1. 15

    Your thinkpad is shared infrastructure on which you run your editor and forty-seven web sites run their javascripts. If that a problem for you?

    1. 2

      Mmm what did you mean by this? I didn’t get it.

      1. 13

        In We Need Assurance, Brian Snow summed up much of the difficulty securing computers:

        “The problem is innately difficult because from the beginning (ENIAC, 1944), due to the high cost of components, computers were built to share resources (memory, processors, buses, etc.). If you look for a one-word synopsis of computer design philosophy, it was and is SHARING. In the security realm, the one word synopsis is SEPARATION: keeping the bad guys away from the good guys’ stuff!

        So today, making a computer secure requires imposing a “separation paradigm” on top of an architecture built to share. That is tough! Even when partially successful, the residual problem is going to be covert channels. We really need to focus on making a secure computer, not on making a computer secure – the point of view changes your beginning assumptions and requirements! “

        Although security features were added, the fact that many things are shared and closer together only increased over time to meet market requirements. Then, researchers invented hundreds of ways to secure code and OS kernels, Not only were most ignored, the market shifted to turning browsers into OS’s running a malicious code in a harder-to-analyze language whose compiler (JIT) was harder to secure due to timing constraints. Only a handful of projects in high-security, like IBOS and Myreen, even attempted it. So, browsers running malicious code are a security threat in a lot of ways.

        That’s a subset of two, larger problems:

        1. Any code in your system that’s not verified to have specific safety and security properties might be controlled by attackers upon malicious input.

        2. Any shared resource might leak your secrets to a malicious observer via covert channels, storage or timing. Side channels are basically the same concept applied more broadly, like in physical world. Even the LED’s on your PC might internal state of the processor depending on design.

        1. 2

          Hmm. I had a friend yonks ago who worked on BAE’s STOP operating system, that supposedly uses complex layers of buffers to isolate programs. I wonder how it’s stood up against the many CPU vulnerabilities.

          1. 4

            I’ve been talking about STOP for a while but rarely see it. Cool you knew someone that worked on it. Its architecture is summarized here along with GEMSOS’s. I have a detailed one for GEMSOS tomorrow, too, if not previously submitted. On the original implementation (SCOMP), the system also had an IOMMU that integrated with the kernel. That concept was re-discovered some time later.

            Far as your question, I have no idea. These two platforms, along with SNS Server, have had no reported hacks for a long time. You know they have vulnerabilities, though. The main reasons I think the CPU vulnerabilities will effect them is (a) they’re hard to avoid and (b) certification requirements mean they rarely change these systems. They’re probably vulnerable, esp to RAM attacks. Throw network Rowhammer at them. :)

          2. 2

            Thanks, that was really interesting and eye opening on the subject. I never saw it that way! :)

          3. 5

            I think @arnt is saying that website JavaScript can exploit CPU bugs, so by browsing the internet you are “shared infrastructure”.

            1. 6

              Row Hammer for example had a JavaScript implementation, and Firefox (and others) have introduced mitigations to prevent those sorts of attacks. Firefox also introduced mitigations for Meltdown and Spectre because they could be exploited from WASM/JS… so it makes sense to mistrust any site you load on the internet, especially if you have an engine that can JIT (but all engines are suspect; look at how many pwn2own wins are via Safari or the like)

              1. 3

                If browsers have builtin mitigation for this sort of thing, isn’t this an argument in favor of disabling the OS-level mitigation? Javascript is about the only untrusted code that I run on my machine so if that’s already covered I don’t see a strong reason to take a hit on everything I run.

                1. 4

                  I think the attack surface is large enough even with simple things like JavaScript that I’d be willing to take the hit, though I can certainly understand certain workloads where you wouldn’t want to, like gaming or scientific computing.

                  For example, JavaScript can be introduced in many locations, like PDFs, Electron, and so on. Also, there are things like Word documents such as this RTF remote code execution for MS Word. Additionally, the mitigations for Browsers are just that, mitigations; things like retpolines and the like work in a larger setting with more “surface area” covered, vs timing mitigations or the like in browsers. It’s kinda like W^X page protections or ASLR: the areas you’d need that are quite small, but it’s harder to find individual applications with exploits and easier to just apply it wholesale to the entire system.

                  Does that make sense?

                  tl;dr: JS is basically everywhere in everything, so it’s harder to just apply those fixes in a single location like a browser, when other things may have JS exposed as well. Further more, there are other languages, attack surfaces, and the like I’d be concerned about that it’s just not worth it to only rely on browsers, which can only implement partial mitigations.

                  1. 1

                    Browsers do run volatile code supplied by others more than most other attack surfaces. You may have an archive of invoices in PDF format, as I have, and those may in principle contain javascript, but those javascripts aren’t going to change all of a sudden, and they all originate from a small set of parties (in my case my scanning software and a single-digit number of vendors). Whereas example.com may well redeploy its website every Tuesday morning, giving you a the latest versions of many unaidited third-party scripts, and neither you nor your bank’s web site really trust example.com or its many third-party scripts.

                    IMO that quantitative difference is so large as to be described as qualitative.

                    1. 1

                      The problem is when you bypass those protections you can have things like this NitroPDF exploit, which uses the API to launch malicious JS. I’ve used these sorts of exploits on client systems during assessments, adversarial or otherwise. So relying on one section of your system to protect you against something that is a fundamental CPU design flaw can be problematic; there’s nothing really stopping you from launching rowhammer from PostScript itself, for example. This is why the phrase “defense in depth” is so often mentioned in security circles, since there can be multiple failures throughout a system, but in a layered approach you can catch it at one of the layers.

                      1. 1

                        Oh, I’m not arguing that anyone should leave out everything except browser-based protection. Defense in depth is indisputably good.

                  2. 3

                    There’s also the concept of layers of defense. Let’s say the mitigation fails. Then, you want the running, malicious code to be sandboxed somehow by another layer of defense. You might reduce or prevent damage. The next idea folks had was mathematically-prove the code could never fail. What if a cosmic ray flips a bit that changes that? Uh oh. Your processor is assumed to enable security, you’re building an isolation layer on it, make it extra isolated just in case shared resources have effect, and now only one of Spectre/Meltdown affected you if you’re Muen. Layers of security are still good idea.

                2. 2

                  That’s not what I got from it. I perceived it as “You’re not taking good precautions on this low hanging fruit, why are you worried about these hard problems?”

