1. 17

    Key part I’ve often used to debunk anti-MS sentiment from security folks:

    “Despite the above, the quality of the code is generally excellent. Modules are small, and procedures generally fit on a single screen. The commenting is very detailed about intentions, but doesn’t fall into “add one to i” redundancy.”

    “From the comments, it also appears that most of the uglier hacks are due to compatibility issues: either backward-compatibility, hardware compatibility or issues caused by particular software. Microsoft’s vast compatibility strengths have clearly come at a cost, both in developer-sweat and the elegance (and hence stability and maintainability) of the code.”

    Seems most of their problems came not from apathy but from caring about compatibility more than about anyone on desktop. That helped ensure their lock-in and billions. The cost was worse flexibility, reliability, and security. Acceptable cost given Gates’ goal of becoming super rich. Not as great for users, though. Fortunately, the Security Development Lifecycle got some of that under control with Windows kernel 0-days becoming rare versus other types. Their servers are very reliable, too.

    Anyone wondering what Microsoft could do if not so focused on backward compatibility need only look at MS Research’s projects. Far as OS’s, Midori and VerveOS come to mind for different purposes. One could be a foundation of the other actually.

    1. 7

      Not as great for users, though.

      I beg to disagree. A lot of end users and small businesses rely on some unmaintained piece of legacy software in one way or another. The fact that they don’t have to keep a separate PC with an unmaintained, insecure OS on it is a definite plus for those people.

      1. 4

        Regarding the “what Microsoft could do” – that’s exactly what they’re trying to with UWP apps in Windows 10. Proper sandboxing for all applications, ideally even all browser tabs in OS-level sandboxes.

        I’m especially interested (and scared at the same time) in the rumors about Polaris, which is said to be a Windows 10 throwing the entire Win32 layer away, with all the backwards compatibility patches only existing within of the UWP sandbox of each separate application, and with much better security (but also, obviously, less customizability).

        1. 3

          They’re definitely doing new stuff with UWP. I’ve been off Windows too long to know anything about it. I was mainly talking about designing every aspect of an OS around high-level, modular, safe, and/or concurrent programming. The two links in my comment will give you an idea of what they’re capable of.

        2. 3

          I’ve never thought that microsoft wrote bad functions, but that their design is over-complicated. There’s too many moving parts, too many function arguments, too many layers, … It’s the accidental complexity that seems to cause logical bugs.

        1. 2

          I have been feeling some of this, and am considering going back to my BlackBerry Q10. There’s a couple of reasons I wouldn’t ditch smartphones outright:

          1. I can miss having most apps, but perhaps not having access to the mobile Internet.
          2. WhatsApp is the de facto standard communications and organization platform for my social circles. I probably couldn’t get by without it at this point.
          3. I consider having a camera on hand at all times valuable, even if I don’t use it all the time. I would consider the one on the Q10 borderline serviceable in 2018.
          4. I use a lot of two-factor auth services, and I don’t want to carry a dedicated device for this.

          I would like to be less tempted to pick up my phone to play a game, or check the news, or read a news article. The Android emulator on BlackBerry would run all the apps I need today, but perhaps not for long (emulation level is roughly Android 4.3 without Google services).

          Keeping an Android tablet at home and a limited smart phone to take with me might be a suitable solution.

          1. 1

            I use a Q10, and I’m happy enough with it. The physical keyboard is so much better than any screen keyboards I’ve tried, and I mostly use it for SMS. But it can support my other use cases when I need them: mobile maps, camera, alarm clock and timer, terminal, web browser. Mostly I just appreciate that it’s neither iOS nor Android. And of course I’m fond of QNX.

            Still, I’m thinking of ‘upgrading’ to a Q20 just for the physical cursor keys. Text editing is pretty annoying without them. Long term, I’m not sure where I’ll go. My previous phone was a (dumb) Nokia Asha 210, and when I had accomodated to the S40 OS quirks I really liked it… but then when the mic stopped working I couldn’t replace it: they had vanished from the market altogether. Not even eBay had them.

            1. 1

              I’m considering the same thing, for some of the same reasons. I’m mostly concerned I won’t be able to reach anybody in my circle (especially my family, who’s in a different continent) without WhatsApp. I’m thinking of getting a 4G tablet that stays mostly at home and runs WhatsApp and whatever else I may think I may miss, and upgrading from the iPhone to a feature phone (eg: Nokia, Blackberry) for being reachable for important things. That’ll probably require making sure my family knows how to use Skype for phone calls, etc, but I think it can work!

            1. 4

              I use http://qutebrowser.org on my NixOS machines but it doesn’t run on other platforms. What alternative browsers are there for Mac OS?

              edit: I’m wrong about this! https://lobste.rs/s/biqv7l/update_on_pocket_firefox_integration#c_3c8u5d

              1. 7

                Are you saying you’d stop using Firefox because of default “sponsored content” in New Tab?

                It’s pretty easy to turn that off, just like all the other New Tab content. The article even links detailed instructions.

                Or is it a matter of principle for you? How do you suppose Mozilla should make money?

                1. 5

                  It is not “sponsored content” - that concept does not exist in Firefox. Nobody is paying Mozilla to show specific content on New Tab.

                  1. 3

                    I already didn’t use Firefox, but I also don’t think browsers should have ads or be monetized.

                    1. 2

                      There are no ads in Firefox. Why did you think there are?

                      1. 4

                        There absolutely are—or were until fairly recently—ads in unfilled tiles on the new tab page. Here’s an example support forum thread asking how to get rid of them.

                        1. 4

                          That was two years ago and that feature was completely dropped.

                    2. 2

                      How do you suppose Mozilla should make money?

                      Should Mozilla make money? Should one of the most important applications in modern-day computing be produced by a company that is incentivized to produce a profit?

                      1. 6

                        Mozilla corp is not incentivized to produce a profit, it is quite openly their goal to “just” keep the lights on. But that already needs quite a bit of cash. That’s a huge difference.

                        Mozilla corp is for-profit, as for certain legal reasons, producing software is not 501(c)3 compatible. It’s a very usual setup.

                        Yes, Mozilla should make money. Otherwise, they’d shut down.

                        1. 2

                          Mozilla is a non-profit, so no, they don’t have to make money. But the people who work for Mozilla don’t work for free. You can’t build a product like Firefox purely on volunteers, so Mozilla should at least be able to pay their workforce.

                          They can’t keep up with the rest of the world and provide a quality, free software alternative browser without money.

                          If you think the work Mozilla does is valuable (I do!) and feel like they should stay away from alternative monetization methods (I do!), you should consider donating to Mozilla so that they don’t have to find other ways of funding development.

                      2. 3

                        Does it have to be libre? If not, Vivaldi is an excellent web browser that believes in making easy things easy and customization easy. It’s the spiritual successor to Opera 12, which was the pinnacle of browser experiences.

                        1. 3

                          what do you mean? they even have prebuilt images for all major platforms. On MacOS, you can install it from Homebrew as well (brew cask install qutebrowser).

                          1. 1

                            What do you do about plugins? I miss a few plugins from Chrome when I tried out qutebrowser, primarily my RSS feed monitoring one as well as my usenet one.

                            The other big one I miss is Join, but that’s sort of a separate thing in terms of how “encompassing” it is.

                            1. 1

                              I just installed qutebrowser too. That is just brilliant. Thanks for linking - I remember stories coming about it before but never made the effort to try it out, but now I can see it becoming pretty regular.

