1. 5

    C: Look, man, I really love ya, but can you maybe chill with the undefined behavior? Right now, your choice is between under-defined signed integers and unsigned integers. Can you maybe give us a portable way to clear sensitive memory? While you’re at it, remind me why I can’t assume uint8_t is an unsigned char if uint8_t exists; can we do something about those aliasing rules there? Devil’s in the details, and it’d be nice if we could maybe figure out those details and ignore one’s complement and 36-bit integers for a second.

    Perl: I think at this point it’s too late, but function calls with & will never sit right with me.

    PHP: Your documentation is generally useful, but I do wish that you’d hoist user comments into the “main” documentation on occasion.

    Ruby: Please stop iterating so quickly. A release every couple of years is fine. You’re making life hard on Debian when everyone jumps on the new feature bandwagon. And please get your documentation in order; the OpenSSL module is basically “fiddle in irb until it works) land permanently, and separating out half of the core modules (but not all) onto a separate website keeps getting me.

    Java: I hope you were listening for the “iterating so quickly” part I just told Ruby. Because you’ve now started going down that dark path, too. Lambdas just broke the paradigm, too, so now it just feels kind of alien at times.

    C# (or .NET in general, I suppose): I want to like you, but your portability is just not quite there yet if I want to use you on OpenBSD. Maybe someday.

    Literally everything that isn’t C or C++: Operating systems have package managers for a reason. Please at least try and cooperate with them. I’ve already given up that idea that you write some kind of man-compatible format like Perl does.

    1.  

      Literally everything that isn’t C or C++: Operating systems have package managers for a reason. Please at least try and cooperate with them. I’ve already given up that idea that you write some kind of man-compatible format like Perl does.

      As a distro maintainer, this sentiment needs to be shouted from every rooftop by every programmer.

      As a programmer, even before I was a distro maintainer I hated that each language felt that it was so special that it couldn’t possibly be managed with apt or yum or emerge. Give me a break.

      1.  

        Thanks for your work maintaining a distro! Fantastic, important work.

        Some perspective from the other side of the fence:

        I’d need to support apt, and yum, and emerge, and also something custom for the windows folk, and something else custom for the mac folk.

        Since lots of people need something custom anyways, I’ll need to build a custom thing.

        Asking me to also support multiple package managers, none of which I’ve ever needed to be familiar with before, is something of a non-starter. I already have this custom thing I built; not only does it work OK, I already understand it and can offer support to people who get stuck.

      2.  

        Perl: I think at this point it’s too late, but function calls with & will never sit right with me.

        Heh. I used to declare my subs before calling them (I believe I got that habit from Pascal) and later when I decided I liked my function declaration lexically after my main code, I simply started to pre-declare them.

        Today, researching this, I gather from perlsub that as long as I pass my arguments as a list I don’t even have to pre-declare them…

      1.  

        Rust: The borrow checker is fundamentally a right idea.

        JavaScript: If nothing else, it’s probably the only programming language that you can run on even the most restricted desktop and laptop computers.

        Go: Channels and goroutines seem like a very good concurrency primitive that I wish other languages could imitate. In fact, now that I think about it, I wonder if it could be generalized to simulate Erlang-like processes.

        (Despite being commonly complained about, I don’t dislike PHP and Java.)

        1. 31

          Nice ad. :|

            1. 3

              Also at the moment according to the pricing page, payment is optional.

            2. 20

              You’re right, and how virtuous Sourcehut may or may not be doesn’t change that. The line between ad and article is a spectrum, but this seems to be pretty well into the ad side of things. I apologise, I’ll be more discerning in the future.

              1. 4

                If you crack some other good places to get the word out, I’d be interested in hearing. My online circle is pretty small (lobste.rs and HN), but I’m working on something I want to ‘advertise’ the hell out of quite soon…

                1. 5

                  I’ve been trying to engage more with Reddit for this reason. I don’t really like it as a platform or see it as doing a social good, but there are users there and I’d like to be there to answer their questions. I was going to make a Twitter account, too, but they wanted my phone number and a pic of my ID and a blood sample to verify my account so I abandoned that. Finding good ways to ethically grow Sourcehut’s audience is not an entirely solved problem.

                  1.  

                    The reason Twitter – and many platforms – asks for phone numbers is because spam and trolls are a persistent problem. Ban one neo-Nazi troll tweeting obscenities at some black actor for DesTROyinG WhITe SocIEtY and they’ll create a new account faster than you can say “fuck off Nazi”.

