1. 8

      Given that most popular email clients these days are awful and can’t handle basic tasks like “sending email” properly

      I agree with the sentiment in general, but once you’re in the position where everybody else does it wrong and you’re the last person on the planet that does it right, then maybe it’s time to acknowledge that the times have changed and that the old way has been replaced by the new way and that maybe it is you who is wrong and not everybody else.

      And I’m saying this as a huge fan of plain-text only email, message threading and inline quotes using nested > to define the quote level.

      It’s just that I acknowledge that I have become a fossil as the times have changed.

      1. 3

        once you’re in the position where everybody else does it wrong and you’re the last person on the planet that does it right

        Thankfully we haven’t reached this position for email usage on technical projects. Operating systems, browsers, and databases still use developer mailing lists, and system programmers know how to format emails properly for the benefit of precise line-oriented tools.

        I acknowledge that I have become a fossil as the times have changed

        If the technology and processes you prefer have intrinsic merit, then why regretfully and silently abandon them? I’m not saying we should refuse to cooperate on interesting new projects simply because they use slightly worse development processes. But we should let people know about the existence of other tools and ways to collaborate, and explain the pros and cons.

        1. 2

          If the technology and processes you prefer have intrinsic merit, then why regretfully and silently abandon them?

          Because when I didn’t, people were complaining about my quoting style, not understanding which part of the message was mine and which wasn’t and complaining that me stripping off all the useless bottom quote caused them to lose context.

          This was a fight it didn’t feel worth fighting.

          I can still use my old usenet quoting habits when talking to other old people on mailing lists (which is another technology on the way out it seems), but I wouldn’t say that the other platforms and quoting styles the majority of internet users use these days are wrong.

          After all, if the maiority uses them, it might as well be the thing that finally helped the “other” people to get online to do their work, so it might very well be time for our “antiquated” ways to die off.

        2. 1

          I’d like to try to convince you that it’s _good* that plain text email is no longer the norm.

          First, let’s dispense with a false dichotomy: I’m not a fan of HTML emails that are heavy on layout tables and (especially) images with no text equivalents. Given my passion for accessibility (see my profile), that should come as no surprise.

          But HTML emails are good for one thing: providing hyperlinks without exposing URLs to people. As much as good web developers aim for elegant URLs, the fact remains that URLs are for machines, not people. A hyperlink with descriptive text, where the URL is available if and only if the reader really wants it, is more humane.

          For longer emails, HTML is also good for conveying the structure of the text, e.g. headingsg and lists.

          Granted, Markdown could accomplish the same things. But HTML email actually took off. Of course, you could hack together a system that would let you compose an email in Markdown and send it in both plain text and HTML. For folks like us that don’t prefer WYSIWYG editors, that might be the best of all worlds.

          1. 2

            But HTML emails are good for one thing: providing hyperlinks without exposing URLs to people.

            That doesn’t come without a huge cost. People don’t realize that they need to know the underlying URL and don’t care to pay attention to it. That leads to people going places they didn’t expect or getting phished and the like.

            Those same people probably wouldn’t notice the difference between login.youremail.com and login.yourema.il.com either, though. So I’m not saying the URL is the solution but at least, putting it in front of you, gives you a chance.

            1. 2

              As much as good web developers aim for elegant URLs, the fact remains that URLs are for machines, not people.

              I’m not sure about this… at least the whole point of DNS is to allow humans to understand URLs. Unreadable URLs seem to be a relatively recent development in the war against users.

              1. 2

                Not only do I completely agree with you but you are also absolutely right about that.

                Excerpt from section 4.5 of the RFC3986 - Uniform Resource Identifier (URI): Generic Syntax:

                Such references are primarily intended for human interpretation
                rather than for machines, with the assumption that context-based
                heuristics are sufficient to complete the URI [...]
                

                BTW, the above URL is a perfect example of how one should look like.

              2. 1

                Personally, I hate HTML in email - I don’t think it belongs there. Mainly, for the very reasons you had just mentioned.

                Let’s take phishing, for example - and spear phishing in particular. At an institution where I work, people - especially those at the top - are being targeted. And it’s no longer click here-type of emails - institutional HTML layouts are being used to a great effect to collect people’s personal data (passwords, mainly). With the whole abstraction people cannot distinguish whether an email, or even a particular link, is genuine.

