1. 11

    I agree with Jono’s Bacon take [1] on it and this sums it up for me:

    His post today is a clear example of him putting Linux as a project ahead of his own personal ego.

    Also the full code of conduct [2].

    [1] https://www.jonobacon.com/2018/09/16/linus-his-apology-and-why-we-should-support-him/

    [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/Documentation/process/code-of-conduct.rst?id=8a104f8b5867c682d994ffa7a74093c54469c11f

    1. 4

      I found it a great read as well and his blog has more. Thank you for submitting this.

      1. 1

        I see there you’ve made a note that this was posted to Schneier’s blog, can you share that post link as well? Thank you.

        1. 1

          That’s where I posted all my early design sketches and essays. There were a bunch of people in software and hardware like Clive Robinson that gave great peer review and debates. We had a meme, “you heard it first on Schneier’s blog,” where news reports, CompSci papers, or new products would echo what we already discussed.

          Replacing subverted and/or low-quality Intel chips was something we discussed repeatedly way before Meltdown/Spectre with people like Clive using MCU’s for guards. I kept telling people about VAMP and Leon3 CPU’s which should block many attacks. I ended up just posting an exhaustive list here. RobertT in that discussion is mixed-signal, hardware specialist that spends much of his time obfuscating or reverse engineering ASIC’s. My analog, attack predictions were just rehashes of kind of stuff he was seeing or doing on a daily basis. That man almost single-handedly made me stop believing computers could be trusted. Clive and I recommend pencil, paper, and old school methods for high-security these days with high-assurance security as just risk reduction.

          1. 2

            Thank you. I wasn’t aware that this had taken place some time ago.

            1. 1

              The root problems were discovered around 1992. Security community just ignored it all like everything high-assurance, security community did. I had a rant on that here whose main article is a comment with the links to that work. We knew about cache- and microarchitecture-based leaks in 1992. I’ve been recommending mitigation for a long time. Well, mitigation attempts haha. Mainstream security often ignores stuff done out of their own circles or standards. Politics. There’s plenty of work out there waiting to be used or improved on, though. I post a lot of it here since there’s smart programmers here with unusual quality & security focus.

        1. 5

          Reminded me of FOAF: http://www.foaf-project.org

          1. 2

            Now that takes me back…

            1. 2

              I remember being so excited about FOAF when I learned about it around 2005. Those were the heady days of blogs and RSS feeds and open APIs.

              1. 2

                There’s a little bit of tinfoil-hattery going on in that article, but I don’t think he’s totally wrong. The Internet has matured to the point now where most of the walled gardens are about as big as they’re going to get, so the only growth potential left is destroy the community gardens. It’s not at all unlike Ford and GM’s deliberate nationwide dismantling of public transportation throughout the 20th century.

              1. 3

                In progress:

                Recently finished:

                • Building E-commerce Applications, a complete waste of money and basically just a lazy compilation of undedited blog posts. Booooo.

                • Come and Take It: The Gun Printer’s Guide to Thinking Free, by Cody Wilson of Defense Distributed fame. I finished this probably a week before the current kerfluffle started. There’s a whoooole lot of self-congratulatory bullshit and bluster in this, as Wilson is first and foremost (in my opinion) an attention whore, but buried in there are a couple of good reflections on the role of toolmakers in the pursuit of independence.

                • Come as You Are, a delightful book by Emily Nagoski that I heard about through OhJoySexToy (webcomic about sexual health and practices). It covers a lot of interesting academic information about sex, attraction, and romance, and can help in debugging certain failure modes of relationships or in preemptively being a better partner.

                1. 3

                  buried in there are a couple of good reflections on the role of toolmakers in the pursuit of independence.

                  We cannot be free until we control the means of production? That sounds like a good reflection, all right :-)

                  (Note: this may sound like I’m trying to rile you. I’m not, I am genuinely amused to see Marx echoed in this unexpected context.)

                  1. 4

                    As the good Chairman once said, “Political power grows out of the barrel of the gun…”.

                    A lot of Marxists, communists, and libertarians I think would actually have a lot to talk to each other about if they weren’t so busy engaging in culture war these days.

                    1. 3

                      It isn’t too surprising, since all three sprang from the same philosophical tradition.

                      A funny aside: a friend of mine recently noted, with regard to economics, we’re all Marxists now.