                  I see it constantly, everyone’s always worried about X, and then they just upload everything to an unencrypted cloud.

                  1. 1

                    I actually did mean that when you browse the net, your computer runs code supplied by web site operators you may not trust, and some of those web site operators really are not trustworthy, and your computer is shared infrastructure running code supplied by users who don’t trust each other.

                    Your bank’s site does not trust those other sites you have open in other tabs, so that’s one user who does not trust others.

                    You may not trust them, either. A few hours after I posted that, someone discovered that some npmjs package with millions of downloads has been trying to steal bitcoin wallets, so that’s millions of pageviews that ran malevolent code on real people’s computers. You may not have reason to worry in this case, but you cannot trust sites to not use third-party scripts, so you yourself also are a distrustful user.

              2. 2

                This might be obvious, but I gotta ask anyway: Is there a real threat to my data when I, let’s say, google for a topic and open the first blog post that seems quite right?

                • Would my computer be breached immediately (like I finished loading the site and now my computers memory is in north korea)?
                • How much data would be lost, and would the attacker be able to read any useful information from it?
                • Would I be infected with something?

                Of course I’m not expecting any precise numbers, I’m just trying to get a feel for how serious it is. Usually I felt safe enough just knowing which domains and topics (like pirated software, torrents, pron of course) to avoid, but is that not enough anymore?

                1. 5

                  To answer your questions:

                  Would my computer be breached immediately (like I finished loading the site and now my computers memory is in north korea)?

                  Meltdown provides read-access to privileged memory (including enclave-memory) at rates of a couple of megabits per second (lets assume 4). This means that if you have 8GB of ram it is now possible to dump the entire memory of your machine in about 4,5 hours.

                  How much data would be lost, and would the attacker be able to read any useful information from it?

                  This depends on the attackers intentions. If they are smart, they just read the process table, figure out where your password-manager or ssh-keys for production are stored in ram and transfer the memory-contents of those processes. If this is automated, it would take mere seconds in theory, in practice it won’t be that fast but it’s certainly less than a minute. If they dump your entire memory, it will probably be all data in all currently running applications and they will certainly be able to use it since it’s basically a core dump of everything that’s currently running.

                  Would I be infected with something?

                  Depends on how much of a target you are and whether or not the attacker has the means to drop something onto your computer with the information gained from what I described above. I think it’s safe to assume that they could though.

                  These attacks are quite advanced and regular hackers will always go for the low-hanging fruit first. However if you are a front-end developer in some big bank, big corporation or some government institution which could face a threat from competitors and/or economic espionage. The answer is probably yes. You are probably not the true target the attackers are after, but you system is one hell of a springboard towards their real target.

                  It’s up to you to judge how much of a potential target you are, but when it happens, you do not want to be that guy/girl with the “patient zero”-system.

                  Usually I felt safe enough just knowing which domains and topics (like pirated software, torrents, pron of course) to avoid, but is that not enough anymore?

                  Correct. Is not enough anymore, because Rowhammer, Spectre and Meltdown have JavaScript or wasm variants (If they didn’t we wouldn’t need mitigations in browsers). All you need is a suitable payload (the hardest part by far) and one simple website you frequently visit, which runs on an out-of-date application (like wordpress, drupal or yoomla for example) to get that megabit-memory-reading meltdown-attack onto a system.

                  The attacker still has to know which websites those are, but they could send you a phishing-mail which has a link or some attachment that will be opened in some environment which has support for javascript (or something else) to obtain your browsing history. In that light it’s good to know that some e-mail clients support the execution of javascript in received e-mail messages

                  If there is one lesson to take home from rowhammer, spectre and meltdown, it’s that there is no such thing as “computer security” anymore and that we cannot rely on the security-mechanisms given to us by the hardware.

                  If you are developing sensitive stuff, do it on a separate machine and avoid frameworks, libraries, web-based tools, other linked in stuff and each and every extra tool like the plague. Using an extra system, abandoning the next convenient tool and extra security precautions are annoying and expensive, but it’s not that expensive if your livelihood depends on it.

                  The central question is: Do you have adversaries or competitors willing to go this far and spend about half a million dollars (my guesstimate of the required budget) willing to pull off an attack like this?

                  1. 1

                    Wow, thanks! Assuming you know what you’re talking about, your response is very useful and informative. And exactly what I was looking for!

                    […] figure out where your password-manager or ssh-keys for production are stored in ram […]

                    That is a vivid picture of the worst thing I could imagine, albeit I would only have to worry about my private|hobby information and deployment.

                    Thanks again!

                    1. 1

                      You’re welcome!

                      I have to admit that what I wrote above, is the worst case scenario I could come up with. But it is as the guys from Sonatype (from the Maven Nexus repository) stated it once: “Developers have to become aware of the fact that what their laptops produce at home, could end up as a critical library or program in a space station. They will treat and view their infrastructure, machines, development processes and environments in a fundamentally different way.”

                      Yes, there are Java programs and libraries from Maven Central running in the ISS.

                  2. 1

                    The classic security answer to that is that last years’s theoretical attack is this year’s nation-state attack and next year it can be carried out by anyone who has an midprice GPU. Numbers change, fast. Attacks always get better, never worse.

                    I remember seeing an NSA gadget for $524000 about ten years ago (something to spy on ethernet traffic, so small as as be practically invisible), and recently a modern equivalent for sale for less than $52 on one of the Chinese gadget sites. That’s how attacks change.

                1. 17

                  I’m one of the maintainers of Conjure, happy to answer questions about this project!

                  1. 12
                    1. How does this compare to gRPC and friends (e.g. Thrift), especially now that gRPC-Web is in GA? When would I pick Conjure over them?
                    2. Are there plans for additional language support? I’m interested in Go in particular.
                    1. 9
                      1. We’re big fans of gRPC! One downside is that it does require HTTP/2 trailers, which means if you want to make requests from browsers or curl, you’d need to deploy a proxy like envoy to rewrite the traffic. I think Conjure makes sense if you’re already relying on HTTP/JSON in production or care about browsers. It’s very much designed with simplicity in mind, and doesn’t actually prescribe any particular client or server, so allows you to get the upside of strong types for your JSON, without requiring big changes to your existing stack or API.

                      2. Definitely! Internally, we use go extensively so I think conjure-go is next in the open-sourcing pipeline. One interesting feature of Conjure is that since the IR is a stable format, you can develop new language-generators independently without needing any involvement from the core maintainers!

