1. 3

    For the past few days/weeks, I’ve been piecing together a theory. We like to solve problems, but that only creates new problems. In other words, solution is just another way to spell tomorrow’s problem. Two very nice examples for my evidence bucket here.

    1.  
      1. 1

        “We like to solve problems, but that only creates new problems. “

        Not true even though it looks good on the surface. Maybe true but not as much as it seems. I’m not sure. The counter I have in mind is there’s at least two ways to solve problems:

        1. Use a solution that worked for something similar whose justifications/assumptions also fit the current context pretty well. Modify it carefully introducing just enough additions to get the job done.

        2. Use a novel idea whose potential drawbacks aren’t well-understood instead. This creates new problems at a much faster rate. The new problems can also be catastrophic.

        The cryptocurrency people are doing No 2 when doing No 1 makes more sense. This is also true for many crowds in tech aside from cryptocurrencies. Also, No 1 always makes more sense by default.

      1. 4

        Microsoft provided the following statement regarding this issue: “Microsoft previously discovered this variant and disclosed it to industry partners in November of 2017 as part of Coordinated Vulnerability Disclosure (CVD).”

        That bit is interesting.

        1. 2

          Every Debian package has an OpenPGP signature on it, and thus OpenPGP is making sure my new laptop isn’t pre-rooted with malware.

          What?

          1. 2

            I think the author falsely assumed that when all packages are PGP signed, that the contents on the disk are trustworthy…

            1. 12

              When people tell me to stop using the only cryptosystem in existence that has ever - per the Snowden leaks - successfully resisted the attentions of the NSA, I get suspicious, even hostile. It’s triply frustrating when, at the end of the linked rant, they actually recognize that PGP isn’t the problem:

              It also bears noting that many of the issues above could, in principle at least, be addressed within the confines of the OpenPGP format. Indeed, if you view ‘PGP’ to mean nothing more than the OpenPGP transport, a lot of the above seems easy to fix — with the exception of forward secrecy, which really does seem hard to add without some serious hacks. But in practice, this is rarely all that people mean when they implement ‘PGP’.

              There is a lot wrong with the GPG implementation and a lot more wrong with how mail clients integrate it. Why would someone who recognises that PGP is a matter of identity for many of its users go out of their way to express their very genuine criticisms as an attack on PGP? If half the effort that went into pushing Signal was put into a good implementation of OpenPGP following cryptographic best practices (which GPG is painfully unwilling to be), we’d have something that would make everyone better off. Instead these people make it weirdly specific about Signal, forcing me to choose between “PGP” and a partially-closed-source centralised system, a choice that’s only ever going to go one way.

              1. 9

                I am deeply concerned about the push towards Signal. I am not a cryptographer, so all I can do is trust other people that the crypto is sound, but as we all know, the problems with crypto systems are rarely in the crypto layers.

                On one hand we know that PGP works, on the other hand we have had two game over vulnerabilities in Signal THIS WEEK. And the last Signal problem was very similar to the one in “not-really-PGP” in that the Signal app passed untrusted HTML to the browser engine.

                If I were a government trying to subvert secure communications, investing in Signal and tarnishing PGP is what I would try to do. What better strategy than to push everyone towards closed systems where you can’t even see the binaries, and that are not under the user’s control. The exact same devices with GPS and under constant surveilance.

                My mobile phone might have much better security mechanisms in theory, but I will never know for sure because neither I, nor anyone else can really check. In the meantime we know for sure what a privacy disaster these mobile phones are. We also know for sure the the various leaks that government implant malware on mobile devices, and we know that both manufacturers and carriers can install software, or updates, on devices without user consent.

                Whatever the PGP replacement might be, moving to the closed systems that are completely unauditable and not under the user’s control is not the solution. I am not surprised that some people advocate for this option. What I find totally insane is that a good majority of the tech world finds this position sensible. Just find any Hacker News thread and you will see that any criticism towards Signal is downvoted to oblivion, while the voices of “experts” preach PGP hysteria.

                PGP will never be used by ordinary people. It’s too clunky for that. But it’s used by some people very successfully, and if you try to dissuade this small, but very important group of people to move towards your “solution”, I can only suspect foul play. Signal does not compete with PGP. It’s a phone chat app. As Signal does not compete with PGP, why do you have to spend all this insane ammount of effort to convince an insignificant amount of people to drop PGP for Signal?

                1. 4

                  I can’t for the life of me imagine why a CIA-covert-psyops-agency funded walled garden service would want to push people away from open standards to their walled garden service.

                  Don’t get me wrong, Signal does a lot of the right things but a lot of claims are made about it implying it’s as open as PGP, which it isn’t.

                  1. 2

                    What makes Signal a closed system?

                    https://github.com/signalapp

                    1. 12

                      Not Signal, iOS and Android, and all the secret operating systems that run underneath.

                      As for Signal itself, moxie forced F-Droid to take down Signal, because he didn’t want other people to compile Signal. He said he wanted people only to use his binaries, which even if you are ok with in principle, on Android it mandates the use of the Google Play Store. If this is not a dick move, I don’t know what is.

                      1. 3

                        I’m with you on Android and especially iOS being problematic. That being said, Signal has been available without Google Play Services for a while now. See also the download page; I couldn’t find it linked anywhere on the site but it is there.

                        However, we investigated this for PRISM Break, and it turns out that there’s a single Google binary embedded in the APK I just linked to. Which is unfortunate. See this GitHub comment.

                        1. 2

                          because he didn’t want other people to compile Signal. He said he wanted people only to use his binaries

                          Ehm… he chose the wrong license in this case.

                    2. 4

                      As I understand it, the case against PGP is not with PGP in and of itself (the cryptography is good), but the ecosystem. That is, the toolchain in which one uses it. Because it is advocated for use in email and securing email, it is argued, is nigh on impossible, then it is irresponsible to recommend using PGP encrypted email for general consumption, especially for journalists.

                      That is, while it is possible to use PGP via email effectively, it is incredibly difficult and error-prone. These are not qualities one wants in a secure system and thus, it should be avoided.

                      1. 4

                        But the cryptographyisn’t good. His case in the blog post is intentionally besides all of the crypto badness.example: the standard doesn’t allow any other hash function than sha1, which has been proven broken. The protocol itself disallows flexibility here to avoid ambiguity and that means there is no way to change it significantly without breaking compatibility.

                        And so far, it seems, people wanted compatibility (or switched to something else, like Signal)

                      2. 4

                        Until this better implementation appears, an abstract recommendation for PGP is a concrete recommendation for GPG.

                        Imagine if half the effort spent saying PGP is just fine went into making PGP just fine.

                        1. 2

                          I guess that’s an invitation to push https://autocrypt.org/

                        2. 3

                          When people tell me to stop using the only cryptosystem in existence that has ever - per the Snowden leaks - successfully resisted the attentions of the NSA, I get suspicious, even hostile.

                          Without wanting to sound rude, this is discussed in the article:

                          The fact of the matter is that OpenPGP is not really a cryptography project. That is, it’s not held together by cryptography. It’s held together by backwards-compatibility and (increasingly) a kind of an obsession with the idea of PGP as an end in and of itself, rather than as a means to actually make end-users more secure.

                          OpenPGP might have resisted the NSA, but that’s not a unique property. Every modern encryption tool or standard has to do that or it is considered broken.

