1. 1

    Hmm. Is this related to bsdcan?

    1. 2
      1. 1

        Yes, Theo gave an impromptu talk where he expressed frustration at rumors of openbsd being untrustworthy and then speculated on possible future intel problems. Screaming happened. But now it seems he was right.

        Though the bigger issue of embargo’s and their value remains.

        1. 4

          Screaming happened.

          To be clear, the screaming was not done by Theo.

          1. 3

            I wish people would stop saying he gave a talk / presentation because that’s not what it was. This was a BOF session. It is a group discussion about a predefined topic and Theo was the BOF organizer. This is why he was talking to the crowd and asking questions. It wasn’t to attack anyone or inflame the situation; it was entirely within the spirit of the BOF.

        1. 0

          A list of beliefs about programming that I maintain are misconceptions.

          1. 3

            Small suggestion: use a darker, bigger font. There are likely guidelines somewhere but I don’t think you can fail with using #000 for text people are supposed to read for longer than a couple of seconds.

            1. 3

              Current web design seems allergic to any sort of contrast. Even hyper-minimalist web design calls for less contrast for reasons I can’t figure out. Admittedly, I’m a sucker for contrast; I find most programming colorschemes hugely distasteful for the lack of contrast.

              1. 6

                I think a lot of people find the maximum contrast ratios their screens can produce physically unpleasant to look at when reading text.

                I believe that people with dyslexia in particular find reading easier with contrast ratios lower than #000-on-#fff. Research on this is a bit of a mixed bag but offhand I think a whole bunch of people report that contrast ratios around 10:1 are more comfortable for them to read.

                As well as personal preference, I think it’s also quite situational? IME, bright screens in dark rooms make black-on-white headache inducing but charcoal-on-silver or grey-on-black really nice to look at.

                WCAG AAA asks for a contrast ratio of 7:1 or higher in body text which does leave a nice amount of leeway for producing something that doesn’t look like looking into a laser pointer in the dark every time you hit the edge of a glyph. :)

                As for the people putting, like, #777-on-#999 on the web, I assume they’re just assholes or something, I dunno.

                Lobsters is #333-on-#fefefe which is a 12.5:1 contrast ratio and IMHO quite nice with these fairly narrow glyphs.

                (FWIW, I configure most of my software for contrast ratios around 8:1.)

                1. 2

                  Very informative, thank you!

            2. 3

              I think the byte-order argument doesn’t hold when you mentioned ntohs and htons which are exactly where byte-order needs to be accounted for…

              1. 2

                If you read the byte stream as a byte stream and shift them into position, there’s no need to check endianness of your machine (just need to know endianness of the stream) - the shifts will always do the right thing. That’s the point he was trying to make there.

                1. 2

                  ntohs and htons do that exact thing and you don’t need to check endianess of your machine, so the comment about not understanding why they exist makes me feel like the author is not quite groking it. Those functions/macros can be implemented to do the exact thing linked to in the blog post.

            1. 1

              And then the usual horror would come: “Translate these numbers, which are written in base seven, to base five.” Translating from one base to another is an utterly useless thing. If you can do it, maybe it’s entertaining; if you can’t do it, forget it. There’s no point to it.

              True for elementary school students but it does become important later on for those who want to study mathematics or computer science / engineering.

              1. 6

                Useful, but not important.

                And I’m not sure it’s math, actually: a computer can do it for you.

                Math is understanding that digits are not numbers, that they are just symbols, a useful notation.

              1. 4

                As someone who has been working remote for almost 4 months now and it has been an interesting experience thus far.

                Previously I was commuting 50-60ish minutes each way to work, so I was fairly excited to not have to put up with that drive and the traffic.

                A few times I’ve felt really strange being in my house for the whole for a few consecutive days, so going out and grabbing a coffee helped me a lot. I would work at a coffee shop or something, but my employer sent a desktop as opposed to a laptop.