                      1. 3

                        Yup! Certain groups don’t really like to think about it, but because Marx did the first serious systematic analysis of how economies worked on a global scale (and coined the word “capitalism”, although contrary to popular opinion he did not coin but merely redefined “communism”), all modern economics owes a debt to Marx at least as big as the one it owes to Von Neumann. Even those opposed to Marx’s conclusions are using methods he pioneered to fight them. (Or, to be more direct: “economics begins with Marx” / “Karl Marx invented capitalism”)

                        1. 2

                          You might like this recent podcast episode from BBC Thinking Allowed: Marx and Marxism: https://www.bbc.co.uk/programmes/b0b2kpm0

                  2. 3

                    Come and Take It: The Gun Printer’s Guide to Thinking Free, by Cody Wilson of Defense Distributed fame. I finished this probably a week before the current kerfluffle started. There’s a whoooole lot of self-congratulatory bullshit and bluster in this, as Wilson is first and foremost (in my opinion) an attention whore, but buried in there are a couple of good reflections on the role of toolmakers in the pursuit of independence.

                    This was on my reading list; but, after I did the ’ol Amazon “Look Inside,” I took it off because it looked like the signal/noise would be unacceptable. Please give a shout if it ends up being worthwhile. I watched a few of his pre-DD/early-DD lectures on philosopy, and the guy gave me stuff to chew on.

                    1. 2

                      So, again, having finished it I think the same points could be handled in a pamphlet instead of the drawn-out narrative Wilson attenpts.

                      1. 1

                        Thanks for humouring my obviously lacking reading comprehension skills. 🤦🏾‍♂️

                      2. 1

                        Lectures on philosophy? Had no idea he was into that, mind sharing some links?

                        1. 2

                          Cody Wilson Philosophy, Part I is the first of a two part series.

                          Why I printed a gun is short and sweet; but, doesn’t get too deep.

                    1. 2

                      This is really a non-issue as far as I’m concerned.

                      Browsers (either standalone or with plugins) let users turn off images, turn off Javascript, override or ignore stylesheets, block web fonts, block video/flash, and block advertisements and tracking. Users can opt-out of almost any part of the web if it bothers them.

                      On top of that, nobody’s twisting anybody’s arm to visit “heavy” sites like CNN. If CNN loads too much crap, visit a lighter site. They probably won’t be as biased as CNN, either.

                      Nobody pays attention to these rants because at the end of the day they’re just some random people stating their arbitrary opinions. Rewind 10 or 15 or 20 years and Flash was killing the web, or Javascript, or CSS, or the img tag, or table based layouts, or whatever.

                      1. 10

                        Rewind 10 or 15 or 20 years and Flash was killing the web, or Javascript, or CSS, or the img tag, or table based layouts, or whatever

                        Flash and table based layouts really were and, to the extent that you still see them, are either hostile or opaque to people who require something like a screen reader to use a website. Abuse of javascript or images excludes people with low end hardware. Sure you can disable these things but it’s all too common that there is no functional fallback (apparently I can’t even vote or reply here without javascript being on).

                        Are these things “killing the web” in the sense that the web is going to stop existing as a result? Of course not, but the fact that they don’t render the web totally unusable is not a valid defense of abuses of these practices.

                        1. 3

                          I wouldn’t call any of those things “abuses”, though.

                          Maybe it all boils down to where the line is drawn between supported hardware and hardware too old to use on the modern web, and everybody will have different opinions. Should I be able to still browser the web on my old 100 Mhz Petnium with 8 Mb of RAM? I could in 1996…

                          1. 12

                            Should I be able to still browser the web on my old 100 Mhz Petnium with 8 Mb of RAM?

                            To view similar information? Absolutely. If what I learn after viewing a web page hasn’t changed, then neither should the requirements to view it. If a 3D visualization helps me learn fluid dynamics, ok, bring it on, but if it’s page of Cicero quotes, let’s stick with the text, shall we?

                            1. 5

                              I wouldn’t call any of those things “abuses”, though.

                              I think table based layouts are really pretty uncontroversially an abuse. The spec explicitly forbids it.

                              The rest are tradeoffs, they’re not wrong 100% of the time. If you wanted to make youtube in 2005 presumably you had to use flash and people didn’t criticize that, it was the corporate website that required flash for no apparent reason that drew fire. The question that needs to be asked is if the cost is worth the benefit. The reason people like to call out news sites is they haven’t really seen meaningfully new features in two decades (they’re still primarily textual content, presented with pretty similar style, maybe with images and hyperlinks. All things that 90s hardware could handle just fine) but somehow the basic experience requires 10? 20? 100 times the resources? What did we buy with all that bandwidth and CPU time? Nothing except user-hostile advertising as far as I can tell.

                              1. 2

                                If you wanted to make youtube in 2005 presumably you had to use flash and people didn’t criticize that

                                At the time (ok, 2007, same era) I had a browser extension that let people view YouTube without flash by swapping the flash embed for a direct video embed. Was faster and cleaner than the flash-based UI.