                          I think most people unless they are heavily involved in security research don’t know how encrytion/auth/integrity protection are layered. There are a lot of layers in what people just want to call “encryption”. OpenPGP uses the same standard crypto building blocks as everything else and unfortunately putting those lower level primitives together is fiendishly difficult. Life also went on since OpenPGP was created meaning that those building blocks and how to put them together changed in the last few decades, cryptographers learned a lot.

                          One of the most important things that cryptographers learned is that the entire ecosystem / the system as a whole counts. Even Snowden was talking about this when he said that the NSA just attacks the endpoints, where most of the attack surface is. So while the cryptography bits in the core of the OpenPGP standard are safe, if dated, that’s not the point. Reasonable people can’t really use PGP safely because we would have to have a library that implements the dated OpenPGP standard in a modern way, clients that interface with that modern library in a safe and thought-through way and users that know enough about the system to satisfy it’s safety requirements (which are large for OpenPGP)

                          Part of that is attitude, most of the existing projects for implementing the standard just don’t seem to take a security-first stance. Who is really looking towards providing a secure overall experience to users under OpenPGP? Certainly not the projects bickering where to attribute blame.

                          I think people kept contrasting this with Signal because Signal gets a lot of things right in contrast. The protocol is modern and it’s not impossibly demanding on users (ratcheting key rotation, anyone?), there is no security blame game between Signal the desktop app vs signal the mobile app vs the protocol when a security vulnerability happens, OWS just fixes it with little drama. Of course Signal-the-app has downsides too, like the centralization, however that seems like a reasonable choice. I’d rather have a clean protocol operating through a central server that most people can use than an unuseable (from the pov of most users) standard/protocol. We’re not there yet where we can have all of decentralization, security and ease of use.

                          1. 2

                            OpenPGP might have resisted the NSA, but that’s not a unique property. Every modern encryption tool or standard has to do that or it is considered broken.

                            One assumes the NSA has backdoors in iOS, Google Play Services, and the binary builds of Signal (and any other major closed-source crypto tool, at least those distributed from the US) - there’s no countermeasure and virtually no downside, so why wouldn’t they?

                            there is no security blame game between Signal the desktop app vs signal the mobile app vs the protocol when a security vulnerability happens, OWS just fixes it with little drama.

                            Not really the response I’ve seen to their recent desktop-only vulnerability, though I do agree with you in principle.

                            1. 3

                              Signal Android has been reproducible for over two years now. What I don’t know is whether anyone has independently verified that it can be reproduced. I also don’t know whether the “remaining work” in that post was ever addressed.

                              1. 2

                                The process of verifying a build can be done through a Docker image containing an Android build environment that we’ve published.

                                Doesn’t such process assume trust on who created the image (and on who created each of layers it was based on)?

                                A genuine question, as I see the convenience of Docker and how it could lead to more verifications, but on the other hand it create a single point of failure easier to attack.

                                1. 1

                                  That question of trust is the reason why, if you’re forced to use Docker, build every layer for yourself from the most trustworthy sources. It isn’t even hard.

                          2. 1

                            the only cryptosystem in existence that has ever - per the Snowden leaks - successfully resisted the attentions of the NSA

                            I’m pretty ignorant on this matter, but do you have any link to share?

                            There is a lot wrong with the GPG implementation

                            Actually, I’d like to read the opinion of GPG developers here, too.

                            Everyone makes mistakes, but I’m pretty curious about the technical allegations: it seems like they did not considered the issue to be fixed in their own code.

                            This might have pretty good security reasons.

                            1. 3

                              To start with, you can’t trust the closed-source providers since the NSA and GHCQ are throwing $200+ million at both finding 0-days and paying them to put backdoors in. Covered here. From there, you have to assess open-source solutions. There’s a lot of ways to do that. However, the NSA sort of did it for us in slides where GPG and Truecrypt were worst things for them to run into. Snowden said GPG works, too. He’d know given he had access to everything they had that worked and didn’t. He used GPG and Truecrypt. NSA had to either ignore those people or forward them to TAO for targeted attack on browser, OS, hardware, etc. The targeted attack group only has so much personnel and time. So, this is a huge increase in security.

                              I always say that what stops NSA should be good enough to stop the majority of black hats. So, keep using and improving what is a known-good approach. I further limit risk by just GPG-encrypting text or zip files that I send/receive over untrusted transports using strong algorithms. I exchange the keys manually. That means I’m down to trusting the implementation of just a few commands. Securing GPG in my use-case would mean stripping out anything I don’t need (most of GPG) followed by hardening the remaining code manually or through automated means. It’s a much smaller problem than clean-slate, GUI-using, encrypted sharing of various media. Zip can encode anything. Give the files boring names, too. Untrusted, email provider is Swiss in case that buys anything on any type of attacker.

                              Far as the leaks, I had a really-hard time getting you the NSA slides. Searching with specific terms in either DuckDuckGo or Google used to take me right to them. They don’t anymore. I’ve had to fight with them narrowing terms down with quotes trying to find any Snowden slides, much less the good ones. I’m getting Naked Security, FramaSoft, pharma spam, etc even on p 2 and 3 but not Snowden slides past a few, recurring ones. Even mandating the Guardian in terms often didn’t produce more than one, Guardian link. Really weird that both engines’ algorithms are suppressing all the important stuff despite really-focused searches. Although I’m not going conspiracy hat yet, the relative-inaccuracy of Google’s results compared to about any other search I’ve done over past year for both historical and current material is a bit worrying. Usually excellent accuracy.

                              NSA Facts is still up if you want the big picture about their spying activities. Ok, after spending an hour, I’m going to have to settle for giving you this presentation calling TAILS or Truecrypt catastrophic loss of intelligence. TAILS was probably temporary but the TrueCrypt derivatives are worth investing effort in. Anyone else have a link to the GPG slide(s)? @4ad? I’m going to try to dig it all up out of old browser or Schneier conversations in near future. Need at least those slides so people knows what was NSA-proof at the time.

                              1. 2

                                Why would TAILS be temporary? If anything this era of cheap devices makes it more practical than ever.

                                1. 3

                                  It was secure at the time since either mass collection or TAO teams couldnt hack it. Hacking it requires one or more vulnerabilities in the software it runs. The TAILS software includes complex software such as Linux and a browser with history of vulnerabilities. We should assume that was temporary and/or would disappear if usage went up enough to budget more attacks its way.

                                  1. 2

                                    I’d still trust it more than TrueCrypt just due to being open-source.

                                    What would it take to make an adequate replacement for TAILS? I’m guessing some kind of unikernel? Are there any efforts in that direction?

                                    1. 1

                                      Well, you have to look at the various methods of attack to assess this:

                                      1. Mass surveillance attempting to read traffic through protocol weaknesses with or without a MITM. They keep finding these in Tor.

                                      2. Attacks on the implementation of Tor, the browser, or other apps. These are plentiful since it’s mostly written in non-memory safe way. Also, having no covert, channel analysis on components processing secrets means there’s probably plenty of side channels. There’s also increasingly new attacks on hardware with a network-oriented one even being published.

                                      3. Attacks on the repo or otherwise MITMing the binaries. I don’t think most people are checking for that. The few that do would make attackers cautious about being discovered. A deniable way to see who is who might be a bitflip or two that would cause the security check to fail. Put it in random, non-critical spots to make it look like an accident during transport. Whoever re-downloads doesn’t get hit with the actual attack.