                            1. 20

                              The GDPR will probably cause a lot of headaches in the business but I’m sure it’ll help EU startups to flourish compared to US competition from the outside, especially since it’s easier to start with compliance than the retrofit it.

                              1. 2

                                That’s a useful refactoring, to view it as about protectionism rather than privacy. (And I don’t mean that negatively. I’m influenced by Andy Grove that protectionism is sometimes necessary.)

                                1. 2

                                  Especially in the current world with national branch companies and international tax evasion schemes, I often feel the world could do with a little more protectionism.

                              1. 18

                                Fascinating. Here’s the logic in bullet points

                                • Our primary business is selling IDEs
                                • It’s a pain in the ass to have IDEs serve multiple languages
                                • Ergo, we must only have one language
                                • Ergo we must develop our own language and …
                                • … make sure everyone uses this language so that …
                                • … we can safeguard our primary business, which is …
                                • … selling an IDE

                                I always wondered where Donald Knuth, the patron saint of Yak Shaving, went to work after that tex thing.

                                1. 9

                                  That isn’t the half of it. JetBrains started by writing refactoring plugins for IDEs. They only got into IDEs because as plugin writers they were at the mercy of the IDE companies that hosted their plugins.

                                  Step aside, Knuth.

                                  1. 4

                                    Which makes this whole reasoning unconvincing, right?

                                    I mean, surely the people at JetBrains realize that it is completely unfeasible to get the whole world to use a single programming language, let alone a young programming language that is not backed by a multi-billion dollar multinational.

                                    1. 1

                                      What makes it even more unconvincing is that their Kotlin tooling is free, fully working in IDEA Community Edition.

                                      1. 1

                                        So, I didn’t take any of this too seriously, but there is a way projects grow organically. So, I can see a company organically growing it’s business from IDE plugins, to an IDE, to specializing in Java IDE, then developing a variant of Java, which gives them a niche where they have the best IDE for a language dialect because they drive development of that dialect.

                                        If asked to start from scratch, my guess would be a risk averse management team would have the strategy to just have a large team working on an IDE that supports as many languages as possible.

                                    1. 6

                                      Another similar “fantasy computer” is LIKO-12: https://github.com/RamiLego4Game/LIKO-12. Both were inspired by PICO-8, as far as I know.

                                      1. 12

                                        Fair enough, Stack Overflow is no longer the thriving community it once was (or promised to become), partly because all the low hanging fruit (easy but common questions with clear answers) has been picked.

                                        But it’s still the go-to site for most developers. There’s no community as wide or as big or with a strong a catalog of existing answers out there that can replace it. When you search the web for a problem or question, SO is still commonly the top result, and often answers the question with a high quality, structured response.

                                        Is there a better place out there?

                                        1. 2

                                          I’ve had a gapps less cyanogenmod set up on myold nexus for over 1½ years (and am waiting for a stable ROM for my current device), and it’s interesting to see that people pretty much eventually end up with the same solutions. I’d just add that if you’re euthusiastic about free software, one should use IceWeasel and if one wants a good FOSS twitter/mastodon experience, I can only recommend Twidere.

                                          Also, why use AnySoft if you can use the AOSP one. I’m currently struggling with the counter-intuitive nature of AnySoft, but can’t find a AOSP .apk :(

                                          1. 4

                                            IceWeasel? You mean the rebranded Firefox for Debian of yesteryear? It no longer exists.

                                            1. 2

                                              It still does on Parabola.

                                              1. 2

                                                @zge most likely meant IceCat - IceWeasel’s new name. IceCatMobile to be precise.

                                                1. 1

                                                  Yeah, my bad. I always mix those two up.

                                            1. 1

                                              Currently fluctuating between Excellent and Average, but mostly Excellent. That said, I still don’t manage to do the things I want in my spare time.

                                              1. 3

                                                Pretty cool, but the error message could be worded a little more clearly for the application developer.

                                                1. 3

                                                  This may be due to my familiarity with pthreads and C++ mutexes, but this error honestly was lucid for me. Could you give me an idea what you wish the error would say?

                                                  1. 7

                                                    pthread_mutex_destroy on mutex with waiters!

                                                    Random sampling of thoughts that a novice might think about this:

                                                    • “What is pthread_mutex_destroy? I’m not calling that in my code.”
                                                    • “What’s a ‘waiter’? It sounds like I’m in a restaurant.”
                                                    • “That pthread thing is “on mutex”? What does it mean by “on mutex”? (I know it means “called on a mutex”, but it omits enough words to not only be unclear about this but to also be grammatically incorrect.)
                                                    • “What do I even do about this message? Is it even a bad thing?”

                                                    Here’s a sample error message that would get it across much more clearly:

                                                    Warning: program terminated while a mutex was still locked.

                                                    Or, if the error message isn’t limited to program termination:

                                                    Warning: a mutex was destroyed while it was still locked.

                                                    You could also add some informational text to tell the programmer what to look for:

                                                    Please ensure that all mutexes are unlocked before they are destroyed.

                                                    I know when you’re programming, and you’re deep in the context of a particular system like pthreads, it’s really easy to just throw an error message into stderr that relies heavily on the specific keywords for that context. But the people who’ll see that message won’t necessarily have that context. They could be seeing it somewhere else entirely, working on a far higher level system. It’s worth keeping that in mind.

                                                    1. 8

                                                      “What’s a ‘waiter’? It sounds like I’m in a restaurant.”

                                                      That’s a reach. If you’re programming with mutexes, you know what “waiting on a mutex” is, and “waiters” is pretty obvious from that.

                                                      “That pthread thing is “on mutex”? What does it mean by “on mutex”? (I know it means “called on a mutex”, but it omits enough words to not only be unclear about this but to also be grammatically incorrect.)

                                                      I think error-message-ese, like headline-ese, is a distinct enough form of expression to have its own rules, given how much priority is given to brevity in error messages.

                                                      “What do I even do about this message? Is it even a bad thing?”

                                                      In the spirit of the above: In error-message-ese, an exclamation point means it’s a bad thing, or at least highly unusual.

                                                    2. 3

                                                      I find the specific wording a tiny bit confusing because in the specific example given in the article here, no thread is actually blocked waiting on the lock when it’s destroyed - one holds it, but none are blocked.

                                                      Totally a nitpick though.

                                                  1. 3

                                                    Please, please can we refrain from consumer product news here? Even for projects we like?

                                                    1. 25

                                                      This isn’t yet another iPhone review - it is much more in line, interesting, and relevant, to the readers of this link aggregator, than any bog-standard consumer product.

                                                      I’m glad to have found out about it here as, since I’m not following the project directly, would have probably missed the news altogether.

                                                      1. 4

                                                        This is how you get overrun by yet another iPhone review.

                                                        Everybody has some product that is they think is “more relevant” to users of this site, and if we post those, we set precedent for that, and then we get overrun. This happens on HN all the time.

                                                        If you want product news, go look at a product news site. News is the mindkiller. Ads are the mindkiller. Content marketing is the mindkiller.

                                                        If this was a long-form article on how they structured their kickstarter, or on how they did market research, or on how they adapted their phone, that’d be one thing (and one better suited to barnacl.es at that!)–but it’s not. It’s a straight 3 paragraph press release.

                                                        (I’m willing to bet you aren’t even going to buy one of these phones.)

                                                        1. [Comment removed by author]

                                                          1. 2

                                                            There does seem to me to be some qualitative difference between the release announcement I posted with links to direct engineering resources and project history, and this press release.

                                                            Care to elaborate on your observation?

