1. 2

    I’ve been using FreeDNS - a fork of XName - for the past ~15 years.

    1. 1

      This looks horrendously unreadable.

      1. 2

        It’s actually interactive. You can click a button like ‘m’ (or hit m on the keyboard) and see shortcuts available when you’re composing a new message. If you are actually using mutt this makes more sense than a huge list of modes & hotkeys in groupings.

        1. 1

          Aha, that explains it. I was viewing the page via my iPhone.

        2. 1

          I agree - different colours could have been chosen.

        1. 5

          “Lauren Ipsum” was pretty good: https://www.amazon.co.uk/Lauren-Ipsum-Carlos-Bueno/dp/1461178185

          Sort of Alice in Wonderland for computing.

          1. 3

            I bought it from no starch press in their recent sale - arrived on Friday :^)

            I’d add Electronics for Kids to the list.

          1. 2

            I’ve had a gapps less cyanogenmod set up on myold nexus for over 1½ years (and am waiting for a stable ROM for my current device), and it’s interesting to see that people pretty much eventually end up with the same solutions. I’d just add that if you’re euthusiastic about free software, one should use IceWeasel and if one wants a good FOSS twitter/mastodon experience, I can only recommend Twidere.

            Also, why use AnySoft if you can use the AOSP one. I’m currently struggling with the counter-intuitive nature of AnySoft, but can’t find a AOSP .apk :(

            1. 4

              IceWeasel? You mean the rebranded Firefox for Debian of yesteryear? It no longer exists.

              1. 2

                It still does on Parabola.

                1. 2

                  @zge most likely meant IceCat - IceWeasel’s new name. IceCatMobile to be precise.

                  1. 1

                    Yeah, my bad. I always mix those two up.

              1. 1

                What does “malware served” in every section mean?

                1. 2

                  You see at the top where it says he remembers the internet before google?

                  He goes on to name the malware products: gmail, search, and adwords+related products.

                  His point is that all of those things were better before Google took them over. Their replacements are malware. I couldn’t agree more.

                  1. 2

                    /me adds malware to the list of words that no longer have meaning.

                    1. 4

                      Would ‘scamware’ have worked better? ‘Spyware’ certainly applies, as does ‘adware’.

                      I’m personally responsible for bringing dozens of users and three small businesses to Google. Before that, I brought a couple of users to Altavista.

                      I argued that people shouldn’t ban Google’s spider bot from their web servers. I convinced people that having all their email in one searchable place for free forever was life changing and they should sign up post-haste.

                      I stopped people on the street when they were carrying Mapquest printouts and told them about Maps.

                      I imported my own email archives from pre-Gmail into Gmail. I reported bugs.

                      I told people they could trust Google and that economies of scale meant that Gmail would always be faster and better than their own mail servers.

                      I argued against the first (and second, and third) waves of anti-Google sentiment. I apologize… I thought they were Luddites that just didn’t get it, didn’t see the future. Well, actually, they saw it more clearly than I.

                      Anyway, I know how the author of the piece feels and I think it’s on-topic for lobste.rs. In that it sets the stage for discussion!

                      1. 3

                        A coercive unpleasant experience designed to induce behavior in the target? That’s torture. You could say the Facebook timeline is literally torture, and I’d object to the hyperbole, but I don’t think you’d be entirely wrong.

                        Manipulationware is a little long. Grindware? You’re on a treadmill trying to get ahead, but you’re just running in place.

                        Honesty though, I’m not a fan of the ware suffix generally. I think there’s a strong connotation of local client software. To that end, malservice would be a good term.

                        1. -2

                          webshit

                      2. 1

                        Completely off-topic, but I get an ‘unknown issuer’ error when I try to visit your website.

                        1. 2

                          New one here, eh? :^)

                          Have a read, why don’t you!?

                    2. 1

                      I was wondering the same thing. Googling “Facebook malware” reveals a few instances where some Facebook features served malware ads, maybe that?

                      1. 3

                        The Facebook malware is “Mandatory non-linear curation of user contributed content”.

                        He’s saying that sharing was better before Facebook. I couldn’t agree more.

                    1. 23

                      Seems like a good argument against using BSD licenses.

                      1. 7

                        Why? I have more faith in management engine knowing it is minix than some shit that intel wrote themselves.

                        1. 20

                          I suppose the section “Powerful, Reliable Software Can Be Bad” of https://www.gnu.org/philosophy/open-source-misses-the-point.en.html is relevant here :)

                          1. 10

                            If anything, we’d be better off if we found that Intel’s ME was total garbage. It lets an alternative supplier differentiate on more secure software to get some sales. Then, Intel will either try to get people to ignore them with their other advantages, improve the security of their software, or buy the competitor to get their solution. Currently, as license allows, Intel just freeloaded off a bunch of work taxpayers in Europe paid for with some free labor by Tannenbaum et al to solve their problem. The ME stack is still garbage per recent threads.

                            Alternatively, they could’ve just paid a RTOS vendor for a stack. The going rate for those targeting robustness with networking and filesystems was $50,000 OEM last I checked. After they acquired Wind River, they’d have access to highly-reliable OS that’s been used in all kinds of things. Also, a separation kernel (VxWorks MILS) with carefully-crafted networking plus NSA pentesting. So, they do have both paid and free alternatives that are better than Minix 3 if they didn’t prefer freeloading off others’ work to save fifty grand or so on a project that nets them billions. I’m starting to lean back toward GPLing or AGPLing everything with dual-licensing to reduce this. They can pay to remove the copyleft.

                            Edited to change “ripping off” to “freeloading off” as dxtr noted.

                            1. 4

                              If I create something and then give it to you - no strings attached - are you then ripping me off?

                              1. 5

                                Not really. I should’ve said freeloading like parasites. I wonder, though, about what motivates people to freely work for companies under a license that insures mainly the companies benefit versus one where they contribute something back. I originally liked the BSD licenses to increase the amount of high-quality code the companies might be using to make stuff better in general. I’m not so sure we should do that now seeing how (a) that creates bad incentives for the companies to constantly freeload versus GPL/APGL projects and (b) they keep modifying that stuff into insecure or seemingly-malicious software like Intel did.

