1. 3

    In French and German it makes more sense: Informatique/Informatik. An instance of how language can shape your perception.

    1. 2

      This always seemed excessively focused on the object of the discipline (information) rather than the discipline itself. Just as I think the term “computer science” focuses on the means used by the discipline rather than the discipline itself.

      1. 1

        “Informatics”, then, perhaps?

        I kind of like that.

        1. 3

          It’s kind of already a thing - I work at a “School of Informatics”. Most university departments in anglophone countries still call themselves computer science though

          1. 1

            It’s kind of a silly term – one of the most overloaded ones ever:

            https://en.wikipedia.org/wiki/Informatics_(disambiguation)

            1. 1

              Engineering informatics (not to be confused with informatics engineering, Southern European term)

              That made me laugh. In general though, I think it doesn’t really matter what it’s called. Computer science or Informatik here in Germany, people know what you are talking about and that is good enough.

        1. 5

          Learning more about time on computers. Timer data structures, leap units, mechanics around NTP. More conceptual things like “what even is a year”. Organizational/standards things like if there’s a difference between RFC 3339 and ISO 8601 and if so why are they often treated interchangeably…are there quirks and edge cases introduced? Is anything concrete or is it all just a mess of compromise and people winking at each other because we have to define time somehow?

          I started a project that has to do with time, and y’know what? I’m this far in, may as well just see if this rabbit hole has a bottom…or at least walls.

          1. 4

            I wrote a bit on that topic, though not touching on the different formats part. Maybe it can be helpful.

            1. 1

              This looks awesome, thank you!

          1. 2

            I like Kaitai, it’s similar to poke and other tools. One thing however that is missing from kaitai is the ability to generate a formatted binary, at the moment it’s only a parser.

            1. 1

              Excellent article series!
              It’s the type of mind bending content that make you consider something new.

              1. 3

                I’ve been through the same situation. It was relatively worse because it increased the cost of my VM instance and there are currently limits to online spending in my country. So I had to act fast. I did multiple things but the two that worked the best were to add fail2ban rules and to actually find a pattern in the IPs contacting me, to whois them, and contact the abuse email (they actually replied and helped).

                1. 1

                  We had a discussion about a somewhat opposite problem here, on Linux specifically though. Terminals and shells are fascinating!

                  1. 9

                    Maybe not everyone knows this, but instead of pressing ESC in vim, which is kind of far, you can do Ctrl+[, it will send the same signal to vim.
                    Looking at the ASCII table (man 7 ascii) you’ll instantly know why, control is interpreted in terminals as nullifying the 6th and 7th bit:

                           033   27    1B    ESC (escape)                133   91    5B    [
                    

                    This is also the reason why ESC often shows as ^[.

                    1. 2

                      Isn’t that even worse from the RSI-avoidance point of view?

                      1. 2

                        I have caps lock mapped to ctrl, so ESC is just a small movement away for my little fingers. Not sure if that helps RSI avoidance, but it’s a bit less stretching around.

                      2. 2

                        That’s very interesting, I did not know that.

                        1. 2

                          Or use something like xcape and turn Ctrl into ESC.

                          1. 4

                            Even better, bind caps lock to ESC (when tapped) and CTRL (when chorded) using e.g. caps2esc on Linux or AutoHotKey on Windows. This has dramatically reduced stress I was experiencing in my left forearm, as my wrists sit at a much more natural angle.

                          2. 2

                            Switching caps and esc is also really good tho! How often do you need to caps, really?

                          1. 1

                            It reminds me of katai

                            1. 8

                              I really wish Linux hadn’t decided to call a permissions system capabilities. It leads to a load of people being confused about either what capabilities are or about why this Linux thing is not a capability system even though it has capabilities in its name.

                              1. 3

                                Permissions, privileges, capabilities, policies, access control, authentication, authorization, trust mechanism, ownership policies, domains policies, yep this can get confusing when this type of jargon intermixes.

                                EDIT: a great overview of system protection

                                1. 2

                                  I blame posix’s capabilities, which are very wrongly named too.

                                  1. 1

                                    In all fairness, “capabilities” is actually a pretty good term for this sort of thing. As a user, you are giving capabilities to a binary. A capability is an action; a permission is what? It’s more vague.

                                    1. 8

                                      In security, a capability has a well-defined meaning. A capability is an unforgeable token of authority that can be delegated and, when presented, authorises an action. Linux ‘capabilities’ are not capabilities because they don’t implement the principle of intentionality. They are permissions that apply to the process. If a process holds a Linux ‘capability’, it can exercise the right without having to present the capability.