                                                          2. 6

                                                            It’s pretty rare that there is a libre product in that space, so I don’t see the jump between allowing this and being overrun by iPhone news (unless you do mentally categorise them in the same group).

                                                            If you want product news, go look at a product news site. News is the mindkiller. Ads are the mindkiller. Content marketing is the mindkiller.

                                                            Wait, all this page about is news and you want… no NEWS?

                                                            I understand, you want the news that fit your definition of news. But we’re a group here. That’s why you found out you can effectively derail any news you don’t like by starting a meta-discussion about not wanting that content here. I’ve never seen your doom-saying turning out to be true, though. You are taking the same approach for years, and I have yet to see this page being overrun by corporate marketing or ads.

                                                            Fear is the mind-killer, nothing else, by the way ;).

                                                            1. 4

                                                              Wait, all this page about is news and you want… no NEWS?

                                                              Lobsters isn’t a news aggregator–it’s rather a bit deeper and more durable than that.

                                                              You are taking the same approach for years, and I have yet to see this page being overrun by corporate marketing or ads.

                                                              There may or may not be a correlation there…

                                                            2. 8

                                                              Just filter the hardware tag - you’ll be much happier :^)

                                                              (I’m willing to bet you aren’t even going to buy one of these phones.)

                                                              I’m not even going to dignify that with a response.

                                                              1. 5

                                                                While I agree with @angersock that we should avoid product announcements on this site, I think this product is an edge case - it is unique in the sense that it is focused on bringing FOSS to a place that has been elusive for a long time (mobile phones).

                                                                Your suggestion of filtering the hardware tag is ridiculous though - there is a lot of interesting hardware hacking on there that is not just a link to some product launch article.

                                                          3. 1

                                                            Let the votes decide.

                                                            1. 14

                                                              To be fair, that’s how you end up as reddit.

                                                              1. 4

                                                                Reddit and lobste.rs are very different products, you are basically comparing apples and oranges.

                                                                Even when taking this wide stretch, lobste.rs would be more akin to a subreddit.

                                                                1. 3

                                                                  An online forum with tree-based comments, with upvotes and downvotes to sort content. They’re pretty similar. Every growing online community is subject to the Eternal September problem, and I don’t think plain voting is enough to solve the issue.

                                                                  Instead of actually solving Eternal September, Reddit sidestepped the issue by making it very easy to create new subreddits. Those small communities can be rather high-quality, whereas the popular front-page subreddits are full of “empty calories” - flashy content that’s easy to consume and appeals to a lower common denominator.

                                                                  I enjoy angersock’s feedback, because he’s consistent about calling out “fluffy” content. Relying on votes isn’t a good way to address fluff, because fluff is easy to upvote. It needs to be called out.

                                                                2. 1

                                                                  While I would normally agree with you, Lobste.rs is invite only and isn’t open to any random troll to join. This is why I love lobsters because the signal to noise ratio is much higher. People care and the votes reflect the culture based on this selection process.

                                                                  I wonder if there is a further business model here, similar to metafilter. Keep invite only, but only allow votes for people who actually pay a small subscription fee to even further disincentivize reddit like behavior.

                                                            1. 4

                                                              This is my understanding of this thread so far:

                                                              The Intel ME is an additional chip (commonly an ARC microprocessor) added to all Intel processors of the past decade. It is used to provide some security and management features for large enterprises, and things like an anti-theft lock. If paired with an Intel network adapter and appropriate configuration, it can access the Internet. It is impossible to disable. The firmware is signed and encrypted or compressed in a way that makes reverse engineering challenging. Basically, it is a network connected, always-on black box system inside your CPU.

                                                              From the logs posted by the author, it seems that flashing the last 4KiB of the SPI ROM cause the Intel ME to get stuck in a boot-crash-reset loop, making it incapable of performing at least some of its duties, such as powering down the system after 30 minutes if it detects the firmware has been tampered with.

                                                              If true, this could be an interesting development! I wonder if this works with other generations as well.

                                                              Am I missing something important/wrong about any of this?

                                                              1. 3

                                                                Am I missing something important/wrong about any of this?

                                                                Incredibly late reply, but I recently learned that if the Intel CPU advertises the “Anti-Theft” feature, then the Management Engine includes a 3G transmitter can access the internet over a paired 3G card as well. Even supports location beaconing. Found in vPro chips, Sandy Bridge and up.

                                                                1. 1

                                                                  Reliable source for that?

                                                                  1. 2

                                                                    Foot slightly in mouth, the “3G module” inside the Management Engine appears to work with 3G cards found inside supported laptops, but the transmitter is not literally included in the CPU die.

                                                                    Intel ME Secrets by Igor Skochinsky (pdf), see slides 8 and 17. Slide 8 indicates that the ME will use a 3G connection if available. Slide 17 details ME modules including TDT (Anti-Theft / Theft Deterrence Technology).

                                                                    The most detailed info is straight from one of Intel’s promotional documents: Protect Laptops and Data with Intel® Anti-Theft Technology (pdf)

                                                                    New Intel AT features take advantage of 3G networks With Intel® Anti-Theft Technology (Intel® AT), IT administrators can now use encrypted SMS messages over a 3G network to send a poison pill, remotely unlock a recovered laptop quickly, or direct the system to send location information (GPS coordinates) back to the central server:

                                                                    • Poison pill delivery via an encrypted SMS message over a 3g network. 3G connections can occur regardless of the state of the OS, via a direct hardware link between Intel AT and the 3G module.
                                                                    • Remote unlock via an encrypted SMS message over a 3g network. This lets IT reactivate the laptop within minutes of recovering the PC.
                                                                    • Location beaconing. Intel AT can now transmit latitude and longitude (using GPS coordinates) to the central server if the system is equipped with a supported 3G module. IT administrators can specify automated beaconing at regular intervals or location information on request when the laptop is marked as lost or stolen.

                                                                    To take advantage of 3G-based communication, the laptop does not need to be connected to the Internet, but it must be within range of a 3G network.

                                                                    So, this probably does not affect desktops which lack a 3G card. It would be more of a concern for enterprise-grade laptops.

                                                                  2. 1

                                                                    Interesting to know. Luckily, very few laptops include a 3G or 4G module. Good to know I should avoid that option whenever possible, though!

                                                                1. 1

                                                                  I recently discovered Processing (for those unfamiliar with it: it’s a programming language for non-technical people, originally on top of Java) through the on-device IDE for Android in the play store.

                                                                  Pretty cool how it lets you quickly write a demo on a tablet and run it as a real app on the phone. It also has some logger/debugger callback thing it injects into the APK.

                                                                  1. 27

                                                                    And yes, a large part of this may be that I no longer feel like I can trust “init” to do the sane thing. You all presumably know why.

                                                                    No, I don’t. Please explain what you mean.

                                                                    Such appeal to everyone “knowing what you mean” and the implication that everyone supports your standpoint are toxic. They are a good way of making a personal opinion look like a group opinion. Combined with a fuzzy notion of “sane”, this is basically just spreading bile.

                                                                    And it works. If this mail were more complex or that sentence would be missing, it probably wouldn’t be here on lobsters. It’s certainly not posted for the review above it.

                                                                    1. 85

                                                                      If you’re reading the kernel mailing list, it can be assumed that you have some familiarity with the subject matter, and if not, you’re not missing anything crucial to the discussion here. Torvalds has decided not to point and name the implied party, probably to avoid another heated flame war on the mailing list.

