1. 4

    This is really interesting to get an idea of how people are taking advantage of BSD! I now have a much nicer idea of why people are going to it (and am a bit tempted myself). That feeling of having to go through ports and simply not having 1st-class support for some software seems… rough for desktop usage though

    1. 3
      1. 1

        I mean “someone talks to me about an application and I’m interested in trying it out on my system”?

        I feel like the link to the CVE database is a bit of an unwarranted snipe here. I’m not talking too much about security updates, just “someone released some software and didn’t bother to confirm BSD support so now I’m going to need to figure out which ways this software will not work”.

        To be honest I don’t really think that having all userland software come in via OS-maintained package managers is a great idea in the first place (do I really need OS maintainers looking after anki?). I’m fine downloading binaries off the net. Just nicer if they have out of the box support for stuff. I’m not blaming the BSDs for this (it’s more the software writer’s fault), just that it’s my impression that this becomes a bit of an issue if you try out a lot of less used software.

        1. 4

          As an engineer that uses and works on a minority share operating system, I don’t really think it’s reasonable to expect chiefly volunteer projects to ship binaries for my platform in a way that fits well with the OS itself. It would be great if they were willing to test on our platform, even just occasionally, but I understand why they don’t.

          Given this, it seems more likely to expect a good experience from binaries provided by somebody with a vested interest in quality on the OS in question – which is why we end up with a distribution model.

          1. 2

            Yep, this makes a lot of sense.

            I’m getting more and more partial to software relying on their host language’s package manager recently. It’s pretty nice for a Python binary to basically always work so long as you got pip running properly on your system, plus you get all the nice advantages of virtual environments and the like letting you more easily set things up. The biggest issue being around some trust issues in those ecosystems.

            Considering a lot of communities (not just OSes) are getting more and more involved in distribution questions, we might be getting closer to getting things to work out of the box for non-tricky cases.

            1. 8

              software relying on their host language’s package manager

              In general I’m not a fan. They all have problems. Many (most?) of them lack a notion of disconnected operation when they cannot reach their central Internet-connected registry. There is often no complete tracking of all files installed, which makes it difficult to completely remove a package later. Some of the language runtimes make it difficult to use packages installed in non-default directory trees, which is one way you might have hoped to work around the difficulty of subsequent removal. These systems also generally conflate the build machine with the target machine (i.e., the host on which the software will run) which tends to mean you’re not just installing a binary package but needing to build the software in-situ every time you install it.

              In practice, I do end up using these tools because there is often no alternative – but they do not bring me joy.

              Operating system package managers (dpkg/apt, rpm/yum, pkg_add/pkgin, IPS, etc) also have their problems. In contrast, though, these package managers tend to at least have some tools to manage the set of files that were installed for a particular package and to remove (or even just verify) them later. They also generally offer some first class way to install a set of a packages from archive files obtained via means other than direct access to a central repository.

              1. 3

                For development I use the “central Internet-connected registry.”, for production I use DEB/RPM packages in a repository:

                • forces you to limit the number of dependencies you use, otherwise too much work to package them all;
                • force you to choose high quality dependencies that are easy to package or already packaged;
                • makes sure every dependency is buildable from source (depending on language);
                • have an “offline” copy of the dependencies, protect against “left-pad” issues;
                • run unit tests of the dependencies during package build, great for QA!;
                • have (PGP) signed packages that uses the distribution’s tools to verify.

                There are probably more benefits that escape me at the moment :)

      2. 1

        That feeling of having to go through ports and simply not having 1st-class support for some software seems… rough for desktop usage though

        What kind of desktop software do you install from these non-OS sources?

        1. 2

          Linux is moving more and more towards Flatpak and Snap for (sandboxed) application distribution.

          1. 2

            I remember screwing around with Flathub on the command line in Fedora 27, but right now on Fedora 28, if you enable Flatpak in the Gnome Software Center thingy, it’s actually pretty seamless - type “Signal” in the application browser, and a Flatpak install link shows up.

            With this sort of UX improvements, I’m optimistic. I feel like Fedora is just going to get easier and easier to use.

      1. 11

        Note that SMT doesn’t necessarily have a posive effect on performance; it highly depends on the workload. In all likelyhood it will actually slow down most workloads if you have a CPU with more than two cores.

        In case you’re wondering, this refers to OpenBSD’s giant-locked kernel. Some parts of this kernel are now unlocked (e.g. network stack) but for some workloads 2 CPUs can be faster than 3 or more due to lock contention.

        1. 1

          Per my understanding, every “physical” CPU can have many cores, and each core can have multiple hardware thread if SMT is supported. So every “hardware thread” is a “logical” CPU. For OpenBSD kernel, does it do special operations according to physical CPU, core and hardware thread? Or just consider “logic” CPU? Thanks!

          1. 2

            As far as I know the SMT threads were simply exposed as additional CPUs to the scheduler.

            1. 1

              @stsp Thanks for your response!

              If I understand correctly, disable SMT means cut half the “logical” CPU, right? For example, if the server has one CPU, 2 cores, and every core has 2 hardware threads, in theory, the server has 4 “logical” CPUs. Assume my workload has 4 thread, and every thread is independent and computing-intensive (mostly user-space computation, not involved kernel part, such as syscall, or accessing network, etc.). Currently the workload can occupy the whole 4 “logical” CPUs. But now, if the count of “logical” CPU is halved, and my workload’s 4 thread need to contend for 2 “logical” CPUs. So in this scenario, the workload’s performance should be downgraded.

              Is it correct? Thanks in advance!

              1. 3

                At least when HT was new, it also meant the caches would be halved unless you disabled HT in bios. So if your threads are doing different things they might suffer from it.

                1. 1

                  As far as I understand, it doesn’t mean that all 4 threads can progress in parallel, it will depend on which unit in the CPU each thread is utilizing.

          1. 5

            I can’t follow this at all the way it’s presented.

            1. 4

              No worries, you are not the only one who is having trouble following it.

              This is not an editorialized piece of writing trying to guide you towards a particular point of view. It just shows unredacted facts. The intent is to allow anyone to be a bystander in the discussion that actually occurred and make up their own minds about related questions if they have an interest in doing so. And it is only happening in public because interpretations of what happened contradicting the facts were circulated in public (most recently at BSDcan).

              There are no easy answers to the questions raised by the full- vs coordinated-disclosure debate in general. If you are involved in the disclosure process of a security problem and fix, whatever you do, one way or another someone else might potentially be put at risk as a consequence of your actions. And not every risk assessment will lead to the same conclusions.

              1. 1

                Near as I can figure, there was a bunch of back-channel communications about the issue in the OpenBSD community until the guy who found the issue contacted CERT because he figured out the issue went way beyond OBSD. The OpenBSD folks apparently don’t trust CERT and decided to push a fix to protect OBSD users possibly at the expense of, well, everyone else because…I don’t know…screw them, I guess.

                You put us in a conundrum. We knew there was a problem and how to fix it. And when you got CERT involved, we had to assume that information about the problem was now leaking beyond your control into government agencies and private companies, and that some of those “in the know” would have had 2 months of extended embargo time to use an exploit against OpenBSD users. I don’t see any reason to trust every single person in those parts of the security community and in these institutions to act responsibly.