                                      So, the OS and apps have to be secure with some containment mechanisms for any failures. The protocol has to work. These must be checked against any subversions in the repo or during transport. All this together in a LiveCD. I think it’s doable minus the anonymity protocol working which I don’t trust. So, I’ve usually recommended dedicated computers bought with cash (esp netbooks), WiFi’s, cantennas, getting used to human patterns in those areas, and spots with minimal camera coverage. You can add Tor on top of it but NSA focuses on that traffic. They probably don’t pay attention to average person on WiFi using generic sites over HTTPS.

                                      1. 1

                                        Sure. My question was more: does a live CD project with that kind of aim exist? @josuah mentioned heads which at least avoids the regression of bringing in systemd, but doesn’t really improve over classic tails in terms of not relying on linux or a browser.

                                        1. 2

                                          An old one named Anonym.OS was an OpenBSD-based, Live CD. That would’ve been better on code injection front at least. I don’t know of any current offerings. I just assume they’ll be compromised.

                                      2. 1

                                        I think it is the reason why https://heads.dyne.org/ have been made: Replacing the complex software stack with a simpler one with aim to avoid security risks.

                                        1. 1

                                          Hmm. That’s a small start, but still running Linux (and with a non-mainstream patchset even), I don’t think it answers the core criticism.

                                  2. 2

                                    Thanks for this great answer.

                                    Really weird that both engines’ algorithms are suppressing all the important stuff despite really-focused searches.

                                    If you can share a few of your search terms I guess that a few friends would find them pretty interesting, with their research.

                                    For sure this teach us a valuable lesson. The web is not a reliable medium for free speech.

                                    From now on, I will download from the internet interesting documents about such topics and donate them (with other more neutral dvds) to small public libraries around the Europe.

                                    I guess that slowly, people will go back to librarians if search engines don’t search carefully enough anymore.

                                    1. 2

                                      It was variations, with and without quotes, on terms I saw in the early reports. They included GPG, PGP, Truecrypt, Guard, Documents, Leaked, Snowden, and catastrophic. I at least found that one report that mentions it in combination with other things. I also found, but didn’t post, a PGP intercept that was highly-classified but said they couldn’t decrypt it. Finally, Snowden kept maintaining good encryption worked with GPG being one he used personally.

                                      So, we have what we need to know. From there, just need to make the programs we know work more usable and memory safe.

                              1. 1

                                Maybe the worst joke ever, a truly missed opportunity.

                                Would be funny if it looked like sudo and had an easter egg if it gets setuid root.

                                1. 3

                                  If it were funny, it wouldn’t be side effect free.

                                1. 4

                                  So what changed? I even reread the section that it only works with current, but I still don’t know what it is.

                                  1. 7

                                    In this particular case it is due to the added support for u128

                                  1. 3

                                    A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. […]

                                    The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

                                    Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.

                                    Answer to some obvious questions are provided by one of researchers at this twitter thread

                                    1. 12

                                      They figured out mail clients which don’t properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation.

                                      From GNU Privacy Guard on Twitter

                                      Due to broken MIME parsers a bunch of MUAs seem to concatenate decrypted HTML mime parts which makes it easy to plant such HTML snippets.

                                      There are two ways to mitigate this attack

                                      • Don’t use HTML mails. Or if you really need to read them use a proper MIME parser and disallow any access to external links.

                                      • Use authenticated encryption.

                                      From Werner Koch

                                      1. 4

                                        Also: Don’t make mistakes. That’s important.

                                        1. 4

                                          HTML e-mail and PGP always seemed mutually exclusive to me :-)

                                          1. 2

                                            Don’t use HTML mails. Or if you really need to read them use a proper MIME parser and disallow any access to external links.

                                            Appreciate the highlights. My friends and I just GPG-encrypt text or zip files that we mail to each other to avoid problems in email clients. Looks like we’ll be fine. :)

                                        1. 11

                                          I have to wonder how much time is spent during the researching of a vulnerability in coming up with the perfect dad-joke moniker for it and registering a domain name…

                                          1. 3

                                            Usually more time than alerting vendors and allowing them to come up with a fix. See also: Meltdown and Spectre.

                                            1. 5

                                              Really, you think six months was spent dreaming up the meltdown name?

                                              1. 1

                                                Did all vendors, including OpenBSD, get six months advanced notice with Meltdown?

                                                1. 5

                                                  I don’t think it’s possible to draw any conclusions on the time spent naming the vuln from the list of vendors that weren’t notified.

                                          1. 3

                                            “Fixed.” Nothing to worry about now. :)

                                            1. 20

                                              sigh

                                              So, this has already sparked a discussion about taste, freedom of speech, the whole thing.

                                              The joke in question is bad, very bad. It’s plain unfitting, and it isn’t even remotely funny. It’s US-centric. RMS, the person making and subsequently claiming it, has a history of making sexual and other inappropriate commentary (e.g. arguing eugenics). His quoted comment about child birth is another example of RMS speaking about things he probably doesn’t have a very qualified opinion on. Most (all?) of the people mentioned in the article discussing the issue will never be affected by this in the real world. Seriously, I expect one of those people to stand up and say “You know what? We aren’t even the right group to discuss that in!”.

                                              And this is the issue he pulls his authority card? Seriously? For a bad joke that was already shit in the 90s? That - even ignoring the punchline being terrible - just plain isn’t funny? Which boundary does that cross? Probably his egos.

                                              Seriously, this is a tech manual. This is the place where you can finally have your “let’s just talk tech her”. And there, this discussion comes up?

                                              1. 17

                                                The thing I find weird is the clear generational gap in Internet users that mean that people end up talking past each other.

                                                For older people who grew up thinking that Sendmail m4 macros were somehow intuitive, and that C was the new hotness, this is not a joke about abortion. It’s about censorship. That’s the hill RMS thinks he’s dying on. Removing the joke is at the risk of putting words in his mouth, censoring the manual.

                                                Of course, the younger people who live in a world where Javascript isn’t ridiculous to use on a server, where everything-as-a-service is the norm demand takedowns of things outside of their overton window. To them, it’s a matter of not having a frankly disgusting joke about the very real problems of abortion in the US in a technical manual that has nothing to do with those problems. They don’t understand the culture in which GNU was founded, they believe that it is RMS’ job to change to fit with their culture.

                                                This is what happens when an unstoppable force meets an immovable object. I’m just not sure who plays which part here. There is a reasonable answer, and the good news for the kids is that this has happened before several times: fork glibc. Fork it to remove RMS’ influence from the project and fork it to remove the offending text (for people that want it removed).

                                                1. 17

                                                  Even as a commentary about censorship, it’s pretty freaking oblique. It should be removed on the technical grounds that it’s inefficient GNU crap.

                                                  1. 2

                                                    Stallman is pretty freaking oblique at the best of times when it comes to his sense of humour. Saying that GNU is full of inefficient crap is like saying that water is wet, or that the Linux kernel is a bug-ridden dumpster fire.

                                                    If every GNU inefficiency was removed, it’d be BSD.

                                                    1. -1

                                                      It should be removed on the technical grounds that it’s inefficient GNU crap.

                                                      Nobody force you to use GNU crap.

                                                      But GNU is and have always been openly political.

                                                      You are free to use software that is apparently neutral. if you don’t like it.
                                                      And you have plenty of choice on the market: Microsoft, Apple, Google… all are pretty ready to serve your needs (and collect your data for whatever purpose, and lobbying for DRM and so on../)

                                                      But “as a commentary about censorship”, that joke is perfectly fine.