                                                                      Some context to get you up to speed:

                                                                      He is referring to what is currently the most popular init system on Linux, systemd. systemd is a relatively recent development of Red Hat, and has been adopted by all major distributions. Prior to systemd gaining popularity, the init system was a hodgepodge of shell scripts, which clearly had its share of problems.

                                                                      However, systemd has been adding more features to its resume. Besides just being an init system, it has also absorbed the hardware abstraction layer udev, it implements its own dbus daemon (a popular Linux message bus used to communicate between different services and programs), it has taken control of some power management features such as suspend on lid close for laptops, it implements login and virtual terminal handling, it contains a dhcp client and server, and it provides its own system logger using a binary format that can in practice only be used through the tools provided by systemd.

                                                                      This attitude of trying to do everything from a single piece of software has proven to be somewhat controversial among Linux users, because the old UNIX mantra for software was “do one thing and do it well”. This is especially controversial for something as central as the init system, because it is always running and runs with elevated rights.

                                                                      The lead developer of systemd has also responded to a few issues with some unpopular comments, and has in the past been in conflict with the Linux kernel developers by refusing to cooperate on certain issues caused by Linux and systemd interaction. systemd has also, despite its widespread use, been hit by a number of fairly serious bugs, some of which had significant security impacts. The simplicity and potential impact of some of these bugs has left many people in doubt over the general quality of systemd and related projects.

                                                                      1. 18

                                                                        In particular Linus has had specific issues in the past - there was a problem a while back where kernel developers would boot with the “debug” flag and systemd would start spamming the console with messages and drown out the kernel information said developers needed. See https://lkml.org/lkml/2014/4/2/580 where someone proposed a patch that would remove “debug” from /process/cmdline so that the presence of that flag was completely unavailable to userspace (including systemd), thus literally preventing the problem from happening. Real icky situation.

                                                                        1. 9

                                                                          Ha, while this isn’t quite what I called for, it is a great explanation of the state of things. “Controversial”, I certainly agree with (although, coming to systemd, I’m on the “It fixes a lot of things for me” side of things).

                                                                          Thanks for that.

                                                                          1. 14

                                                                            There seems to be two main camps of users (3 if you include distro maintainers as a separate camp):

                                                                            1. People who maintain a few systems, perhaps use Linux on the desktop.

                                                                            2. People who maintain many systems.

                                                                            Camp 1 people don’t mind when Systemd does something arbitrary, unexpected or indeterminate. Camp 2 people hate Systemd’s indeterminism.

                                                                            Personally I hate magic. Systemd is magic. I can’t trust it to do what I want to do, only what it wants to do.

                                                                            1. 9

                                                                              As a person who maintains many systems professionally, i have to interject here since I always see it stated as fact that professional operators dislike systemd. I like systemd a lot because it gives badly needed structure to Linux service management. Most colleagues who worked with systemd feel the same. (This doesn’t mean it’s perfect or bug-free)

                                                                              1. 4

                                                                                Is there a reason you didn’t deploy daemontools or runit or some such to give badly needed structure to Linux service management before systemd forced it on you (however willingly)?

                                                                                1. 5

                                                                                  I did use those at various times but that’s not the same as being the default that manages all services on the system. Systemd also has a powerful declarative configuration the other options did not.

                                                                              2. 2

                                                                                There seems to be two main camps of users (3 if you include distro maintainers as a separate camp):

                                                                                1. People who maintain a few systems, perhaps use Linux on the desktop. Camp 1 people don’t mind when Systemd does something arbitrary, unexpected or indeterminate.

                                                                                I’m a group 1 member but I absolutely hate when systemd doesn’t operate as I would expect a init daemon.

                                                                            2. 4

                                                                              This attitude of trying to do everything from a single piece of software has proven to be somewhat controversial among Linux users, because the old UNIX mantra for software was “do one thing and do it well”.

                                                                              I’ve found this mantra to be only applicable in certain situations, usually when it comes to applications that users directly interact with. Things like email clients, text editors, and IRC clients (web browsers could spawn an entire discussion on this all their own). I’m not an expert on init systems, and your previous paragraph on systemd clearly shows its feature creep. But when it comes to an init system, I’ve always seen that as a complex process where it’s necessary for it to do more than one thing. This can be especially true with modern systems where everything you’ve mentioned (HAL, dbus, power management, login, networking, etc) being (arguably) necessary for the system to run correctly and in a useful way.

                                                                              So, I wonder, is it possible to have an init system that is:

                                                                              • fast
                                                                              • effective
                                                                              • correct

                                                                              that still abides by “doing one thing, and doing it well”?

                                                                              1. 8

                                                                                The mantra predates text editors (well aside of ‘ed’), email and irc clients. Any user interfaces in the modern sense really. It meant using a bunch of small, single purpose programs (like cat, troff, tail, ps…) which could be combined by user to the desired effect with standard system mechanisms like redirection, pipes and shell scripts.

                                                                                We can argue the practical merits of systemd forever but it’s fairly clear it goes against the tradition of UNIX systems development. It’s a huge, opaque, uncooperative beast that makes turtles cry. I hope Linus is close to the point where he’ll just come up with something more digestible.

                                                                                1. 7

                                                                                  The original idea behind that mantra was to make tools that were:

                                                                                  1. simple (Note: I’m using the Rich Hickey definition here)
                                                                                  2. composable. This composability requirement is why all the command line tools ingest and output strings.

                                                                                  As systemd takes over more of a Linux machine, they destroy their own simplicity, requiring someone to keep a massive amount of state in their head to modify the code or even work on units as an administrator. However, they also destroy the composiblity of the system’s tools. Things like binary logs and internal-to-systemd protocols can’t be parsed by standard command line tools, and thus users lose this ability to compose different parts of the system. This has been my biggest issue with systemd, that it violates not only “do one thing and do it well”, but also the composiblity that makes that possible.

                                                                                  A side note on GUI’s: The GUI design model is specifically the opposite of “do one thing and do it well”. GUI’s are not designed for composibility, they are designed to take the user from one end of a specific process to the other. They trade off the ability to compose with other programs, for a more robust control of the user experience.

                                                                                  1. 1

                                                                                    What’s wrong with piping journalctl to things? Legitimately curious.

                                                                                2. 1

                                                                                  The context of this discussion is around trying to bring sanity to rlimits for setuid processes…

                                                                                  In an attempt to provide sensible rlimit defaults for setuid execs, this inherits the namespace’s init rlimits:

                                                                                  $ ulimit -s 8192 $ ulimit -s unlimited $ /bin/sh -c ‘ulimit -s’ unlimited $ sudo /bin/sh -c ‘ulimit -s’ 8192

                                                                                  This is modified from Brad Spengler/PaX Team’s hard-coded setuid exec stack rlimit (8MB) in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don’t reflect the original grsecurity/PaX code.

                                                                                  Certainly traditionally it has been trivially easy for a rogue daemon to bring a system to it’s knees…. since traditionally, out of the box, there are no rlimits imposed.

                                                                                  It is the init systems job to start daemons… it would be really nice if it imposes sane rlimits on anything it starts.

                                                                                  Systemd does that, and attempts to do it in sanish ways by imposing the limits on process groups. (ie. A rogue daemon cannot escape it’s constraints by spawning a legion).

                                                                                  I’m would be easily convinced that systemd’s approach is not the best and/or not correct.

                                                                                  However I’m certain that the linux ecosystem needs work in this area and systemd is at least undertaking that work.