                I also no longer enjoy spending time in my room - I also believe it is important to have a separate room/space set aside for remote working, but I don’t have that luxury right now. I work about a foot away from where I sleep so just “relaxing” after work isn’t very appealing anymore.

                I still do sometimes feel like I am on an island since I can’t turn around and ask a question, but I’m trying to over-communicate more to solve for that.

                Those are just some of my thoughts on remote work thus far thanks for the post! :)

                1. 2

                  You should ask your employer for a laptop then. It looks like it’s affecting your work.

                  1. 2

                    I suppose - I did initially ask for one, but they sent me a more powerful desktop instead for some reason. I’ve never heard of getting a desktop for work until now lol.

                1. 18

                  My best pieces of advice, as someone who’s worked from home for ten years or so now:

                  1. Anywhere from one to three times a month, I meet up with another friend of mine who also works from home at a bar/cafe/restaurant and we set up shop and work while we hang out. I’ll admit that sometimes there’s more hanging out than working, but considering it’s all pent up I don’t feel too bad about it. This is doubly important if you have small kids or some other reason why your social life outside of work might be curtailed.

                  2. It sounds silly, but: if your office is on a different floor of your house, only use the bathroom of the floor you’re not on (even when you’re not working). This gets you up and down the stairs multiple times a day and gets back some of the exercise you lost from working from home.

                  3. Take a walk every morning. A good one. You don’t have to worry about a commute so you won’t be late to work. Walk around the neighborhood, listen to the birds sing, etc. It doesn’t have to be a long one, just fifteen minutes or so (though my usual route is around 30 minutes).

                  4. Most importantly, spend time with your family. If you’re like me (and I know I am!), you’re often eager to get to work and, because work is so accessible, you can make excuses to get to work as quickly as possible. Don’t let that mean less time with your kids or your husband/wife/partner. (Right now I’d normally be downstairs playing but I’m waiting for an email from a customer that will affect what time I officially start working, alas…)

                  1. 1

                    Yep, walking is something I just realized I should’ve mentioned but forgot.

                    Either go for walks, or like in my case, get a dog. Mine forces me to go out at least three times a day. :)

                    1. 6

                      TIL I have a lazy-ass dog.

                      1. 3

                        I think it depends on the dog and how used to being outside he/she is. One of our rescue dogs was fine going outside but it wasn’t until 6 months later that he got REALLY into it and tries to get me to grab the leash sometimes. He’s 7 or 8 years old and has CDRM so it’s not like he’s super healthy.

                  1. 4

                    Great illustrations!

                    1. 3

                      This is by the same guy who does the delightful Pepper & Carrot webcomic (and the cat here in these illustrations looks very much like Carrot). There’s a long wait between episodes, but they’re all gorgeous.

                    1. 6

                      I wish we had this hysteria about the recent child protection acts that target prostitution specifically in the US, making life terribly dangerous for sex workers. There was a recent Reply All podcast where they interviewed a researcher who examined murder rates for women in markets as Craigslist offered their persons section (often used for adult services) to cities. The before and after picture is that murders went down 17% on average (that’s all women; not just sex workers, so we’re just talking correlation, not causation):

                      https://www.gimletmedia.com/reply-all/119-no-more-safe-harbor#episode-player

                      The GDPR, just like the child sex trafficking protection laws in the US, will be a real time case study and it will be interesting to see the effect over the new few years.

                      I think American devs are afraid of the GDPR because we’ve seen how laws like this can backfire. Specifically the GDPR probably couldn’t pass in the US simply due to freedom of speech (which is why we can’t have a protected sex offender list like Australia does, or real criminal record expulsion).

                      I like the idea of the GDPR, but I hope it doesn’t turn into a tool for censorship (like the Right to be Forgotten laws, which the EFF opposes).

                      I think people should do their best to comply and some of the projects that have closed are being hysterical, but at the same time, people don’t really know what will and won’t be acceptable until we see actual enforcement and what that will involve.