                                      UNIX file descriptors are much closer to capabilities. They are unforgeable (they’re identified by integer values, but those integers index into a table managed by the OS, you can’t just create an entry in the table without the kernel being involved). They can be delegated by passing them over UNIX domain sockets. They must be presented explicitly to system calls such as read / write / ioctl to use them. The rights conveyed by them are independent of the subject, you can hold a read-only and write-only capability to the same file and the read or write operation will fail if you use the wrong one. The file may be one that the user running the program does not have the rights to access via the file’s ACLs, but you received the capability to access the file because a differently privileged process passed the file descriptor to you over a UNIX domain socket. The changes required for Capsicum to turn POSIX into a capability system were very small (a mode that completely removes access to all global namespaces and finer-grained permissions on file descriptors).

                                      1. 2

                                        Linux ‘capabilities’ are not capabilities because they don’t implement the principle of intentionality

                                        Really? Given the example in the article:

                                        If a task asks to perform a privileged operation (like binding on ports < 1024), the kernel checks Effective bounding set to see if CAP_NET_BIND_SERVICE is set.

                                        It sounds like the intention is to give the binary the capability to do this action?

                                        Could you please link me to a reputable source giving the meaning? I’m not looking to argue, just explaining my thoughts. ☺

                                        1. 7

                                          Could you please link me to a reputable source giving the meaning?

                                          The best references are books, many of which predate Linux entirely, but the Wikipedia article is not too bad (and explicitly state that Linux capabilities are not a capability system) and has a bunch of good resources in the ‘further reading’ section.

                                          It sounds like the intention is to give the binary the capability to do this action?

                                          I think you are misunderstanding the principle of intentionality. The process does a bind system call. It does not require elevated privilege to bind to port 1234 but it does to bind to port 123. The system call is identical in both places. In a capability system, it would have to present a capability authorising it to bind to privileged ports in the second case, but would not have to in the first. This makes it much harder for an attacker to trick the process into doing a privileged operation. With Linux ‘capabilities’ the process has no way of saying ‘do this operation using this capability’, it just says ‘do this operation with ambient authority’ and if its ambient authority is sufficient then the operation succeeds. You never explicitly have to express the intention to use the right that you have, it happens automatically, even when you don’t want it to (for example, if you bind a socket on behalf of some other entity and forget to do the check that the port number that it provided you is <1024).

                                          With a capability system, you never exercise privilege without explicitly presenting the capability that you intend to use. If you open two directories on behalf of two different clients and one gives you a path for the other client’s directory, the capability that you hold for that client doesn’t let you access the directory and so you don’t accidentally use a privilege that you hold, but don’t intend to use.

                                          1. 2

                                            Thank you, your explanation was very good :) I think I understand now. It sounds like Linux got close but didn’t go all the way for some reason…

                                          2. 3

                                            https://en.wikipedia.org/wiki/Capability-based_security

                                            For a really good introduction to the concept, I recommend:

                                            http://habitatchronicles.com/2017/05/what-are-capabilities/

                                            The article addresses your terminology objection early on:

                                            The first thing to confront is that term, “capabilities”, itself. It’s confusing. The word has a perfectly useful everyday meaning, even in the context of software engineering.

                                            That said, capabilities (in the narrow security sense) are an incredibly useful concept that isn’t nearly as well-known as it should be. As the article above goes into, it’s also deeply related to more general concepts of OO design.

                                            1. 3

                                              it can exercise the right without having to present the capability.

                                              It’s sort of funky, but this is the key to understanding. I guess one could argue the PID # is the capability, but that’s not actually what’s happening. To access CAP_NET_BIND_SERVICE in a capability model you have to say hey Mr, Kernel, I want CAP_NET_BIND_SERVICE, and here is my token. so the function call would look something like:

                                              kernel_bind_port(captoken,port80)

                                              where with “linux capabilities” you would do something like:

                                              kernel_bind_port(80)

                                              and the authorization look up would happen behind the scenes, based on the PID for instance.

                                              (obviously contrived example, using not real code).

                                              The upside of a capability system:

                                              • By requiring the token to go along with the request, one can pass the token along somewhere else if needed to do that 1 thing.
                                              • The Token can be thrown away/forgotten after doing the binding it needs, essentially giving away the permission, so if I get compromised, I can’t then go bind port 53 and screw with DNS also.
                                              • the token capability can be VERY fine-grained, and an app might have 100 of them if needed, making throwing away a permission when done a lot easier.
                                              • You can easily make a service saying here is my cap proof(token) with perms X,Y and Z but I need a new one with permissions to only Z, and then I can hand Z out to a subprocess, it can now handle Z, but will have no ability to do X or Y.

                                              etc, etc.

                                              In an authorization setting(i.e. linux capabliities), I can’t do those things easily, because the proof of access doesn’t go with the access request.

                                              1. 3

                                                Wow thank you, your explanation was very nice! It really points out why Linux capabilities are not “capabilities”.

                                              2. 2

                                                This is a really good overview of the concept of system protection.