                                                                                  1. 2

                                                                                    You seem to be mixing up system daemons and setuid utilities. This patch has nothing do with the limits systemd imposes on the processes it starts, so whatever systemd does, or other systems did not do, in this area is irrelevant.

                                                                                    There’s no question that systemd is capable of setting rlimits for child processes. The question is whether the limits systemd sets for itself are a good default template for setuid processes run by users.

                                                                                  2. 1

                                                                                    I figured it was systemd, and I know there’s a TON of systemd hate floating around, but I didn’t realize just how rampant the freeping creaturism had become.

                                                                                    That’s really unfortunate, thanks for the clarifying comment.

                                                                                    1. 4
                                                                                  3. [Comment removed by author]

                                                                                    1. 8

                                                                                      What qualifies as “insane”?

                                                                                      This might sound trollish, but I seriously don’t find “sane/insane” distinctions very useful (beyond their connotations). In my experience, these words get used when you can’t construct a better argument for why the other side is doing something wrong, so you call yours “sane” and the others “insane”.

                                                                                      1. [Comment removed by author]

                                                                                        1. 8

                                                                                          That sounds like a nice definition, but “without reason or logic” is just as fuzzy, “counter productive, destructive, harmful” are also easily stated, but must be followed by hard facts to be held up.

                                                                                          Also, regarding the principle of least surprise: Matz (who popularised it) also famously said that it applies to his surprise.

                                                                                          Your definition just moves the playing field.

                                                                                          Also, I would argue that anyone implementing a piece of software so central to the Linux world is a “domain expert”. This is boundary play at its finest.

                                                                                          1. 19

                                                                                            For a specific example: How would you classify the change to kill tmux servers after a user logged out? Lots of people found that surprising. And in the larger space of existing init systems, quite unprecedented. I think “insane” is lacking precision, but adequately captures many people’s sentiment.

                                                                                            1. 10

                                                                                              and to add to this response, I find it insane that the response was asking tmux to include a change for the new behavior systemd enforced.

                                                                                              1. 2

                                                                                                Especially since it changes how every unix has behaved for almost 30-40 years regarding HUP.

                                                                                                Or a more recent one where it parses a username of “0haha” as being an invalid username and runs the unit as root. And now perfectly valid usernames starting with a number won’t work in systemd unit files as they get interpreted as being invalid because systemd can’t seemingly parse numbers in a config file sanely to distinguish a user name versus a user id.

                                                                                                This all might sound like splitting hairs, but breaking userspace (HUP behavior shouldn’t need a patch for your init in tools), and not parsing a username sanely are pretty basic things I would expect a first year undergrad to be able to do.

                                                                                                So yes, I agree insane is a good word to use for things. I could come up with hard facts, but systemd really feels like one step forward and two steps back for a lot of things. I don’t really feel like its a very good example of good engineering practices, aka binary logs that can be corrupted forcing you to do insane things to get a system online due to a short write to the filesystem is… also insane, we have decades of knowledge of how to do this that has been ignored.

                                                                                                If the corners aren’t rounded on this desk, why should I feel safe about the rest of the desk?

                                                                                            2. 2

                                                                                              Boundary play? The guy who wrote Linux made an opinion about it being so.

                                                                                          2. 13

                                                                                            In my experience, these words get used when you can’t construct a better argument for why the other side is doing something wrong, so you call yours “sane” and the others “insane”

                                                                                            “In your experience”, huh? So you’re just extrapolating your own personal experiences to all of mankind, then? “Citation needed!”

                                                                                            You see, it’s easy to filibuster any conversation by calling for better argumentation, proof, evidence, studies to back claims up and so on.

                                                                                            You know perfectly well why someone might call systemd “insane”. What’s your actual contribution to the conversation, besides signalling to everyone what a rational and sophisticated person you are?

                                                                                            1. 10

                                                                                              “In your experience”, huh? So you’re just extrapolating your own personal experiences to all of mankind, then? “Citation needed!”

                                                                                              No, I don’t. That’s why I wrote: In my experience.

                                                                                              You know perfectly well why someone might call systemd “insane”.

                                                                                              No, I don’t. I use systemd every day and I’m very fine with how it works and how it behaves.

                                                                                              It has, as all implementations of a thing, issues and flaws, but that’s all. I’d be happy to try an alternative, which would for sure improve in a lot of areas (and may be worse in others), but that’s a trade-off, nothing more.

                                                                                              What’s your actual contribution to the conversation, besides signalling to everyone what a rational and sophisticated person you are?

                                                                                              I’m highlighting a conversational pattern that is all too often used to create unity were there is none. I’m neither rational or sophisticated.

                                                                                              1. -1

                                                                                                Not to put too much effort into pointless bickering, but:

                                                                                                No, I don’t. That’s why I wrote: In my experience.

                                                                                                Here’s what you said:

                                                                                                In my experience, these words get used when you can’t construct a better argument for why the other side is doing something wrong, so you call yours “sane” and the others “insane”

                                                                                                You’re generalizing based on your experience. In other words, you’re not just talking about your personal experiences themselves - you’re suggesting that you’ve observed a general trend, and that it applies to the guy you responded to.

                                                                                                For whatever it’s worth, I suppose you’re technically correct about what you said. Pointing it out is just not particularly valuable, because discussions don’t go anywhere if people insist on being super rigorous about them.

                                                                                                In fact, much like you pointed out that “insane” is often used as a substitute for an argument, evidence is usually demanded as a way of seemingly proving someone wrong, or perhaps more accurately, just as a way of silencing someone.

                                                                                                It’s like everyone assumes that if no academic institution has produced a paper that says X, then X is not true.

                                                                                                We can all generally see what someone is saying, even if his post isn’t 100% logically sound in every conceivable way, and accompanied by scientific research to back up his claims.

                                                                                      1. 47

                                                                                        As with many systemd bugs, its some combination of silly and stupid and amusing, but the real story, as ever, is king Lennart’s decree that these previously valid usernames are now invalid. And thus it shall be!

                                                                                        1. 34

                                                                                          This really upsets me. Red Hat, through Poettering, is pushing all kinds of pretty invasive infrastructural changes in the Linux ecosystem. Some of these things are good (like declarative service definitions).

                                                                                          But the quality of these services that end up in supposedly robust “enterprise” Linux distributions is just astonishingly bad. I work in a team that develops a software package for CentOS / RedHat. During the lifetime of RedHat 7.x, we’ve run into:

                                                                                          1. A systemd bug that allows any local user to take down the box (https://github.com/systemd/systemd/issues/4234)
                                                                                          2. A firewalld race condition that causes the network to be completely locked down at startup or whenever the firewall service is restarted. This means that I need to find a KVM connection to all the rack units that ended up being unreachable. I am responsible for the firewalld service definitions for our team and I was unable to test this because I would invariably end up with an unreachable machine when the regression tests ran. This was reported in 7.0 and not fixed until 7.3.
                                                                                          3. A systemd bug that leaks sessions, causing any interaction with the systemd dbus service (used for starting and stopping services as well as checking service status) to take minutes (https://github.com/systemd/systemd/issues/1961)
                                                                                          4. A bug in abrtd (Red Hat’s core dump processing tool) that fails to configure the kernel’s core_pattern when (re)starting, resulting in missing core dumps.
                                                                                          5. systemd hijacking kernel command line arguments making it impossible to debug the Linux kernel (https://bugs.freedesktop.org/show_bug.cgi?id=76935). We ship modified version of specific third-party proprietary drivers with our product, so this kind of stuff also affects us.