                                The folks aren’t doing anything great by giving them the code. They’re just helping monopolists and oligopolists further ensure the status quo that damages users, developers, and hobbyists while minimizing their operational costs for benefit of owners or shareholders. They also use their fortunes to pay lobbyists to reduce our rights in areas such as copyright and patent law. That phrasing depicts what actually goes on versus the public good people sold me on long ago with BSD/MIT licenses. I wonder how many BSD/MIT contributors that wanted corporate uptake would stick to it if they saw that as the ultimate goal of their contributions. Also, were told the companies often change the code to defeat its flexibility, reliability, or security benefits.

                                I’m sure plenty would stay in the game but I am curious how many would switch licenses. Also, which would they prefer switching to for balancing widespread uptake and maximizing contributions.

                                1. 4

                                  People use BSD-alikes because their goal isn’t to coerce people into opening their sources, their goal is to make using their software as easy a possible. They’re not working for rewards from future would-be customers, they’re working because they feel some software which does not exist, should.

                                  1. 2

                                    “they’re working because they feel some software which does not exist, should.”

                                    I imagine most building open-source software fit that category. It can be done with copyleft licenses, though, with little impact to most users.

                                    1. 3

                                      Sure, and a subset of those people are interested in keeping their work from people who don’t “deserve it”, but not everybody is - and those who aren’t, usually choose a non-viral license because they want more people using their stuff.

                                      1. 1

                                        That’s true. A good point to make.

                              2. 2

                                If anything, we’d be better off if we found that Intel’s ME was total garbage.

                                Are you implying it’s not?

                                Don’t know about you, but I don’t need an unmodifiable, unremovable, totally compromised operating system running an HTTP server inside my CPU.

                                Never asked for this, wasn’t told by Apple that they were selling me this, and have no plans to buy another computer with it.

                                1. 2

                                  Good luck finding one without it.

                                  1. 1

                                    Possibly can but will be performance hit:

                                    https://news.ycombinator.com/item?id=15646175

                                  2. 1

                                    It’s definitely garbage. I’m setting up something broader than just Intel where I want them to show what their proprietary stuff is worth, users to find out, and a better alternative to potentially show up. Those can be vetted proprietary (eg shared-source) or FOSS.

                                    I could be really wrong but I think AMD is missing a golden opportunity to differentiate on security or trustworthiness of CPU’s like Blackberry and then Apple tried to do in smartphones. Two lines of products, one without management and one with enterprise-controllable version, might push those losses back a little bit esp from foreign sales. They could let third parties of different jurisdictions inspect the management code or its loader since high-performance, legacy-compatible x86 is a patent minefield for competitors anyway. My hypothetical alternatives would have to make some kind of sacrifice in performance, cost, or both. AMD could charge right in.

                                    1. 1

                                      I could be really wrong but I think AMD is missing a golden opportunity to differentiate on security or trustworthiness of CPU

                                      I doubt AMD has a choice in the matter. It really doesn’t make sense for Intel to have it in all their CPUs; in the consumer CPUs where no user will ever use the management engine, it’s just a bunch of extra hardware on the die, wasting space and increasing complexity and cost. The only reason I can think of would be that someone forced their hand, and I can imagine the NSA wouldn’t hate having a backdoor into every single Intel (or AMD) CPU in the world with ring -3 access.

                                      1. 1

                                        They have several, possible benefits to having that enterprise technology in their chips:

                                        1. The functionality for providing security enhancements is the same in each. Enterprise and repair shops also wanted management benefits.

                                        2. The DRM capabilities the entertainment industry wanted and might have paid for.

                                        3. The backdoors the NSA might have demanded or paid for.

                                        4. The common technique for saving on mask costs (millions) by merging I.P. from several use cases into fewer mask layers.

                                        Ok. The original release on Intel’s side was vPro which had all kinds of benefits for enterprises, esp security. The Trusted Computing Group, of which Intel was part, also wanted to use that stuff for DRM for movies and MP3’s. They probably had financial incentives which might likewise be used to make them go more private again. The NSA is an unknown here where they might have promised them something for money or defense contracts. I know the ME’s weren’t mandatory because not all chip vendors that were in the U.S. were building management engines into their CPU’s. They could possibly put their foot down saying they’d take money to 0-day the firmware instead which would let us put in better firmware but NSA still hits most targets.

                                        The last thing on my list is an industry practice to get development costs down. The best example was the hard disks which showed different amounts of storage but had same platters with same amount of space. The platters and components for writing them had a fixed cost. So, they used firmware deception to tier the pricing. Another example in an ASIC from a friend in hardware was him discovering a cellular radio in an embedded peripheral that wasn’t supposed to connect to anything. He said it wasn’t malicious: the company just reused a mobile SoC they sell for a different purpose with different packaging to squeeze more ROI out of existing chip. Aside from these oddities, the main form of reuse is just doing pre-proven blocks of hardware in a certain process node on new projects. Once they wire the first CPU instance to a ME, it was possibly cheaper to just reuse that on each iteration of that instance esp given ME’s were originally small (ARC cores).

                                        So, there’s the overall analysis of what parties and concerns are involved. The amounts they’re currently losing are much bigger than anything Hollywood or NSA paid them. Highest payout I saw for NSA was around $100 million per telecom for access to their national networks. That was something they could use constantly whereas this they’d have to use sparingly. Couldn’t be much more. The trick is, like with Raptor Workstation, how many people would actually pay for a computer without the backdoor, how much extra, and what total revenues to project for AMD? I’m less confident in demand side than I am in supply side.

                                2. 2

                                  Technically, we don’t really know what is in it, since the final result is closed source. Maybe they added a bunch of “shit that Intel wrote themselves”.

                                  1. 1

                                    Just from a personal point of view. I don’t want my software to be used to spy on users without me even being asked about it.

                                  2. 2

                                    Then they would have just used a different OS. MacOS has slowly been ripping all the GPLv3 code out of their OS. That’s why they use an ancient version of GPLv2 bash and manually backport all the security fixes.