                      1. 4

                        I have the same question as 1. but with OpenAPI.

                        1. 6

                          They’re conceptually pretty similar, but we found the Java code that Swagger generates pretty hard to read. While Swagger has to add many annotations (https://github.com/swagger-api/swagger-samples/blob/master/java/java-jersey-jaxrs/src/main/java/io/swagger/sample/resource/PetResource.java#L43) to deal with any conceivable API you might define, Conjure is intentionally more restrictive in terms of what you can define and tries to focus on doing a small number of things very well.

                          This results in code that is as readable as a human would write (https://github.com/palantir/conjure-java/blob/1.3.0/conjure-java-core/src/integrationInput/java/com/palantir/product/EteService.java), with all the benefits of modern best practices like immutability, NonNull everywhere etc.

                      2. 59

                        How do you feel about your work being used to enable human rights violations?

                        1. 14

                          This is actually an interesting question.

                          1. 5

                            Probably terrible but also aware of the unlikelihood of escaping it. Sometimes you have an action and it has good and bad consequences and the good consequences are avoidable, but the bad aren’t. In that specific scenario it’s not wise to give up the good consequences just so you aren’t “getting your hands dirty”. Sure if you can find some way to escape the evils then you should try all available options but sometimes things are bad.

                            Oh I’m realizing this is specifically Palantir’s stack lmao. Nevermind yeah don’t work on that on your free time y’all, no hard feelings intended towards @iamdanfox .

                            1. 1

                              As it seems I’m living under a rock, could you paste some link to provide the context for your question?

                              Edit: never mind, found it; “Palantir provides the engine for Donald Trump’s deportation machine”

                              1. 1

                                Which is the same machine as previously used, right?

                            2. 3

                              How does it compare to Twirp? (https://github.com/twitchtv/twirp)

                              Update after a quick search: Conjure uses JSON whereas Twirp uses ProtocolBuffer.

                              1. 2

                                I think Twirp has a lot of similar motivations to Conjure - the blog post even mentions an emphasis on simplicity and it works over HTTP1.1 (unlike gRPC).

                                One key difference I see is that many API definition tools are essentially monoliths, pretty much completely controlled by the originating company. We’ve gone for a different approach with Conjure and tried to decouple things so that significant additions (e.g. adding a new language) happen without blocking on the core maintainers at all.

                                For example, if you wanted to add Swift support, you’d make a brand new conjure-swift repo and write a CLI that turns the stable IR format into Swift source code. We have a standardised test harness (written in Rust) that you can use to prove that your new conjure-swift code will be compatible with other Conjure clients/servers. Once your CLI works, you can package it up in a standard way and it should slot nicely into existing build tools.

                              2. 3

                                How is unionization in Palantir? Is there a reason why you’re still working there? Do you need support? I’m not from USA but I can point you to people willing to support workers like yourself.

                                1. 2

                                  Hey I am really interested in the project, but I’m getting errors when going through the tutorial on the GitHub repo, specfically ./gradlew tasks was giving me an error fetching the com.palantir repos. I copy pasted the exact instructions and I’m unsure where to ask for help on this. I figured I’d at least let you know to see if you experience the same issues.

                                  1. 2

                                    Hey! Glad to hear you’re interested in the project and sorry about the issue with the getting started guide. i’ve gone ahead and updated the guide to fix the problem you encountered. Thanks for pointing out the issue. Hope you enjoy using the project and feel free to reach out with any questions, comments or concerns

                                1. -2

                                  If you’re running ImageMagick this decade you’re doing things horribly wrong.

                                  1. 13

                                    I’m not sure what people would use instead.

                                    1. 2

                                      If you have a codebase using IM and you don’t want to rewrite it, the first quick fix to come to mind is to use some other library with a safer parser to decode the incoming images. Then pass something to IM which requires no parsing or trivial parsing, like a pointer to the decoded pixels in memory or a PNM.

                                      Using ImageMagick for input parsing is scary. Using it for output isn’t.

                                      1. 2

                                        The stb libraries are very good if you have simple requirements:

                                        stb_image

                                        stb_image_write

                                        stb_image_resize

                                        1. 0

                                          libpng if you want to handle PNGs, libjpeg if you want to handle JPEGs.

                                          1. 11

                                            Neither of those libraries is particularly adept at rescaling images.

                                            1. 1

                                              If you need basic image manipulation you should use something like gdk-pixbuf. I used it years ago but I’ve heard from people using it large scale production today.

                                            2. 1

                                              Uhhh

                                          2. 1

                                            Is the GraphicsMagick fork good?

                                            1. 3

                                              I assume not. The goal of being able to handle every format under the sun turns out to be (a) hard to implement securely and (b) not to line up well with actual requirements of actual software for actual users.

                                          1. 19

                                            This is kind of interesting, but it’s neither informative nor actionable–and yet, it’s gotten a bunch of upvotes in solidarity.

                                            Let’s not normalize this.

                                            1. 28

                                              Why does it have to be actionable? Why do you think the votes are out of solidarity? I find this kind of stuff very interesting.

                                              1. 16
                                                • It’s slacktivism.

                                                • It’s a pretty well-supported theory that exposing people to a bunch of news, when they can’t do anything about it, contributes to depression and anxiety.

                                                • And, of course, lobste.rs is supposed to complement the other sites, not replace them.

                                                1. 18

                                                  I think I’m missing something here. How could upvoting this story possibly constitute slacktivism? Are you assuming that Stenberg quit Mozilla for some principled reason and that we’re “supporting” him by promoting this blog post? I read the story and didn’t come away with that understanding at all. (And his mention that he can’t get a US visa was a very tangential bit at the end.)

                                                  1. 12

                                                    This is such an odd reply. Do you believe that most news on lobste.rs is actionable?

                                                    1. 8

                                                      The problem is that lobste.rs wasn’t supposed to be for news.

                                                      1. 4

                                                        What’s it supposed to be for then?

                                                        1. 10

                                                          Personally I come here to learn new things and not to catch up on news and drama. I could get that from reddit.

                                                          1. 4

                                                            Or HN, for that matter. I fully agree; I’d prefer if Lobste.rs would be limited to technical posts. The odd informative post about a person can be interesting, but only if it’s “important news” like a death. Even if someone loudly resigns from a software project I’m not sure I’d want to read about it (it’s just drama).

