                                                                                          1. 5

                                                                                                                            At the moment there is no Etherum integration at all. Down the road we are going to add entirely optional ways to benefit from the extra security, authenticity and coordination tooling backed by something like Etherum. All the code collaboration functionality will be unaffected by it and and at no point are users expected or required to use the optional features.

                                                                                                                            1. 8

                                                                                                                              Thank you for specifying that, that is exactly how I understood it and while I appreciate the optional integration, there is one planned and that for me makes this project very unattractive. Which I think is a shame, because the P2P aspect (alongside it being open-source, written in rust, having a very polished presentation) of it looks very good.

                                                                                                                              1. 1

                                                                                                                                Great to hear that the messaging on the website makes that clear. Out of curiosity what are the reasons for the strict rejection based on that optional feature set?

                                                                                                                                1. 13

                                                                                                                                  I reject any blockchain-related project, because blockchain is wasting a huge amount of resources for absolutely no gain. Associating a project with it - even by making it optional - means you support the ideas behind blockchain, so I automatically can’t support the project.

                                                                                                                                  1. 6

                                                                                                                                    Ethereum is starting it’s PoS transition, stage zero, mainnet literally today, first of December. They are working hard to drop PoW.

                                                                                                                                    EDIT: Here is a launch event live stream: https://www.youtube.com/watch?v=MD3mADL33wk

                                                                                                                                    EDIT2: Eth 2.0 beacon chain explorer: https://beaconcha.in/

                                                                                                                                    1. 3

                                                                                                                                      I have no idea what “Pos”, “stage zero”, “mainnet” means. I assume PoW doesn’t mean prisoner of war, but proof of work?

                                                                                                                                      1. 3

                                                                                                                                        Proof of Stake, proof of work, mainnet = production. Stage zero - this new production network does create new blocks and mints validator rewards, but it is yet to be upgraded to network that can do proper transactions. Also, question of turning off PoW of Ethereum 1.0 is still not very clear. First two networks need to be merged into one.

                                                                                                                                        1. 4

                                                                                                                                          So regarding my argument that

                                                                                                                                          blockchain is wasting a huge amount of resources for absolutely no gain

                                                                                                                                          you are saying that they are taking care of the amount of resources consumed by lowering the energy consumption?

                                                                                                                                          1. 3

                                                                                                                                            They are making steps (just launched a first of series of network upgrades) on a road that will lead to PoW being fully replaced by PoS in Ethereum. So - yes. But it will take some time.

                                                                                                                                            Please note that the costs of PoW are distributed onto every holder of cryptocurrency. And some of that cost is distributed on everyone else in a form CO2 emissions. They are offsetted by of carbon tax, but only in some of the countries where miners operate.

                                                                                                                                            Everyone is interested in PoW becoming a thing of the past.

                                                                                                                                            1. 1

                                                                                                                                              At least that’s the long-term plan for Ethereum.

                                                                                                                                              Bitcoin, for example, has no plans to move towards Proof of Stake. Neither do most other blockchain based cryptocurrencies.

                                                                                                                                              1. 2

                                                                                                                                                To me, “proof of work” feels a little like the internal combustion engine. It’s kind of dirty, and grew so big in our time that it needs huge amounts of power to continue to work (as in drilling for oil and fracking all the things to make cars go brrrr): it’s “what we have” (or “they” have, whatever) because for a while, every blockchain based cryptocurrency went for it.

                                                                                                                                                Now, some people are not completely oblivious to how stupid this looks, and alternatives are slowly coming around (proof-of-stake for eth, consensus protocols for xlm, etc.). The future is looking brighter, but as for BTC it’s just too late: it’s expensive because it requires huge amounts of investments to exist and allow transactions.

                                                                                                                                      2. 3

                                                                                                                                        Blockchain hype is pretty large source of free software funding that doesn’t corrupt the movement to serve a couple of oligarchs. Both offer freedom.

                                                                                                                                        I am not fan of blockchain snake oil peddlers myself, but if they manage to convince a bunch of greedy, rich capitalists to lose some money on free software alternatives to the status quo, I am content.

                                                                                                                                        Public smart contracts also incentivize research of formal methods, dependent typing and other methods to improve software correctness. Another great win.

                                                                                                                                        1. 2

                                                                                                                                          blockchain is wasting a huge amount of resources for absolutely no gain

                                                                                                                                          As mentioned down-thread I think you mean “proof of work” and not “blockchain” here. Git repos use a merkle-tree block-chain just like Bitcoin, for example, and there’s no proof of work there.

                                                                                                                                          I also think it’s ilkely you misunderstand the nature of “wasted resources” in a proof of work algorithm (blockchain related, or otherwise) but that’s a side issue here.