                                    1. 1

                                      On the contrary - it shows that anyone can use such software without all the bull$%^& which surrounds, i.e. the GPL. All that he is asking for is simple: Hi, We’re using your software. Cheers, Bye!

                                      1. 11

                                        He spends 1/3rd of the letter asking talking about the fact that someone benefitted from his hard work and he didn’t get any acknowledgement of it. Then he goes and says something like: “I don’t mind, of course, and was not expecting any kind of payment since that is not required.” The whole thing feels and reads regretful to me. I don’t know AST, so don’t really know his personality, or anything, but if I spent 1/3rd of the letter talking like that, I know it’d be because I felt I missed a big opportunity and I’m trying to convince myself that it was fine.

                                        1. 1

                                          If there’s anything that AST might regret is the fact that MINIX hasn’t been released under a permissive license earlier and the fact that Linux and the *BSDs got themselves firmly established.

                                          Him regretting not getting anything back out of it after fighting with the publisher to get the code released under a permissive license? Seriously? ;^)

                                          The way I read the letter is him setting the scene before mentioning that letting him know would have been a polite thing to have done - mentioning that without said background information would have looked a bit weird.

                                          Anyway, if I were the author of said code, I’d merely like to know.

                                        2. 1

                                          Yes, and that’s what I wouldn’t want to happen to my software.

                                      1. 0

                                        MIT licence is sooo cool, multi billionaires company have work for free

                                        1. 2

                                          You have made variations of this comment several times, now. What is your solution? A license that says “If you have over x American dollars, you must pay y to use this software?

                                          1. 1

                                            There’s always dual licensing with the GPL and a commercial license.

                                            1. 2

                                              If it’s dual-licensed under GPL and commercial (whatever that means) then one can always use the former. GPL does not forbid, but actually encourages, charging money for the software and the end product being commercial.

                                              1. 1

                                                If they change it and distribute the changes, they have to release the source to the changes. Or pay for right not to. Project maintainers might get something useful out of it. They won’t if it’s permissively licensed in vast majority of cases where a change is made and distributed.

                                                1. 2

                                                  Here, however, no one cares about getting anything useful or anything at all for that matter. People who permissively license their software actually care about the software being useful to everyone.

                                                  In either case, money has nothing to do with it.

                                                  1. 1

                                                    Good point. Yeah, that be the case here.

                                            2. 1

                                              Solution to what? What is the problem here?

                                            3. 2

                                              It’s BSD license to be precise. It’s also great that you can incorporate code covered by such a license in a proprietary or copyleft-licensed software - the reverse is not true.

                                              As an author you have the freedom to chose a license that suits you and the project :^)

                                            1. 9

                                              Hah, I was actually curious whether AST will make a move. Good to see he did.

                                              Still, it’s sad that he doesn’t seem to care about ME.

                                              1. 7

                                                Whether he cares about ME is irrelevant here. By releasing the software under most (all?) free software and open source licenses, you forfeit the right to object even if the code is being used to trigger a WMD - with non-copyleft licenses you agree not to even see the changes to the code. That’s the beauty of liberal software licenses :^)

                                                All that he had asked for is a bit of courtesy.

                                                1. 4

                                                  AFAIK, this courtesy is actually required by BSD license, so it’s even worse, as Intel loses here on legal ground as well.

                                                  1. 5

                                                    No, it is not - hence the open letter. You are most likely confused by the original BSD License which contained the so called, advertising clause.

                                                    1. 5

                                                      Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

                                                      http://git.minix3.org/index.cgi?p=minix.git;a=blob;f=LICENSE;h=a119efa5f44dc93086bc34e7c95f10ed55b6401f;hb=HEAD

                                                      1. 9

                                                        Correct. The license requires Intel to reproduce what’s mentioned in the parent comment. The distribution of Minix as part of the IME is a “redistribution in binary form” (i.e., compiled code). Intel could have placed the parts mentioned in the license into those small paper booklets that usually accompany hardware, but as far as I can see, they haven’t done so. That is, Intel is breaching the BSD license Minix is distributed under.

                                                        There’s no clause in the BSD license to inform Mr. Tanenbaum about the use of the software, though. That’s something he may complain about as lack of courtesy, but it’s not a legal requirement.

                                                        What’s the consequence of the license breach? I can only speak for German law, but the BSD license does not include an auto-termination clause like the GPL does, so the license grant remains in place for the moment. The copyright holder (according to the link above, this is Vrije Universiteit, Amsterdam) may demand compensation or acknowledgment (i.e. fulfillment of the contract). Given the scale of the breach (it’s used in countless units of Intel’s hardware, distributed all over the globe by now), he might even be able to revoke the license grant, effectively stopping Intel from selling any processor containing the then unlicensed Minix. So, if you ever felt like the IME should be removed from this world, talk to the Amsterdam University and convince them to sue Intel over BSD license breach.

                                                        That’s just my understanding of the things, but I’m pretty confident it’s correct (I’m a law student).

                                                        1. 3

                                                          It takes special skill to break a BSD license, congrats Intel.

                                                          1. 5

                                                            Actually, they may have a secret contract with the University of Amsterdam that has different conditions. But that we don’t know.

                                                            1. 2

                                                              Judging from the text, doesn’t seem AST is aware of it.

                                                              1. 2

                                                                University of Amsterdam (UvA) is not the Vrije University Amsterdam (VU). AST is a professor at VU.

                                                          2. 1

                                                            I’ve read the license - thanks! :^)

                                                            The software’s on their chip and they distribute the hardware so I’m not sure that actually applies - I’m not a lawyer, though.

                                                            1. 5

                                                              Are you saying that if you ship the product in hardware form, you don’t distribute software that it runs? I wonder why all those PC vendors were paying fees to Microsoft for so long.

                                                              1. 2

                                                                For the license - not the software

                                                                1. 3

                                                                  Yes, software is licensed. It doesn’t mean that if you sell hardware running software, you can violate that software’s license.

                                                              2. 3

                                                                So, they distribute a binary form of the OS.