                                                            I can’t actually downvote yet, so bear in mind that the upvotes are skewed; out of all the people who can only upvote, if 50% wants to downvote, they can’t. Worse: if 25% upvotes, it looks like the majority is in favor of the post.

                                                        2. 4

                                                          That’s news to me. I am pretty sure that’s not true.

                                                      2. 6

                                                        To adhere to bullet two it would be best just to shut lobsters down.

                                                        1. 6

                                                          There’s good, actionable, technical content here. If you need to see new posts every 15 minutes regardless of quality or relevance, the internet has plenty of that already.

                                                          1. 5

                                                            Can you tell me which pieces on the frontpage right now you consider actionable, and which action you would take?

                                                            1. 13

                                                              State of Haskell: I’m not into Haskell, so I haven’t read it, but if I were, then I’d focus on making Haskell better for what people are currently using it for.

                                                              Some notes about HTTP/3: I’d remember this information for use when actually implementing services that use it.

                                                              Flying for Thanksgiving: I’d take the plane on thanksgiving day, instead of the day before or after.

                                                              How to install Yggdrasil in Debian(stretch) and find peers: install Yggdrasil in Debian and find peers.

                                                              Scrolling the main document is better for performance, accessibility, and usability: scroll the main document.

                                                              Bleeding edge django template focused on code quality and security: scaffold a Django project using it.

                                                              Python memoization across program runs: memoize data.

                                                              Running x86_64 binaries on the Talos II: run x86_64 binaries on the Talos II.

                                                              6 core falsehoods about the digital sphere: not repeat them.

                                                              Safer bash scripts with ‘set -euxo pipefail’: put this on the top of my bash scripts.

                                                              The History of GNOME: … okay … I’ve got nothing.

                                                              Kobzol/hardware-effects: write software that isn’t slow.

                                                              MEMs oscillator sensitivity to helium (helium kills iPhones): keep helium away from iPhones, and keep this in mind if I ever end up in charge of hardware design.

                                                              Formal Verification of Distributed Checkpointing Using Event-B (2015): build better distributed systems.

                                                              NN based self-driving car with Lego Mindstorms and a Raspberry Pi 3: build a demo self-driving car.

                                                              Open-Source, Bitstream Generation (2013): generate bitstreams.

                                                              Computing History at Bell Labs: again, historical documents might not have immediate worth, but in the long term, copying an old forgotten design can make you seem smarter than you actually are.

                                                              A verified email address will be required to publish to crates.io starting on 2019-02-28: avoid getting in trouble with the DMCA if I ever end up in charge of something like crates.io.

                                                              elm-ui: Forget CSS and enjoy creating UIs in pure Elm: enjoy creating UIs in pure Elm.

                                                              Yet another memory leak in ImageMagick or how to exploit CVE-2018–16323: stop writing C (“perform a DoS attack” would also be a valid, but less accepted, answer).

                                                              If I were to invent a programming language for the 21st century: this one should probably be tagged “satire”, but in any case, it’s a call to stop repeating history, so while it might not be immediately actionable, keep it in mind before you ever start writing a programming language.

                                                              Time is Partial, or: why do distributed consistency models and weak memory models look so similar, anyway?: build better distributed systems using these consistency models.

                                                              boar - Tool for archiving your digital life: archive my digital life.

                                                              Developer to Manager - Experiences going from development to management: avoid repeating their mistakes.

                                                    2. 24

                                                      I knew this would be a controversial post generating a few down votes. I almost felt like not submitting at all, but I decided to submit for those reasons:

                                                      • the author of curl is a somewhat noteworthy person, his blog is often times featured here.
                                                      • there is a person tag on lobsters
                                                      • the upvote/down vote system will tell me if I was right.

                                                      Regarding my last point: I value friendlysocks comment here. I think he’s right. 4 downvotes (“off topic”) is a strong supporting signal. I’ve gotten less downvotes for stuff that was truly controversial :-)

                                                      1. 4

                                                        Thank you for participating in the site, and even more for explaining your reasoning!

                                                      2. 17

                                                        Please stop policing content.

                                                        1. 10

                                                          Fwiw, it didn’t come across to me as policing. Imho, It’s good we have healthy discussions on content from time to time.

                                                          1. 11

                                                            Consider it opening a discussion about content, rather than policing it. It is surely agreeable that not all content (even high-quality content) is desirable on lobste.rs; so we need to reach a rough consensus on where the line should be drawn. Doing that exclusively by “letting the votes decide” has been demonstrated over and over again to lead to low-effort content; so there needs to be discussion. And here we are, discussing. =)

                                                            So: why do you think this article should stay? What does it bring to lobste.rs that’s valuable to the community? I’m not generally in agreement with @friendlysock that news and current events should be outright banned, but in my opinion this particular article doesn’t really bring much to the table. It’s basically saying that Daniel is leaving Mozilla, he’s not telling us why, and we shouldn’t worry about it. Okay? Is this useful or important for significant numbers of people to know? I don’t feel I benefited much from reading the article.

                                                            1. 6

                                                              An appropriate response to a post you don’t want to see on the website is to downvote it, flag it, or hide it. An inappropriate response is to comment and complain that the post doesn’t meet your perceived standards for content. The latter, especially when coming from a member and not a moderator, is pure moralizing noise, actually and substantially worse than the “offending” content being submitted in the first place.

                                                              1. 16

                                                                I have to agree with @whbboyd and @danielrheath. It’s obvious that voting mechanisms are not effective for maintaining quality (for examples, see Hacker News, Reddit and a plethora of other sites). Maintaining norms through interaction seems like a better approach worth experimenting with, and moreover, it seems to be working for Lobste.rs.

                                                                1. 13

                                                                  This is a community, and communities find (and maintain) their cultural norms by interacting with one another.

                                                                  Perhaps this norm has changed as the site has grown, and perhaps not.

                                                                  especially when coming from a member and not a moderator

                                                                  Having a database bit set (or not) has nothing to do with your credibility or standing in the community. He’s one of the oldest and most active site members, and (as evidenced by karma/post ratio) is well regarded.

                                                              2. 9

                                                                I, for one, appreciate that someone is doing it.

                                                                The internet has no shortage of sites with a poor SNR; lobsters has remained high-quality primarily because the cultural norms lean towards ‘keep the noise low’.