                                                      1. 6

                                                        Nobody force you to use GNU crap.

                                                        The fact that you are saying this to tedu (an OpenBSD developer) is kind of funny.

                                                        1. 5

                                                          I’m fine with GNU being a political project. Indeed, I actively advocate for projects to make their mind up.

                                                          But “as a commentary about censorship”, that joke is perfectly fine.

                                                          A lot of the project itself does not seem to agree, especially in the context of having it in the documentation. Except RMS, who pulls rank over a joke that he himself made. Which makes the GNU project his personal opinion/joke vehicle.

                                                          1. 3

                                                            Except RMS, who pulls rank over a joke that he himself made. Which makes the GNU project his personal opinion/joke vehicle.

                                                            I don’t see the point you’re making here? The GNU project was always an expression of political views that were, originally, personal to RMS. If the project ran by majority consensus it would have given up on the whole free software thing a long time ago.

                                                            1. -3

                                                              Using your “Rust Community Team” hat here is crass, and only reinforces some people’s beliefs (myself included) about these types of thought police organizations.

                                                              I sure hope the non-“Rust Community Team” people show less virtue signalling. It puts your project under a terrible spotlight.

                                                              1. 5

                                                                FWIW, I find the use of the hat inappropriate here as well.

                                                                That being said, as discussed below, I think it depends on what you think the hat means, exactly. It seems Florian uses the hat differently than many here might expect.

                                                      2. 7
                                                        1. I think the joke is funny. It’s even more funny now.
                                                        2. RMS’s character has no bearing on the legitimacy of the joke.
                                                        3. You don’t need to be qualified to have an opinion.
                                                        4. Any group can discuss any topic, there is no “right” group.
                                                        5. RMS is the benevolent dictator of GNU, and as such has the authority to veto decisions in rare situations like these.
                                                        1. 10

                                                          Be that as it may, when the people who have written the code (glibc was originally written by someone else (not RMS), and Ulrich Drepper is now responsible for something like 70% of the code) and make it all work ask you to back off, it’s a stupid hill to die on. Yeah, you might win the battle, but you’ll lose the war.

                                                          Last time something like this happened, everyone switched to using eglibc and it wasn’t until the RMS-mandated steering committee was dissolved that people switched back to glibc. If RMS decides to be a jerk about things, watch everyone fork it again or sink their resources into musl.

                                                          There’s being right, and there’s being so egotistical that you burn down the house because you didn’t get your way.

                                                          1. 4

                                                            He has veto power for precisely these cases where “everyone else” disagrees, so I don’t think it’s a stupid hill to die on. In any case, I agree with you, RMS will lose this war, this is just the beginning.

                                                            1. 15

                                                              Vetoing the removal of a little-used architecture with heavy maintenance burden because they want to support those few users is a good hill to die on. Vetoing the removal of a joke that everyone else wants to remove from the manual and doesn’t in any way affect the operation of the library is a stupid hill to die on.

                                                              1. 3

                                                                That’s in your opinion. If you care the culture of your project not taking itself so seriously, I think it’s a good hill to die on.

                                                        2. 5

                                                          As a participant in Rust Community and a proponent of eugenics, your use of Rust Community Team hat makes me uncomfortable. Was it necessary? Are you really speaking for Rust Community Team here? I hope my eugenics advocacy won’t affect my Rust participation.

                                                          As for the joke, the joke is clearly about censorship and not about abortion. I think attempt to censor the joke makes it more relevant.

                                                          1. 2

                                                            As for the joke, the joke is clearly about censorship and not about abortion.

                                                            Jokes, by their nature, are not clear and subject to cultural background and education. In my opinion, it’s a bit condescending to claim that it has universal understanding and appeal.

                                                            I think attempt to censor the joke makes it more relevant.

                                                            The origin of the patch seems to be the person just didn’t think it relayed any meaningful information to a user of the function. I don’t think that falls into common usage of “censorship”.

                                                            1. -2

                                                              I don’t think that falls into common usage of “censorship”.

                                                              Yes, and I have yet to see a documentation patch forced on a project by a state.

                                                              1. 2

                                                                Censorship exists only when done by the state??

                                                            2. 1

                                                              On FOSS social issues, I generally put the hat on here. As my work for the Rust project is social, judging which of these issues I should put the hat on would only lead to problems. I’m fine with people knowing my affiliation and I think it’s more honest for people to know it. I don’t speak for the team, but I am a member of the team.

                                                              On Eugenics: it’s, in my view, an only thinly veiled form of Ableism, and as such opposed to the goal of being inclusive, especially also to people with disability. Many forms fundamentally attack the right to live of people with disabilities, for example by arguing for their abortion.

                                                              Just to be clear on which comment by RMS I’m referring to (on people with Trisomy 21):

                                                              If you’d like to love and care for a pet that doesn’t have normal human mental capacity, don’t create a handicapped human being to be your pet. Get a dog or a parrot…

                                                              If you want to support that comment, go ahead.

                                                              1. 3

                                                                I support the idea behind the comment. Given medical acceptance of prenatal screening of trisomy 21, this is one of less extreme among RMS’s positions.

                                                                I agree the expression of the idea in the comment you quoted leaves a lot to be desired.

                                                                1. -1

                                                                  Prenatal screening of trisomy 21 are generally accepted as a way to increase survival chances for the fetus.
                                                                  Trisomy 21 increases the risk of heart issues at birth, that can be handled in the proper structure, but would lead to secure death if not addressed promptly.

                                                                  Some people use it for eugenetics (usually with amniocentesis, that kills 1 healthy children out of 200 if I remember correctly).

                                                                  Now, IMO what RMS means is horrible, disgusting and plain dangerous.
                                                                  But it’s not related to freedom. And he has the right to think (and say) it.

                                                                  1. 1

                                                                    Prenatal screening of trisomy 21 are generally accepted as a way to increase survival chances for the fetus.

                                                                    Do you have a citation for your “generally accepted” claim? There appears to be at least some evidence to the contrary:

                                                                    About 92% of pregnancies in Europe with a diagnosis of Down syndrome are terminated.[14] In the United States, termination rates are around 67%, but this rate varied from 61% to 93% among different populations.[13] Rates are lower among women who are younger and have decreased over time.[13] When nonpregnant people are asked if they would have a termination if their fetus tested positive, 23–33% said yes, when high-risk pregnant women were asked, 46–86% said yes, and when women who screened positive are asked, 89–97% say yes.[75]

                                                                    https://en.wikipedia.org/wiki/Down_syndrome#Abortion_rates

                                                                    1. 0

                                                                      This is entirely offtopic here, but I don’t want to flee the question.

                                                                      My source is my doctor, that incidentally is also my wife.
                                                                      When the prenatal screening of our second daughter established 1/350 probability of a Down syndrome, she explained me about amniocentesis, about the risks for the fetus and about the implications and the medical reasoning beyond it. It’s a complex topic and I’m not competent enough to expose it here deeply, but the relevant point was that, while several doctors object to abortion as a murder in contrast with their oath and ethics, prenatal screening is designed to increase the survival of the fetus, so every doctor is fine with it.