                                        1. 4

                                          Wouldn’t DNSSEC with DANE solve the problem of needing a third-party certificate authority? I think for the overwhelming majority of use cases it might. So in a world where certs were verified through DANE, a tool like this might be even more useful.

                                          That reminds me, I need to set up DNSSEC on my own domains.

                                          It’s worth noting that BearSSL doesn’t support TLS 1.3 yet. I ended up using GNUTLS to take this script for a spin; it worked beautifully.

                                          1. 1

                                            DANE would definitely solve this issue but it’s barely deployed.

                                            1. 1

                                              Barely deployed client-side too, or just server-side? I’d start using it server-side today if I knew that the overwhelming majority of clients would just support it out of the box.

                                              1. 1

                                                As far as I know Openssl has had support for DANE for a couple of years now so it should work on new clients, but the general support in client libraries is still low, and browsers barely support it. Also most off-the-shelf registrars don’t all allow adding TLSA entries in the zone nor even support DNSSEC to begin with.

                                          1. 1

                                            This app is meant to demonstrate an imagined world where we don’t care about hierarchical certificate authorities, or going through a three-step process to request and then confirm a request for a certificate to ourselves from ourselves, when that certificate is little more than a gold filigree doily wrapped around a public key.

                                            It could be good for internal certificate trees that don’t rely on verifying hosts, or verify them through other means. However, in public internet scenarios certificates are meaningless if you don’t have an authority.

                                            NB: Why is openssl command line harder than this?

                                            1. 1

                                              NB: Why is openssl command line harder than this?

                                              In my experience, nobody uses the openssl CLI without a cheat sheet holding the half dozen or so commands they use. My idealized CLI tool would have good defaults so you rarely need to use options, and if it had a lot of options, the --help page would show the most common usage as examples at the top.

                                            1. 3

                                              Outdated research and what about SSDs?

                                              1. 3

                                                Well, how much does an electron weigh? And how many in the average memory cell?

                                                1. 2

                                                  It definitely depends on the underlying tech and what you are actually calculating (number of electrons or atoms to hold a bit). I’m not sure if there are research on different types of NVM but I found this.

                                                  Still very fun to think about these things, here’s some projection of memory and storage tech, HDD is still where most data is stored.

                                                1. 4

                                                  man 3 tzname goes over that and here. TZ can have 2 strings, as a pair for timezones: the standard and the daylight saving. Also, daylight saving time is ambiguous in itself and depends on regional legal decisions. What you’re trying to represent is the current “civil time”. That’s why it’s preferable to use the name of a city, and not a timezone name or daylight saving timezone name.

                                                  1. 2

                                                    Is the Unix audio stack implemented well? The author points out, that it is very complicated, but is this unavoidable? What could be improved and what had to be deprecated along the way? I‘m interested in hearing some opinions :)

                                                    1. 3

                                                      Only one way to find out: Read the article. 😁

                                                      1. 2

                                                        I read it, and I wonder what you think would be the next steps to improve the current state – keep developing things as-is, remove some layers, replace some things, etc.? What would be the biggest bang for he buck?

                                                        1. 2

                                                          I’m not sure I really have an “opinion”. I think it depends on the needs. A pro-audio user won’t be looking for the same thing as a desktop user.

                                                          On the desktop I think the next big thing is to bring use-case scenarios, things like grouping notifications as a single audio stream, videos as a group, music, voice, etc.. But that’s hard to do without the participation of the application developers adding a media class/category.
                                                          Otherwise, you are left with something like the restoration db of PulseAudio which will directly remember and move streams to the sink you want as soon as it sees it. Currently we don’t have that, we need to have different sinks/source for different use-case, and not one sink per device-port. What could be done is automatically create virtual sinks such as “notification”, “voice”, “media” by default with the routing to the device port. This can be done with the module-device-manager or this recommendation made initially for Phonon KDE and adding virtual sinks for each use-case. Take a look a this Phonon screenshot for an idea of what I mean. I think KDE audio is going in a good direction.

                                                    1. 1

                                                      For example, on Windows the audio APIs being ASIO, DirectSound and WASAPI.

                                                      Windows just has wasapi and asio. Directsound, like xaudio2, is implemented on top of wasapi and adds only overhead.

                                                      1. 2

                                                        You could then say that Linux only has ALSA and that PulseAudio/JACK/PipeWire/sndio are implemented on top of it and “adds only overhead”. That doesn’t clarify nor explain anything.

                                                        1. 2

                                                          Do you then also include sdl and juce and soloud and fmod and wwyse and xaudio2 and xact? How about apulse?

                                                          There’s a meaningful difference from a user‘s perspective between running straight alsa and running one of pulse, jack, pipewire, and sndio. They’re daemons; you have to run them, and they have some common effect on all the applications that run on them. For example, with pulseaudio you can dynamically change which sink an application’s audio is routed to, where with jack you cannot. No such property applies to dsound. It’s simply a library implemented on top of wasapi; an implementation detail, if you will, of a sound-producing application.