              1. 3

                wouldn’t you have to agree to an embargo in order to break it?

                also: How about blaming the people who created the flaw instead of the people trying to fix it?

                1. 8

                  Oh believe me, I would like to blame Damien Bergamini for lots of things :) But that wouldn’t do the overall great results of his work justice.

                  KRACK was a common flaw across many independent WPA implementations. Which was quite surprising. It has been argued that it’s an 802.11 standard flaw because the standard authors didn’t alert anyone that the state machines described in the documents were incomplete and didn’t account for this issue. But of course the standard authors didn’t notice the problem either at the time.

                  1. 7

                    “because the standard authors didn’t alert anyone that the state machines described in the documents were incomplete and didn’t account for this issue.”

                    Another example where formal specification of a standard might have caught a problem. Especially if it involved state machines.

                  2. 2

                    wouldn’t you have to agree to an embargo in order to break it?

                    Yes, but if you don’t agree to it, don’t complain if you aren’t given disclosure.

                    How about blaming the people who created the flaw instead of the people trying to fix it?

                    Because that’s not a mutually exclusive position, and a transparent attempt to create a moral high ground where none exists. You can blame both the people who created the flaw and the people who trying to fix it if they act in bad faith.

                    1. 4

                      Yes, but if you don’t agree to it, don’t complain if you aren’t given disclosure.

                      It’s rather hard to agree to an embargo if you’re not notified of it or offered a chance to agree.

                      1. 0

                        Since the OBSD folks are talking about the embargo and their participation (or not) in it in all of the emails cited, I assume you’re speaking of the general case and not this specific one. I agree that, in the general case, if you aren’t notified it’s hard to agree to an embargo. That’s not the case here, of course.

                        1. 8

                          The OBSD people were talking about how they heard rumors of an embargo, and could not get a response from anyone relevant. They were absolutely clear that if they had been able to agree to the embargo, they would have. They were not offered the option.

                          The best they got was “You didn’t get a response because you asked the wrong people”. When asked who the right people were – crickets.

                  1. 6

                    This news caused the public release for XSA-267 / CVE-2018-3665 (Speculative register leakage from lazy FPU context switching) to be moved to today.

                    1. 16

                      These embargoed and NDA’d vulnerabilities need to die. The system is broken.

                      edit: Looks like cperciva of FreeBSD wrote a working exploit and then emailed Intel and demanded they end embargo ASAP https://twitter.com/cperciva/status/1007010583244230656?s=21

                      1. 8

                        Prgmr.com is on the pre-disclosure list for Xen. When a vulnerability is discovered, and the discoverer uses the responsible disclosure process, and the process works, we’re given time to patch our hosts before the vulnerability is disclosed to the public. On balance I believe participating in the responsible disclosure process is better for my customers.

                        Pre-disclosure gives us time to build new packages, run through our testing process, and let our users know we’ll be performing maintenance. Last year we found a showstopping bug during a pre-disclosure period: it takes time and effort to verify a patch can go to production. With full disclosure, we would have the do so reactively, with significantly more time pressure. That would lead to more mistakes and lower quality fixes.

                        1. 2

                          This is a bad response to the issue. The bad guys probably already have knowledge of it and can use it. A few players deemed important should not get advanced notification.

                          1. 15

                            Prgmr.com qualifies for being on the Xen pre-disclosure list by a) being a vendor of a Xen-based system b) willing and able to maintain confidentiality and c) asking. We’re one of 6 dozen organizations on that list–the criteria for membership is technical and needs-based.

                            If you discover a vulnerability you are not obligated to use responsible disclosure. If you run Xen you are not obligated to participate in the pre-disclosure list. The process consists of voluntary coordination to discover, report, and resolve security issues. It is for the people and organizations with a shared goal: removing security defects from computer systems.

                            By maintaining confidentiality we are given the ability, and usually the means to have security issues resolved before they are announced. Our customers benefit via reduced exposure to these bugs. The act of keeping information temporarily confidential provides that reduced exposure.

                            You have described a voluntary process with articulable benefits as “needing to die,” along with my response being “bad.” As far as I can tell from your comments you claim “the system is broken” because some people “should not get advanced notice.” I’ve described what I do with that knowledge, and why it benefits my users. I’m thankful the security community tells me when my users are vulnerable and works with me to make them safer.

                            Can you improve this process for us? Have I misunderstood you?

                            1. 11

                              Some bad guys might already have knowledge of it. Once it’s been disclosed, many bad guys definitely have knowledge of it, and they can deploy exploits far, far faster than maintainers, administrators and users can deploy fixes.

                              1. 8

                                You’re treating “the bad guys” like they’re all one thing. In actuality, there’s a string of bad guys from people who will use a free, attack tool to people who will pay a few grand for one to people who can customize a kit if it’s just a sploit to people who can build a sploit from a description to rare people who had it already. There’s also a range in intent of attackers from DOS to data integrity to leaking secrets. The folks who had it already often just leak secrets in stealthy way instead of do actual damage. The also use the secrets in a limited way compared to average, black hat. They’re always weighing use vs detection of their access.

                                The process probably shuts down quite a range of attackers even if it makes no difference for the best ones who act the sneakiest.

                                1. 4

                                  The process probably shuts down quite a range of attackers even if it makes no difference for the best ones who act the sneakiest.

                                  I believe the process is so effective at shutting down “quite a range of attackers” that it works despite: a) accidental leaks [need for improvement of process] b) intentional leaks [abuse] c) black hats on the pre-disclosure list reverse engineering an exploit from a patch. [fraud] In aggregate, the benefit from following the process exceeds the gain a black hat would have from subverting it.

                            2. 9

                              Well, it’s complicated. (Disclosure: we were under the embargo.)

                              When a microprocessor has a vulnerability of this nature, those who write operating systems (or worse, provide them to others!) need time to implement and test a fix. I think Intel was actually doing an admirable job, honestly – and we were fighting for them to broaden their disclosure to other operating systems that didn’t have clear corporate or foundation backing (e.g., OpenBSD, Dragonfly, NetBSD, etc). That discussion was ongoing when OpenBSD caught wind of this – presumably because someone who was embargoed felt that OpenBSD deserved to know – and then fixed it in the worst possible way. (Namely, by snarkily indicating that it was to address a CPU vulnerability.) This was then compounded by Theo’s caustic presentation at BSDCan, which was honestly irresponsible: he clearly didn’t pull eager FPU out of thin air (“post-Spectre rumors”), and should have considered himself part of the embargo in spirit if not in letter.

                              For myself, I will continue to advocate that Intel broaden their disclosure to include more operating systems – but if those endeavoring to write those systems refuse to honor the necessary secrecy that responsible disclosure demands (and yes, this means “embargoed and NDA’d vulnerabilities”), they will make such inclusion impossible.

                              1. 18

                                We could also argue Theo’s talk was helpful in that the CVE was finally made public.