                                                                                                                                  2. 4

                                                                                                                                    This stance comes from a place of ignorance on how energy is generated and converted into proof-of-work. It’s a shame because blockchains are here to stay and will only grow in consumption. The majority of electricity in use by proof-of-work chains today comes from excess hydro energy. This is energy that was already harvested and would go to waste if it wasn’t used to secure bitcoin. There are today several large projects looking to do the same: make use of excess energy harvested by power plants, and turn them into money. There is really no need to create new energy to power cryptocurrencies. That, I agree is a waste, and completely unnecessary.

                                                                                                                                    1. 14

                                                                                                                                      Whoa, wait a minute. That’s like how I can buy the meat in the supermarket without being responsible for animals being slaughtered because the animals have already been slaughtered anyway, right? There’s no market involved here or anything.

                                                                                                                                      1. 3

                                                                                                                                        There is really no need to create new energy to power cryptocurrencies. That, I agree is a waste, and completely unnecessary.

                                                                                                                                        I know this rationale very well and I think truth is somewhere in the middle. Yes, mining is clearly a way to turn that excessive (in off-peak hours) energy into useful work. BUT! ATM any other, potentially more useful way of turning this energy into useful work needs to compete with miners. Potentially, that energy could create aluminum, fill water tanks, charge huge batteries, etc.

                                                                                                                                        Also, the way demand supply/demand for hashing power works - in times of high prices of BTC (like now) people are likely to run miners everywhere, not just next to large power stations in off-peak hours.

                                                                                                                                    1. 3

                                                                                                                                      They’re really trying hard to lose this anti-trust investigation, aren’t they ?

                                                                                                                                      1. 2

                                                                                                                                        Lose. They’re playing fast and loose, unafraid to lose this investigation.

                                                                                                                                        1. 1

                                                                                                                                          I’m all for loosening up the relationship between google the search, the SaaS and chrome..

                                                                                                                                        2. -6

                                                                                                                                          They’ve won the election. And undoubtedly placed their finger on one of the scales.

                                                                                                                                          Now is time to reap the rewards.

                                                                                                                                          EDIT: Clarification. Their candidate won the election.

                                                                                                                                          1. 6

                                                                                                                                            Won the election? What are you talking about?

                                                                                                                                            1. 3

                                                                                                                                              Lol get that QAnon conspiracy outta here

                                                                                                                                              1. 2

                                                                                                                                                I don’t think anything about considering the Democratic party as “Big Tech”‘s choice is anything to do with Qanon, please don’t be part of a force that turns the word Qanon into something meaningless…

                                                                                                                                                1. 2

                                                                                                                                                  Who in Big Tech has come out as explicitly stating the Democratic party is their choice (as a company, not private individual)? My point in making the statement is that the comment I replied to was just conjecture, conspiracy theory, etc…. Sure, tech/social media plays a big role in politics, but “placed their finger on one of the scales” sounds like they deliberately endorse/favor one side over the other.

                                                                                                                                                  1. 1

                                                                                                                                                    Sure, tech/social media plays a big role in politics, but “placed their finger on one of the scales” sounds like they deliberately endorse/favor one side over the other.

                                                                                                                                                    It’s way simpler than that.

                                                                                                                                                    1. hire moderators in a state where population votes in particular way
                                                                                                                                                    2. when election comes, introduce more rules that encourage more active moderation
                                                                                                                                                    3. observe how one of the sides gets moderated into oblivion

                                                                                                                                                    All of this is an unintended consequence of pretty normal decisions. But boy are they convenient.

                                                                                                                                          1. 8

                                                                                                                                            If your DB exists inside one org - sure. If your DB is shared between multiple orgs and you want to concentrate on tech, not on legal… Maybe time-series database won’t cut it.

                                                                                                                                            1. 10

                                                                                                                                              What attack, exactly, do you fear that is allowed by giving your partner orgs append-only access to a DB, but is not possibly by giving them append access to your blockchain?

                                                                                                                                              I note that the article explicitly addresses the ‘partners who don’t trust each other’ use case.

                                                                                                                                              For example, a private ledger allows data to be shared and seen by different parties who do not need to trust each other because of the software’s rules – this could be a bank and a regulator sharing data access to customer trades data. I would argue that such data access could be done via the business logic layer sitting on top of the database layer to provide data to outside parties.

                                                                                                                                              1. 7

                                                                                                                                                This

                                                                                                                                                ‘partners who don’t trust each other’

                                                                                                                                                is not compatible with this:

                                                                                                                                                giving your partner orgs append-only access to a DB

                                                                                                                                                Because it requires your partner to trust that you do not do funny stuff on DB yourself. Simplest attack - place a buy before appending a large incoming buy order, and place a sell just after it. Free money. Happens on public blockchains all the time.

                                                                                                                                                BTW, this article is a dumpster fire. It is full of false claims, half-truths and just irrelevant bullshit. The guy who wrote it knows his time-series databases and knows almost nothing about blockchain design space.

                                                                                                                                                Blocks are added to the blockchain at regular time intervals. For each block of data, there is an associated timestamp.

                                                                                                                                                Yes. Trains also arrive at different time points. Is Amtrak a blockchain? How is this even relevant?