                                                                1. 1

                                                                  Having less discussion on why content may not be a great fit for lobsters isn’t a great long-term strategy. FWIW, it’s exactly the difference between low-quality communities like /r/programming and higher-quality communities like /r/netsec on reddit. I would really prefer that we don’t end up like /r/programming or HN, and a little introspection can’t hurt.

                                                                2. 5

                                                                  it’s actionable in the sense that there could be someone here that 1. likes his work on curl and mozilla and 2. have a company that might want to hire him.

                                                                  1. 1

                                                                    That would be the case if the post indicated he was looking for work - but it explicitly says he has other plans.

                                                                    1. 4

                                                                      well it didn’t quite say that. it just stated that he was unsure where he was going and was in talks. perhaps someone else wants to get in on those talks.

                                                                      I don’t yet know what to do next.

                                                                      I have some ideas and communications with friends and companies, but nothing is firmly decided yet. I will certainly entertain you with a totally separate post on this blog once I have that figured out! Don’t worry.

                                                                      1. 2

                                                                        Fair enough.

                                                                1. 4

                                                                  When are optimizations which reduce readability justified? What values should a programming language’s standard library prioritize?

                                                                  I want to touch on these two parts together.

                                                                  The standard library of any language should always be as fast as it can possibly be, it’s getting used constantly, and consistent efforts should be made to improve the speed of the library as a whole.

                                                                  Now obviously correctness needs to be the highest priority, but mistakes happen.

                                                                  1. 2

                                                                    Now obviously correctness needs to be the highest priority

                                                                    Your first point looks right. This one doesn’t. Correctness is a low priority for a lot of projects that get mass adoption. Inefficient solutions do, too, if they meet developers other requirements. Works well enough free or on the cheap is highest priority for most solutions. Efficient and/or flexible next set. Reliable, secure, and recoverable last. That’s for anything mainstream.

                                                                    1. 1

                                                                      Why do reliability, security, and recover-ability take a back-seat to correctness? Is that the best policy for the standard library of a language marketed as memory safe?

                                                                      1. 1

                                                                        Read the Worse is Better essays by Gabriel. When investing into a language, you are always balancing performance, QA, and number of features. The more features and libraries with C-like speed the better. If they’re mostly correct, they’ll still get wide uptake due to Worse is Better effect. I think they also disabled integer, overflow checking as default for similar reasons. Maybe misremembering, though!

                                                                        Now, if we’re talking high assurance depoyments, then correctness, reliability, and/or security come first. There’s other languages like SPARK and Frama-C that aim for that with their defaults.

                                                                    2. 1

                                                                      I’m not sure I understand. Are you saying that correctness is higher priority than speed?

                                                                      1. 1

                                                                        I’m saying that speed is the highest priority except when it impacts correctness. That is to say make the code as fast as possible, but no faster.

                                                                        I might also have a different opinion of correct than @nickpsecurity does.

                                                                        For me correct doesn’t mean safe or even accurate, it means expected. Does the API produce the expected output given the input? If it doesn’t then it’s incorrect. I expect C APIs to blow up in my face in well understood circumstances. But, it’s unexpected for a rust API to have a buffer overflow though.

                                                                        So ultimately, you get as fast as you possibly can without negative effects. Negative effects always sneak in as we seen here, but it’s not the case that the code is faster because it’s incorrect, only that it accidentally became incorrect as a result of making it faster. I think reasonable steps should be taken to ensure the correctness, and I don’t think the reasonable steps were taken in this case given that someone rightfully questioned the code in the PR and it went through anyway.

                                                                        That’s my view on it, does that make sense?

                                                                        1. 2

                                                                          That makes sense, though that definition of correctness being relative to the expectations of a particular tool or environment seems slippery. Maybe it’s actually a more intuitive definition though. I don’t think I expect python code to be correct in the same way I expect haskell code to be correct.

                                                                          Thanks for your thoughtful responses.

                                                                    1. 2

                                                                      I haven’t rebooted my computer for over a year, but this article makes me want a kernel update now… even if I have to reboot! That’s a pretty significant savings in power - and even dollars over a month - over the kernel version I have on right now.

                                                                      1. 1

                                                                        I haven’t rebooted my computer for over a year

                                                                        Well that’s interesting. Why?

                                                                        1. 2

                                                                          I used to be like that, I took pride in it. My computer was my gateway to the world, if I shut down my connection was gone, I’d be off things like IRC and AIM, I wouldn’t get to see the messages that happened while I was gone. I wouldn’t be seeding my torrents, or letting my computer do things like Folding@Home, IdleRPG or mining.

                                                                          And after a certain point it was fun to care about the uptime, how long can I keep it going.

                                                                          Now days my phone is that connection to the world, and offline messages are widely available through nearly all channels, at least the ones I care about. I no longer torrent, and the other reasons I had are basically pointless.

                                                                          Also thanks to startup improvements over the last 10 years, with hardware like SSD’s, and UEFI I now shutdown my computer nightly with really no waiting on it in the morning.

                                                                          1. 2

                                                                            Personally, it’s because I don’t event think about shutting it down anymore. I close the screen of my laptop at home or lock it before leaving work. When I resume it, I have all the context as I let it before leaving my station, which is pretty useful. That said, my laptop does go into hibernate mode after some time, and same for my workstation, which is a bit more eco-friendly.

                                                                            1. 2

                                                                              I accumulate a lot of open things while juggling various tasks and reopening them is a big productivity killer, so I avoid it as much as possible. Even just trying to get it all saved to files to reopen later is a pain.

                                                                              (of course maybe i could make a whole session restore thingy… but that’s a lot of work too.)

                                                                          1. 9

                                                                            I have been a mac user since the beige-toasters. There is no chance I would buy a computer with “DRM” crap preventing me from repairing it.

                                                                            1. 2

                                                                              Didn’t the beige toasters require an Apple-licensed tool to open or was that an urban legend spread in the besieged Amiga community?

                                                                              1. 5

                                                                                It’s correct, they used Torx screws for the case: teardown.

                                                                                1. 3

                                                                                  I just bought a torx screwdriver from Lowe’s last week. I’d hardly consider that to be locking users out of their hardware.

                                                                                  1. 3

                                                                                    They were hard to come by in 1984.

                                                                                    1. 3

                                                                                      Yet infinitely easier to bypass than software DRM.

                                                                                      1. 2

                                                                                        I started repairing Macs in 89 and had several torx screwdrivers so by then, they were easy to get.