                      1. 10

                        Sorry but why couldn’t the US have the GDPR and why is freedom of speech relevant?

                        1. 3

                          The theory is that the government isn’t allowed to interfere with people speaking.

                          It’s of course not true: The US has Libel laws and can obviously choose to recognise protections for certain kinds of speech (e.g. secret/clearance documents, etc).

                        2. 8

                          I think American devs are afraid of the GDPR because we’ve seen how laws like this can backfire.

                          I see this as: Devs are afraid because they have to comply to something (annoying) that they didn’t have before.

                          the GDPR probably couldn’t pass in the US simply due to freedom of speech

                          I don’t see the link between GDPR and freedom of speed. GDPR is about user data retention. Freedom of speech is pretty key in most countries in western Europe, and I don’t think they plan anything to sabotage it.

                          I like the idea of the GDPR, but I hope it doesn’t turn into a tool for censorship

                          Again, GDPR is about user data retention. You could probably use that to censor a company in some way, but that would be pretty hard to prove and the company censored would first have to be audited for that matter.

                          I think you might mix-up GDPR with something else.

                          1. 5

                            I see this as: Devs are afraid because they have to comply to something (annoying) that they didn’t have before.

                            That’s wrong. They did need to keep my data safe from being hacked off their servers, there was simply little-to-no threat of law.

                            Again, GDPR is about user data retention.

                            GDPR is not about data retention. There’s no minimum or maximum time that you have to retain data.

                            I’m doing a fair amount of GDPR consulting at the moment, and this isn’t the strangest theory I’ve heard about the regulations.

                            There’s a big chunk about keeping data safe. If you have personal data, you have a responsibility to keep yourself from being hacked. That means using best practices for minimising risk like encryption and deleting it when you don’t need it anymore, and understanding who in your company can access the data (and when they do it).

                            There’s also a big chunk about making sure if you use personal data, you’re only using it in a way that the subject would approve of. This really means being able to demonstrate (perhaps to a regulator) why you think you have their consent to use this data. Records and contracts can help, but the subject can also back out at any time and needs to have controls to do so.

                            You could probably use that to censor a company in some way

                            You cannot. If you believe a company is using your data inappropriately, you report them to a regulator. You do not get to “prove your case” and you won’t be asked to show up in court. The regulator will assess the situation and prioritise it based on the claim and risk for further damage. The regulator will talk to that company and find out what is going on and correct the issue.

                            If that non-compliance is egregious and wilful, then the regulator has a pretty big stick, but this is far removed from “censoring a company” in any possible interpretation of the term.

                            1. 4

                              They did need to keep my data safe from being hacked off their servers, there was simply little-to-no threat of law.

                              No they didn’t. If it’s for-profit and no laws stopping it, then keeping your data in a barely-secure form is legal and maybe even beneficial for the organization. Most organizations that have data breaches take a financial hit before going back to normal. Strong investments in security cost money every year. Managers might also believe they reduce productivity if applied everywhere. The managers apathetic to security wanting more ways to make money will see your data as an asset whose leaking barely concerns them.

                              So, capitalist companies operating under their theory of morality in a system with no liability for data-related externalities should continue to collect on you ignoring as many risks as they can get away with. That’s what most were doing before regulation forced them to care a little more. Also, why I support such regulations.

                              1. 2

                                Thank you very much for correcting my false ideas.

                                GDPR is not about data retention.

                                I’m not a native speaker but to me retention is the fact of holding the data, so indeed, holding it securely. In addition of that I particulary meant the “Right to erasure” and “Right of access”, I’m more familiar with the side of friends having to deal with the documentation process (to actually have somewhere why you can hold this data). But I”m by no means an expert on the subject.

                                By censoring I was thinking that since the proof that you need to hold a data might be pretty subjective, the regulator could probably damage a company which business is holding the data, but I agree that it’s very extrapolated.