                When it comes it the structure itself, all of that can be achieved with plain text email - the conventions used predate Markdown, BTW, and are just as readable as they were several decades ago.

                1. 1

                  are these conventions well-defined? is there some document which describes conventions for stuff like delimiting sections of plain text emails?

                  1. 1

                    are these conventions well-defined? is there some page which describes conventions for stuff like delimiting sections of plain text emails?

                2. 1

                  It’s just that I acknowledge that I have become a fossil as the times have changed.

                  Well, there are just too many of us fossils to acknowledge this just yet.

                  1. 3

                    You should’ve checked before posting this very example - it has been fixed a month ago :^)

                    1. 4

                      Thanks, that’s great news! I don’t currently have access to an OpenBSD system, to be honest. Still, that means two and a half years to comply with POSIX over a one-character fix, so again I feel compliance is not always a priority.

                      1. 6

                        It is not always a priority. Why should posix compliance take precedence over everything else? Each such question is generally being dealt with on a case-by-case basis.

                        Implementing whatever posix comes up with is not a stated goal of the OpenBSD project.

                        And adding whatever OpenBSD invents is obviously not a stated goal of posix either. As one example, see arc4random(3).

                        1. 9

                          Implementing whatever posix comes up with is not a stated goal of the OpenBSD project.

                          goals.html gets confusingly close to stating just that though:

                          Track and implement standards (ANSI, POSIX, parts of X/Open, etc.)

                          http://www.openbsd.org/goals.html

                          1. 4

                            Yes, posix compliance is a goal. But that does not mean it’s at the highest priority of all the things the project does.

                            1. 2

                              We all agree it’s not the highest priority, and probably OpenBSD would not be what it is if it were. Thanks for contributing to such a fine project.

                  1. 3

                    Until you start using Pillar and templates, it’ll remain an average dot files repository, I’m afraid.

                    Don’t get me wrong, I like Salt and use it daily but, without Pillar and templates, your repository is just another dotfiles repository*, albeit using Salt states :^)

                    * by that, I mean static and not very reusable

                    1. 1

                      Which I completely understand and I am okay with. The idea was to explore the possibilities and see if others were doing something similar.

                    1. 1

                      Even though there’s no ‘ops’ or ‘sysadmin’ tags, this isn’t entirely off-topic for Lobsters.

                      I’m sure that at least some will find this info useful - those who have to manage Apple kit or simply macOS (and MS Office) users who like to automate everything.

                      1. 4

                        I know it’s easy to be in a constant state of rage at Uber, and this news makes it extremely easy to pile on. An innocent person died here, at the fault of a team of engineers attempting to something incredibly difficult. I know for sure that this will bring up (and has already, I’m sure) talking head discussions on ethics of AI, who will be charged (why/why not), and tons more litigation and law suits. But, let’s not forget to sympathize with the engineering team here, as well. This has to be the worst feeling ever, and it could have happened to any of us—it had to happen to someone.

                        My condolences to the innocent pedestrian’s family and friends. Also, my condolences to the team who will carry this loss on their sleeve for the rest of their lives.

                        1. 2

                          It seems like you haven’t read the article very carefully.

                          1. You completely forgot to mention the operator behind the wheel - If anyone, that person will most likely be charged and, regardless of the verdict, carry it for the rest of their life.

                          2. From https://www.sfchronicle.com/business/article/Exclusive-Tempe-police-chief-says-early-probe-12765481.php:

                          … it’s very clear it would have been difficult to avoid this collision in any kind of mode (autonomous or human-driven) based on how she came from the shadows right into the roadway, …

                          … I suspect preliminarily it appears that the Uber would likely not be at fault in this accident, either, …

                          Sylvia Moir, police chief in Tempe, Arizona

                          1. 9

                            Two things.

                            First, the operator is the one person that can hardly be blamed. The idea that a car can drive itself and someone will step in when something goes wrong is fundamentally flawed. Engineers have known about the fact that this doesn’t work for many decades. Understanding what happens at the point of handoff and how long it takes is a fundamental part of aircraft safety and CRM. It takes humans time to asses a situation and step in to take control.

                            Second, police often blame victims in car crashes. That’s in part why so few ever get prosecuted and the situation doesn’t change. I’ll believe it when Uber releases video of what happened.

                            1. 1
                              1. You completely forgot to mention the operator behind the wheel - If anyone, that person will most likely be charged and, regardless of the verdict, carry it for the rest of their life.