                                1. 1
                                2. 2

                                  I’d say text-as-images and text-as-Flash from the pre-webfont era are abuses too.

                            2. 7

                              On top of that, nobody’s twisting anybody’s arm to visit “heavy” sites like CNN. If CNN loads too much crap, visit a lighter site.

                              Or just use http://lite.cnn.io

                              1. 2

                                nobody’s twisting anybody’s arm to visit “heavy” sites like CNN

                                Exactly. It’s not a “web developers are making the web bloated” problem, it’s a “news organizations are desperate to make money and are convinced that personalized advertising and tons of statistics (Big Data!!) will help them” problem.

                                Lobsters is light, HN, MetaFilter, Reddit, GitHub, GitLab, personal sites/blogs, various wikis, forums, issue trackers, control panels… Most of the stuff I use is really not bloated.

                                If you’re reading general world news all day… stop :)

                              1. 14

                                Microsoft lets you download a Windows 10 ISO for free now; I downloaded one yesterday to set up a test environment for something I’m working on. With WSL and articles like this, I thought maybe I could actually consider Windows as an alternative work environment (I’ve been 100% some sort of *nix for decades).

                                Nope. Dear lord, the amount of crapware and shovelware. Why the hell does a fresh install of an operating system have Skype, Candy Crush, OneDrive, ads in the launcher and an annoying voice-assistent who just starts talking out of nowhere?

                                1. 5

                                  I’ll give you ads in the launcher – that sucks a big one – but Skype and OneDrive don’t seem like crapware. Mac OS comes with Messages, FaceTime and iCloud; it just so happens that Apple’s implementations of messaging and syncing are better than Microsoft’s. Bundling a messaging program and a file syncing program seems helpful to me, and Skype is (on paper) better than what Apple bundles because you can download it for any platform. It’s a shame that Skype in particular is such an unpleasant application to use.

                                  1. 3

                                    It’s not even that they’re useful, it’s that they’re not optional. I’m bothered by the preinstalled stuff on Macs too, and the fact that you have to link your online accounts deeply into the OS.

                                    I basically am a “window manager and something to intelligently open files by type kinda guy.” Anything more than that I’m not gonna use and thus it bothers me. I’m a minimalist.

                                    1. 2

                                      I am too, and I uninstall all that stuff immediately; Windows makes it very easy to remove it. “Add or Remove Programs” lets you remove Skype and OneDrive with one click each.

                                  2. 2

                                    Free?? I guess you can download an ISO but a license for Windows 10 Home edition is $99. The better editions are even more. WSL also doesn’t work on Home either. I think you need Professional or a higher edition.

                                    1. 2

                                      It works on Home.

                                      1. 1

                                        Yup. Works great on Home according to this minus Docker which you need Hyper-V support for.

                                        https://www.reddit.com/r/bashonubuntuonwindows/comments/7ehjyj/is_wsl_supported_on_windows_10_home/

                                    2. 1

                                      I always forget about this until I have to rebuild Windows and then I have to go find my scripts to uncrap Windows 10. Now I don’t do anything that could break Windows because I know my scripts are out of date.

                                      It’s better since I’ve removed all the garbage, but holy cats that experience is awful.

                                    1. 2

                                      From what I understood, this doesn’t apply to Apple’s FileVault. Mostly metadata leaking from previewing images from other encrypted drives like Veracrypt.

                                      1. 1

                                        Hmm. Is this related to bsdcan?

                                        1. 2
                                          1. 1

                                            Yes, Theo gave an impromptu talk where he expressed frustration at rumors of openbsd being untrustworthy and then speculated on possible future intel problems. Screaming happened. But now it seems he was right.

                                            Though the bigger issue of embargo’s and their value remains.

                                            1. 4

                                              Screaming happened.

                                              To be clear, the screaming was not done by Theo.

                                              1. 3

                                                I wish people would stop saying he gave a talk / presentation because that’s not what it was. This was a BOF session. It is a group discussion about a predefined topic and Theo was the BOF organizer. This is why he was talking to the crowd and asking questions. It wasn’t to attack anyone or inflame the situation; it was entirely within the spirit of the BOF.

                                            1. 4

                                              For those who don’t know the author, he’s been around for a while and even was a member of the team that “started” Canonical and Ubuntu [1]

                                              [1] https://wiki.ubuntu.com/BenjaminMakoHill

                                              1. 8

                                                I was expecting to see a reference to the fairphone in the article but none. Guess FP needs more marketing people :)

                                                p.s. it seems the FP CEO announced today that Android 7.1 is coming to the FP2 so it’s paying up! https://www.fairphone.com/en/2018/05/08/keeping-your-phone-longer-refreshed/

                                                1. 1

                                                  I don’t do it (and it’s never been something I’ve even considered). If I was really concerned about reading the replies without reading anything that I’ve already seen, I’d use the mailing list feature.