                                1. 4

                                  No problem.

                                  If you (a business) actually need to hold data on a subject, then indeed the “proof” is quite subjective. You have to feel comfortable you can convince regulators that your processing is a part of you providing a service for that subject, and that they would expect you to use their data in this way. Simple examples might be keeping someone’s address in order to ship them goods that they ordered.

                                  If you are an individual and you want to compel a company to remove/erase data they have on you, understand that they can ignore such a request with regards to things like the address they used to ship goods (among other reasons).

                                  If you are an individual and you want to ask a company to provide data they have on you, it should be easy to do so with regards to things like the address they used to ship goods to you. They’re under no obligation (however) to discover who you are – that is, if you send them an IP address they’re not required to link any information or activity they have on that IP address to you.

                            2. 5

                              the GDPR probably couldn’t pass in the US simply due to freedom of speech

                              It would obviously depend on the details, but it’s not inconsistent with the US’s view of free speech to regulate various kinds of commercial record-keeping and enforce privacy and access protections on those records. For example, healthcare data is fairly strongly regulated in the US, and this hasn’t been found to be a constitutional problem. (The “right to be forgotten” laws are a different story.)

                              1. 1

                                I health company (insurance, hospital, whoever) is bound by HIPPA. A school is bound by FERPA. They can’t divulge information. But if someone leaks someone else’s medical records and a news paper publishes them, that information is protected in the paper. Now wherever the leak happened, that’s a problem if it was someone covered under HIPPA.

                                Criminal records can’t be expunged in the US. Not really. While your record was public, some other company scooped that data up and can sell it forever even if your official record is clear. Maybe we’ll have laws that will force companies to ignore those styles of background checks (some states probably do).

                                Actually this is a good question, how does the GDPR affect collecting data about people who aren’t your customers or who ever visit your website or store front? Does it say anything about collecting public data?

                            1. 3

                              I think I might start a flame war but with all these features, one day Vim will be able to run Gnus. ;-)

                              1. 2

                                Actually I think Vim 8 could definitely support something like Gnus. A big reason it was hard in prior Vim versions is the alck of asynchronous connection capability.

                              1. 1

                                Really nice!

                                1. 1

                                  It’s quite interesting that the non-optimized version of the Nim program takes 3 seconds on my computer. The size difference is also 56K (release) vs 308K (debug) .

                                  1. 9

                                    Someone should create a website that grabs these twitter threads and creates a blog page out of them

                                    1. 14

                                      There are a few different sites like that. Here is this thread as displayed by threadreaderapp.com.

                                    1. 2

                                      Those that see other people’s mistakes are doomed to repeat them…? I know “junior” devs who write better code and better commit logs that 20y old veterans.

                                      1. 3

                                        The offhand ‘even perl’ in there struck me as unfair. It reminds me that perl is actually pretty fast (specifically at startup, but my recollection was also that it runs quickly):

                                        $ time for i in `seq 1 1000`; do perl < /dev/null; done
                                        
                                        real    0m2.786s
                                        user    0m1.337s
                                        sys     0m0.686s
                                        
                                        $ time for i in `seq 1 1000`; do python < /dev/null; done
                                        
                                        real    0m19.245s
                                        user    0m9.329s
                                        sys     0m4.860s
                                        
                                        $ time for i in `seq 1 1000`; do python3 < /dev/null; done
                                        
                                        real    0m48.840s
                                        user    0m30.672s
                                        sys     0m7.130s
                                        
                                        
                                        1. 1

                                          I can’t comment on how fast Perl is, but you are measuring the time taken to tear down here too.

                                          The correct way would be to take the raw monotonic time immediately before invoking the VM, then inside the guest language immediately print it again and take the difference.

                                          P.S. Wow Python3 is slower.

                                          1. 2

                                            but you are measuring the time taken to tear down here too.

                                            I guess so? I’m not sure that’s a useful distinction.