                                                                1. 4

                                                                  This is the “tivoization” situation that the GPLv3 was specifically created to address (and the BSD licence was not specifically updated to address).

                                                                  1. 2

                                                                    No, it was created to address not being able to modify the version they ship. Hardware vendors shipping GPLv2 software still have to follow the license terms and release source code. It’s right in the article you linked to.

                                                                    BSD license says that binary distribution requires mentioning copyright license terms in the documentation, so Intel should follow it.

                                                                    1. 3

                                                                      Documentation or other materials. Does including a CREDITS file in the firmware count? (For that matter, Intel only sells the chipset to other vendors, not end users, so maybe it’s in the manufacturer docs? Maybe they’re to blame for not providing notice?)

                                                                      1. 3

                                                                        You have a point with the manufacturers being in-between Intel and the end users that I didn’t see in my above comment, but the outcome is similar. Intel redistributes Minix to the manufacturers, which then redistribute it to the end-users. Assuming Intel properly acknowledges things in the manufacturer’s docs, it’d then be the manufacturers that were in breach of the BSD license. Makes suing more work because you need to sue all the manufacturers, but it’s still illegal to not include the acknowledgements the BSD license demands.

                                                                        Edit:

                                                                        Does including a CREDITS file in the firmware count?

                                                                        No. “Acknowledging” is something that needs to be done in a way the person that receives the software can actually take notice of.

                                                                        1. 2

                                                                          The minix license doesn’t use the word “acknowledging” so that’s not relevant.

                                                                          1. 2

                                                                            You’re correct, my bad. But “reproduce the above copyright notice” etc. aims at the same. Any sensible interpretation of the BSD license’s wording has to come to the result that the receivers of the source code must be able to view those parts of the license text mentioned, because otherwise the clause would be worthless.

                                                                  2. 1

                                                                    If they don’t distribute that copyright notice (I can’t remember last seeing any documentation coming directly from Intel as I always buy pre-assembled hardware) and your reasoning is correct, then they ought to fix it and include it somewhere.

                                                                    However, the sub-thread started by @pkubaj is about being courteous, i.e. informing the original author about the fact that you are using their software - MINIX’s license does not have that requirement.

                                                        2. 7

                                                          I think he is just happy he has a large company using minix.

                                                          1. 5

                                                            Still, it’s sad that he doesn’t seem to care about ME.

                                                            Or just refrains from fighting a losing battle? It’s not like governments would give up on spying on and controlling us all.

                                                            1. 6

                                                              Do you have a cohesive argument behind that or are you just being negative?

                                                              First off, governments aren’t using IME for dragnet surveillance. They (almost certainly) have some 0days, but they aren’t going to burn them on low-value targets like you or me. They pose a giant risk to us because they’ll eventually be used in general-purpose malware, but the government wouldn’t actually fight much (or maybe at all, publicly) to keep IME.

                                                              Second off, security engineering is a sub-branch of economics. Arguments of the form “the government can hack anyone, just give up” are worthless. Defenders currently have the opportunity to make attacking orders of magnitude more expensive, for very little cost. We’re not even close to any diminishing returns falloff when it comes to security expenditures. While it’s technically true that the government (or any other well-funded attacker) could probably own any given consumer device that exists right now, it might cost them millions of dollars to do it (and then they have only a few days/weeks to keep using the exploit).

                                                              By just getting everyday people do adopt marginally better security practices, we can make dragnet surveillance infeasibly expensive and reduce damage from non-governmental sources. This is the primary goal for now. An important part of “marginally better security” is getting people to stop buying things that are intentionally backdoored.

                                                              1. 2

                                                                Do you have a cohesive argument behind that or are you just being negative?

                                                                Behind what? The idea that governments won’t give up on spying on us? Well, it’s quite simple. Police states have happened all throughout history, governments really really want absolute power over us, and they’re free to work towards it in any way they can.. so they will.

                                                                They (almost certainly) have some 0days, but they aren’t going to burn them on low-value targets like you or me.

                                                                Sure, but do they even need 0days if they have everyone ME’d?

                                                                They pose a giant risk to us because they’ll eventually be used in general-purpose malware

                                                                Yeah, that’s a problem too!

                                                                Defenders currently have the opportunity to make attacking orders of magnitude more expensive, for very little cost. [..] An important part of “marginally better security” is getting people to stop buying things that are intentionally backdoored

                                                                If you mean using completely “libre” hardware and software, that’s just not feasible for anyone who wants to get shit done in the real world. You need the best tools for your job, and you need things to Just Work.

                                                                By just getting everyday people do adopt marginally better security practices, we can make dragnet surveillance infeasibly expensive and reduce damage from non-governmental sources.

                                                                “Just”? :) I’m not saying we should all give up, but it’s an uphill battle.

                                                                For example, the blind masses are eagerly adopting Face ID, and pretty soon you won’t be able to get a high-end mobile phone without something like it.

                                                                People are still happily adopting Google Fiber, without thinking about why a company like Google might want to enter the ISP business.

                                                                And maybe most disgustingly and bafflingly of all, vast hordes of Useful Idiots are working hard to prevent the truth from spreading - either as a fun little hobby, or a full-time job.

                                                              2. 4

                                                                It reads to me like he just doesn’t want to admit that he’s wrong about the BSD license “providing the maximum amount of freedom to potential users”. Having a secret un-auditable, un-modifiable OS running at a deeper level than the OS you actually choose to run is the opposite of user freedom; it’s delusional to think this is a good thing from the perspective of the users.

                                                                1. 2

                                                                  And the BSD code supported that by making their secret box more reliable and cheaper to develop.

                                                                2. 3

                                                                  Oh, it’s still not lost. ME_cleaner is getting better, Google is getting into it with NERF, Coreboot works pretty well on many newish boards and on top of that, there’s Talos.

                                                                3. 2

                                                                  He posted an update in which he says he doesn’t like IME.

                                                                1. 1

                                                                  The description is non-free?

                                                                  1. 1

                                                                    Not freely redistributeable?