                                                  1. 1

                                                    Thank you. I’ve thought about it but you I would get all stories and not just one particular thread.

                                                    And even if I could, reading email for me is sub-par in contrast to read it here. The layout is so clean and easy to zoom on any browser (mobile included) ;-)

                                                  1. 6

                                                    I have returned from a week of holiday, so have spent my morning deleting emails and marking hipchat conversations as read. I’m in the middle of a vendor selection process, and this week is about crossing out the clearly bad choices and arranging to talk to the maybe good options.

                                                    I’m also negotiating a change to my contract to adopt a four-day week, talking to my CEO soon.

                                                    I’ve applied to volunteer at the National Museum of Computing.

                                                    I spent the weekend hacking on an app for managing notes on research papers. It’s nearly ready for a first release.

                                                    1. 1

                                                      National Museum of Computing

                                                      Nice, I really enjoyed the part of the visit of the VT terminals where I typed for a bit ;-)

                                                    1. 4

                                                      Really depends on your needs but for a home desktop and speaking about OpenBSD, I couldn’t use it because of Skype/Google Hangouts because of problems getting my webcam going.

                                                      But if I did, I would try Firefox webrtc [1] next with the caveat that is still something that is being worked on [2].

                                                      [1] https://mozilla.github.io/webrtc-landing/gum_test.html

                                                      [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1437670

                                                        1. 6

                                                          This is just gold:

                                                          Under the new patch, Linux listed all x86-compatible chips as vulnerable, including AMD processors. Since the patch tended to slow down the processor, AMD wasn’t thrilled about being included. The day after Christmas, AMD engineer Tom Lendacky sent an email to the public Linux kernel listserve explaining exactly why AMD chips didn’t need a patch.

                                                          “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault,” Lendacky wrote.

                                                          A very interesting article. Would be more interesting to know the details behind the above gaffe — did the AMD engineer break his NDA, or did he come up with the root cause behind the patch independently?

                                                          TBH, regarding discussions on public listserve, it seems really weird that these kinds of things wouldn’t be done behind closed doors — just because the software is OSS, doesn’t mean that every single change has to be thoroughly explained on the public mailing lists, like Verge seems to suggest. In the BSD world, for example, internal developer-only (i.e., committer-only) mailing lists do exist, which, for better or worse, make it easy to not unneccessarily publicise such changes, whilst still gettting the exposure and feedback from the developer community.

                                                          1. 16

                                                            When you know a secret for too long, you forget what’s supposed to be secret and what’s not. Also, when too many people know, you forget who knows and doesn’t. You forget when it’s secret and when it’s public. When the secret topic is half secret and half public, you forget precisely what’s secret and what’s not. Etc., etc.

                                                            Governments, with 100 years of practice, screw this up. Amateurs are doomed.

                                                            1. 3

                                                              wow … 64Mb!?! I remember upgrading to 12 :)

                                                              Also impressive:

                                                              AMD 5X86 486-clone running at 133mhz

                                                              Similar performance to Pentium 75Mhz

                                                              The AMD 5X86 series were the fastest 486 clones ever made

                                                              1. 1

                                                                If all you want is the TL;DR, here’s the headline finding: due to flaws in both Signal and WhatsApp (which I single out because I use them), it’s theoretically possible for strangers to add themselves to an encrypted group chat. However, the caveat is that these attacks are extremely difficult to pull off in practice, so nobody needs to panic. But both issues are very avoidable, and tend to undermine the logic of having an end-to-end encryption protocol in the first place.

                                                                1. 2

                                                                  I got this recommendation from a podcast and was pleasantly surprised. There is so much in the book that I’ve enjoyed it and connected a lot of small dots for me.

                                                                  Sapiens: A Brief History of Humankind, Yuval Noah Harari, 2011

                                                                  1. 2

                                                                    I enjoyed Sapiens too. Relevant to the suggestion Harari makes about the shift to agriculture being a net negative, I recently saw an interesting critique of studies that concluded pre-agriculture humans worked a lot less than humans in later societies. Basically, it seems that a whole lot of food processing work that happened after collecting raw ingredients wasn’t accounted for. Once it’s accounted for, the amount of work goes up to ~35 hours per week IIRC. I wonder if that puts a dent into Harari’s argument.