                                            The people wanting “faster startup” are also wanting “fast teardown”, because otherwise you’re running in some kind of daemon-mode and both times are moot.

                                            1. 1

                                              The people wanting “faster startup” are also wanting “fast teardown”

                                              Yeah, I guess I agree that they should both be fast, but if we were measuring for real, I’d measure them separately.

                                              1. 1

                                                I’m not sure that’s a useful distinction.

                                                If latency matters then it could be. If you’re spawning a process to handle network requests for example then the startup time affects latency but the teardown time doesn’t, unless the load gets too high.

                                            2. 1

                                              Hah before I read the comments I did the same thing! My results on a 2015 MBP - with only startup and teardown on an empty script, and I included node and ruby also:

                                              ~/temp:$ time python2 empty.txt 
                                              real    0m0.028s
                                              user    0m0.016s
                                              sys     0m0.008s
                                              
                                              ~/temp:$ time python3 empty.txt 
                                              real    0m0.042s
                                              user    0m0.030s
                                              sys     0m0.009s
                                              
                                              ~/temp:$ time node empty.txt 
                                              real    0m0.079s
                                              user    0m0.059s
                                              sys     0m0.018s
                                              
                                              ~/temp:$ time perl empty.txt 
                                              real    0m0.011s
                                              user    0m0.004s
                                              sys     0m0.002s
                                              
                                              ~/temp:$ time ruby empty.txt 
                                              real    0m0.096s
                                              user    0m0.027s
                                              sys     0m0.044s
                                              
                                              1. 2

                                                Ruby can do a bit better if you don’t need gems (and it’s Python 3 here):

                                                $ time for i in $(seq 1 1000); do ruby </dev/null; done
                                                
                                                real	0m31.612s
                                                user	0m27.910s
                                                sys	0m3.622s
                                                
                                                $ time for i in $(seq 1 1000); do ruby --disable-gems </dev/null; done
                                                
                                                real	0m4.117s
                                                user	0m2.848s
                                                sys	0m1.271s
                                                
                                                $ time for i in $(seq 1 1000); do perl </dev/null; done
                                                
                                                real	0m1.225s
                                                user	0m0.920s
                                                sys	0m0.294s
                                                
                                                $ time for i in $(seq 1 1000); do python </dev/null; done
                                                
                                                real	0m13.216s
                                                user	0m10.916s
                                                sys	0m2.275s
                                                
                                                1. 1

                                                  So as long python3 is faster than ruby/node, we are ok…?

                                              1. 0

                                                Quite impressive

                                                1. 1

                                                  Does HardenedBSD prevent ptrace?

                                                  1. 4

                                                    We’ve hardened ptrace by:

                                                    1. Setting security.bsd.unprivileged_proc_debug=0 by default.
                                                    2. Implementing PaX NOEXEC and enforcing it across the ptrace boundary.
                                                    3. Hardening [lin]procfs to prevent tampering with the process address space and registers through modifying key files in /proc/[pid]

                                                    Hardening [lin]procfs with regards to ptrace may cause you do go “huh? what?” linprocfs and procfs use the ptrace functions behind-the-scenes. procfs isn’t used much on FreeBSD, anyways, but we might as well plug the same types of holes while hardening ptrace itself.

                                                    1. 1

                                                      To me, the architecture of ptrace/proc/linprocfs makes it tricky to secure a system. It’s probably not easy to do better than Linux in this area. Have you considered alternative ways of offering process debugging that don’t involve ptrace?

                                                      1. 1

                                                        I prefer DTrace, but that, too, has its issues. It’s still possible to modify some data with DTrace, but it is a bit more limited in that respect than ptrace. I’m unsure one could port libhijack to using dtrace as a backend and keep full functionality.

                                                  1. 8

                                                    I’ve noticed that Joyent has remote positions and their ads say: “Qualified applicants with criminal histories will be considered for the position in a manner consistent with the Fair Chance Ordinance.” Maybe this person could see if they have use for his talents? (Ping @bcantrill, which I hope wasn’t in unbelievably bad taste?)