                                Colin Percival tweeted in his thread overview about the vulnerability that he learned enough from Theo’s talk to write an exploit in 5 hours.

                                If Theo and and the OpenBSD developers pieced enough together from rumors to make a presentation that Colin could turn into an exploit in hours, how long have others (i.e., bad guys) who also heard rumors had working exploits?

                                Theo alone knows whether he picked-up eager FPU from developers under NDA. Even if he did, there’s zero possibility outside of the law he lives under (or contracts he might’ve signed) that he’s part of the embargo. As to the “spirit” of the embargo, his decision to discuss what he knew might hurt him or OpenBSD in the future. That was his call to make. He made it.

                                Lastly, I was at Theo’s talk. Caustic is not how I would describe it, nor would I categorize it as irresponsible. Theo was frustrated that OpenBSD developers who had contributed meaningfully to Spectre and Meltdown mitigation had been excluded. He vented some of that frustration in the talk. I’ve heard more (and harsher) venting about Linux in a 30 minute podcast than all the venting in Theo’s talk.

                                On the whole Theo’s talk was interesting and informative, with a sideshow of drama. And it may have been what was needed to get the vulnerability disclosed and more systems patched.


                                Disclosure: I’m an OpenBSD user, occasional port submitter, BSDCan speaker and workshop tutor, FreeNAS user and recommender, and have enjoyed many podcasts, some of which may have included venting.

                                1. 4

                                  If Theo and and the OpenBSD developers pieced enough together from rumors to make a presentation that Colin could turn into an exploit in hours, how long have others (i.e., bad guys) who also heard rumors had working exploits?

                                  It was clear to me the day Spectre / Meltdown were disclosed that there would be future additional vulnerabilities of the same class based on that discovery. I think there is circumstantial evidence suggesting the discovery was productive for the people who knew about it in the second half of 2017 before it was publicly disclosed. One can safely assume black hats have had the ability to find and use novel variations in this class of vulnerability for at least six months.

                                  If Theo did pick up eager FPU from a developer under embargo that demonstrates just how costly it is to break embargo. Five hours, third hand.

                                  1. 4

                                    If Theo did pick up eager FPU from a developer under embargo that demonstrates just how costly it is to break embargo. Five hours, third hand.

                                    I have absolutely no idea what point you’re trying to make. Certainly, everyone under the embargo knew that this would be easy to exploit; in that regard, Theo showed people what they already knew. The only new information here is that Theo is every bit as irresponsible as his detractors have claimed – and those detractors would (of course) point out that that information is not new at all…

                                    1. 1

                                      With respect, how is Theo irresponsible for reducing the time the users of his OS are vulnerable?

                                      Like, the embargo thing sounds a lot to the ill-informed like some kind of super-secret clubhouse.

                                  2. 4

                                    Theo definitely wasn’t part of the embargo, but it’s also unquestionable that Theo was relying on information that came (ultimately) from someone who was under the embargo. OpenBSD either obtained that information via espionage or via someone trying to help OpenBSD out; either way, what Theo did was emphatically irresponsible. Of course, it was ultimately his call – but he is not the only user of OpenBSD, and is unfortunate that he has effectively elected to isolate the community to serve his own narcissism.

                                    As for the conjecture that Theo served any helpful role here: sorry, that’s false. (Again, I was under the embargo.) The CVE was absolutely going public; all Theo did was marginally accelerate the timeline, which in turn has resulted in systems not being as prepared as they otherwise could be. At the same time, his irresponsible behavior has made it much more difficult for those of us who were advocating for broader inclusion – and unfortunately it will be the OpenBSD community that suffers the ramifications of any future limited disclosure.

                                    1. 6

                                      Espionage? You’re suggesting one of:

                                      1. Someone stole the exploit information, leaked it to the OpenBSD team, a team known for proactively securing their code, on the off-chance Theo would then further leak it (likely with mitigation code), causing the embargoed details to be released sooner than expected,

                                      2. OpenBSD developers stole the exploit information, then leaked it (while committing mitigation code), causing the embargoed details to be released sooner than expected.

                                      The first doesn’t seem plausible. The second isn’t worthy of you or any of the developers on the OpenBSD team.

                                      I’m sure you’ve read Colin’s thread. He contacted folks under embargo after he wrote his exploit code based on Theo’s presentation. The release timeline moved forward. OSs that had no knowledge of the vulnerability now have patches in place. Perhaps those users view “helpful” in a different light.


                                      Edit: Still boggling over the espionage comment. Had to flesh that out more.

                                      1. 8

                                        Theo has replied:

                                        In some forums, Bryan Cantrill is crafting a fiction.

                                        He is saying the FPU problem (and other problems) were received as a leak.

                                        He is not being truthful, inventing a storyline, and has not asked me for the facts.

                                        This was discovered by guessing Intel made a mistake.

                                        We are doing the best for OpenBSD. Our commit is best effort for our user community when Intel didn’t reply to mails asking for us to be included. But we were not included, there was no reply. End of story. That leaves us to figure things out ourselves.

                                        Bryan is just upset we guessed right. It is called science.

                                        He’s also offered to discuss the details with Bryan by phone.

                                        1. 4

                                          Intel still has 7 more mistakes in the Embargo Execution Pipeline™️ according to a report^Wspeculation by Heise on May 3rd.

                                          https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

                                          Let the games begin! 🍿

                                          1. 1

                                            What’s (far) more likely: that Theo coincidentally guessed now, or that he received a hint from someone else? Add Theo’s history, and his case is even weaker.

                                            1. 13

                                              While everyone is talking about Theo, the smart guys figuring this stuff out are Philip Guenther and Mike Larkin. Meet them over beer and discuss topics like ACPI, VMM, and Meltdown with them and you won’t doubt anymore that they can figure this stuff out.

                                              1. 6

                                                In another reply you claim your approach is applied Bayesian reasoning, so let’s go with that.

                                                Which is more likely:

                                                1. A group of people skilled in the art, who read the relevant literature, have contributed meaningful patches to their own OS kernel and helped others with theirs, knowing that others besides themselves suspected there were other similar issues, took all that skill, experience and knowledge, and found the issue,

                                                or

                                                1. Theo lied.

                                                Show me the observed distribution you based your assessment on. Show me all the times Theo lied about how he came to know something.

                                                Absent meaningful data, I’ll go with team of smart people knowing their business.

                                                1. 4

                                                  Absent meaningful data

                                                  Your “meaningful data” is 11 minutes and 5 seconds into Theo’s BSDCan talk: “We heard a rumor that this is broken.” That is not guessing and that is not science – that is (somehow) coming into undisclosed information, putting some reasonable inferences around it and then irresponsibly sharing those inferences. But at the root is the undisclosed information. And to be clear, I am not accusing Theo of lying; I am accusing him of acting irresponsibly with respect to the information that came into his possession.

                                                  1. 3

                                                    Here is at least one developer’s comment on the matter. He points to the heise.de article about Spectre-NG as an example of the rumors that were floating around. That article is a long way from “lazy FPU is broken”.