                                                                  1. 3

                                                                    Any chance you could edit the title to read …GNU AWK…, please?

                                                                    1. 1

                                                                      Done! :)

                                                                      1. 1

                                                                        Thank you! :^)

                                                                    1. 1

                                                                      You may also want to update all the relevant links to https://.

                                                                      1. 5

                                                                        The second slide bothers me:

                                                                        WHY USE OPENBSD

                                                                        • UNIX-like
                                                                        • Get the latest version of OpenSSH, OpenSMTPD, OpenNTPD, OpenIKED, OpenBGPD, LibreSSL, mandoc
                                                                        • Get the latest PF (Packet Filter) features
                                                                        • Get carp(4), httpd(8), relayd(8)
                                                                        • Security focused Operating System
                                                                        • Thorough documentation
                                                                        • Cryptography

                                                                        These aren’t reasons to use OpenBSD. These are features of the OS, with the exception of “thorough documentation”

                                                                        What are reasons derived from these features? Maybe these:

                                                                        • Security first
                                                                          • Consistent updates to remote access, mail transit, time synchronization
                                                                          • Tight integration with modern cryptography library with the least number of CVEs in the industry
                                                                          • Industry-leading performance of built-in firewall with extensive, easily managed packet filtering features
                                                                        • Built-in, highly performant web server with fewer than X vulnerabilities in last Y years
                                                                        • Lightweight default installation completed within five minutes
                                                                          • Small footprint encourages addition of only the software necessary for intended purpose of system
                                                                          • Large ecosystem available
                                                                        • Thorough, centralized documentation for every step of setup and use

                                                                        This gives me business reasons to continue paying attention.

                                                                        1. 1

                                                                          +1 Do you think i need to rename this slide to features ? And add your content on a new slide ‘Why use OpenBSD’ ?

                                                                          If you have further suggestions … your re welcome! :) Thank’s!

                                                                          1. 3

                                                                            You want to catch peoples’ attention by asserting that the thing you are supporting is better than the thing they’re using or better than the thing they are considering for task T. Don’t let advantages be self-evident: explain them! This is an introductory presentation.

                                                                            I’d call it “notable packages” or “core software” and drop the one that aren’t software.

                                                                            Some quick notes off the top of my head, n.b. that I am not an OpenBSD person and I know just enough to understand that I probably should be and probably would be if i had more time to devote to it.

                                                                            Maybe some slides like these:

                                                                            Why use OpenBSD?

                                                                            Security first.

                                                                            • Consistent updates to remote access, mail transit, time synchronization
                                                                            • Tight integration with modern cryptography library with the least number of CVEs in the industry
                                                                            • Industry-leading performance of built-in web server, load balancer, and firewall with extensive, easily managed packet filtering features

                                                                            Other reasons to use OpenBSD

                                                                            • Built-in, highly performant web server with fewer than X vulnerabilities in last Y years
                                                                            • Lightweight default installation completed within five minutes
                                                                              • Small footprint encourages addition of only the software necessary for intended purpose of system
                                                                              • Large ecosystem available
                                                                            • Thorough, centralized documentation for every step of setup and use

                                                                            Notable software packages

                                                                            • OpenSSH remote access
                                                                            • OpenSMTPD mail server
                                                                            • OpenNTPD time server
                                                                            • OpenIKED keyserver
                                                                            • OpenBGPD routing server
                                                                            • LibreSSL for modern cryptography

                                                                            All of these are maintained as separate packages but are core components of the OS.

                                                                            Notable programs

                                                                            • carp(4) - IP address sharing on the same network
                                                                            • httpd(8) - web server optimized for the OS, top performance compared to other OS server packages
                                                                            • relayd(8) - highly performant load balancer for IP traffic
                                                                            • pf(4) - enterprise-quality packet filtering firewall
                                                                            • mandoc(1) - extensive system-wide documentation in a variety of formats

                                                                            Notable technology

                                                                            • pledge(2) - whitelists required system calls at startup, limiting attack surface by restricting what a program can do to what it is intended to do
                                                                            • zfs(8) - enterprise-grade expandable, recoverable, and snapshottable filesystem

                                                                            Pick some other stuff from https://www.openbsd.org/innovations.html for it, too.

                                                                            Quite frankly, I find the inclusion of the manual page section in the name to be confusing. I’d omit it if you don’t explain it at least non-exhaustively.

                                                                            1. 1

                                                                              Uh, OpenBSD has ZFS? .. since when? I mean https://www.tedunangst.com/flak/post/ZFS-on-OpenBSD I mean I guess it’s sort of there, but I don’t think anyone suggests you actually USE it on OpenBSD. Regardless it’s not Notable technology from OpenBSD, they clearly don’t care for it, but like some of the features it has…

                                                                              Otherwise I like this approach for “why OpenBSD” better than what is on the slides now.

                                                                              1. 3

                                                                                Sort of there? Where exactly? Have you checked the date of that commit? ;^)

                                                                                1. 1

                                                                                  LOL, exactly!

                                                                                2. 1

                                                                                  Sorry,

                                                                                  n.b. that I am not an OpenBSD person and I know just enough to understand that I probably should be

                                                                                  This was in my browser history: https://man.openbsd.org/FreeBSD-11.0/zfs.8 but I see now that it’s from the FreeBSD section. That’s confusing.

                                                                                3. 1

                                                                                  On OpenBSD, packages are pre-compiled binaries of 3rd-party software so I wouldn’t use that word as it may cause confusion. The above are certainly not packages in that sense.

                                                                            1. 3

                                                                              Please, please can we refrain from consumer product news here? Even for projects we like?

                                                                              1. 25

                                                                                This isn’t yet another iPhone review - it is much more in line, interesting, and relevant, to the readers of this link aggregator, than any bog-standard consumer product.

                                                                                I’m glad to have found out about it here as, since I’m not following the project directly, would have probably missed the news altogether.

                                                                                1. 4

                                                                                  This is how you get overrun by yet another iPhone review.

                                                                                  Everybody has some product that is they think is “more relevant” to users of this site, and if we post those, we set precedent for that, and then we get overrun. This happens on HN all the time.