                              Presumably the operator is part of the engineering team, no? I’m not a District Attorney, or an attorney, or even a law enforcement officer. Therefore, I’m unable to comment on whether or not the operator will be charged, if it makes sense to charge this person, or if we’ll find that Uber put on the road a car that was not street legal, which contributed to it.

                              Please don’t assume I didn’t read carefully. I tried to choose my words carefully in order to not speculate on the details of an on-going investigation.

                              1. … it’s very clear it would have been difficult to avoid this collision in any kind of mode (autonomous or human-driven) based on how she came from the shadows right into the roadway, …

                              Exactly. This makes the investigation all that more important. Maybe no one will be charged because investigators will rule it an accident based purely on the fact that, autonomous or not, it was unavoidable based on the pedestrian’s actions.

                              1. 1

                                I think your second point raises an interesting issue. It may have been difficult for a human driver to see this person, but from the information given and all the pictures I’ve seen, it shouldn’t have been difficult for an autonomous driver to see them using different sensors (like depth or IR).

                                It shouldn’t have been speeding and it should have slowed down further or changed lanes when it saw that it was coming up on a pedestrian in the median.

                                This is the second incident I know of where an autonomous car has got into trouble, in part, by mimicking stupid human behavior. We have the technology to avoid things like this, and the standard for computer drivers need to be significantly higher than the standard for humans. The NTSB needs to get these things off the road until they’re properly tested.

                              2. 1

                                The fault is actually in the driver, who was instructed to be alert and keep both hands at the wheel at all times. Uber should not have released this obviously and they should get shit for it but I think until there’s nobody behind the wheel the responsibility of any accident falls on the driver, just as it does with planes presently.

                                1. 7

                                  The fault lies with the people that put the driver there. It’s beyond comprehension that they would rely on a safety driver. We’ve known for decades that humans cannot effectively monitor a system that’s mostly reliable. The fact that this cannot be done goes back to Kibler (1965), was already understood by Bainbridge (1983), and by Molly & Parasuraman (1995) there was extensive research digging deep into why people are unable to do this and how to design environments where they can.

                                  It is irresponsible of Uber/Waymo/GM and all of the manufacturers to put people in an impossible situation.

                                  1. 1

                                    Apparently according to reports it required intervention roughly every mile. I do agree there should be laws against putting such a weak system on the road. It should be able to drive unassisted at least as well as a human driver before we put humans behind the wheel, but after that point the driver should be culpable for failing to pay attention. Especially if the driver were for example watching a feature length film in the drivers seat.

                                    1. 2

                                      If a company knowingly puts you in an impossible situation where you cannot possibly do a task safely without injuring yourself or others they are generally liable, not you. Unless for example, you’re a professional engineer in which case you have a certain responsibility to inform yourself and say no. Those poor drivers don’t know the research behind visual attention, automation, and fatigue. It feels very unfair to prosecute them for doing their jobs, that they have been told they can do, to the best of their abilities, when they’ve been set up for failure.

                                      1. 1

                                        I completely agree with what you said here.

                                        Now, in retrospect, don’t you think that without such an antropomophic language selling “intellingense” and “learning” of machines, Uber (and Google, and Tesla) would have had an harder time to put such cars on the road?

                                        This language is dangerous for each person who do not understand the math and inner working of them: they can be manipulated too easily.

                                  2. 1

                                    … it’s very clear it would have been difficult to avoid this collision in any kind of mode (autonomous or human-driven) based on how she came from the shadows right into the roadway, …

                                    It sounds plausible that autonomous or not, this may have happened. I don’t want to get into an argument over an investigation that I don’t have any insight into – I’d only be able to speculate, as would you.

                                  1. 5

                                    Is there any work going on that would allow one to upgrade OpenBSD without booting into the special upgrade kernel? Something more or less like freebsd-update(8)? Let’s call this in-situ upgrade.

                                    The problem is that IaaS providers like AWS really expect you to run images, they don’t make it easy to boot some other kernel, and even if you hack your way through there’s no emulated serial console to run the upgrade process, unless you go full auto.

                                    I really want to run OpenBSD instead of FreeBSD on AWS (and everywhere else), but this thing is holding me back.

                                    1. 3

                                      Apart from automating the whole procedure, this is the closest thing you can do.

                                      1. 1

                                        Huh, I was not aware of these instructions. Thanks!