                                                                2. 1

                                                                  On FOSS social issues, I generally put the hat on here. As my work for the Rust project is social, judging which of these issues I should put the hat on would only lead to problems. I’m fine with people knowing my affiliation and I think it’s more honest for people to know it. I don’t speak for the team, but I am a member of the team.

                                                                  While I do not agree with you on the “joke on documentation” issue, I really support this approach.

                                                                  Hacking is a ethical and political action.

                                                                3. -1

                                                                  I hope my eugenics advocacy won’t affect my Rust participation.

                                                                  If that’s what you think that means, and you advocate for any intelligence-based eugenics, you might want to reconsider your position on eugenics.

                                                                  This obviously would only affect you if you attempted to add eugenics commentary to the Rust project itself in some way. Same as if you attempted to add any other irrelevant polarizing commentary.

                                                                  1. 1

                                                                    I don’t talk eugenics on Rust space. Not because eugenics is wrong (it isn’t), but because it’s off-topic.

                                                                    1. 2

                                                                      it’s off-topic

                                                                      Yes. And it’s also off-topic for glibc.

                                                                      1. 0

                                                                        No, it isn’t. By definition.

                                                                        You might not agree with GNU or with rms here, or you might prefer that glibc would not be a GNU project, but it is.

                                                                        1. 2

                                                                          Fine. But the consensus of the primary maintainers is that it’s off-topic. Therefore it’s off-topic for whatever fork of glibc everyone ends up using. Because if we get another eglibc situation, everyone will use the fork maintained by the maintainers, and no one will use the fork “maintained” by rms.

                                                                          It’s de facto off-topic for those who accept reality.

                                                                          1. 0

                                                                            Anyone who “accepts reality” in that sense wouldn’t be contributing to GNU in the first place. The project has always been about RMS telling the rest of the world they’re wrong.

                                                                            1. 1

                                                                              See eglibc. A non-GNU fork already happened, and was reintegrated when the issue was dropped.

                                                                              I don’t see how you can say that those kind of people wouldn’t be contributing to GNU, when they clearly are and that’s what this is all about. If those kind of people wouldn’t be contributing to GNU, then why is there any debate?

                                                                              1. 1

                                                                                There is debate precisely because the people contributing don’t subscribe to your notion that the primary maintainer consensus is all that matters. glibc contributors do care about GNU and RMS, otherwise the eglibc-style fork would already have happened and the project would now be being maintained outside the GNU umbrella.

                                                              1. 11

                                                                If we followed all of these things:

                                                                • Don’t write your own encryption
                                                                • Don’t write your own database
                                                                • Don’t write your own math functions
                                                                • Don’t write your own data structures
                                                                • Don’t write your own web framework
                                                                • Don’t write your own drivers
                                                                • Don’t write your own operating system
                                                                • Don’t write your own graphics routines
                                                                • Don’t write your own …

                                                                I think we’d all be pretty damn bored.

                                                                1. 8

                                                                  I’ve always thought that “advice” was insulting, condescending, and wrong. Obviously someone needs to write all those things, and that someone better had the experience which only comes after doing all those things for a while.

                                                                  We need to encourage better understanding of tricky fields, and we need to encourage software diversity and fight against software monocultures.

                                                                  1. 2

                                                                    we need to encourage software diversity and fight against software monocultures

                                                                    Not trolling…but why?

                                                                    1. 3

                                                                      Any monopoly or oligopoly is usually bad for the customer. Things stagnate at best or get destructive to customers at worst. Even when they’re good, attempts at reinventing the wheel slightly can be a lot better. For a recent example, VMS-style clusters with a database were pretty bullet-proof at high-availability within a few hundred miles at decent performance. I’m still glad people worked on alternatives necessary to build Spanner and FoundationDB, though. That’s why we get even higher performance on cheaper boxes at a global level with similar level of consistency. It didn’t happen overnight either: people stayed trying to reinvent databases and distributed services for a while before things lined up right.

                                                                      4ad’s OpenSSL example is a good one. iOS vs Android for mobile apps is another.

                                                                      1. 1

                                                                        Doesn’t your argument mostly apply to closed source software in a commercial setting? I think it’s possible Linux wouldn’t stagnate even if there were no alternative OSes.

                                                                        1. 3

                                                                          Linux, as a product people consume, has a lot of diversity in it, from Ubuntu to Arch, to Slackware. As a kernel, no, Linus is pretty heavy handed on what the kernel cannot do these days, so we’re stuck with things like epoll until Linus changes his mind or moves on to another project.

                                                                          But lets flip this on me and have me using an OS that I quite like and thinks makes a lot of right decisions: FreeBSD. Do I think stagnation would be a problem if FreeBSD was the only operating system? Definitely. FreeBSD has ended up steeling good ideas from other operating systems that were very unlikely to arise within FreeBSD. The security conscious programmers at OpenBSD might have a kinship to FreeBSD, but the values of FreeBSD to align enough with them to be able to innovate in the ways that interest them.

                                                                          1. 1

                                                                            That’s a good counterpoint, thanks.

                                                                          2. 1

                                                                            That you went right to Linux shows that it’s an outlier. The last time someone dug up data, Nadia Eghbal, most of the FOSS projects were in bad shape financially. Things like Linux are rare. Situation is opposite for proprietary software.

                                                                            1. 2

                                                                              I’m aware of the funding issues with open source, but I think that’s a separate issue from what I’m trying to say. My point is: a monopoly or oligopoly of open source software wouldn’t be bad for the users of that software, because development would still continue due to the different incentive structure. Do you think that’s not true?

                                                                              1. 2

                                                                                I think there’s at least two concerns: development drops off due to incentives not holding up (happens a lot); incentives, esp if corporate, can push the FOSS in directions people dont want. Red Hat and systemd is the first example coming to mind for Linux. Another was a scheduler I read about that improved things on desktop workloads that was rejected or pulled due to server focus of many stakeholders.

                                                                                Good for users is relative. That there’s often competing interests means ability to diverge on some points is valuable. Whether you need it or not, who knows. Someone might.

                                                                        2. 3

                                                                          When the alternative is OpenSSL, I think the answer is self-evident.

                                                                          1. 1

                                                                            Were the problems with OpenSSL really driven by the lack of competition, or by the lack of funding?

                                                                            1. 2

                                                                              OpenSSL has many problems but no matter how well funded OpenSSL could be it will have a security hole in it because it’s software. Having some competition at least means not all of the software on ones stack would have the security hole.

                                                                          2. 2

                                                                            The common, concrete, argument given is usually security. A hole found in Linux probably does not affect BSD. VeriSign runs (at least?) three operating systems in their infrastructure for this reason. There is a push to support Tor better in BSD for this as well. It’s possible if x86 didn’t dominate our servers, Meltdown and Specter could have been less problematic (tangentially, I hope something comes of POWER9).

                                                                            For more hand wavy arguments, the different project cultures has allows for different ideas to flourish with other systems picking up the things that win. Despite not being an OpenBSD user, I support it with my money because I want it to survive because I think the world is a better place with the ideas that bubble up to the top making it elsewhere. I think it would be challenging for someone with an OpenBSD ethos to participate in Linux.

                                                                        3. 7

                                                                          Might also get something done. :)

                                                                          1. 2

                                                                            Or… adapting existing solutions to fit our problems might lead to vulnerabilities, additional cost, additional resource requirements, etc.

                                                                            But, yeah, you might go faster. You might not. As always, it depends.

                                                                          2. 3

                                                                            I don’t do any of this and pump terabytes of data through infrastructures and networks using stock software. It’s pretty pleasing.