                                                                                  If you want product news, go look at a product news site. News is the mindkiller. Ads are the mindkiller. Content marketing is the mindkiller.

                                                                                  If this was a long-form article on how they structured their kickstarter, or on how they did market research, or on how they adapted their phone, that’d be one thing (and one better suited to barnacl.es at that!)–but it’s not. It’s a straight 3 paragraph press release.

                                                                                  (I’m willing to bet you aren’t even going to buy one of these phones.)

                                                                                  1. [Comment removed by author]

                                                                                    1. 2

                                                                                      There does seem to me to be some qualitative difference between the release announcement I posted with links to direct engineering resources and project history, and this press release.

                                                                                      Care to elaborate on your observation?

                                                                                    2. 6

                                                                                      It’s pretty rare that there is a libre product in that space, so I don’t see the jump between allowing this and being overrun by iPhone news (unless you do mentally categorise them in the same group).

                                                                                      If you want product news, go look at a product news site. News is the mindkiller. Ads are the mindkiller. Content marketing is the mindkiller.

                                                                                      Wait, all this page about is news and you want… no NEWS?

                                                                                      I understand, you want the news that fit your definition of news. But we’re a group here. That’s why you found out you can effectively derail any news you don’t like by starting a meta-discussion about not wanting that content here. I’ve never seen your doom-saying turning out to be true, though. You are taking the same approach for years, and I have yet to see this page being overrun by corporate marketing or ads.

                                                                                      Fear is the mind-killer, nothing else, by the way ;).

                                                                                      1. 4

                                                                                        Wait, all this page about is news and you want… no NEWS?

                                                                                        Lobsters isn’t a news aggregator–it’s rather a bit deeper and more durable than that.

                                                                                        You are taking the same approach for years, and I have yet to see this page being overrun by corporate marketing or ads.

                                                                                        There may or may not be a correlation there…

                                                                                      2. 8

                                                                                        Just filter the hardware tag - you’ll be much happier :^)

                                                                                        (I’m willing to bet you aren’t even going to buy one of these phones.)

                                                                                        I’m not even going to dignify that with a response.

                                                                                        1. 5

                                                                                          While I agree with @angersock that we should avoid product announcements on this site, I think this product is an edge case - it is unique in the sense that it is focused on bringing FOSS to a place that has been elusive for a long time (mobile phones).

                                                                                          Your suggestion of filtering the hardware tag is ridiculous though - there is a lot of interesting hardware hacking on there that is not just a link to some product launch article.

                                                                                    3. 1

                                                                                      Let the votes decide.

                                                                                      1. 14

                                                                                        To be fair, that’s how you end up as reddit.

                                                                                        1. 4

                                                                                          Reddit and lobste.rs are very different products, you are basically comparing apples and oranges.

                                                                                          Even when taking this wide stretch, lobste.rs would be more akin to a subreddit.

                                                                                          1. 3

                                                                                            An online forum with tree-based comments, with upvotes and downvotes to sort content. They’re pretty similar. Every growing online community is subject to the Eternal September problem, and I don’t think plain voting is enough to solve the issue.

                                                                                            Instead of actually solving Eternal September, Reddit sidestepped the issue by making it very easy to create new subreddits. Those small communities can be rather high-quality, whereas the popular front-page subreddits are full of “empty calories” - flashy content that’s easy to consume and appeals to a lower common denominator.

                                                                                            I enjoy angersock’s feedback, because he’s consistent about calling out “fluffy” content. Relying on votes isn’t a good way to address fluff, because fluff is easy to upvote. It needs to be called out.

                                                                                          2. 1

                                                                                            While I would normally agree with you, Lobste.rs is invite only and isn’t open to any random troll to join. This is why I love lobsters because the signal to noise ratio is much higher. People care and the votes reflect the culture based on this selection process.

                                                                                            I wonder if there is a further business model here, similar to metafilter. Keep invite only, but only allow votes for people who actually pay a small subscription fee to even further disincentivize reddit like behavior.

                                                                                      1. 0

                                                                                        Another BSD spliter group expressing its cultural otherness. How quaint.

                                                                                        I think the OSS community benefits by multiple points of view and different ways of solving problems. There’s little doubt that OpenBSD and FreeBSD have made sizable contributions to the state of the art in operating system design, but I question whether this is what the world needs right now.

                                                                                        OTOH, it’s their time, so they get to spend it how they like.

                                                                                        1. 9

                                                                                          This is not a splitter group - to be one the persons must have been a part of the OpenBSD, or any other *BSD for that matter, project in the first place. This is not the case here.

                                                                                          Moreover, I’m not sure it is even a group - the whole thing started with emails (please search the misc@ mailing list archives if you’d like to know more) from a single individual who just doesn’t get it.

                                                                                          1. 5

                                                                                            Honestly I think this says more about FSF-devotees’ willingness to fork projects than it says anything about BSD culture.

                                                                                            1. 1

                                                                                              Precisely!

                                                                                              I don’t understand and won’t be told otherwise but will happily fork - this is stallmanism at its worst!

                                                                                              1. 3

                                                                                                I don’t understand and won’t be told otherwise

                                                                                                I wouldn’t chalk it up to ignorance. The FSF uses a different definition of blob than OpenBSD does. They care about device firmware being libre and not just gratis.

                                                                                                Bear in mind, the FSF has very strict criteria. They don’t endorse popular distros like Ubuntu or Arch, they endorse the deblobbed Trisquel and Parabola. As far as the FSF is concerned, OpenBSD’s lack of kernel blobs gives it a great head start over most Linux distros.

                                                                                            2. 3

                                                                                              The BSDs aren’t “splinter groups” of a separate operating system - they aren’t Linux distributions. They’re separate OSes with different focuses and directions that share a common heritage.

                                                                                              1. 1

                                                                                                Is it true that many of them share / are descended from large parts of the 4.X bsd codebase?

                                                                                                1. 1

                                                                                                  Yes, but they broke off in the early to mid 90s. They sometimes get code imported into each other, but the scopes are different.