                                    1. 2

                                      Well, I’m not sure it is all that black and white. I haven’t done much searching but it doesn’t seem like Patrick actively worked on his fork being included as XChat’s replacement. Sure, he reported a bug in Fedora but it doesn’t seem like followed-up on it.

                                      Also, despite the fact that XChat isn’t being actively developed, the original author doesn’t want it to die and to give the domain name up - he renewed it.

                                      … Just sayin’.

                                      1. 4

                                        How about not using spaces in filenames in the first place?

                                        1. 6

                                          I get this on Unix, where the pissweak tooling is a disaster, but as a user, I own the file name. If I can’t use every character I want to, that’s a total fail on the part of the platform.

                                          1. 5

                                            I agree that you own the filename and should be able to use any characters you want, but there has to be some trade off regarding what filenames you can use in a comfortable manner and which require some form of escaping/quoting.

                                            Another weird character would be the tilde (~). Technically a valid character in a filename, but whenever I see one I begin to fear that I might delete or mess with my home folder.

                                            1. 5

                                              The tilde is a perfectly fine character to use in a filename, it’s just the shell that does the expansion to your home directory if you give “~ “ (or “ ~ /” at the start of a path). My preferred editor marks the backup file with “~” (at the end of the filename).

                                              Edit: ~ is a “special” Markdown character. No comment on that.

                                              1. 2

                                                I mean, I don’t use spaces, or tildes, or dollar signs (or colons, for HFS+) in any files that I create or expect to manipulate on the command line, but that doesn’t mean it’s OK. I want the compromises that my computer and I make to live with one another to be largely the province of the computer.

                                                1. 1

                                                  You can say that about other characters, too - *, ;, ?, etc. not just ~.

                                                  If in doubt, quote or escape :^)

                                                2. 2

                                                  Unlike on other operating systems (well, file systems to be precise), you actually can use any character - even newline or NULL if you so wish. The problem is that you also have to use something as a separator - it so happens that a blank is a natural way to split words apart :^)

                                                  So yes, you have to escape or quote blanks and other characters which are extra special ;^)

                                                  1. 1

                                                    Obviously not Null :^P - I was thinking of Null as used by find ... -print0 and xargs -0. I should probably get some sleep ;^)

                                                3. 1

                                                  Or just use spaces and escape them? It’s not hard, and escaping occurs literally everywhere strings are used.

                                                  zsh tab completion auto-escapes. GUI programs don’t need to worry about it. I have plenty of filenames with spaces in them, and they don’t cause problems for me.

                                                1. 2

                                                  There is very little difficult with spaces in filenames. Learn to quote. Learn to escape. Then everything is very easy.

                                                  1. 1

                                                    It seems like you either didn’t read the linked post or didn’t understand it.

                                                    The issue there was with make not being able to handle spaces in file names - neither quoted nor escaped.

                                                    1. 1

                                                      In that case:

                                                      1. The title is incorrect.

                                                      2. Still nothing difficult.

                                                        make ‘hello world’ g++ “hello world.cpp” -o “hello world”

                                                      With a Makefile:

                                                      hello\ world: hello\ world.cpp
                                                              echo match
                                                              $(CXX) $(CXXFLAGS) "$^" -o "$@"
                                                      

                                                      Maybe the OP was making a joke about using UTF8 NBSP and I just didn’t get it.

                                                  1. 6

                                                    Somebody is lying, I wonder who?

                                                    https://www.trustico.co.nz/news/2018/symantec-revocation/certificate-replacement.php

                                                    Further, Jeremy Rowley of DigiCert sent an e-mail to us requesting the following :

                                                    “Can you please send a listing of the certificate serial numbers along with their private keys? Once we get that list, we’ll confirm the private key and revoke the certs as requested. Thanks!”

                                                    Trustico® followed the requests of DigiCert by initially recovering Private Keys from cold storage and subsequently e-mailing the associated order number and Private Keys to DigiCert in a ZIP file. The file did not contain any other type of data.

                                                    Trustico® allows customers to generate a Certificate Signing Request and Private Key during the ordering process. These Private Keys are stored in cold storage, for the purpose of revocation.

                                                    By Djikstra’s Whiskers, this all gets weirder and stupider the more I read.

                                                    1. 3

                                                      Looks like a long email thread has some more info.