                                                                            1. 5

                                                                              My job involves pumping lots of bytes through kafka, doing some computations on said data, and then writing them to cassandra.

                                                                              With more specialized tooling, this could be done far simpler, and cost a fraction of what the whole thing costs to run right now. Of course, at the expense of engineering resources to design, build, test, and operate it all. And, not to mention the time it’d take to do it.

                                                                              I’m all for composable solutions from well tested components, but let’s be honest—composing infrastructure requires you to make a lot of compromises…like wasting CPU cores by adopting redis…, etc.

                                                                            2. 2

                                                                              IMO, we still haven’t nailed some of those, esp web frameworks and OSes.

                                                                              Don’t read the comments.

                                                                              1. 1

                                                                                Don’t read the comments.

                                                                                That’s actually the best advice. Adding it to the list. :)

                                                                            1. 4

                                                                              declare x as function returning pointer to array 5 of pointer to function returning char

                                                                              char (*(*x())[5])()

                                                                              What I really want is a rosetta stone version of this. :) What does that look like in Java? Rust? OCaml?

                                                                              1. 28

                                                                                After reading the article and many HN comments, I found the headline to be highly misleading as if they’re targeting Signal for their activities in fighting censorship. It’s actually more incidental. They’re targeting a fraudulent practice Signal is doing that violates terms of service. Signal is doing it for good reasons but others might not. Google and Amazon are trying to stop it wholesale. A proper headline might be that “Several providers threaten to suspend anyone doing ‘domain fronting’ via hacks, including us.” Average person reading something like that would think it sounds totally to be expected. A technical person liking Signal or not should also notice the MO is an operational inconsistency that shouldn’t exist in the first place.

                                                                                So, they’re not doing a bad thing given the situation. They’re just an apathetic, greedy party in a business context fixing a technical problem that some good folks were using to help some other good folks deal with evil parties in specific countries. Sucks for those specific people that they did it but they’re not aiming at Signal to stop their good deeds. They’re just addressing an infrastructure problem that affects anyone hacking around with their service. Like they should.

                                                                                I wish Signal folks the best finding another trick, though.

                                                                                1. 16

                                                                                  I think the correct headline would be “AWS is fixing a bug allowing domain fronting and calling it Enhanced Domain Protections”. An analogous situation would be console homebrew people exploiting buffer overflows in Nintendo games. Of course Nintendo should fix them, and like you, I root for console homebrew people to find another one.

                                                                                  1. 3

                                                                                    That’s another good one. It’s just a bug in their services. Them not fixing it would be more questionable to me.

                                                                                  2. 9

                                                                                    I found the headline to be highly misleading as if they’re targeting Signal for their activities in fighting censorship. It’s actually more incidental.

                                                                                    And that’s why they immediately sent signal an email containing a threat to close the account immediately, instead of a regretful email telling them that this will stop working due to abuse prevention measures.

                                                                                    1. 1

                                                                                      It my experience that’s generally how they treat literally any issue.

                                                                                    2. 5

                                                                                      Signal is doing it for good reasons but others might not.

                                                                                      I’m failing to think of a way to use domain fronting for a not good reason, especially one where the provider being fronted is still happy to host the underlying service.

                                                                                      1. 4

                                                                                        There is nothing fraudulent about domain fronting. Show me one court anywhere in the world which has convicted someone of fraud for domain fronting. That’s a near-libelous claim.

                                                                                        Can you provide an example of a “bad reason” for domain fronting?

                                                                                        As the article points out, the timing of Amazon’s decision relative to the publicity about Signal’s use of domain fronting suggests that Signal is in fact the likely intended target of this change, not incidental fallout.

                                                                                        The headline is accurate. Your comment really mischaracterizes what is happening.

                                                                                        1. 3

                                                                                          I meant it in the popular definition of lying while using something. Apparently, a lot of people agree its use isn’t what was intended, the domains supplied are certainly not them, and service providers might negatively react to that. It would probably be a contract law thing as a terms of use violation if it went to court. I’m not arguing anything more than that on the legal side. I’m saying he was doing something deceptive that they didn’t want him to do with their services. Big companies rarely care about the good intentions behind that.

                                                                                          “the timing of Amazon’s decision relative to the publicity about Signal’s use of domain fronting suggests that Signal is in fact the likely intended target of this change”

                                                                                          The article actually says he was bragging online in a way that reached highly-visible places like Hacker News about how he was tricking Amazon’s services for his purposes. Amazon employees stay reading these outlets partly to collect feedback from customers. I see the cloud people on HN all the time saying they’ll forward complaints or ideas to people that can take action. With that, I totally expected Amazon employees to be reading articles about him faking domains through Amazon services. Equally unsurprising that got to a decision-maker, technical or more lay person, who was worried about negative consequences. Then, knowing a problem and seeing a confession online by Signal author, they took action against a party they knew was abusing the system.

                                                                                          We can’t just assume a conspiracy against Signal looking for everything they could use against it with domain fronting being a lucky break for their evil plans. One they used against Signal while ignoring everyone else they knew broke terms of service using hacker-like schemes. If you’re insisting targeted, you’d be ignoring claims in the article supporting my position:

                                                                                          “A month later, we received 30-day advance notice from Google that they would be making internal changes to stop domain fronting from working entirely.

                                                                                          “a few days ago Amazon also announced what they are calling Enhanced Domain Protections for Amazon CloudFront Requests. It is a set of changes designed to prevent domain fronting from working entirely, across all of CloudFront.

                                                                                          It’s a known problem they and Google were apparently wanting to deal with across the board per his own article. Especially Google. They also have employees reading forums where Signal was bragging about exploiting the flaw for its purposes. I mean, what did you expect to happen? Risk-reducing, brand-conscious companies that want to deal with domain fronting were going to leave it on in general or for Signal since that one party’s deceptions were for good reasons according to claims on their blog?

                                                                                          Although I think that addresses it, I’m still adding one thing people in cryptotech-media-bubble might not consider: the manager or low-level employee who made the decision might not even know what Signal is. Most IT people I’ve encouraged to try it have never heard of it. If you explain what it does, esp trying to get things past the governments, then that would just further worry the average risk manager. They’d want a brick wall between the company’s operations and whatever legal risks the 3rd party is taking to reduce their own liabilities.

                                                                                          So, there’s at least several ways employees would react this way ranging from a general reaction to an abuse confession online to one with a summary of Signal about dodging governments. And then, if none of that normal stuff that happens every day at big firms, you might also think about Amazon targeting Signal specifically due to their full knowledge of what they’re doing plus secret, evil plans to help governments stop them. I haven’t gotten past the normal possibilities, though, with Amazon employees reading stuff online and freaking out being most likely so far.

                                                                                          1. 3

                                                                                            This rings true to me (particularly the middle-management banality-of-evil take), bar one nitpick:

                                                                                            The article actually says he was bragging online in a way that reached highly-visible places like Hacker News about how he was tricking Amazon’s services for his purposes.

                                                                                            How did you get that impression? The article states:

                                                                                            We’re an open source project, so the commit switching from GAE to CloudFront was public. Someone saw the commit and submitted it to HN. That post became popular, and apparently people inside Amazon saw it too.

                                                                                            I haven’t read the mentioned HN thread, but that hardly constitutes “bragging online”.