                                                                                                  1. 1

                                                                                                    Also isn’t there a huge amount of cross pollination between the BSDs and Linux?

                                                                                                    Certainly reading the posts here and listening to the Garbage podcast one of the authors posted here would leave me to believe this is the case.

                                                                                                    (I’m sincerely asking out of ignorance here - most of my life is lived in the cloud these days- Mac desktops, linux in the cloud. The BSDs are less of a thing there so I have no experience other than having built a FreeBSD system in 1991 :)

                                                                                                    1. 2

                                                                                                      The BSDs are less of a thing there so I have no experience other than having built a FreeBSD system in 1991 :)

                                                                                                      That’s interesting considering FreeBSD did not exist yet - more like 1993, perhaps? ;^)

                                                                                              1. 12

                                                                                                I thought that all hackathons are about free software, no?

                                                                                                ;^)

                                                                                                1. 4

                                                                                                  +2 ;^)

                                                                                                  1. 12

                                                                                                    This is excellent! It makes finances much more robust than single sponsors that can drop out at any moment. Although I don’t use OpenBSD currently, I donated a small amount because OpenBSD, OpenSSH, LibreSSL, et al. are crucial to the security ecosystem and I encourage other non-OpenBSD users to donate as well.

                                                                                                    Keep up the good work!

                                                                                                    Edit: OpenSSH, thanks rjc :).

                                                                                                    1. 6

                                                                                                      You obviously meant OpenSSH ;^)

                                                                                                    1. 10

                                                                                                      I don’t understand at all why so much arguing happens over code of conduct pages on projects. Don’t be a fuckin dick to each other, nerds. How is that hard, and how is that hard to enforce?

                                                                                                      1. 33

                                                                                                        it happens because some folks know they are dicks and they stick up for other dicks. If you’re working on something alone you can be as much of a dick as you want, but if you’re working on a team it’s pretty fucking reasonable to have some ground rules that everyone agrees on.

                                                                                                        1. 10

                                                                                                          If you read any deployed CoC, they’re vastly more overbearing than “don’t be a dick”. If a CoC was literally those four words, I would support it wholeheartedly, but it never stops there.

                                                                                                          I also disagree that every social interactions needs explicit rules. I don’t really feel the impulse to codify social interaction. If someone is being a dick, I will respond according to the situation rather than preemptively trying to bring playground-style rules into the mix.

                                                                                                          1. 15

                                                                                                            People come from different backgrounds and cultures where one set of behaviours might be socially acceptable, so yes - sometimes, it needs to be spelt out.

                                                                                                            1. 14

                                                                                                              How does this work when the power dynamic is working against the person who is harassed? What if the harasser is a star contributor or friend?

                                                                                                              Hasn’t “don’t be a dick” been historically insufficient?

                                                                                                              1. 5

                                                                                                                Not sure how the code of conduct changes that. If the high council of conduct adjudication are the ones doing the harassing, what happens then?

                                                                                                                1. 20

                                                                                                                  If the high council of conduct adjudication are the ones doing the harassing, what happens then?

                                                                                                                  That is part of the reason why this situation is so contentious; that’s what’s happened here.

                                                                                                                2. 4

                                                                                                                  Hasn’t “don’t be a dick” been historically insufficient?

                                                                                                                  Yes if there’s good management or moderation that actually care about the work above the politics. If they value politics more, then it’s not sufficient since they’ll protect or reward the dicks if they politic correctly. The leadership’s priorities and character are almost always the most important factor. The rest of the benefits kind of spread as a network effect from that where good leadership and good community members form a bond where bad things or members get ejected as a side effect of just doing positive, good work or having such interactions. I’ve seen so many such teams.

                                                                                                                  Interestingly enough for purposes of CoC’s and governance structures, I usually see that break down when they’re introduced. I’m talking governance structures mainly as I have more experience studying and dealing with them. The extra layers of people doing administrative tasks setting policies can create more trouble. Can, not necessarily do since they reduce trouble when done well. Just the indirection or extra interactions are a risk factor that causes problems in most big projects or companies. A good leader or cohesive team at top keeping things on track can often avoid the serious ones.

                                                                                                                3. 4

                                                                                                                  If it wasn’t broadly worded, it’d be harder to aim at the people we don’t like.

                                                                                                                  1. 18

                                                                                                                    If it wasn’t broadly worded, it would be easier to abuse loopholes in order to keep being a dick within the letter of the CoC.

                                                                                                                    The things are broadly worded for a reason, and it’s not “to enforce it arbitrarily”.

                                                                                                                    1. 4

                                                                                                                      Is that more of a real or hypothetical concern? Any examples of a project that adopted a code of don’t be a dick, then a pernicious dick couldn’t be stopped, and the project leadership threw up their hands “there’s nothing to be done; we’re powerless to stop his loopholing.”?

                                                                                                                      1. 7

                                                                                                                        Boom, you said it. I’ve usually seen the opposite effect: people make broad rules specifically to attack or censor opponents by stretching the rules across grey areas. Usually, the people surviving in projects of multiple people due to “loopholes” are actually there for another reason. As in, they could be ejected if they were so unwanted but whoever is in power wants them there. Those unstated politics are the actual problem. In other cases, the rules were created for political reasons, often through internal or external pressure, rather than majority of active insiders wanting them there with enforcement pretty toothless maybe in spite. The OP and comments look like that might be the case if they voted 60% against getting rid of this person.

                                                                                                                        Also, I noticed the number of people and their passion on these “community enforcement” actions goes way up with most of them not being serious contributors to whatever they’re talking about. Many vocal parties being big on actions to control or censor communities but not regularly submit content or important contributions to them. I’m noting a general trend I’ve seen on top of my other claim rather than saying it’s specific to Node which I obviously don’t follow closely. Saying it just in case anyone more knowledgeable wants to see if it’s similar in terms of people doing tons of important work in this project cross-referenced against people wanting one or more key contributors to change behavior or disappear. If my hypothesis applies, there would be little overlap. The 60% number might give indicate unexpected results, though.