                                                                                        1. 1

                                                                                          Good point.

                                                                                      2. 3

                                                                                        Tri-Point and Pentalobe are two common currently examples of this.

                                                                                        In highschool/college I worked at an authorized repair shop for Apple. Torx are great honestly. They are easier to work with and less likely to strip than Philips. Tripoint & Pentalobe are a nightmare to work with, which is why they are often not used internally.

                                                                                        1. 3

                                                                                          Torx is just a better type of allen bolt

                                                                                          1. 3

                                                                                            Indeed, there’s valid reasons to use Torx.

                                                                                    1. 4

                                                                                      What will happen next? Are we going to get a z80 inside our phones? Why not a 6502? Hell, I would love to run C64 basic interpreter natively inside my phone…. No really, I’m not criticizing Apple or Intel for using an x86 core, I don’t really care, but…my PERSONAL opinion is that something is going really wrong in this world.

                                                                                      lol? Nothing wrong with either x86 or ARM… I’m curious why the author feels this way.

                                                                                      1. 10

                                                                                        x86 is typically considered a difficult ISA to make small silicon for due to its complexity. Previous attempts at small x86 processor products (notably the Intel Gallileo) have ended up very expensive.

                                                                                        Albeit I believe that x86 processors don’t run the instructions directly, instead they break down each instruct into simpler (RISCier) micro-ops that are run [citation needed]. There’s jokes about the idea of making an x86 processor run ARM or other ISAs natively, if only you could write your own firmware.

                                                                                        1. 7

                                                                                          IIRC pretty much all (big) processors use micro-ops, even if the ISA is already RISCy

                                                                                          1. 2

                                                                                            Here’s a nice blog entry by ryg. The last paragraph is quite interesting:

                                                                                            And by the way, I used x86 as an example here, but don’t believe for a second the same thing doesn’t apply to, say, the ARM chip in your phone. Modern ARM chips support multiple encodings and also rank over 1000 instructions […]

                                                                                            MIPS is similar as well, it has SIMD, historic baggage (invented in ’85), etc., and even this.

                                                                                            SPARC has ‘tagged add’ etc. instructions, made specifially with certain language runtimes in mind.

                                                                                            The recent PPC 600 blog series made it clear that PPC, considered a RISC, isn’t very ‘reduced’ either.

                                                                                            I don’t know much about RISC-V, but v2.2 of the spec tells me extensions for SIMD (P), “dynamically translated languages” (J), etc. exist, or will soon.

                                                                                            The only ‘simple’ ISAs left are probably 6502, AVR and maybe SuperH (I don’t know much about this one either).

                                                                                            EDIT: funnily, Z80 is considered CISC, while those chips are considerably simpler than many of these ‘R’ISCs.

                                                                                            1. 9

                                                                                              RISC is more about fixed instruction word length and no direct-memory operations than reduction of features.

                                                                                              1. 2

                                                                                                SuperH was used in Dreamcast. Still sold by Renesas in multiple versions for embedded sector.

                                                                                                1. 2

                                                                                                  There is J Core - a free and open SuperH CPU. See http://0pf.org/j-core.html and http://j-core.org/

                                                                                          2. 5

                                                                                            Kind of weird why he is complaining about x86 processors and their complexity in manufacturing if he is an end user? Like he ain’t fabbin’ them.

                                                                                            1. 1

                                                                                              Yeah, it would cost him more to get an 8-bitter out of an old node than buy a single Xeon. Probably.

                                                                                          1. 2

                                                                                            This sounds a lot like Entity Component Systems

                                                                                            1. 1

                                                                                              Entity Component Systems usually utilize this pattern but this pattern doesn’t make an ECS. 👍

                                                                                            1. 3

                                                                                              And Unix line endings! Hands up all those who spent days chasing down a breakage that turned out to be someone editing a Linux file in Notepad (raises hand)

                                                                                              1. 4

                                                                                                Notepad adds a BOM if you save it as UTF-8, it’s one of the few things that does that. It’s wasted dozens of hours on a project that I’ve worked on.

                                                                                                1. 2

                                                                                                  I added an automated test to our codebase that would check for BOM in SQL-files, which Windows wielding colleagues apparently were editing in Notepad. I never knew how they did it; thanks!

                                                                                              1. 7

                                                                                                I just wonder, how is it possible to have 124000 employees, yet leave such an important application untouched for so many years? The line ending thing is really important, but one could argue that MS haven’t cared for non-Windows systems, but Notepad has also been broken in other ways; ctrl+backspace inserts a square instead of deleting a word, for example.

                                                                                                MS exhibits this behavior towards other important apps too. Explorer.exe still doesn’t use the “new” APIs to support paths more than a couple hundred characters, meaning people end up with folders they can’t delete using Explorer. Explorer’s text input fields also insert a square when you hit ctrl+backspace, just like Notepad. CMD.exe just recently was updated to let the window be maximized.

                                                                                                1. 9

                                                                                                  I should specify why Notepad is such an important application, because it might not be obvious; everyone who needs a text editor just downloads Atom/VS Code/Sublime/Notepad++, right?

                                                                                                  No. There’s lots of people who aren’t programmers, who usually don’t need a text editor, but need to change a config file from time to time. Most people who install mods for games probably need to change a config file, or people who want to play a game but have a slightly unorthodox setup (surprisingly many games hide away settings like disabling the FPS lock in some INI file instead of exposing it through the GUI). Or maybe you just need somewhere to write a Reddit/Lobsters/HN comment or post that’s slightly longer than what’s comfortable to type in the text box. Maybe you need to reboot into BIOS to see some information, and want to save your draft without posting the comment yet. These are the people Notepad is for, and while it’s not important that Notepad is good for those uses, it’s important that it’s not broken.

                                                                                                  1. 3

                                                                                                    I often use Notepad for anything that I’m looking at quickly and likely don’t have to interact with. “What’s in this file?” etc. It starts so fast compared to those other editors. it’s not tabbed (yet), so it’s not taking over what ever content I have open. It never starts maximized for me and that creates a mental shift for me that means it’s temporary.

                                                                                                    1. 2

                                                                                                      Yeah, especially now that Electron-based editors which have to start an entire instance of Chromium before you get to do anything are so popular, having a really lightweight editor to just check the content of a file and maybe change a value is nice.