                                                                                            1. 2

                                                                                              I can’t remember why I originally said it. He usually blogs about his activities. I might have wrongly assumed they got it out of one of his technical write-ups or comments instead of a commit. If it was just a commit, then I apologize. Thanks for the catch regardless.

                                                                                        2. 3

                                                                                          “Service provider warns misbehaving customer to knock it off after repeated RFC violations.”

                                                                                        1. 7

                                                                                          As a particular point where I felt this went a bit sideways, how does the requirement to manually pack and pad structs mean C is not low level? That whole section was weird. Low level languages are expected to support easy compiler optimizations?

                                                                                          1. 10

                                                                                            I enjoyed this, but it did make me wonder – what would a true low-level language designed today actually look like? I’ll hang up and take your answers over the air.

                                                                                            1. 5

                                                                                              If I’m reading the article’s premise properly, the author doesn’t even consider assembly language to be ‘low level’ on modern processors, because the implicit parallel execution performed by speculative execution is not fully exposed as controllable by the programmer. It’s an interesting take, but I don’t think anybody other than the author would use “low level” to mean what he does.

                                                                                              That said, if we were to make a language that met the author’s standards (let’s say “hardware-parallelism-transparent” rather than “low-level”), we’d probably be seeing something that vaguely resembled Erlang or Miranda in terms of how branching worked – i.e., a lot of guards around blocks of code rather than conditional jumps (or, rather, in this case, conditional jumps with their conditions inverted before small blocks of serial code).

                                                                                              People later in the thread are talking about threading & how there’s no reason threading couldn’t be put into the C standard, but threading doesn’t appear to be the kind of parallelism the author is concerned about exposing. (To be honest, I wonder if the author has a similarly spicy take on microcode, or on firmware, or on the programmability of interrupt controllers!)

                                                                                              He seems to be saying that, because we made it easy to ignore certain things that were going on in hardware (like real instructions being executed and then un-done), we were taken off-guard by the consequences when a hole was poked in the facade in the form of operations that couldn’t be hidden in that way. I don’t think that’s a controversial statement – indeed, I’m pretty sure that everybody who makes compatibility-based abstractions is aware that such abstractions become a problem when they fail.

                                                                                              He suggests that the fault lies in not graduating to an abstraction closer to the actual operation of the machine, which is probably fair, although chip architectures in general and x86 in particular are often seen as vast accumulations of ill-conceived kludges and it is this very bug-compatibility that’s often credited with x86’s continued dominance even in the face of other architectures that don’t pretend it’s 1977 when you lower the reset pin and don’t require trampolining off three chunks of arcane code to go from a 40 bit address bus and 16 bit words to 64 bit words.

                                                                                              People don’t usually go as far as to suggest that speculative execution should be exposed to system programmers as something to be directly manipulated, and mechanisms to prevent this are literally part of the hardware, but it’s an interesting idea to consider, in the same way that (despite their limitations) it’s interesting to consider what could be done with one of those PPC chips with an FPGA on the die.

                                                                                              The quick and easy answer to what people would do with such facilities is the same as with most forms of added flexibility: most people will shoot themselves in the foot, a few people would make amazing works of art, and then somebody would come along and impose standards that limit how big a hole in your foot you can shoot and it’d kill off the artworks.

                                                                                              1. 4

                                                                                                Probably a parallel/concurrent-by-default language like ParaSail or Chapel with C-like design as a base to plug into ecosystem designed for it. Macros for DSL’s, too, since they’re popular for mapping stuff to specific hardware accelerators. I already had a Scheme + C project in mind for sequential code. When brainstorming on parallel part, mapping stuff from above languages onto C was the idea. Probably start with something simpler like Cilk to get feet wet, though. That was the concept.

                                                                                                1. 1

                                                                                                  Or maybe it would look like Rust.

                                                                                                  1. 8

                                                                                                    The article’s point is that things are parallel by default at multiple levels, there’s different memories with different performance based on locality, orderings with consistency models, and so on. The parallel languages assume most of that given they were originally designed for NUMA’s and clusters. They force you to address it with sequential stuff being an exception. They also use compilers and runtimes to schedule that much like compiler + CPU models.

                                                                                                    Looking at Rust, it seems like it believes in the imaginary model C does that’s sequential, ordered, and so on. It certainly has some libraries or features that help with parallelism and concurrency. Yet, it looks sequential at the core to me. Makes sense as a C replacement.

                                                                                                    1. 3

                                                                                                      But, Rust is the only new low-level language I’m aware of, so empirically: new low-level languages look like Rust.

                                                                                                      Looking at Rust, it seems like it believes in the imaginary model C does that’s sequential, ordered, and so on.

                                                                                                      To be fair, the processor puts a lot of effort into letting you imagine it. Maybe we don’t have languages that look more like the underlying chip is because it’s very difficult to reason about.

                                                                                                      Talking out of my domain here: but the out of order stuff and all that the processor gives you is pretty granular, not at the whole-task level, so maybe we are doing the right thing by imagining sequential execution because that’s what we do at the level we think at. Or, maybe we should just use Haskell where order of execution doesn’t matter.

                                                                                                      1. 3

                                                                                                        How does rust qualify as “low level”?

                                                                                                        1. 1

                                                                                                          From my understanding, being low-level is one of the goals of the project? Whatever “low-level” means. It’s certainly trying to compete where one would use C and C++.

                                                                                                          1. 3

                                                                                                            But does rust meet the criteria for low level that C does not (per the link)?

                                                                                                            1. -1

                                                                                                              The Rust wikipedia page claims that Rust is a concurrent language, which seems to be a relevant part of the blog. I don’t know if Rust is a concurrent language, though.

                                                                                                              1. 3

                                                                                                                I think you’re probably putting too much faith in Wikipedia. With that said, I must confess, I have no insight into the decision procedure that chooses the terms to describe Rust in that infobox.

                                                                                                                One possible explanation is that Rust used to bake lightweight threads into its runtime, not unlike Go. Go is also described as being concurrent on Wikipedia. To that end, the terms are at least consistent, given where Rust was somewhere around 4 years ago. Is it possible that the infobox simply hasn’t been updated? Or perhaps there is a turf war? Or perhaps there are more meanings to what “concurrent” actually signifies? Does having channels in the standard library mean Rust is “concurrent”? I dunno.

                                                                                                                Rust has stuff in the type system to eliminate data races in safe code. Separate from that, there are some conveniences that help avoid deadlock (e.g., you typically never explicitly unlock a mutex). But concurrency is definitely not built into the language like it is for Go.

                                                                                                                (I make no comment on Rust’s relevance to the other comments in this thread, mostly because I don’t give a poop. This navel gazing about categorization is a huge unproductive waste of time from my perspective. ’round and ’round we go.)

                                                                                                                1. 1

                                                                                                                  Pretty sure having a type system designed to prevent data races makes Rust count as “concurrent” for many (including me).

                                                                                                                  1. 3

                                                                                                                    The interesting bit is that the type system itself wasn’t designed for it. The elimination of data races fell out of the ownership/aliasing model when coupled with the Send and Sync traits.

                                                                                                                    The nomicon has some words on the topic, but that section gets into the weeds pretty quickly.

                                                                                                                    1. 1

                                                                                                                      I see where you are going with that. The traditional use of it was expressing concepts in a concurrent way. It had to make that easier. The type system eliminates some problems. It’s a building block one can use for safe concurrency with mutable state. It doesn’t by itself let you express things in a concurrent fashion easily. So, they built concurrency frameworks on top of it. A version of Rust where the language worked that way by default would be a concurrent language.