                                                                                          This, combined with Poettering’s general attitude of “it’s not me, it’s you” whenever a bug hits (the world should adapt to systemd, because systemd will not adapt to the world) is driving me insane. On top of this toxic attitude, systemd also keeps on tacking on other features to what should just have been an init daemon (init system, system logger, dbus server, power manager, login manager, VT handler, dhcp client/server, hardware abstraction & initialization layer …) meaning that these symptoms are spreading wider and wider within the Linux ecosystem. I don’t understand why such anti-social developers were able to push such low-quality software through a conservative enterprise distribution such as Red Hat, and why other distributions went along with this.

                                                                                          It’s really a stark contrast with the much more thought out development of something like OpenBSD, where most of the bigger changes strike me as non-invasive good ideas. It’s a shame that a lot of things don’t exist on OpenBSD (like, in my case, OpenCL drivers for Intel graphics), or I would probably just switch my development environment over and be rid of the madness.

                                                                                          1. 14

                                                                                            RedHat employs most of the developers for various projects e.g. Gnome. So those projects hard-depend on systemd and this forces adoption in other distributions.

                                                                                            I switched to FreeBSD a few years ago and am very glad to have done so.

                                                                                            1. 5

                                                                                              This is a valid point. Same with all this udev & systemd integration forcing people using udev to adopt systemd.

                                                                                              1. 7

                                                                                                udev, d-bus, libinput, logind, polkit, gtk/gnome all work together to slowly force you into accepting the times and participating in this incestuous interdependency orgy :(

                                                                                            2. 9

                                                                                              I don’t think these things are simply pushed on to the ecosystem. There might be some push, but ultimately the community is accepting these ideas. The problem lies in the “democratic” decision making process where people argue over technical merit.

                                                                                              It is easy to point at something old, some concrete problem with it, and then present something new and show that it solves that problem (and maybe another problem). It is a very concrete argument to make.

                                                                                              Some interesting counters would be that the new thing is too big, too complex, or poorly designed. Size is a concrete thing, but it sounds hand-wavy and it is easy to brush off with another equally hand-wavy: the software is solving a complex problem and therefore needs to be complex, and therefore it also becomes big. It doesn’t help that concern about size can be seen more as an expression of personal belief (“I prefer minimalism”) that has little weight in face of concrete features. And just so, arguing about the bugs that size & complexity inherently bring along can be brushed and hand-waved away. Someone wants or needs these features and developers will provide; and bugs will be eventually fixed.

                                                                                              If you have a hunch that a simpler, smaller, cleaner solution could be made, the onus is on you to provide it. Otherwise you’re not contributing, just complaining. If you propose to hold on to the old thing to wait and see if another viable solution would emerge with time, you’re holding back progress. You’re a caveman, and again you’re not contributing.

                                                                                              Now arguing that some software is poorly designed is even harder. It is an abstract argument to make, and unless you can articulate the design flaws to make the argument concrete, you’re just hand-waving. But making the argument concrete is very difficult when there is no universal image of “good design”. It changes with time and place, and it seems to be as much religion as your choice of text editor or programming paradigm is. By contrast, it is trivial to point out a feature that software A has and B doesn’t have.

                                                                                              Then there’s the fact that most of these decision makers are typical software developers. Software exists to solve problems. Features solve problems, and you solve more problems by adding more features – adding more code. More features, more code is good. Complexity is inherent, and something you’ll have to live with. That is the natural state of being for the typical software developer. The people at large want features, and if some thing already provides these features, nobody has the right to stop and wonder if we couldn’t solve problems differently.

                                                                                              I did not pay attention to what happened on e.g. Debian’s mailing lists when they decided to adopt systemd. But I doubt the most pressing reason was Gnome, or a conspiracy of Gnome developers pushing it. No, it is most likely that they evaluated their choices, and systemd won on “technical merit.” They chose the best solution.

                                                                                              In such a “merit” focused democratic process, making the arguments about size and complexity is an uphill battle. All the odds are against you, unless you’re operating in some fringe self-selecting community where personal values coincide in favour of what you’re arguing for (suckless people, various minimalistic linux distros, etc).

                                                                                              By contrast, when you have a powerful leader, he does not have to make that losing argument. So Theo can say “I don’t like it.” And that might as well be the end of discussion until someone comes up with another solution. There is no need for him to spend the next three weeks defending these arguments against “merit” in a shitstorm tier nerd fight. He also doesn’t need to offer a “technically superior” solution to whatever problem happens to be troubling one of these contestants. No action is valid action.

                                                                                              If you want good software, you need a strong leader with good taste. Or a community with clear values. Unfortunately values have the tendancy to erode over time as the community grows, and trying to enforce them turns into politics and drama, with arguments that will look very much like the arguments over technical merit. A self-selecting community that naturally stays small might work.

                                                                                              1. 1

                                                                                                If you propose to hold on to the old thing to wait and see if another viable solution would emerge with time, you’re holding back progress.

                                                                                                SysVinit was siting there for years waiting to be disrupted at least since I started to use Linux in 2001. How long should we wait for this new system that is all better. Is 15 years not enough? Can we expect a decent replacement before 2038? Maybe the generation of our grandchildren can come up with something.

                                                                                                1. 10

                                                                                                  There were a bunch of other init systems that offered all the advantages of systemd with less of the downsides. Unfortunately since they were good citizens that used standard mechanisms and didn’t get applications hard-depending on them, distributions weren’t forced to adopt them and largely didn’t.

                                                                                                  1. 5

                                                                                                    Are these rhethorical questions? If not, they are misdirected. Whatever OS you’re using, I’m not the leader of that project. Alternatives to sysvinit have been around forever, so when “we” (that does not include me) decide to do something about sysvinit is up to each project that still lives with it. Of course you can look for another project if you’re not happy with the decisions they make.

                                                                                                    If that’s a hypothetical question that puts me in the dictator’s role, I would say that you wait as long as it takes. If you have a pressing need, you can help yourself. But you won’t drag my project into accepting a solution I find repulsive. Not in a year, not in 20 years.

                                                                                                    Of course, my project today would not be using sysvinit, just as I am not using it today.

                                                                                                    1. 4

                                                                                                      SysVinit was siting there for years waiting to be disrupted at least since I started to use Linux in 2001.

                                                                                                      OpenRC has been available since 2007: https://en.wikipedia.org/wiki/OpenRC

                                                                                                      1. 2

                                                                                                        Reading the linked article:

                                                                                                        Since 0.25 OpenRC includes openrc-init, which can replace /sbin/init

                                                                                                        Which was according to the 0.25 tag 17th of April 2017. And the only distribution I know using it was Gentoo which is not surprising, since they invented it.

                                                                                                        1. 5

                                                                                                          OpenRC used the regular SysV init as its /sbin/init. Gentoo’s been using it for many years (at least since 2012, but I can’t find documentation of its initial inclusion), and Debian includes it.

                                                                                                  2. 3

                                                                                                    It’s a shame that a lot of things don’t exist on OpenBSD (like, in my case, OpenCL drivers for Intel graphics), or I would probably just switch my development environment over and be rid of the madness.

                                                                                                    No need to go that far. Use Gentoo with OpenRC and stay Poettering-free and sane.