                                                          1. 1

                                                            You’re right, it all comes down to where you choose to put the complexity: hardware, kernel, user-space, etc.. That’s why this little diagram is important https://venam.nixers.net/blog/assets/audio_unix/device_functionality.jpg

                                                            For example, with pulseaudio you can dynamically change which sink an application’s audio is routed to, where with jack you cannot.

                                                            Yes, unfortunately.

                                                      1. 20

                                                        Apropos of nothing other than it is cool, the line from the article:

                                                        In the real world, the analog world, sound is made up of waves, which are air pressures that can be arbitrarily large.

                                                        reminded me that while you can have arbitrarily high pressure (not sure if there is a limit there? perhaps if you get the pressure high enough to drop the boiling point of the gas so it liquefies?) there is a lower limit (vacuum).

                                                        The practical upshot of this is that some rocket launches are loud enough so that they have “clipping” artefacts, caused not by hitting the dynamic range limits of sound recording hardware, but by hitting the dynamic range limits of the atmosphere (on the bottom end).

                                                        tl;dr - if you want to hear louder things without artefacts, you need more atmospheric pressure.

                                                        1. 1

                                                          That’s fascinating! I only included these to quickly introduce the idea of conversion from the analog world to the digital world. I’m neither a physicist nor audio engineer so I’m not very knowledgeable on that aspect. I’m amazed at all the domains of expertise that exist.

                                                          Anecdote: I do know first hand what large shockwaves did to buildings in my city.

                                                        1. 2

                                                          Becase web browsers are currently terrible at rendering the output as all monospace, unlike terminals, the examples below have been included as images. If you work for Google or Mozilla or Microsoft or Apple please fix this for the love of god.

                                                          Anyone familiar with this problem? I don’t think I’ve bumped into it before, I just use fenced code blocks on GitHub and I don’t remember anything brendering incorrectly.

                                                          1. 2

                                                            The fallback font behavior of Chrome-based browsers is what breaks it. The character width changes between the default monospace font and the fallback, causing misalignment in plain text document rendering.

                                                            1. 1

                                                              I do ASCII art and sometimes post them on the web. The main issues are the line-height that should be fixed at 1 and selecting a monospace font that should be “predictable”.

                                                              1. 1

                                                                I think the issue is the line-drawing elements in the image.

                                                                1. 3

                                                                  you have a “Identity stuff Awesome List” to put on github right there

                                                                1. 1

                                                                  Ooh, fascinating, gonna read this in detail soon.

                                                                  I’ve been thinking about this problem from a different angle: beyond a certain point you don’t just get swapping/stalling, you get OOM kills. And for some programs that’s impossible to prevent, in particular data intensive batch jobs might just load and process way too much memory.

                                                                  So a different approach is to detect impending OOM events and dump a memory profiling report in advance so someone can go and optimize the program. So for my Python memory profiler, intended for offline use, does that. Heuristics are here: https://github.com/pythonspeed/filprofiler/blob/master/memapi/src/oom.rs

                                                                  (This turns out to be extra tricky because macOS has different memory policies than Linux, it seems to try to keep more RAM available than Linux, and correspondingly swaps more aggressively. And then there’s cgroups, which actually is cgroups v1 and cgroups v2. And setrlimit, but I decided those limits are so wacky probably no one should use them.)

                                                                  For offline profiling a slightly over-aggressive heuristic is fine: the goal is reduce memory usage, so whether you hit OOM or were just likely to doesn’t matter, what matters is getting a useful “here’s where your memory usage is coming from” report.

                                                                  Now I’m starting to think about making a (commercial) production memory profiler, with different tradeoffs: less intrusive, less accurate, so fast you can actually use it in production. And for OOM preemptive detection it needs to be really sure OOM is about to happen… Or, alternatively, if the data for profiling reports is on disk, you can extract a reason-for-crash profiling report after the crash happens… presuming the OOM kill didn’t e.g. kill your whole container.

                                                                  It’s a fun problem space!

                                                                  1. 3

                                                                    I also recommend checking the talk Linux Memory Management At Scale by Chris Down.

                                                                    1. 4

                                                                      Arabesque’s Unix as IDE posts (from 8 years ago) were really formative for me. Great to see that blog is still alive and kicking.

                                                                      1. 3

                                                                        Arabesque’s ed posts made fall in love with ed. It is not a joke or sarcasm, I really take time from now and them to think about interaction design of a line editor what could be gained from. It is mostly useless in practice but I just keep doing it for the fun and pleasure.

                                                                      2. 2

                                                                        venam’s own blog has many deep dives into unixy topics: https://venam.nixers.net/blog/