                                                                                                                      Right now, it looks to be a sequential, multi-paradigm language with a type system that makes building concurrency easier. Then, the concurrency frameworks themselves built on top of it may be be thought similar to DSL’s that are concurrent. With that mental model, you’re still using two languages: a concurrent one along with a non-concurrent, base language. This is actually common in high assurance where they simultaneously wrote formal specs in something sequential like Z and CSP for concurrent stuff. The concurrent-by-default languages are the rare thing with sequential and concurrent usually treated separately in most tools.

                                                                                                          2. 2

                                                                                                            If exploring such models, check out HLL-to-microcode compilers and No Instruction Set Computing (NISC).

                                                                                                          3. 1

                                                                                                            Interestingly, the Rust wikipedia page makes a bit deal about it trying to be a “concurrent” language. Apparently it’s not delivering if that is the major counter you gave.

                                                                                                            1. 2

                                                                                                              Occam is an example of a concurrency-oriented language. The core of it is a concurrency model. The Rust language has a design meant to make building safe concurrency easier. Those frameworks or whatever might be concurrency-oriented. That’s why they’re advertised as such. Underneath, they’re probably still leveraging a more sequential model in base language.

                                                                                                              Whereas, in concurrency- or parallelism-first languages, it’s usually the other way around or sequential is a bit more work. Likewise, the HDL’s the CPU’s are designed with appear to be concurrency-first with them beating the designs into orderly, sequential CPU’s.

                                                                                                              So, Im not saying Rust isnt good for concurrency or cant emulate that well. Just it might not be that at core, by default, and easiest style to use. Some languages are. That make more sense?

                                                                                                              1. 0

                                                                                                                Yes I know all that, my point was that the wikipedia page explicitly states Rust is a concurrent language, which if true means it fits into the idea of this post.

                                                                                                          4. 3

                                                                                                            Does Rust do much to address the non-sequential nature of modern high-performance CPU architectures, though? I think of it as a modern C – certainly cleaned up, certainly informed by the last 50 years of industry and academic work on PLT, but not so much trying to provide an abstract machine better matched to the capabilities of today’s hardware. Am I wrong?

                                                                                                            1. 3

                                                                                                              By the definitions in the article, Rust is not a low level language, because it does not explicitly force the programmer to schedule instructions and rename registers.

                                                                                                              (By the definitions in that article, assembly is also not a low level language.)

                                                                                                              1. 1

                                                                                                                Ownership semantics make Rust higher-level than C.

                                                                                                                1. 3

                                                                                                                  I disagree:

                                                                                                                  1. Parallelism would make whatever language higher-level than C too but the point seems to be that a low-level language should have it.
                                                                                                                  2. Even if true, ownership is purely a compile-time construct that completely disappears at run-time, so there is no cost, so it does not get in the way of being a low-level language.
                                                                                                                  1. 2

                                                                                                                    Parallelism would make whatever language higher-level than C too but the point seems to be that a low-level language should have it.

                                                                                                                    This premise is false: Parallelism which mirrors the parallelism in the hardware would make a language lower-level, as it would better mirror the underlying system.

                                                                                                                    Even if true, ownership is purely a compile-time construct that completely disappears at run-time, so there is no cost, so it does not get in the way of being a low-level language.

                                                                                                                    You misunderstand what makes a language low-level. “Zero-cost” abstractions move a language to a higher level, as they take the programmer away from the hardware.

                                                                                                            2. 2

                                                                                                              I came across the X Sharp high-level assembler recently, I don’t know if it’s low-level enough for you but it piqued my interest.

                                                                                                              1. 2

                                                                                                                There’s no point of a true low-end language, because we can’t access the hardware at that level. The problem (in this case) isn’t C per se, but the complexity within modern chips that are required to make them pretend to be a gussied-up in-order CPU circa 1993.

                                                                                                              1. 3

                                                                                                                In Homebrew the llvm package is bottled for Sierra. Bottles are binary packages. It should have been a simple download and untar, handled by brew, unless you broke something.

                                                                                                                Did you add build flags that prevented brew from using the default binary distribution? Why? When the build was taking forever you didn’t think that maybe your extra flag wasn’t important to test std::optional? Nome of the build options to that package are remotely necessary for most people.

                                                                                                                As for installing Xcode, why was your OS so out of date? Xcode has only required High Sierra for a month. You’ve had 7 months to install High Sierra. Sounds like your problem.

                                                                                                                1. 3

                                                                                                                  “You have not done the busywork Apple expects of you” should not be the OP’s problem.

                                                                                                                  1. 3

                                                                                                                    What is OP’s problem? Having to turn on the computer? Where’s the line? At some level, we need to take responsibility for being prepared to do what we plan to do. std::optional isn’t supported by my dos box with turbo pascal either.

                                                                                                                    1. 5

                                                                                                                      Hopefully we can both agree that “DOS box with turbo pascal” and “last year’s version of a current system” are different situations, only one of which has any connection to the discussion at hand.

                                                                                                                      1. 1

                                                                                                                        Is it last year’s version or is it current?

                                                                                                                        This is like the inverse of the for want of a nail parable. All you wanted was to shoe the horse to send a message, but you needed to make a nail, so you needed to mine some ore, so you needed to feed the workers, so you needed to grow some wheat, so you needed to plow the field. So much yak shaving!

                                                                                                                        1. 1

                                                                                                                          A slight alteration to you tale @tedu:

                                                                                                                          All I wanted was to try out this new nail for the shoe. I went to the nail man, and he said, but this nail needs a new hammer. See Joe. I went to Joe and Joe said, but this hammer needs a new tool shed. See Moe. I went to Moe and Moe said, but this tool shed needs a new house. So I took out another mortgage. And so it goes.

                                                                                                                      2. 1

                                                                                                                        “my dos box with turbo pascal”

                                                                                                                        Oh yeah, that reminded me I had a submission about that. ;)

                                                                                                                  1. 4

                                                                                                                    I’ve found semi black box fuzzing to be helpful as well. Spam the process with requests, wait to observe leak, start bisecting source, etc., repeat. Throw a while (1000) around some supposedly allocation neutral code blocks.

                                                                                                                    1. 1

                                                                                                                      This caused me a lot of confusion (what is this apport thing and what is it doing with my core dumps??)

                                                                                                                      Yeah, no kidding. Every time I go back to Linux development it seems they’ve found a new way to send me in circles.

                                                                                                                      1. 5

                                                                                                                        Hmm, this was not quite what I expected. The theoretical part of this article was interesting, but I’m not sure the experimental part gives much information about anything. He took a grand total of three international trips during the experiment, which is a lot fewer than I was expecting. I’m not sure I would expect to find anything on a honeypot PC with such a small number of samples.

                                                                                                                        I mean it’s not a bad story, but it feels like the same story could’ve been written without the mini-experiment, which doesn’t really add any useful data. Although I guess it wouldn’t have had an interesting hook then.

                                                                                                                        1. 5

                                                                                                                          I always keep a tiger repelling rock in my laptop bag. So far, zero tigers have attempted to eat my laptop.

                                                                                                                          1. 2

                                                                                                                            Ahh, by the way. Your rock is defective.

                                                                                                                            It has had the unintentional side effect of repelling sharks.