                                                    Theo has offered to discuss your concerns, what you think you know, what he knew, when and how. He’s made a good-faith effort to get his cellphone number to you. If you don’t have it, ask.

                                                    If you do have his number, call him. Ask him what he meant by “We heard a rumor that this is broken.” Ask him what rumor they heard. Ask him whether he was referring to the Spectre-NG article.

                                                    Seriously, how hard does this have to be? You engaged productively with me when I called you out. You’ve called Theo out. Talk to him.

                                                    And yes, I get it. Your chief criticism at this point is responsible disclosure. But as witnessed by the broader discussion in the security community, there’s no single agreed-upon solution.

                                                    While you’ve got Theo on the phone you can discuss responsible disclosure. Frankly, I suggest beer for that part of the discussion.


                                                    Edit: Clarify that Florian wasn’t saying he knew heise.de were the source.

                                                  2. 0

                                                    Reread the second sentence in my reply you linked.

                                                  3. 2

                                                    This is plain libel, pure and simple.

                                                    1. -2

                                                      It is Bayesian reasoning, pure and simple.

                                                      That said, this is a tempest in a teacup, so call it whatever you want; I’m gonna go floss my cat.

                                                2. 6

                                                  Sorry – I’m not accusing anyone of espionage; apologies if I came across that way.

                                                  What I am saying is that however Theo obtained information – and indeed, even if that information didn’t originate with the leak but rather by “guessing” as he is now apparently claiming – how he handled it was not responsible. And I am also saying that Theo’s irresponsibility has made the job of including OpenBSD more difficult.

                                                  1. 9

                                                    The spectre paper made it abundantly clear that addtional side channels will be found in the speculative execution design.

                                                    This FPU problem is just one additonal bug of this kind. What I’d like to learn from you is:

                                                    1. What was the original planned public disclosure date before it was moved ahead to today?

                                                    2. Do you really expect that a process with long embargo windows has a chance of working for future spectre-style bugs when a lot of research is now happening in parallel on this class of bugs?

                                                    1. 5
                                                      1. The original date for CVE-2018-3665 was July 10th. After the OpenBSD commit, there was preparation for an earlier disclosure. After Theo’s talk and after Colin developed his POC, the date was moved in from July 10th to June 26th, with preparations being made to go much earlier as needed. After the media attention today, the determination was made that the embargo was having little effect and that there was no point in further delay.

                                                      2. Yes, I expect that long embargo windows can work with Spectre-style bugs. Researchers have been responsible and very accommodating of the acute challenges of multi-party disclosure when those parties include potentially hypervisors, operating systems and higher-level runtimes.

                                                      1. 10

                                                        Thanks for disclosing the date. I must say I am happy that my systems are already patched now, rather than in one month from now.

                                                        I’ll add that some new patches with the goal of mitigating spectre-class bugs are being developed in public without any coordinated disclosure:

                                                        http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/9474cbef7fcb61cd268019694d94db6a75af7dbe

                                                        https://patchwork.kernel.org/patch/10202865/

                                                    2. 5

                                                      Thanks for the clarification.

                                                      I don’t think early disclosure is always irresponsible (the details of what and when matter). Others think it’s never irresponsible; and some that it’s always irresponsible. Good arguments can be made for each position that reasonable people can disagree about and debate.

                                                      One thing I hope we can all agree on is that we need clear rules for how embargoes work (probably by industry). We need clear, public criteria covering who, what, when and how long. And how to get in the program, ideally with little or no cost.

                                                      It’s a given that large companies like Microsoft will be involved. Open-source representatives should have a seat at the table as well. But “open source” can’t just mean Red Hat and a few large foundations. OSs like OpenBSD have a presence in the ecosystem. We can’t just write the rules with a “You must be this high to ride” sign at the door.

                                                      And yeah, Theo’s talk might make this more difficult going forward. Hopefully both sides will use this event as an opportunity to open a dialog and discuss working together.

                                                      1. 6

                                                        Right, I completely agree: I’m the person that’s been advocating for that. I was furious with Intel over Spectre/Meltdown (despite our significant exposure, we learned about it when everyone else did), and I was very grateful for the work that OpenBSD and illumos did together to implement KPTI. This time around, I was working from inside the embargo to get OpenBSD included. We hadn’t been able to get to where we needed to get, but I also felt that progress was being made – and I remained optimistic that we could get OpenBSD disclosure under embargo.

                                                        All of this is why I’m so frustrated: the way Theo has done this has made it much more difficult to advocate this position – it has strengthened the argument of those who believe that OpenBSD should not be included because they cannot be trusted. And that, in my opinion, is a shame.

                                                        1. 11

                                                          Look at it from OpenBSD’s perspective though. They (apparently) tried emailing Intel to find out more, and were told “no”. What were they supposed to do? Just wait on the hope that someone, somewhere, was lobbying on their behalf to be included, with no knowledge of that lobbying?

                                        1. 2

                                          Slide 15 mentions that deraadt@ signs the patch file. This made me wonder: What happens if he unexpectedly falls critically ill or dies? For at least one OpenBSD release cycle, there might just be no way to sign anything.

                                            1. 3

                                              You should’ve checked before posting this very example - it has been fixed a month ago :^)

                                              1. 4

                                                Thanks, that’s great news! I don’t currently have access to an OpenBSD system, to be honest. Still, that means two and a half years to comply with POSIX over a one-character fix, so again I feel compliance is not always a priority.

                                                1. 6

                                                  It is not always a priority. Why should posix compliance take precedence over everything else? Each such question is generally being dealt with on a case-by-case basis.

                                                  Implementing whatever posix comes up with is not a stated goal of the OpenBSD project.

                                                  And adding whatever OpenBSD invents is obviously not a stated goal of posix either. As one example, see arc4random(3).

                                                  1. 9

                                                    Implementing whatever posix comes up with is not a stated goal of the OpenBSD project.

                                                    goals.html gets confusingly close to stating just that though:

                                                    Track and implement standards (ANSI, POSIX, parts of X/Open, etc.)

                                                    http://www.openbsd.org/goals.html

                                                    1. 4

                                                      Yes, posix compliance is a goal. But that does not mean it’s at the highest priority of all the things the project does.

                                                      1. 2

                                                        We all agree it’s not the highest priority, and probably OpenBSD would not be what it is if it were. Thanks for contributing to such a fine project.

                                            1. 4

                                              membar_producer() → Force visibility of all of the above changes.

                                              I believe this has to do with caching and ensures the new values will be up-to-date even when read from main memory by some consumer of this data, e.g. by the scheduler which could be running on another CPU. (I haven’t checked the code though so this is just a guess and might not reflect the actual semantics 100%.)

                                              Nice article!

                                              1. 2

                                                Yeah, I don’t know much about membar barrier operations but like I have read some blogs and some pieces of information that I found on google that it is something which is related to ordering-reordering of LOAD-STORE operations between on multiprocessor systems (in SMP). “The techniques for making memory visible from a processor core are known as memory barriers or fences. They make program state visible to other CPUs so they can act upon it.” – (From some blog that I have read)

                                                Thank you for your update on memory barrier I will update the same on the blog.