                                                                                                      Most of the time when I need to do that I’m in Linux, so I just open vim in my popup terminal, but I occasionally use Notepad on windows (and then regret it once I need to delete a couple of words and just insert squares instead).

                                                                                                      1. 1

                                                                                                        Vim/Linux is a great comparison actually. I use notepad the same way I use cat, less, nano or vim(default, uncustomized) in the terminal.

                                                                                                    2. 2

                                                                                                      I used to use Notepad for looking at untrustworthy stuff since it was easy to sandbox and already light on resources. I also used it as a default editor since it was on every system. WordPad for memos or official looking stuff where possible since RTF was super-light compared to MS Word. Also easier to sandbox.

                                                                                                    3. 6

                                                                                                      My first thought seeing it was “Ah, I remember that bug I ran into in high school… 25 years ago.” I guess updating it wouldn’t move a meaningful business metric and their users enjoyed the world’s most robust third-party software market. But few users edited between operating systems, so it wasn’t broken for the users with light editing needs.

                                                                                                    1. 10

                                                                                                      Ive been in conversations online in various places about getting Firefox revenue off ad revenue. One of my ideas was enterprise features licensed at a nice price. Like wigh Open Core, makknv the enterprise features paid has almost no effect on individuals that make up their majority of users.

                                                                                                      “a little something extra for everyone who deploys Firefox in an enterprise environment. …”

                                                                                                      Then, they start adding that stuff in for free. So much for that idea.

                                                                                                      1. 9

                                                                                                        They could start with a Windows Server GPO that was easy to install and configure. There’s no bigger Firefox advocate than me, yet I’m forced to use Chrome on my network because it was so easy to configure high-security policies for it, whereas I gave up trying to do the same for Firefox.

                                                                                                        1. 4

                                                                                                          Bookmarking that idea in case I ever get a chance to talk to their managemeng about this stuff. :)

                                                                                                          1. 9

                                                                                                            Thanks Nick! I’m no manager but I can take it from here (on Monday, because I’m off for the rest of the week):-))

                                                                                                            @jrc: Are you willing to expand on that hardship? AFAIU our project managers have worked with some enterprises to hear about their needs. This is in part because the enterprise mailing list we have doesn’t contain enough vocal enterprises willing to talk about their pain points in the open.

                                                                                                            Did you try the GPO features we just released with Firefox 60? What were you trying to do that didn’t work? Is there anything else you were missing?

                                                                                                            For everyone else reading this, please answer those questions as well and I’m happy to forward the whole thread.

                                                                                                            1. 2

                                                                                                              I’m not jrc, and this isn’t specifically related but my biggest problem with Firefox largely boils down to the fact that it’s not portable. It’s one of the few things where I get a new computer, plug in my drive, and it isn’t already working. I just did it again today, and while I use sync, losing my open tabs (on the session I’m using), cookies, extension data, and everything else that goes along with my previous session isn’t great.

                                                                                                              1. 4

                                                                                                                Sorry to pile onto that, but on a slightly related note: It’s embarrassing that Firefox is still dumping folders into $HOME instead of following the applicable standard.

                                                                                                                1. 1

                                                                                                                  Update! Please read through the policy templates repo and file issues there.

                                                                                                                  1. 1

                                                                                                                    No fix for this and I don’t think that’s the appropriate place for it. :-/

                                                                                                              2. 1

                                                                                                                Hi! Sorry I didn’t see your reply or I would have commented back sooner. To answer your question, it’s been a couple years since I tried it. However, I’m about to upgrade to Windows Server 2016, so I will give it another go with Firefox and document the experience.

                                                                                                                I can say off the top of my head, on my particular network, I’m looking to:

                                                                                                                Browse websites and do nothing else. Easily lock out the ability to print, change any configuration settings at all, including visibility of toolbars, Firefox sync, managing search engines, anything like that.

                                                                                                                I’d also like to be able to easily (1) install and (2) configure settings for add-ons, to manage mass deployment of updates to those add-ons, etc.

                                                                                                                1. 1

                                                                                                                  Thanks for the feedback. Great to hear you’ll give it a try. I suppose that not exactly 100% of your requirements will be satisfied, but I’d love to see a blog post about your endeavors (unless it’s shattering criticism ;))

                                                                                                                2. 1

                                                                                                                  Update! Please read through the policy templates repo and file issues there.

                                                                                                          1. 5

                                                                                                            I work remotely and so far everyone’s mostly on the same path.

                                                                                                            I think it’s easier to answer it the other way around though. Why aren’t some languages good for remote work? Well… I do a lot of C++, and my compile times are like 40+ minutes for a full rebuild when I change something deep within Unreal Engine 4. My onsite coworkers use Incredibuild (actually SNDBS), as such their compile times are a fraction of mine. That makes C++ not fun to work with. I’m sure many would argue that it’s the codebase that causes the problem, but the language definitely plays a huge roll in it. Epic solves this by throwing infrastructure at it (ala Incredibuild) instead of trying to work around problems in the language (read: lack of modules, template bloating, etc).

                                                                                                            An absolute killer is binary files. So any binary serialized scripting system is terrible. They are bad enough onsite, but combined with exclusive locks it’s so much worse remotely. Onsite you can just roll over and ask the person with the lock when they’ll be done with it. Remotely it’s slack, they may look away and miss the message, you have no idea if they are at their desk, in a meeting, or out to lunch. It just slows everything down so much.

                                                                                                            1. 8

                                                                                                              This is fantastic. I’ve been pretty vocal about this on twitter, largely along side @aprilwensel / @compassioncode, I love and use SO all the time, but it definitely isn’t a friendly place. My experiences contributing rather than consuming have been disappointing enough that I likely wouldn’t ever do it again if things didn’t change.

                                                                                                              Take this example: https://stackoverflow.com/questions/10967795/directinput8-enumdevices-sometimes-painfully-slow/40449680#40449680

                                                                                                              I posted this answer to this extremely obscure DirectX issue. This was literally the only result on google for the keywords I was searching. (Along with those stupid aggregator sites that just copy the content from SO…) I was a new account and could not post a comment on the question, only an answer. My answer is not an answer, it’s merely that I have the same problem and here’s what I’ve learned, and I made that known. The person that asked the question replied to my answer with “Very interesting! Thanks! […] It’s good to know I’m not the only one it affects!”. I GOT 3 PEOPLE ATTEMPTING TO DELETE MY ANSWER. How dare I try to contribute something useful? Better delete it for not actually answering the question! Thankfully I was able to respond to the deletions and keep it. Now it seems like someone else responded with a similar “I’m getting this too, but haven’t solved it” answer, and I’m glad they did because it’s starting to piece together this problem.