                                                    1. 2

                                                      Perhaps you should contact the job seeker directly.

                                                    1. 3

                                                      Hope he gets a job. I’m just puzzled at the meaning of 5.1 kids.

                                                      1. 10

                                                        Surround sound kids. Which honestly could just mean one and some sugar.

                                                        1. 8

                                                          The .1 is the woofer, likely a rescue or mutt.

                                                        2. 2

                                                          Wife just got pregnant, at a guess.

                                                          1. 1

                                                            Looks like it. So it’s 10% done…

                                                        1. 1

                                                          I wonder if they would accept coffee roasting graphs produced by Artisan:

                                                          https://github.com/artisan-roaster-scope/artisan

                                                          1. 5

                                                            7:00 - 7:20 Light alarm gradually fades to on. Wake up, in a fugue state.

                                                            7:20 - 8:35 Gentle voice reminder of who I am and that I enjoy being alive plays every fifteen minutes.

                                                            8:30 - 9:30 Get ready for work, including 30 minutes of light meditation in the shower.

                                                            10:00 - 10:30 Arrive at work, make coffee, review notes from yesterday, review today’s calendar to make sure it’s physically possible, write today’s to-do list.

                                                            10:30 - 11:30 Maybe meetings, maybe code. On a bad day, email.

                                                            11:30 - 12:00 Lunch.

                                                            12:00 - 17:30 Mix of meetings and code, fading towards email at the end of the day.

                                                            17:30 - 18:00 Leave notes for tomorrow.

                                                            18:30 - 20:00 Social media, food, dissociation, video games.

                                                            20:00 - 22:00 Work on activism and other extracurriculars.

                                                            1. 2

                                                              How does that voice reminder really work?

                                                              1. 6

                                                                It gives me the information that, in the fugue state, I am lacking. This makes it possible for me to find the necessary memories. This a phenomenon that I experience as part of general dissociative identity disorder and dissociative amnesia stuff.

                                                                It also has a very mild, carefully-chosen hypnotic effect which results in a slight mood boost.

                                                                I think of it as my stage1 initrd.

                                                                1. 1

                                                                  I’ve always wanted an alarm app where I can dictate messages to it to play in the morning. I could use myself saying don’t forget you need to do something, or don’t forget you’re trying to fix your sleep schedule, don’t sleep all day.

                                                                  1. 2

                                                                    I briefly considered interpreting “how does it really work” to be about the technical aspect, but decided to focus on what I think is the more interesting part. But yeah anyway I used Tasker on Android for it. I don’t think that would work for what you want, but maybe one of the voice assistants will grow that functionality someday.

                                                            1. 5

                                                              Everyone here seems like a morning person…

                                                              1. 8

                                                                I typically get up around 10am, if it makes you feel better. :-)

                                                                1. 1

                                                                  Hey, same as me! I kept trying to shift to an earlier schedule since bosses tend to prefer it. Brain just doesn’t agree with it. They and I are happier if they schedule me in a bit later to leave a bit later.

                                                                2. 2

                                                                  6am isn’t early in my world. I usually get up at 4am for exercise. Have done most days for the past 18 years.

                                                                  Been starting work most days around 6am for the past 6 or 7.

                                                                  Experimenting with injecting some leisure time into my morning by starting work at 7:30-8am.

                                                                  1. 2

                                                                    By “world” you mean you live in a Nordic country?

                                                                  2. 2

                                                                    It was this comment that inspired me to write mine. ;)

                                                                    1. 1

                                                                      Frankly, I’m surprised no one posted a night schedule.

                                                                      1. 1

                                                                        if it were up to me I’d work in fits and starts from about 10am to midnight. Unfortunately an office job comes with an expectation of visibility, and an attempt to travel at the same time as other road users.