                                                      What appears to be a reasonable summary, from one of the emails in the thread:

                                                      From what I’ve read, it appears the situation here is that Trustico wanted to revoke all their customer certs from Digicert so they could do a mass migration to another CA (which is not a proper reason to revoke). When asked for proof by Digicert that the certificates were compromised and needed to be revoked, Trustico sent Digicert 23,000(!) private keys that they had stored due to the fact that they were generated by their web-based system in order to effectively make them compromised.

                                                      1. 3

                                                        DigiCert is the only CA I know that hasn’t fucked up badly and has a good process in place.

                                                        1. 1

                                                          Does anyone have the above-linked trustico link cached? Firefox is rejecting its SSL/TLS cert for me.

                                                          1. 2

                                                            I used a website to take an image capture of it: https://imgur.com/a/wmiYA

                                                            1. 1

                                                              It’s Dijkstra’s Whiskers :^)

                                                            1. 3

                                                              Not having their five pairs of legs properly represented is one thing, but always being shown as a dead lobster is something else entirely!

                                                              I’d like the lobster to be very much alive, please!

                                                              1. 1

                                                                But then you have to pick if it should be grey, brown, blue, yellow, green or probably even other colours!

                                                                1. 2

                                                                  Human emoji have different colors now, why not lobsters? #dontboilmebro

                                                                  1. 1

                                                                    #zoidberg

                                                              1. 2

                                                                I’ve been using FreeDNS - a fork of XName - for the past ~15 years.

                                                                1. 1

                                                                  This looks horrendously unreadable.

                                                                  1. 2

                                                                    It’s actually interactive. You can click a button like ‘m’ (or hit m on the keyboard) and see shortcuts available when you’re composing a new message. If you are actually using mutt this makes more sense than a huge list of modes & hotkeys in groupings.

                                                                    1. 1

                                                                      Aha, that explains it. I was viewing the page via my iPhone.

                                                                    2. 1

                                                                      I agree - different colours could have been chosen.

                                                                    1. 5

                                                                      “Lauren Ipsum” was pretty good: https://www.amazon.co.uk/Lauren-Ipsum-Carlos-Bueno/dp/1461178185

                                                                      Sort of Alice in Wonderland for computing.

                                                                      1. 3

                                                                        I bought it from no starch press in their recent sale - arrived on Friday :^)

                                                                        I’d add Electronics for Kids to the list.

                                                                      1. 2

                                                                        I’ve had a gapps less cyanogenmod set up on myold nexus for over 1½ years (and am waiting for a stable ROM for my current device), and it’s interesting to see that people pretty much eventually end up with the same solutions. I’d just add that if you’re euthusiastic about free software, one should use IceWeasel and if one wants a good FOSS twitter/mastodon experience, I can only recommend Twidere.

                                                                        Also, why use AnySoft if you can use the AOSP one. I’m currently struggling with the counter-intuitive nature of AnySoft, but can’t find a AOSP .apk :(

                                                                        1. 4

                                                                          IceWeasel? You mean the rebranded Firefox for Debian of yesteryear? It no longer exists.

                                                                          1. 2

                                                                            It still does on Parabola.

                                                                            1. 2

                                                                              @zge most likely meant IceCat - IceWeasel’s new name. IceCatMobile to be precise.

                                                                              1. 1

                                                                                Yeah, my bad. I always mix those two up.

                                                                          1. 1

                                                                            What does “malware served” in every section mean?

                                                                            1. 2

                                                                              You see at the top where it says he remembers the internet before google?

                                                                              He goes on to name the malware products: gmail, search, and adwords+related products.

                                                                              His point is that all of those things were better before Google took them over. Their replacements are malware. I couldn’t agree more.

                                                                              1. 2

                                                                                /me adds malware to the list of words that no longer have meaning.

                                                                                1. 4

                                                                                  Would ‘scamware’ have worked better? ‘Spyware’ certainly applies, as does ‘adware’.

                                                                                  I’m personally responsible for bringing dozens of users and three small businesses to Google. Before that, I brought a couple of users to Altavista.

                                                                                  I argued that people shouldn’t ban Google’s spider bot from their web servers. I convinced people that having all their email in one searchable place for free forever was life changing and they should sign up post-haste.

                                                                                  I stopped people on the street when they were carrying Mapquest printouts and told them about Maps.

                                                                                  I imported my own email archives from pre-Gmail into Gmail. I reported bugs.

                                                                                  I told people they could trust Google and that economies of scale meant that Gmail would always be faster and better than their own mail servers.