                                                Thanks for your feedback on the article. This keeps me motivated for going further to learn more and share my learnings.

                                              1. 3

                                                For a good laugh, look here at this PR.

                                                1. 18

                                                  It’s both easier and more polite to ignore someone you think is being weird in a harmless way. Pointing and laughing at a person/community is the start of brigading. Lobsters isn’t big enough to be competent at this kind of evil, but it’s still a bad thing to try.

                                                  1. 6

                                                    https://github.com/tootsuite/mastodon/pull/7391#issuecomment-389261480

                                                    What other project has its lead calmly explaining the difference between horse_ebooks and actual horses to clarify a pull request?

                                                    1. 3

                                                      And yet, he manages to offend someone.

                                                      1. 4

                                                        Can someone explain the controversy here? I legitimately do not understand. Is the individual claiming to be a computer and a person? Or do they just believe that someday some people will be computers and desire to future-proof the messages (as it alluded to in another comment)?

                                                        1. 7

                                                          This person is claiming they think of themselves as a robot, and is insulted at the insinuation that robots are not people.

                                                          Posts like this remind me of just how strange things can get when you connect most of the people on the planet.

                                                          1. 6

                                                            So, I tried contacting the author:

                                                            http://mynameiser.in/post/174391127526/hi-my-name-is-jordi-im-also

                                                            Looks like she believes she’s a robot in the transhumanist sense. I thought transhumanists thought they would be robots some day, not that they already are robots now.

                                                            I tried reading through her toots as she suggested, but it was making me feel unhappy, because she herself seems very unhappy. She seems to be going through personal stuff like breaking up from a bad relationship or something.

                                                            I still don’t understand what is going on and what exactly does she mean by saying she’s a robot. Whatever the reason, though, mocking her is counterproductive and all around a dick thing to do. Her request in the PR was denied, which I think is reasonable. So “no” was said to something, contrary to what zpojqwfejwfhiunz said elsewhere.

                                                            1. 6

                                                              As someone who’s loosely in touch with some of the transhumanist scene, her answer makes no sense and was honestly kind of flippant and rude to you.

                                                              That said, it sounds like she’s been dealing with a lot of abuse lately from the fact that this Github thread went viral. I’m not surprised, because there are certain people who will jump on any opportunity to mock someone like her in an attempt to score points with people who share their politics. In this case she’s being used as a proxy to discredit the social justice movement, because that’s what she uses to justify her identity.

                                                              Abuse is never okay and cases like this require some pretty heavy moderation so that they don’t spiral out of control. But they also require a pretty firm hand so that you don’t end up getting pulled into every crazy ideascape that the internet comes up with. If I was the moderator of this GitHub thread, I would have told her, “Whatever it is you’re trying to express when you say ‘I am a robot,’ the Mastodon [BOT] flag is not the right way to do it.” End of discussion, and if anyone comes around to try to harass her, use the moderator powers liberally so as not to veer off-topic.

                                                              Then you could get into the actual meat of the discussion at hand, which was things like “If I have a bot that reposts my Twitter onto Mastodon, could that really be said to ‘not represent a person’? Maybe another wording would be better.”

                                                              In the end she’s just a girl who likes to say she’s a robot on the internet. If that bugs you or confuses you, the nicest thing you can do is just take it like that and just ignore her.

                                                              1. 8

                                                                I don’t think she was rude to me. She’s just busy with other things and has no obligation to respond to every rando who asks her stuff. I’m thankful she answered me at all. It’s a bit of effort, however slight, to formulate a response for anyone.

                                                                1. 3

                                                                  I mean, I can kind of see where you’re coming from, but I’d still argue that starting with “You should develop your software in accordance to my unusual worldview”, followed by flippantly refusing to actually explain that worldview when politely asked, is at least not nice.

                                                                  Regardless, that might justify a firm hand, but not harassment, because nothing justifies harassment.

                                                                  1. 2

                                                                    I see this point of view too. But I’m also just some rando on the internet. She doesn’t owe me anything, If someone needed to hear her reasons, that would have been the Mastodon devs. They handled it in a different way, and I think they handled it well, overall.

                                                                    1. 1

                                                                      I’m inclined to agree on that last point, though it’s hard to say for sure given all the deleted comments.

                                                                      And I do hope she can work through whatever she’s going through.

                                                              2. 4

                                                                I don’t know, personally, anyone who identifies as a robot, but I do know a bunch of people who identify as cyborgs. Some of it’s transhumanist stuff – embedding sensors under the skin, that sort of thing. But much of it is reframing of stuff we don’t think of that way: artificial limbs, pacemakers, etc, but also reliance on smartphones, google glass or similar, and other devices.

                                                                From that standpoint, robot doesn’t seem a stretch at all.

                                                                That said, I agree that the feature wasn’t intended to be (and shouldn’t be) a badge. But someone did submit a PR to make the wording more neutral and inclusive, and that was accepted (#7507), and I think that’s a positive thing.

                                                                1. 2

                                                                  Actually, that rewording even seems clearer to me regardless of whether someone calls themself a robot or not. “Not a person” sounds a bit ambiguous; because you can totally mechanically turk any bot account at any time, or the account could be a mirror of a real person’s tweets or something.

                                                                2. 1

                                                                  That’s unfortunate. It’s always difficult to deal with these things. I, too, understood transhumanism to be more of a future thing, but apparently at least some people interpret it differently. Thanks for following up where I was too lazy!

                                                                3. -6

                                                                  American ‘snowflake’ phenomenon. The offendee believes that the rest of the world must fully and immediately capitulate to whatever pronoun they decided to apply to themselves that week, and anything other than complete and unquestioning deference is blatant whatever-ism.

                                                                  1. 16

                                                                    Person in question is Brazilian, but don’t let easily checked facts get in the way of your narrative.

                                                                    1. -5

                                                                      Thanks for the clarification. Ugh, the phenomenon is spreading. I hope it’s not contagious. Should we shut down Madagascar? :-D

                                                                      1. 3

                                                                        TBH I think it’s just what happens when you connect a lot of people who speak your language to the internet, and the USA had more people connected than elsewhere.

                                                                        1. 0

                                                                          It definitely takes a lot of people to make a world. To paraphrase Garcia, “what a long strange trip it will be”.

                                                                    2. 3

                                                                      She says “she” is a fine pronoun for her.

                                                                4. 1

                                                                  It’s wonderful. :)

                                                                5. 3

                                                                  What is happening there? I can’t tell if this is satire or reality

                                                                  1. 2

                                                                    That’s pretty common with Mastodon; there’s an acrid effluence that tinges the air for hours after it leaves the room. That smell’s name? Never saying no to anyone.

                                                                    1. 12

                                                                      Seems “never saying no to anyone” has also been happening to lobster’s invite system :(

                                                                      People here on lobsters used to post links to content they endorse and learn something from and want to share in a positive way. Whatever your motivation was to submit this story, it apparently wasn’t that…

                                                                      1. 4

                                                                        The person who shared the “good laugh” has been here twice as long as you have.