                                                                                                    1. 2

                                                                                                      What would’ve made this thing more palatable to me at least (from a perspective of not having written an init system in decades) would’ve been a split into:

                                                                                                      1. a deterministic even if slow, init(1) then script runner - even ‘make’ would work :-)
                                                                                                      2. a service manager independent dependency/config format, unit files as they are would suffice I guess
                                                                                                      3. systemd as a service manager, akin to good ol’ daemontools. Since it’s already “linux is the only thing that exists” they can get away with the prctl+subreaper system to catch services that tries to escape via double-fork

                                                                                                      but that would also remove much of the leverage they are using to push inane shit and rediscover old vulnerabilities.

                                                                                                      1. 3

                                                                                                        a deterministic even if slow, init(1) then script runner - even ‘make’ would work :-)

                                                                                                        That’s…actually a fascinating idea.

                                                                                                        Could you perhaps use a script to create an artifact in a, say, /var/startup_status directory that make checks for to resolve boot dependencies?

                                                                                                        EDIT: In #lobsters we came up with maybe using shell scripts w/ traps to handle signals for init. This might be doable. I’ll upvote any submissions that tries. :)

                                                                                                        1. 2

                                                                                                          It does fit with the OpenBSD narrative of relinking kernel at boot for ASLR as well :D the more interesting part about the ‘make’ bit is the choice between parallelism and repeatable evaluation order: just -j it. If it works with -j0 but not without, you likely have a race.

                                                                                                      2. 2

                                                                                                        firewalld isn’t part of systemd

                                                                                                        1. 2

                                                                                                          -1 incorrect

                                                                                                          really?

                                                                                                          1. 3

                                                                                                            I got one of those too, although maybe I deserved it. It seems to defeat the whole purpose of explaining downvotes: a Dalek battle cry is no improvements on mystery downvotes.

                                                                                                            1. 0

                                                                                                              Sigh, an objective, technical community, free from fanboysm, my ass.

                                                                                                    1. 7

                                                                                                      Polywell dev here; happy to answer any questions that come up. It was first created for my programming-centric game Bussard (https://technomancy.itch.io/bussard) but I’ve used it for a few other games since then.

                                                                                                      1. 4

                                                                                                        Have you ever seen this one?

                                                                                                        Your README doesn’t seem to list extensibility among its features, is there a way to extend the editor with plugins or would you need to modify the base code to add more stuff? (Not judging - the latter might be better for a limited scope tool like this)

                                                                                                        1. 4

                                                                                                          Your README doesn’t seem to list extensibility among its features

                                                                                                          Oh yeah, haha. I guess I take it as a given; why would anyone even bother writing a text editor in Lua in the first place if you couldn’t extend it?

                                                                                                          It’s very extensible–basically the whole user interface of the spaceflight game Bussard is done as modes of Polywell. Most of the code for Bussard that’s implemented outside of the editor is done so for sandboxing reasons–to make it hard to cheat–not because you couldn’t do it in the editor.

                                                                                                          Here’s a much simpler example of extending the editor to implement a simple board game: https://gitlab.com/technomancy/polywell/blob/master/config/connect4.lua Everything in the same directory as that file is user-level config, so you can see how to define modes for new languages, repl consoles, even network protocol clients.

                                                                                                      1. 3

                                                                                                        I can heartily recommend the talks Purely Functional GPU Programming with Futhark and A dozen years of Memcheck.

                                                                                                        The former is a high level functional programming language that compiles down to OpenCL, and provides easy to use Python modules that wrap all your functions. I’m currently looking into creating a similar binding infrastructure for Rust and Futhark. Quite amazing and a low barrier to entry for GPU programming.

                                                                                                        The latter gives a good overview of the development and evolution of Valgrind, how it works internally and what the current limitations are.

                                                                                                        1. 1

                                                                                                          Thanks, I would have missed that (Furthark).

                                                                                                        1. 3

                                                                                                          This must be based on the NexDock: http://nexdock.com/

                                                                                                          The pictures of the laptop are exactly the same device I have sitting in my lap right now. The NexDock of course has no computer inside it: it’s a keyboard, touchpad, SD reader, USB hub, and display.

                                                                                                          1. 2

                                                                                                            How are you liking the NexDock? How are you using it?

                                                                                                            1. 2

                                                                                                              Honestly, I haven’t used it very much at all. I tried it out with my phone and tablet and it was okay, but I’ve never really used a keyboard at length with an Android device even though I’ve had a keyboard specifically for Android for about 5 years. The resolution doesn’t lend itself to a good experience with Android.

                                                                                                              I bought it primarily to be used as a Raspberry Pi terminal. I did not catch that the device does not have USB connectivity to the to be able to use the keyboard and trackpad. The keyboard and trackpad connect through Bluetooth only.

                                                                                                              I got it primarily so that I might be able to use it at a conference that I posted in August, but it was delayed and delayed like many projects are.

                                                                                                              If I had to summarize, I would say that I am slightly disappointed, but it’s likely to improve as I actually use it for projects.

                                                                                                          1. 2

                                                                                                            What are you actually trying to hack on it?

                                                                                                            1. 3

                                                                                                              I was hoping to run a lightweight Linux distro (like Alpine) or OpenBSD on it. I basically use my phone for texting, reading my twitter feed and occasionally surfing. Android and iOS annoy me on both a usability and technical standpoint, so I was looking for something minimal that I own.

                                                                                                              I do use Termux on Android, which does help a lot, but its still a hacky workaround :\

                                                                                                              1. 5

                                                                                                                Well depending on the level you want to mess with, it greatly changes your options. If you want to run a full custom OS on it, you’re going to need a GSM stack to actually make calls, plus a graphical interface/toolkit, plus smart power management, plus tons of other stuff if you actually want the phone to be usable and last more than a couple hours on battery.

                                                                                                                If you just want to mess with sensors and run your own software and stuff, it may be easier just to load Android or FirefoxOS onto some existing hardware with an unlocked bootloader so you can strip out everything you don’t need.

                                                                                                                1. 2

                                                                                                                  Relevant: The Osmocom project is now able to place 3G calls with a fully open radio stack. But, this code is hot off the presses, and I’m pretty certain this does not work with any mobile carriers yet.

                                                                                                                  1. 1

                                                                                                                    Hmm… yeah, that looks like a lot of work to run a custom OS. I’ll have to fiddle around it over the summer. Are there any resources you can recommend to get started with kernel hacking (either Linux or OpenBSD)?

                                                                                                                  2. 5

                                                                                                                    The only minimal and usable smartphone setups I’ve found are Android-based: Replicant and CopperheadOS. However, those ROMs only support specific phone models, so you have to shop carefully.

                                                                                                                    Replicant is focused on FOSS. They start with CyanogenMod but remove non-free components. They use the linux-libre kernel and F-Droid app store. They don’t compromise, and won’t ship proprietary components even when free replacements are missing (no 3D drivers, for instance).

                                                                                                                    Their hardware support is rather out of date. Out of the available choices, I would probably choose a Samsung Galaxy S3 or Note 2. I’m also leery of how infrequent software updates are.

                                                                                                                    CopperheadOS is focused on security. They take vanilla AOSP and strip out the Google components (including the Play store and Chrome browser). Then they recompile with additional hardening mechanisms including PaX, Grsecurity, SELinux, and ASLR. They even replaced Android’s malloc with the OpenBSD one. Some of these security enhancements have been accepted into upstream, which is great news.

                                                                                                                    Currently CopperheadOS only supports the Nexus 5x and Nexus 6P, although the new Pixel phones are good candidates for support.

                                                                                                                    1. 1

                                                                                                                      Good descriptions. I think people wanting hardened Android to be adopted more should probably have Galaxy support at the minimum. They’re consistently among top tier of Android phones in capabilities and popularity. I mean, there could be severe obstacles to doing that which I don’t know about. Cyanogen and other mods were always available for the ones I had, though.