                                                                                  I argued against the first (and second, and third) waves of anti-Google sentiment. I apologize… I thought they were Luddites that just didn’t get it, didn’t see the future. Well, actually, they saw it more clearly than I.

                                                                                  Anyway, I know how the author of the piece feels and I think it’s on-topic for lobste.rs. In that it sets the stage for discussion!

                                                                                  1. 3

                                                                                    A coercive unpleasant experience designed to induce behavior in the target? That’s torture. You could say the Facebook timeline is literally torture, and I’d object to the hyperbole, but I don’t think you’d be entirely wrong.

                                                                                    Manipulationware is a little long. Grindware? You’re on a treadmill trying to get ahead, but you’re just running in place.

                                                                                    Honesty though, I’m not a fan of the ware suffix generally. I think there’s a strong connotation of local client software. To that end, malservice would be a good term.

                                                                                    1. -2

                                                                                      webshit

                                                                                  2. 1

                                                                                    Completely off-topic, but I get an ‘unknown issuer’ error when I try to visit your website.

                                                                                    1. 2

                                                                                      New one here, eh? :^)

                                                                                      Have a read, why don’t you!?

                                                                                2. 1

                                                                                  I was wondering the same thing. Googling “Facebook malware” reveals a few instances where some Facebook features served malware ads, maybe that?

                                                                                  1. 3

                                                                                    The Facebook malware is “Mandatory non-linear curation of user contributed content”.

                                                                                    He’s saying that sharing was better before Facebook. I couldn’t agree more.

                                                                                1. 23

                                                                                  Seems like a good argument against using BSD licenses.

                                                                                  1. 7

                                                                                    Why? I have more faith in management engine knowing it is minix than some shit that intel wrote themselves.

                                                                                    1. 20

                                                                                      I suppose the section “Powerful, Reliable Software Can Be Bad” of https://www.gnu.org/philosophy/open-source-misses-the-point.en.html is relevant here :)

                                                                                      1. 10

                                                                                        If anything, we’d be better off if we found that Intel’s ME was total garbage. It lets an alternative supplier differentiate on more secure software to get some sales. Then, Intel will either try to get people to ignore them with their other advantages, improve the security of their software, or buy the competitor to get their solution. Currently, as license allows, Intel just freeloaded off a bunch of work taxpayers in Europe paid for with some free labor by Tannenbaum et al to solve their problem. The ME stack is still garbage per recent threads.

                                                                                        Alternatively, they could’ve just paid a RTOS vendor for a stack. The going rate for those targeting robustness with networking and filesystems was $50,000 OEM last I checked. After they acquired Wind River, they’d have access to highly-reliable OS that’s been used in all kinds of things. Also, a separation kernel (VxWorks MILS) with carefully-crafted networking plus NSA pentesting. So, they do have both paid and free alternatives that are better than Minix 3 if they didn’t prefer freeloading off others’ work to save fifty grand or so on a project that nets them billions. I’m starting to lean back toward GPLing or AGPLing everything with dual-licensing to reduce this. They can pay to remove the copyleft.

                                                                                        Edited to change “ripping off” to “freeloading off” as dxtr noted.

                                                                                        1. 4

                                                                                          If I create something and then give it to you - no strings attached - are you then ripping me off?

                                                                                          1. 5

                                                                                            Not really. I should’ve said freeloading like parasites. I wonder, though, about what motivates people to freely work for companies under a license that insures mainly the companies benefit versus one where they contribute something back. I originally liked the BSD licenses to increase the amount of high-quality code the companies might be using to make stuff better in general. I’m not so sure we should do that now seeing how (a) that creates bad incentives for the companies to constantly freeload versus GPL/APGL projects and (b) they keep modifying that stuff into insecure or seemingly-malicious software like Intel did.

                                                                                            The folks aren’t doing anything great by giving them the code. They’re just helping monopolists and oligopolists further ensure the status quo that damages users, developers, and hobbyists while minimizing their operational costs for benefit of owners or shareholders. They also use their fortunes to pay lobbyists to reduce our rights in areas such as copyright and patent law. That phrasing depicts what actually goes on versus the public good people sold me on long ago with BSD/MIT licenses. I wonder how many BSD/MIT contributors that wanted corporate uptake would stick to it if they saw that as the ultimate goal of their contributions. Also, were told the companies often change the code to defeat its flexibility, reliability, or security benefits.