                                                                        1. 1

                                                                          I’m absolutely not saying you’re wrong, but I’m pretty confident there’s something to be learned here. I may not necessarily know what the lesson is yet, but this is not the first or the last situation of this kind to present itself in software development writ large.

                                                                  1. 4

                                                                    Neat. Thanks for running this service!

                                                                    Could you announce new #bsdjobs on mastodon as well as twitter? (e.g via https://bsd.network)

                                                                      1. 1

                                                                        Sure. Will do soon. :)

                                                                      1. 5

                                                                        As exciting as this is, I’m wary about dependency in GNU tools, even though I understand providing an opembsd-culture-friendly implementation would require extra work and could be a nightmare maintainance, with two different codebases for shell scripts, but perhaps gmake could be replaced with something portable.

                                                                        1. 12

                                                                          This version of Wireguard was written in go, which means it can run on exactly 2 (amd64, i386) of the 13 platforms supported by OpenBSD.

                                                                          The original Wireguard implementation written in C is a Linux kernel module.

                                                                          A dependency on gmake is the least of all portability worries in this situation.

                                                                          1. 18

                                                                            While it’s unfortunate that Go on OpenBSD only supports 386 and amd64, Go does support more architectures that are also supported by OpenBSD, specifically arm64 (I wrote the port), arm, mips, power, mips. I have also implemented Go support for sparc64, but for various reasons this wasn’t integrated upstream.

                                                                            Go also supports power, and it used to run on the power machines supported by OpenBSD, but sadly now it only runs on more modern power machines, which I believe are not supported by OpenBSD. However, it would be easy to revert the changes that require more modern power machines. There’s nothing fundamental about them, just that the IBM maintainer refused to support such old machines.

                                                                            Since Go support both OpenBSD and the architectures mentioned, adding support in Go for OpenBSD+$GOARCH is about a few hours of work, so if there is interest there would not be any problem implementing this.

                                                                            I can help and offer advice if anyone is willing to do the work.

                                                                            1. 3

                                                                              Thanks for your response! I didn’t know that go supports so many platforms.

                                                                              Go support for sparc64, but for various reasons this wasn’t integrated

                                                                              Let me guess: Nobody wanted to pay the steep electricity bill required to keep a beefy sparc64 machine running?

                                                                              1. 23

                                                                                No, that wasn’t the problem. The problem was that my contract with Oracle (who paid me for the port) had simply run out of time before we had a chance to integrate.

                                                                                Development took longer then expected (because SPARC is like that). In fact it took about three times longer than developing the arm64 port. The lower level bits of the Go implementation have been under a constant churn which prevented us from merging the port because we were never quite synced up with upstream. We were playing a whack’a’mole game with upstream. As soon as we merged the latest changes, upstream had diverged again. In the end my contract with Oracle had finished before we were able to merge.

                                                                                This could all have been preventable if Google had let us have a dev.sparc64 branch, but because Google is Google, only Google is allowed to have upstream branches. All other development must happen at tip (impossible for big projects like this, also disallowed by internal Go rules), or in forks that then have to keep up.

                                                                                The Go team uses automated refactoring tools, or sometimes even basic scripts to do large scale refactoring. As we didn’t have access to any of these tools, we had to do the equivalent changes on our side manually, which took a lot of time and effort. If we had an upstream branch, whoever did these refactorings could have simply used the same tools on our code and we would have been good.

                                                                                I estimate we spent more effort trying to keep up with upstream than actually developing the sparc support.

                                                                                As for paying for electricity, Oracle donated one of the first production SPARC S7-2 machines (serial number less than 100) to the Go project. Google refused to pay for hosting this machine (that’s why it’s still sitting next to me as I type this).

                                                                                In my opinion after being involved with Go since the day of the public release, I’d say the Go team at Google is unfortunately very unsympathetic to large scale work done by non-Google people. Not actively hostile. They thanked me for the arm64 port, and I’m sure they are happy somebody did that work, but indirectly hostile in the sense that the way the Go team operates is not compatible with large scale outside contributions.

                                                                                1. 1

                                                                                  Having to manually follow automated tools has to suck. I’d be overwhelmed by the tedium or get side-tracked trying to develop my own or something. Has anyone attempted a Go-to-C compiler developed to attempt to side-step all these problems? I originally thought something like that would be useful just to accelerate all the networking stuff being done in Go.

                                                                                  1. 2

                                                                                    There is gccgo, which is a frontend for gcc. Not quite a transpiler but it does support more architectures than the official compiler.

                                                                                    1. 1

                                                                                      Yeah, that sounds good. It might have a chance of performing better, too. The thing working against that is the Go compiler is designed for optimizing that language with the gccgo just being coopted. Might be interesting to see if any of the servers or whatever perform better with gccgo. I’d lean toward LLVM, though, given it seems more optimization research goes into it.

                                                                                    2. 2

                                                                                      The Go team wrote such a (limited) transpiler to convert the Go compiler itself from C to Go.

                                                                                      edit: sorry, I misread your comment - you asked for Go 2 C, not the other way around.

                                                                                      1. 1

                                                                                        Hey, that’s really cool, too! Things like that might be a solution to security of legacy code whose language isn’t that important.

                                                                                  2. 1

                                                                                    But these people are probably more than comfortable with cryptocurrency mining 🙃

                                                                                  3. 3

                                                                                    Go also supports power, and it used to run on the power machines supported by OpenBSD, but sadly now it only runs on more modern power machines, which I believe are not supported by OpenBSD. However, it would be easy to revert the changes that require more modern power machines. There’s nothing fundamental about them, just that the IBM maintainer refused to support such old machines.

                                                                                    The really stupid part is that Go since 1.9 requires POWER8…. even on big endian systems, which is very pointless because most running big endian PPC is doing it on pre-POWER8 systems (there’s still a lot!) or a big endian only OS. (AIX and OS/400) You tell upstream, but they just shrug at you.

                                                                                    1. 3

                                                                                      I fought against that change, but lost.

                                                                                    2. 2

                                                                                      However, it would be easy to revert the changes that require more modern power machines.

                                                                                      Do you have a link to a revision number or source tree which has the code to revert? I still use a macppc (32 bit) that I’d love to use Go on.

                                                                                      1. 3

                                                                                        See issue #19074. Apparently someone from Debian already maintains a POWER5 branch.

                                                                                        Unfortunately that won’t help you though. Sorry for speaking too soon. We only ever supported 64 bit power. If macppc is a 32-bit port, this won’t work for you, sorry.

                                                                                        1. 3

                                                                                          OpenBSD/macppc is indeed 32-bit.

                                                                                          I kinda wonder if say, an OpenBSD/power port is feasible; fast-ish POWER6 hardware is getting cheap (like 200$) used and not hard to find. (and again, all pre-P8 POWER HW in 64-bit mode is big endian only) It all depends on developer interest…

                                                                                          1. 3

                                                                                            Not to mention that one Talos board was closer to two grand than eight or ten. Someone could even sponsor the OpenBSD port by buying some dev’s the base model.