                                                                                                                        EDIT: For broad vs narrow, just remembered that patent trolls do the same thing. They make the patents broad as possible talking up how someone might loophole around their patent to steal their I.P.. Then, they use the patent to attack others who are actual contributors to innovation asking them to pay up or leave the market. Interesting similarity with how I’ve seen some CoC’s used.

                                                                                                                        1. 4

                                                                                                                          Yeah that’s what I don’t get. If someone was being a jerk on a project I was on I wouldn’t think twice about banning them once they’ve proven they’re a repeat offender.

                                                                                                                          1. [Comment removed by author]

                                                                                                                            1. 2

                                                                                                                              Do codes help or hinder such agreement? Those I’ve seen applied have largely been counterproductive, as their definition of dickery has not aligned adequately with the wider project community’s.

                                                                                                                          2. 2

                                                                                                                            node.js could serve as an example.

                                                                                                                            1. 5

                                                                                                                              Of the opposite? A code of don’t be a dick doesn’t work in theory because there’s no agreement. So node has this nice long list of banned behaviors and remedial procedures, but what good has that done them? Meanwhile it seems everyone agrees Rod was being a dick, so if the code were that simple it’d be a fine deal.

                                                                                                                              I mean, I don’t really know what’s going on since it’s all wrapped in privacy, but the more complicated the rules the more likely it is someone will play them against you. Better to keep it simple.

                                                                                                                              1. 10

                                                                                                                                Part of having a CoC is enforcing a CoC. Yeah, the CoC doesn’t mean much if it isn’t enforced, but that’s not an argument against codes of conduct. By anology: the fact that people break laws isn’t an argument against the rule of law.

                                                                                                                                1. 2

                                                                                                                                  Right, but if a law didn’t bring any clarity to the community - if it wasn’t clear who was and wasn’t breaking it, or it wasn’t able to be enforced consistently, or it was applied consistently but still seemed to be capricious in who it punished and who it didn’t - then it would be a bad law. The criticism isn’t that this “Rod” broke the CoC, it’s that the CoC didn’t seem to help the community deal with his behaviour any better than it would have without the CoC, indeed possibly worse.

                                                                                                                                  (my general view, particularly based on seeing them in the Scala world, is that CoCs as commonly applied are the worst of both worlds: they tend to be broad enough to have decent people second-guessing everything they say, but specific enough that less decent people can behave very unpleasantly without obviously violating the code)

                                                                                                                      2. 2

                                                                                                                        “don’t be a dick”. If a CoC was literally those four words, I would support it wholeheartedly, but it never stops there.

                                                                                                                        Sorry bro^Wsibling, it’s not diverse enough. It would have to say “Don’t be an asshole” to be gender-inclusive.

                                                                                                                        As for the CoCs working, I think it’s unreasonable to expect bad people to turn good because a file was committed into the git repository saying they should.

                                                                                                                        Maybe something like a Code of Misconduct is even more important than the CoC. The link is for IRL events, and quite obvious, but online the escape hatch is to gtfo.

                                                                                                                        1. 2

                                                                                                                          Interesting. Didn’t know he wrote on that topic. He made some interesting points but oversimplified things. I think Stephanie Zvan has some good counterpoints, too, that identified some of those oversimplifications with a lot of extra details to consider. Her focus on boundaries over democratic behavior or tolerance reminded me of a video someone showed me recently where Kevin Spacey’s character argued same thing with appeal to a more mainstream audience:

                                                                                                                          https://www.youtube.com/watch?v=sFu5qXMuaJU

                                                                                                                          She’s certainly right that a focus on boundaries with strong enforcement can create followers of such efforts and stability (conformance) within areas they control. Hard to say if that’s idea versus the alternative where other folks than those setting the boundaries also matter.

                                                                                                                          Edit: Read the comments. Lost the initial respect for Stephanie as it’s the same political dominance crap I argue against in these kinds of threads. The contrast between her style/claims and Pieters’ is strong and clear.

                                                                                                                    2. 5

                                                                                                                      Don’t be a fuckin dick to each other, nerds.

                                                                                                                      Upvoted for this. Without actual decency, a CoC can only make the semblance of decency last for so long.

                                                                                                                      1. 4

                                                                                                                        People disagree vehemently about what it means to be a dick so that guideline is useless.

                                                                                                                      1. 3

                                                                                                                        Beyond just headphones, I recommend earplugs if you must work in an open space. Tiling window managers can help, but even without that I find that working full-screen, so that I don’t see the bouncing/blinking of Slack or email or what have you, is better. A clean desk makes me more productive, too.

                                                                                                                        1. 1

                                                                                                                          A simple tiling wm is really great. I completely compartmentalise my different workspaces so switching between my notif zone with all apps nicely tiled to my testing zone with tiled browsers and my coding environment that is just a tmux client with different sessions for different projects.

                                                                                                                          Tiling also mean you can pop open a terminal for a quick command without disrupting your workflow.

                                                                                                                          1. 1

                                                                                                                            Same here. I prefer earplugs myself as they don’t let much noise in and I get distracted easily - I was thinking of using earmuffs or both together but that might have been a bit much :^)

                                                                                                                            I don’t use any dock or status bars, no borders or window decorations whatsoever, solid colour as the desktop background, program windows usually maximised/full-screen - tiling window manager not necessarily required but some form of organising and grouping windows highly recommended.

                                                                                                                            Yes, absolutely, I wholeheartedly agree - tidy up your desk and get rid of anything that might distract you.

                                                                                                                            Also, I leave my desk at lunchtime and go for a walk.

                                                                                                                          1. 6

                                                                                                                            It‘s been pretty cool doing that interview with jcs, sitting somewhere in a hallway in the corner. He left plenty of space for me to talk into, or maybe I just like to talk a lot. ?

                                                                                                                            1. 0

                                                                                                                              Given that you’re the first person to have commented on the post, I’d say it’s the latter… Just teasin’ :^P

                                                                                                                              1. 1

                                                                                                                                Given that I’m the person that was interviewed… I’m quite squirrelly seeing this being posted here! ?