                                                                                                                                                Data replication: Each node in the blockchain holds the entire history of transactions. If one node is compromised, we rely on the others to provide the full history. Again, this concept has been in effect for decades with traditional databases: if one database fails, we may want another as a backup.

                                                                                                                                                False. There are multiple types of nodes. There are chains where history can be truncated - chains with snapshots. Reason for nodes to have the full state is an ability to validate every state transition. Data availability is an important concern, but it is secondary since the need to share some data can be removed with the help of zksnarks / bulletproofs.

                                                                                                                                                full history of all individual transactions ordered by time; this is how blockchain nodes work

                                                                                                                                                No, this is not how blockchains work. They implement total global ordering of events. But the order is logical, not time based. E.g. both Bitcoin and Ethereum include transactions in the order defined by the fee paid - from txes paying high fees, to txes paying low fees. Total global order of transactions plus deterministic execution equals ability to arrive to the same final state. It has very little to do with time.

                                                                                                                                                Blockchains would have multiple parties (i.e., nodes) to agree for a specific transaction. There are consensus algorithms such as Raft and Paxos in traditional databases akin to a voting mechanism.

                                                                                                                                                This bit is just lazy. Consensus determines the order of inclusion of transactions. Nothing more.

                                                                                                                                                Long 256 format: This is the format of crypto public addresses. At QuestDB we have built a data type that is better than a string to efficiently write and read Long 256 blockchain addresses.

                                                                                                                                                Irrelevant. This is a wrong layer. See Tendermint. It provides a total ordering on a set of binary blobs. Binary blobs are untyped, and Tendermint knows nothing about details of business logic of the application it is running.

                                                                                                                                              2. 8

                                                                                                                                                You are not avoiding any “legal”.

                                                                                                                                                This reminds me how a bunch of blockchain peddlers that made their way into a meeting of a municipal IT steering committee, trying to sell their “block-chain based authentication mechanism”. They did not read eIDAS and GDPR (nor the related local laws) did not read the public service information systems law, nor the cybernetic security law and showed that they had zero understanding of the fact, that if public administration screws up proving someone’s identity and that someone is harmed by that, the administration is held liable.

                                                                                                                                                It is several times easier to write a contract between couple of parties detailing how you share data and who is responsible for what, adjust your respective privacy policies and use a couple of regular databases than “putting it all onto a blockchain”, potentially being liable for publishing personal information that cannot ever be deleted.

                                                                                                                                                And frankly, I am pretty confident writing small-scale contracts myself, without being a lawyer. Continental Law tends to provide mostly sane defaults (to a point it is safe to sign most of the common contracts without any additional clauses apart from the mandatory ones) and since overly unfair contracts are invalid and courts are expected to read into what the signatories meant, you only need lawyers in high-risk situations or once something blows up.

                                                                                                                                                And if you need it to scale, just use adhesive contract (terms of service) with one organization acting as a steward. If you need it to be neutral, association is both the simplest of corporations to fund and also the simplest to administer (almost no accounting) providing democratic (one member = one vote) decision-making by default.

                                                                                                                                                1. 6

                                                                                                                                                  How do you realistically prevent a 51% attack though…?

                                                                                                                                                  1. 8

                                                                                                                                                    What you decide to do will depend a lot on the specifics of your use-case. You might decide to run your own proof of authority blockchain, or to run some other BFT protocol such as HotStuff. You also might communicate using a public blockchain. However, what you must not do is run your own proof of work blockchain. Your comment correctly identifies one of the reasons why doing so is a bad idea.

                                                                                                                                                    1. 3

                                                                                                                                                      WoT?

                                                                                                                                                      1. 4

                                                                                                                                                        Web of Trust style, ala Proof of Authority, doesn’t actually handle adversarial consensus, only who can publish to the blockchain, so often you’ll see another consensus algorithm underneath that layer, like IBFT, Raft, what-have-you, if you’re concerned with adversaries within the trusted nodes

                                                                                                                                                        1. 2

                                                                                                                                                          Thank you, that’s helpful.

                                                                                                                                                          1. 2

                                                                                                                                                            of course! It’s a really interesting space, and there’s lots of nuances to it all. We obviously deal with it a lot at work, more than other folks may in their day to day

                                                                                                                                                      2. 2

                                                                                                                                                        Enterprise organisations are also vulnerable to 51% attack. You can buy 51% of the shares, then burn the whole thing to the ground.

                                                                                                                                                      3. 4

                                                                                                                                                        Yeah this is my understanding of the value of enterprise blockchains. It’s more about getting diverse organisations to run a database together in an interoperable manner without one of them becoming the “owner” of the database or similar. I’ve never actually worked in such a large organisation so I have no idea if this rings true.

                                                                                                                                                        1. 4

                                                                                                                                                          This is generally the case; my company reviews blockchains quite frequently, as well as their installations, and we’ve seen this comment often. Having said that, I haven’t seen as much success from that sort of thing; very often it’s a pilot, and doesn’t go much further than that.