                                                                                            1. 3

                                                                                              Yeah, thankfully you can still run ppc64be stuff on >=P8 :)

                                                                                    3. 2

                                                                                      This version of Wireguard was written in go, which means it can run on exactly 2 (amd64, i386)

                                                                                      That and syspatch make me regret of buying EdgeRouter Lite instead of saving up for an apu2.

                                                                                    4. 2

                                                                                      I’m a bit off with the dependency of bash on all platforms. Can’t this be achieved with a more portable script instead (POSIX-sh)?

                                                                                      1. 3

                                                                                        You don’t have to use wg-quick(8) – the thing that uses bash. You can instead set things up manually (which is really easy; wireguard is very simple after all), and just use wg(8) which only depends on libc.

                                                                                        1. 2

                                                                                          I think the same as you, I’m sure it is possibe to achieve same results using portable scripts. I’m aware of the conviniences bash offers, but it is big, slow, and prompt to bugs.

                                                                                      1. 1

                                                                                        Can I ask a potentially ignorant question? Why would someone who’s not already using Subversion choose to run it at this point? What are some of its advantages over Git or Fossil or Mercurial?

                                                                                        1. 6

                                                                                          For software version control? Probably very little (especially as you included mercurial in the alternatives)

                                                                                          I think however, that SVN could be the basis of quite a good self-hostable blob/file storage system. WebDAV is a defined standard and accessible over HTTP and you get (auto-)versioning of assets for ‘free’.

                                                                                          1. 1

                                                                                            Why would Mercurial in particular stand out on this list? Are you extrapolating from your own experience? I don’t think there are complete and reliable global usage statistic about any of these systems, are there?

                                                                                            1. 2

                                                                                              On top of what stephenr says, Mercurial has an increasingly solid story for large assets from things like remotefilelog and other similar work from Facebook. That means I’d feel comfy using it for e.g. game asset tracking, at least to a point. Git is getting there too (specifically the work from Microsoft), but it’s a bit less mature at the moment.

                                                                                              1. 0

                                                                                                Git is not the easiest thing in the world to learn/use.

                                                                                                If you just day “why use svn when git exists” it’s easy: because svn is easier to learn and understand.

                                                                                                Mercurial muddies that because you get the benefits of dvcs with usability that’s pretty close to svn.

                                                                                                I’ve worked in the last few years with entire teams that used no vcs.

                                                                                                1. 1

                                                                                                  Yeah, very much agreed that hg hits a rather nice middle ground. Their UI design is great.

                                                                                                  Still, I don’t think we could infer anything from this about the actual number of users across the various vcs. Not sure though if I simply misunderstood what you meant.

                                                                                                  1. 1

                                                                                                    Oh I’m not at all claiming to have stats on actual usage.

                                                                                                    It was a hypothetical: if hg wasn’t an option, some developers will be more productive with svn than git.

                                                                                                  2. 1

                                                                                                    why use svn when git exists

                                                                                                    I think this sums it up well: https://sqlite.org/whynotgit.html

                                                                                                    Not about subversion in particular though, just a bash at git.

                                                                                                2. 1

                                                                                                  Are you referring to mod_dav_svn? The last time I tried it it was pretty unreliable. It often truncated files silently. That’s probably not Subversion’s fault. Apache HTTPd’s WebDAV support doesn’t seem to be in a great state.

                                                                                                  1. 1

                                                                                                    That’s the only subversion http server that I’m aware of.

                                                                                                    I suspect that post is about mod_dav - WebDAV into a regular file system directory.

                                                                                                    Mod_dav_svn provides WebDAV + Svn into a repo backend.

                                                                                                3. 4

                                                                                                  I know some game studios still run subversion, because of large art assets along side code, and the ability to check out specific subdirectories.

                                                                                                  1. 3

                                                                                                    SVN is still heavily used by companies that are not pure software dev shops yet still produce their own software, e.g. in the financial sector and manufacturing industry.

                                                                                                    I don’t think many people on lobsters still encounter SVN at their place of work, but that is due to lobster’s demographic rather than everyone on the planet migrating away from SVN. That is not the case. (Some people still use tools like ClearCase at work!)

                                                                                                    1. 2

                                                                                                      For something closer to my heart, LLVM’s official repository is still SVN.

                                                                                                  1. 17

                                                                                                    As phk so eloquently put it: Git Is Not Revision Control. His full take posted here:

                                                                                                    https://blog.feld.me/posts/2018/01/git-is-not-revision-control/

                                                                                                    1. 3

                                                                                                      Git is a tool which allows people and projects to manage, modify, fork and merge the many different views, instances, variations and modifications of a work in progress across barriers of distrust.

                                                                                                      The crucial word there was “many different”, which is the exact opposite of what a VCS strives for.

                                                                                                      Uh. Yeah, all DVCSes allow users to have their own view of the repo, that’s the point. In the DVCS world, the official remote’s admin is responsible for maintaining the definitive timeline, that is, not allowing force pushes. I don’t see how that’s any different from an SVN admin not allowing anyone to manually overwrite SVN files on the server to screw up the history!

                                                                                                      you just have to augment it with an out-of-band definition of which tree is the ‘definitive’, and settle who gets to define what ‘a version’ means.

                                                                                                      neither SVN nor Git will ever be able to do both [collaboration and version control], because the requirements are fundamentally different and in conflict with each other

                                                                                                      What exactly is the conflict? You “out-of-band” “define” the official git remote’s history as “definitive” (i.e. state an incredibly obvious fact), boom, done, no conflict, it’s a perfectly adequate revision control system.

                                                                                                      1. 4

                                                                                                        One of my biggest gripes with Git is that it doesn’t track renames. Linus doesn’t think they matter. Much of the world disagrees, but here’s his take on it:

                                                                                                        –follow is a total hack, meant to just satisfy ex-SVN users who never knew anything about things like parenthood or nice revision graphs anyway.

                                                                                                        It’s not totally fundamental, but the current implementation of “–follow” is really a quick preprocessing thing bolted onto the revision walking logic, rather than being anything really integral.

                                                                                                        It literally was designed as a “SVN noob” pleaser, not as a “real git functionality” thing. The idea was that you’d get away from the (broken) mindset of thinking that renames matter in the big picture.

                                                                                                        So by not tracking renames, history is broken, and I fail to see how Git is a real VCS.

                                                                                                        1. 1

                                                                                                          I don’t see how storing “old file deleted, new file added” instead of explicitly tracking renames might break history o_0

                                                                                                          1. 3

                                                                                                            Because sometimes you want to see the entire changelog that has ever happened to that file, including before the rename happened.

                                                                                                            1. 13

                                                                                                              You make it sounds like was an easily solved problem and git just messed up, but that is not the case.

                                                                                                              Linus is absolutely right about the fact that, in general, tracking and merging renames is hard.

                                                                                                              You have a potentially large number of permutations of tree changes, and edits of file content, which people can commit with any given recorded change.

                                                                                                              Tree changes include: add, delete, copy, move. These can happen at any level in the tree, and as often as needed to achieve some particular new tree configuation in the new commit.