                                                                                                              That sucked, and made me jaded towards contributing.

                                                                                                              Another example is: https://stackoverflow.com/questions/3240633/web-based-vnc-client No it’s not programming, but it was like the first result for web based vnc client. It has like 31 votes, the answer has 23. It’s obviously a useful post. Yet it’s closed as off topic. It seems like content people want to see based on the upvotes. Now it’s just frozen in time with outdated content, and that sucks. Yes there’s other sites where this is better suited, I’d argue that a VNC client is primarily a developer tool though. I’d be surprised if developers/IT in some form make up less than say 70% of people that use VNC. You can ask questions about other developer tools like vim, emacs or MSVC on SO.

                                                                                                              For the duplication issue what happens currently is if the question is identified as a duplicate, the question is closed with a message that feels like “Hmfp, RTFM, Why didn’t you search, this is a duplicate of this other question, use your eyes.” What should happen instead is, A: Don’t close the question. B: Link it as a possible duplicate of the other question. C: Post a message like, “We suspect that this question is a duplicate of this one and have associated it with the other question. If you believe this is incorrect then [click here] to revert this.” Then improve the flow for people ending up on this question to funnel them to the parent question, while still letting people answer this one, and better show the list of duplicate questions in the parent (depending on how well they can do SEO with this, obviously linking to a bunch of essentially dead/duplicate questions wouldn’t be great on the SEO side.)

                                                                                                              1. 2

                                                                                                                I gave up on SO for similar reasons - the mods seemed to care less about having a useful site than enforcing the ‘rules’.

                                                                                                                1. 2

                                                                                                                  Even before the unfriendliness and mod absurdity, or at least before complaining about it got popular, I haven’t had very good experience with using SO for hard problems like the one you answered. I don’t think SO’s system is well-designed for attracting people capable of offering insight on such questions, or surfacing those types of questions to them when they do happen to show up and browse. It seems more like a system where newbies who are missing semicolons get their advice in ~10 seconds, while problems hard enough to stump experienced devs for hours or more get crickets.

                                                                                                                1. 2

                                                                                                                  Bummer that sound is still messy. There still doesn’t seem to be a single competitor to Equalizer APO/Peace on Windows that doesn’t have sound quality issues or requires you setting up a convoluted Pulse -> Jack -> Alsa configuration.

                                                                                                                  1. 4

                                                                                                                    About 1/3 of the time that I get on a conference call at work my audio and/or microphone doesn’t work. I have to close chrome, disable my audio, enable the microphone, and then enable sound+microphone. I can’t jump from disabled to sound+microphone, and I need to pause for at least a second or two before I change each setting or it doesn’t fix it.

                                                                                                                    It’s stupid and takes me about an extra 2 minutes every single time. :/ I still can’t in good faith recommend Linux to anyone that’s not already familiar and using it.

                                                                                                                  1. 2

                                                                                                                    “Professionally” used literally for once. Kinda buried at the bottom, pay to use.

                                                                                                                    1. 4

                                                                                                                      Like most things in the market slug is aimed at it’s worth it. We (game developers) all buy things like Bink, wwise/fmod, RAD Telemtry and Basis for a reason. They have some of the smartest people in the industry putting thousands of hours into them. Edit: It would be nice if it was FOSS, but when we value an engineers time at > $100k/yr, the price tag on something like this is a lot easier to swallow.

                                                                                                                      1. 3

                                                                                                                        Why is Bink (still) a thing? Modern games barely play any video at all (apart from the super rare FMV projects), and somehow services whose primary and only purpose is playing video — i.e., YouTube — get away with VP9.

                                                                                                                        1. 2

                                                                                                                          Why is Bink (still) a thing?

                                                                                                                          Look around more!

                                                                                                                          How many in-game menus have streaming video in the background or on a side panel during a briefing? How many in-game surfaces have streaming texture updates from a decoded video stream?

                                                                                                                          :)

                                                                                                                          1. 1

                                                                                                                            IIRC Bink is significantly less cpu-intensive than VP9, which may be useful if you’re e.g. loading a level while showing FMV.

                                                                                                                          2. 2

                                                                                                                            I kind of feel like working at RAD would be the kind of olympic gold metal of game software engineering.

                                                                                                                        1. 3

                                                                                                                          It’s not just me; this process is a bit weird, right? The network-based installation does make it easy to stream a fresh version of Fuchsia to the device, but it seems like a lot of work for purely development purposes. Plus, if you want to repeatedly put software on a piece of hardware, the transmission medium of choice is usually USB.

                                                                                                                          Errrrrrrrr, a fair amount of initial setup but way way way less work in the long run.

                                                                                                                          1. 2

                                                                                                                            I feel like I’m kind of missing the point of this?

                                                                                                                            We want to avoid the DOM for rendering the text editor, for example, instead using a canvas, WebGL, or any other approach that can give us extremely good performance. This may make syntax themes slightly more difficult to build, and we accept that trade-off.

                                                                                                                            Isn’t the whole point of Electron like 50% Javascript, and 50% DOM+CSS? If you’re not using either then… what is left? Why keep using Electron?

                                                                                                                            Edit: I’m excited to see where this goes though, nice to see more people getting paid to use rust!

                                                                                                                            1. 2

                                                                                                                              there’s a lot more to a text editor than the editing area though, right? Just because the text editing component is rendered outside the DOM doesn’t mean the settings dialongs, or VCS integration, or sidebars, or embedded help browser, or popups, etc. aren’t. And in terms of extensibility, those are the things that should have an easy interface that many, many, many developers are used to, since that’s where the grand majority of useful extensions seem like they could end up.

                                                                                                                              I think it’d be rad to see people get past “if it’s Electron is has to be 100% DOM + Javascript”, which will help with the anti-electron stance I’ve seen a lot. It’s a tool with strengths and weaknesses, and using it only for it’s strengths seems like a pretty good idea…

                                                                                                                              1. 1

                                                                                                                                Whoops, I removed this while you were writing this! Undeleting.

                                                                                                                                I missed the part where they were still using DOM+CSS for the rest of the UI until I had a second look at it.