                                                                                            I’m sure plenty would stay in the game but I am curious how many would switch licenses. Also, which would they prefer switching to for balancing widespread uptake and maximizing contributions.

                                                                                            1. 4

                                                                                              People use BSD-alikes because their goal isn’t to coerce people into opening their sources, their goal is to make using their software as easy a possible. They’re not working for rewards from future would-be customers, they’re working because they feel some software which does not exist, should.

                                                                                              1. 2

                                                                                                “they’re working because they feel some software which does not exist, should.”

                                                                                                I imagine most building open-source software fit that category. It can be done with copyleft licenses, though, with little impact to most users.

                                                                                                1. 3

                                                                                                  Sure, and a subset of those people are interested in keeping their work from people who don’t “deserve it”, but not everybody is - and those who aren’t, usually choose a non-viral license because they want more people using their stuff.

                                                                                                  1. 1

                                                                                                    That’s true. A good point to make.

                                                                                          2. 2

                                                                                            If anything, we’d be better off if we found that Intel’s ME was total garbage.

                                                                                            Are you implying it’s not?

                                                                                            Don’t know about you, but I don’t need an unmodifiable, unremovable, totally compromised operating system running an HTTP server inside my CPU.

                                                                                            Never asked for this, wasn’t told by Apple that they were selling me this, and have no plans to buy another computer with it.

                                                                                            1. 2

                                                                                              Good luck finding one without it.

                                                                                              1. 1

                                                                                                Possibly can but will be performance hit:

                                                                                                https://news.ycombinator.com/item?id=15646175

                                                                                              2. 1

                                                                                                It’s definitely garbage. I’m setting up something broader than just Intel where I want them to show what their proprietary stuff is worth, users to find out, and a better alternative to potentially show up. Those can be vetted proprietary (eg shared-source) or FOSS.

                                                                                                I could be really wrong but I think AMD is missing a golden opportunity to differentiate on security or trustworthiness of CPU’s like Blackberry and then Apple tried to do in smartphones. Two lines of products, one without management and one with enterprise-controllable version, might push those losses back a little bit esp from foreign sales. They could let third parties of different jurisdictions inspect the management code or its loader since high-performance, legacy-compatible x86 is a patent minefield for competitors anyway. My hypothetical alternatives would have to make some kind of sacrifice in performance, cost, or both. AMD could charge right in.

                                                                                                1. 1

                                                                                                  I could be really wrong but I think AMD is missing a golden opportunity to differentiate on security or trustworthiness of CPU

                                                                                                  I doubt AMD has a choice in the matter. It really doesn’t make sense for Intel to have it in all their CPUs; in the consumer CPUs where no user will ever use the management engine, it’s just a bunch of extra hardware on the die, wasting space and increasing complexity and cost. The only reason I can think of would be that someone forced their hand, and I can imagine the NSA wouldn’t hate having a backdoor into every single Intel (or AMD) CPU in the world with ring -3 access.

                                                                                                  1. 1

                                                                                                    They have several, possible benefits to having that enterprise technology in their chips:

                                                                                                    1. The functionality for providing security enhancements is the same in each. Enterprise and repair shops also wanted management benefits.

                                                                                                    2. The DRM capabilities the entertainment industry wanted and might have paid for.

                                                                                                    3. The backdoors the NSA might have demanded or paid for.

                                                                                                    4. The common technique for saving on mask costs (millions) by merging I.P. from several use cases into fewer mask layers.

                                                                                                    Ok. The original release on Intel’s side was vPro which had all kinds of benefits for enterprises, esp security. The Trusted Computing Group, of which Intel was part, also wanted to use that stuff for DRM for movies and MP3’s. They probably had financial incentives which might likewise be used to make them go more private again. The NSA is an unknown here where they might have promised them something for money or defense contracts. I know the ME’s weren’t mandatory because not all chip vendors that were in the U.S. were building management engines into their CPU’s. They could possibly put their foot down saying they’d take money to 0-day the firmware instead which would let us put in better firmware but NSA still hits most targets.