                                                                                                              File content edits matter as well because they conflict with some structual changes. E.g. if one side edits content which the other side deletes, there is no obviously correct answer to the question of what the merge result should be.

                                                                                                              And users expect a revision control implementation to be able to run useful merges after committing several such permutations (read: refactorings) even when each of these is entirely different.

                                                                                                              In SVN’s model the “address” of every node in this tree is a path, so tracking moves becomes a horror of a path-segment matching problem: http://svn.apache.org/repos/asf/subversion/trunk/notes/resolve-moves (this covers some ground but leaves several more complicated situations open for future design and development).

                                                                                                              In Git’s model we face the same fundamental issue, expect a path segment becomes a (hash, name) tuple in a tree object; where the tree objects form the chain which, when folowed, results in a path. To detect a move, we have to guess which ‘name’ in a tree object on one side corresponds to which other ‘name’ in any of the tree objects on the other side of the merge. Git can take some shortcuts because its model also includes hashes of contents, so comparing files or even entire subtrees can sometimes be solved with a simple string comparison, whereas SVN always needs to diff content.

                                                                                                              I am not aware of any version control system which gets this 100% right for all conceivable cases.

                                                                                                              1. 1

                                                                                                                Everything you listed sounds like an edge case. I don’t care about edge cases, I only want git history to work across renames when there are never any merges between a rename.

                                                                                                                --follow mostly does that. It would be even better if all invocations of git mv resulted in the rename being recorded in a file in the repo. Again, I don’t care if that “rename history” file gets invalidated and deleted in edge cases such as hairy merges.

                                                                                                                1. 1

                                                                                                                  I don’t think rename + merge is an edge case. I know for a fact (from years of consulting) that git’s support for this was a major factor for several companies to migrate away from svn to git.

                                                                                                                  But yes not everyone needs it. Depends on your workflow.

                                                                                                    1. 4

                                                                                                      Bring in OpenBSD’s tetris(6).

                                                                                                      Very good choice!

                                                                                                      1. 1

                                                                                                        Damnit, thats a rabbit hole I shouldnt of dove into.

                                                                                                      1. 1

                                                                                                        For our fine BSD-flavored Lobsters…what’s the deal with GPU support? Is it good, bad, impossible?

                                                                                                        I figure that nvidia is probably a no-go on OpenBSD because of binary blobs, but hasn’t AMD finally offered fully open-sourced drivers for their cards? What’s left?

                                                                                                        Also, is there any attempt at getting Wayland over to OpenBSD? If there’s one project cranky enough about fixing brain damage to fix the back catalog of X11 apps, I figure it’d be them.

                                                                                                        1. 2

                                                                                                          There was an update to radeon drivers committed just in time for OpenBSD 6.3.

                                                                                                          The main problem with the graphics stack is that we have too few people working on it, and Linux has too many. Keeping on top of a large code base with rapid upstream code churn and development is not easy if you don’t have enough people who will read all that code to screen it for potential holes, and to integrate and test it.

                                                                                                          That’s also why the open source nvidia driver hasn’t been ported. Nobody wants to add the necessary hours required to their voluntary work schedule.

                                                                                                          1. 2

                                                                                                            Are you only interested in OpenBSD or do you mean BSDs in general?

                                                                                                            If you want NVIDIA binary drivers you can get them with FreeBSD. I know there have been efforts on Wayland as well. I have no clue on the status but there is a port/package you can install:

                                                                                                            https://www.freshports.org/graphics/wayland/

                                                                                                          1. 7

                                                                                                            I have been using OpenBSD at my laptop for the last year and a half. The only issue I have is that Firefox is way slower than in Void Linux or Debian. But apart from that it works perfectly fine.

                                                                                                            1. 5

                                                                                                              Might be faster in 6.3 which ships ff quantum.

                                                                                                            1. 8

                                                                                                              I run OpenBSD as my only operating system on:

                                                                                                              • on my daily driver (T420 Thinkpad) that I use for work, gaming & everything else (OpenBSD -current)
                                                                                                              • on the Lenovo G50-70 which is a daily driver for my wife - currently running OpenBSD 6.3 (just updated from 6.2)
                                                                                                              • our server on vultr running OpenBSD 6.2 (soon to be updated to 6.3)
                                                                                                              • an asus intel atom eeepc running snapshots/-current and serves as a backup machine for hacking on stuff

                                                                                                              I do have a fallback work assigned laptop with Linux, that I haven’t booted even once this year. I do however use the PS4 extensively for additional gaming and streaming Netflix/HBO Go

                                                                                                              1. 2

                                                                                                                How has your experience been with suspending/hibernating? When I bought a ThinkPad X41, I first installed OpenBSD, but the fact that every time when I suspended the device, the screen permanently blanked until I forcefully rebooted, really prevented me from using it.

                                                                                                                1. 5

                                                                                                                  If there is a TPM config option in the BIOS, try to disable the TPM and try again (not sure if this applies to the x41 but it applies to some of the more recent models).

                                                                                                                  1. 5

                                                                                                                    Suspend & hibernate works perfectly on both laptops I mentioned in my post. Keep in mind, a lot will depends on the hardware model and the amount of time since you tried (OpenBSD is not standing still).

                                                                                                                    1. 3

                                                                                                                      I have an ThinkPad X41 that has been running OpenBSD from new and both suspend and hibernate work on it.

                                                                                                                      Sometimes when it comes out of hibernation / sleep the X desktop did appear to come up blank - but if your press the brightness keys (Fn + Home button on my X41) the screen restored as normal - but I sometimes see this on my Toshiba laptop as well. I have not noticed this on my X41 recently.

                                                                                                                    2. 2

                                                                                                                      This isn’t completely related, but I also use (Free)BSD on vultr. I’m not really a sysadmin type and barely know that I’m doing, but I like it.

                                                                                                                    1. 19

                                                                                                                      There are several *BSD developers on lobsters (see https://lobste.rs/hats) so don’t be surprised if you get many positive responses. I suppose most of them use a *BSD desktop, apart from a subset of FreeBSD devs famous for using MacOS X.

                                                                                                                      1. 1

                                                                                                                        We really don’t deserve such accolades :)

                                                                                                                      1. 4

                                                                                                                        The writing had been on the wall for much too long.

                                                                                                                        1. 15

                                                                                                                          What happened? Did Oracle find a judge who does not know programming?

                                                                                                                          1. 29

                                                                                                                            In 2010, Oracle sued Google. In 2012, District Court ruled API uncopyrightable. In 2014, Appeals Court ruled API copyrightable. Google petitioned Supreme Court, which denied the petition. In 2016, District Court, operating under the assumption that API is copyrightable, ruled Google’s use was fair use. In 2018, Appeals Court ruled Google’s use was not fair use. Now the case is back in District Court to determine the damage, operating under the assumption that API is copyrightable and Google’s use was not fair use.

                                                                                                                            1. 3

                                                                                                                              Most people do not understand the significance of this decision, so it’s enough for Oracle to re-roll the dice until they get the answer they want.

                                                                                                                              Besides I think the crowds inflate the significance of this. It’s almost as if somebody unconditionally respected copyrights here.