                                                                                                                      1. 3

                                                                                                                        One problem with broad hardware support is that these developers ought to be working on security, not supporting some OEM’s phone. CopperheadOS was initially based on CyanogenMod because it provides lots of hardware support “for free”, but it turned out to be more trouble than it’s worth. They switched to AOSP in beta:

                                                                                                                        CyanogenMod was originally chosen as the basis for CopperheadOS to leverage the broad hardware support. However, it proved to be the antithesis of the project’s goals and it has lackluster support for devices outside of the Nexus line. CyanogenMod is a testing ground for new features and is perpetually broken in all kinds of new and exciting ways. It lacks a focus on security and AOSP has much better code review and higher standards for code quality.

                                                                                                                        Another worrying trend is that phones' bootloaders are increasingly locked down. The Galaxy S5 was released in 2014, but the bootloader was locked tight until this past March.

                                                                                                                        1. 2

                                                                                                                          ne problem with broad hardware support is that these developers ought to be working on security, not supporting some OEM’s phone.

                                                                                                                          It’s a good point. It’s why I named the most popular of the high-end ones. High-end part will come in handy, too, to counter performance hit from the accumulating mitigations.

                                                                                                                          “The Galaxy S5 was released in 2014, but the bootloader was locked tight until this past March.”

                                                                                                                          Now that does suck. Anything else on Galaxy’s level and price tag that doesn’t have that problem? Preferably subsidized by a contract with a major carrier.

                                                                                                                          1. 1

                                                                                                                            Preferably subsidized by a contract with a major carrier.

                                                                                                                            AT&T and Verizon prefer locked-down bootloaders where possible, which slims the category considerably. I’ve basically stopped looking for anything other than “unlocked” “developer edition” phones which don’t come attached to a carrier.

                                                                                                                            Presumably the carriers do this because preventing the installation of alternate OSes simplifies support calls? Cynically, the bloatware installs are probably rather profitable.

                                                                                                                            High-end part will come in handy, too, to counter performance hit from the accumulating mitigations.

                                                                                                                            For what it’s worth, the Neo900 team assessed using different, more powerful chips. [pdf, see page 16] They ultimately decided to stick with OMAP3 because of the availability of a detailed (~3500 page) datasheet and prior art motherboard design.

                                                                                                                            I really couldn’t be more excited about the dawn of Risc-V. FPGA availability means OSes are already being ported to it, so the architecture will hit the ground running. Now that the Osmocom project is capable of open-source 3G calls, it actually could be possible to design a head-to-toe open hardware/software phone. The Neo900 goes as far as was possible to design a working phone in 2013, but it’s still not far enough.

                                                                                                                      2. 1

                                                                                                                        Ah, those look like decent options. I’ve seen Copperhead before, and thought it looked like a good ROM. It does seem like this is the most viable option at the moment.

                                                                                                                        1. 1

                                                                                                                          I’m just waiting for them to explicitly announce support for one of the new Pixel phones, so I don’t get stuck with a previous generation phone.

                                                                                                                      3. 1

                                                                                                                        I was hoping to run a lightweight Linux distro (like Alpine) or OpenBSD on it.

                                                                                                                        Do you want to use it as a phone? Because a convenient phone stack is lacking for such platforms. I’m not even sure they have a low level stack to handle things like phone calls and text messages.

                                                                                                                        If you just want a handheld, you have a few more options, but if you want to use it as a phone, erm, good luck!

                                                                                                                    1. 27

                                                                                                                      I highly recommend the Thinkpad T and X series laptops. My personal laptop is an old T400 and my work laptop is a T460p and both are excellent. They’re less expensive than the equivalent Apple laptop, but extremely good quality. I bought the T400 used and upgraded it with new parts. The T460p was new, but it was still cheaper to buy some of the parts separately and upgrade it myself.

                                                                                                                      1. 7

                                                                                                                        Seconding this.

                                                                                                                        I have a 2015 Thinkpad X1 Carbon, currently running Linux Mint 18. My second choice when buying it was the T450p.

                                                                                                                        The reason I settled on the X1 was basically it’s lighter and I decided I didn’t want/need dedicated graphics. I have a desktop that I still use often so the utility of the laptop for me was primarily mobility with “good enough” performance. If I didn’t have a desktop I would have gone for the T450p (which has been superseded by the T460p).

                                                                                                                        I have seen/used a few of the recent XPS 13s, and they also impressed me. So anyone turned off by Thinkpad prices can probably grab one of those instead.

                                                                                                                        1. 3

                                                                                                                          I have the 2015 X1 Carbon as well, excellent build quality and extremely thin and lightweight.

                                                                                                                          It may not have dedicated graphics, but I’m able to run most pre-2010 games at highest graphics settings. Intel integrated graphics has gotten much better than it used to be.

                                                                                                                          1. 1

                                                                                                                            I’m actually really interested in machines without dedicated graphics, because card switching has historically been fraught with problems for me. This is great!

                                                                                                                        2. 5

                                                                                                                          I can also vouch for this. I’ve been using ThinkPads for a long time, and currently my developer laptop is an X220.

                                                                                                                          Four years old, but with 1TiB of SSD, 12GB of RAM (can handle up to 16) and a decent 35W i5, it is more than sufficient for anything I use it for.

                                                                                                                          I’ve also heard good things about the Dell XPS/Precision series from colleagues, though if you want to run Linux it is advisable to stay away from 4K displays for now because of tearing issues.

                                                                                                                          1. 1

                                                                                                                            I’m debating the relative merits of the T460p, the X1 yoga and the X1 carbon myself. the higher performance of the T460p is tempting, but i don’t know if I’ll regret the added weight.

                                                                                                                            1. 3

                                                                                                                              A few years ago I went from a 15" MacBook Pro to a 13" MacBook Air and never regretted it. Assuming an Ultrabook-like machine will have sufficient performance for you, you won’t regret it (I’m assuming an X1 Carbon will be “fast enough” for most people). After the stagnation of the Air I switched to a 13" Retina MacBook Pro and even after a year it still feels heavy even though it’s only a few hundred grams heavier than the Air.

                                                                                                                              With a fast SSD and enough RAM even a dual core low power CPU will handle several VMs and big compiles without problem (at least in my experience).

                                                                                                                              1. 1

                                                                                                                                yeah, i’m using an x1 carbon 1st gen as my work laptop and really love it, but i don’t have to do anything heavy on it; all intensive work gets done on my desktop.

                                                                                                                                if i hadn’t seen just how nice a sub-3 lb ultrabook was, i’d probably have bought the T460p without thinking about it, but now i’m leaning towards just getting one of the X1 machines and perhaps taking a bit longer to do things like compile the kernel, but enjoy carrying it around and using it day-to-day.

                                                                                                                            2. 1

                                                                                                                              I love the T series. I use a T450s since 18 months with Linux and it’s the best laptop I ever used. Light, fast, solid build, all the connectors you need, built-in LTE modem (awesome!), replaceable battery without powering off with the second build-on battery, etc.

                                                                                                                              Highly recommended!

                                                                                                                              1. 1

                                                                                                                                T series without s is pretty.. brick - comparing to razer blade or mac book - T series looks like it was build 5 years ago.. T series with s is pretty slow … with its dual core- I have T460s and it’s cool for scripting, small medium size project but when you need to compile bigger project or edit video it’s useless