                                                                                                    The last thing on my list is an industry practice to get development costs down. The best example was the hard disks which showed different amounts of storage but had same platters with same amount of space. The platters and components for writing them had a fixed cost. So, they used firmware deception to tier the pricing. Another example in an ASIC from a friend in hardware was him discovering a cellular radio in an embedded peripheral that wasn’t supposed to connect to anything. He said it wasn’t malicious: the company just reused a mobile SoC they sell for a different purpose with different packaging to squeeze more ROI out of existing chip. Aside from these oddities, the main form of reuse is just doing pre-proven blocks of hardware in a certain process node on new projects. Once they wire the first CPU instance to a ME, it was possibly cheaper to just reuse that on each iteration of that instance esp given ME’s were originally small (ARC cores).

                                                                                                    So, there’s the overall analysis of what parties and concerns are involved. The amounts they’re currently losing are much bigger than anything Hollywood or NSA paid them. Highest payout I saw for NSA was around $100 million per telecom for access to their national networks. That was something they could use constantly whereas this they’d have to use sparingly. Couldn’t be much more. The trick is, like with Raptor Workstation, how many people would actually pay for a computer without the backdoor, how much extra, and what total revenues to project for AMD? I’m less confident in demand side than I am in supply side.

                                                                                            2. 2

                                                                                              Technically, we don’t really know what is in it, since the final result is closed source. Maybe they added a bunch of “shit that Intel wrote themselves”.

                                                                                              1. 1

                                                                                                Just from a personal point of view. I don’t want my software to be used to spy on users without me even being asked about it.

                                                                                              2. 2

                                                                                                Then they would have just used a different OS. MacOS has slowly been ripping all the GPLv3 code out of their OS. That’s why they use an ancient version of GPLv2 bash and manually backport all the security fixes.

                                                                                                1. 1

                                                                                                  On the contrary - it shows that anyone can use such software without all the bull$%^& which surrounds, i.e. the GPL. All that he is asking for is simple: Hi, We’re using your software. Cheers, Bye!

                                                                                                  1. 11

                                                                                                    He spends 1/3rd of the letter asking talking about the fact that someone benefitted from his hard work and he didn’t get any acknowledgement of it. Then he goes and says something like: “I don’t mind, of course, and was not expecting any kind of payment since that is not required.” The whole thing feels and reads regretful to me. I don’t know AST, so don’t really know his personality, or anything, but if I spent 1/3rd of the letter talking like that, I know it’d be because I felt I missed a big opportunity and I’m trying to convince myself that it was fine.

                                                                                                    1. 1

                                                                                                      If there’s anything that AST might regret is the fact that MINIX hasn’t been released under a permissive license earlier and the fact that Linux and the *BSDs got themselves firmly established.

                                                                                                      Him regretting not getting anything back out of it after fighting with the publisher to get the code released under a permissive license? Seriously? ;^)

                                                                                                      The way I read the letter is him setting the scene before mentioning that letting him know would have been a polite thing to have done - mentioning that without said background information would have looked a bit weird.

                                                                                                      Anyway, if I were the author of said code, I’d merely like to know.

                                                                                                    2. 1

                                                                                                      Yes, and that’s what I wouldn’t want to happen to my software.

                                                                                                  1. 0

                                                                                                    MIT licence is sooo cool, multi billionaires company have work for free

                                                                                                    1. 2

                                                                                                      You have made variations of this comment several times, now. What is your solution? A license that says “If you have over x American dollars, you must pay y to use this software?

                                                                                                      1. 1

                                                                                                        There’s always dual licensing with the GPL and a commercial license.

                                                                                                        1. 2

                                                                                                          If it’s dual-licensed under GPL and commercial (whatever that means) then one can always use the former. GPL does not forbid, but actually encourages, charging money for the software and the end product being commercial.

                                                                                                          1. 1

                                                                                                            If they change it and distribute the changes, they have to release the source to the changes. Or pay for right not to. Project maintainers might get something useful out of it. They won’t if it’s permissively licensed in vast majority of cases where a change is made and distributed.

                                                                                                            1. 2

                                                                                                              Here, however, no one cares about getting anything useful or anything at all for that matter. People who permissively license their software actually care about the software being useful to everyone.

                                                                                                              In either case, money has nothing to do with it.

                                                                                                              1. 1

                                                                                                                Good point. Yeah, that be the case here.

                                                                                                        2. 1

                                                                                                          Solution to what? What is the problem here?

                                                                                                        3. 2

                                                                                                          It’s BSD license to be precise. It’s also great that you can incorporate code covered by such a license in a proprietary or copyleft-licensed software - the reverse is not true.

                                                                                                          As an author you have the freedom to chose a license that suits you and the project :^)