                    Reddit is often toxic as hell by the way, so good luck with that.

                    1. 1

                      Huh…I have a twitter account and all I needed for it was an email. Maybe things have changed.

                      1. 1

                        Nowadays they let you in with just an email, but after some time “block” your account and only unblock it after you give your phone number.

                  2. 3

                    While I also see it as an ad, I’m interested in what it being announced as a Sourcehut user. But it seems you don’t have a RSS/Atom feed for the official blog… Or is there a mailing list I missed?

                    1. 2

                      https://sourcehut.org/blog/index.xml

                      I’ve been meaning to make this more visible… hold please done.

                  3. 14

                    It’s advertising an open source project, Source Hut, but also Janet, Zig, Nim, Samurai, Sway and other open source projects I like. Projects that get very little payment or gratitude for the work they do.

                    Yes sr.ht is a service too, a useful one at that. They support BSD well, unlike other companies, how else are they supposed to let people know this fact? Should they be paying largely unethical companies like google for ad space? Or should they just be more subversive so people don’t complain.

                    Let me put it this way, if every open source project was also a business, should we hate on every single one for advertising? sr.ht didn’t game the upvotes to get on the front page, people upvoted it by themselves.

                    I suppose there could be a tag ‘sponsored’ so people can ignore them. Not suggesting allowing lower quality from sponsored content either, probably the inverse.

                    1. 21

                      The issue is that I see a Sourcehut “ad” every few days: “Sourcehut supports OpenBSD”, “Sourcehut supports migrations from Bitbucket”, “Sourcehut supports ASCII”. Yeah … we got it … A lot of these posts don’t have a lot of meat to them and at this point, it’s just getting spammy.

                      1. 16

                        Yeah … we got it … A lot of these posts don’t have a lot of meat to them and at this point, it’s just getting spammy.

                        They don’t always have a lot of “meat,” but posts about SourceHut represent a capitalist ideology I can actually get behind. A single proprietor, working their ass off to try to change the software world, which has gotten extremely out of hand with regards to complexity, and the marketing of products that fix the complex systems we don’t need, at all, to begin with.

                        What’s the difference between a SourceHut post, and an post ad that complains that as an open source author I am not compensated fairly? Hint: one should be inspiration, for the other is actually possible.

                        1. 0

                          SourceHut represent a capitalist ideology

                          payment for the service is optional, so no it doesn’t. All the things that make Sourcehut great in my opinion are the ways in which it denies capitalist ideology. Open Source Software, optional payments, etc.

                          1. 3

                            optional payments

                            It’s optional, right now, while in Alpha. It doesn’t seem the plan is that forever. Also, if it wasn’t clear, I’m extremely in favor of this model of charging people for a service, but releasing your software under a permissive license.

                        2. 10

                          Just let me other another data point here. It was thanks to the “migration from Bitbucket” post that I found out Sourcehut had a nifty script to help migrations from Bitbucket and that saved hours of work as I migrated 20+ repos effortlessly. This current post made me realize that maybe I should be paying more attention to their CI system as it looks much simpler than others I’ve used. So, in the end, I’m appreciating these blog posts a lot. Yes they are related to a commercial venture but so what? You can self-host it if you’re not into SaaS outside your control. If we set a hard line like this, then it becomes impossible to post about any commercial project at all. It is already hard to monetize FOSS projects to make them sustainable, now imagine if they are not even allowed blog posts…

                          1. 4

                            Same here. This string of posts made me aware of sourcehut and when I had to migrate from bitbucket, I then gave them a hard eval. I like their human, non-shitty business model of “I give them money and they give me services”, and that their products are professionally executed and no-frills.

                            I don’t know how to reconcile it. These articles were very useful to me, when most product ads weren’t and I’d be disappointed if this site became a product advert platform. I think people are right for flagging it is almost-an-ad, but in this one vendor’s case I’m glad I saw them and am now a happy sourcehut customer.

                          2. 2

                            every few days

                            A lot of these posts don’t have a lot of meat to them and at this point, it’s just getting spammy.

                            That is fair I guess. I’ll have to check the guidelines on things like that.

                          3. 6

                            if every open source project was also a business, should we hate on every single one for advertising?

                            Yes. I flag those too. Advertising is a mind killer.

                            1. 6

                              But there is no other way to get large numbers of people to know about something, following your advice would be suicide.

                              I also hate advertising, I just don’t see a way around it. I won’t argue further against banishing advertising from lobste.rs at least.

                              1. 7

                                But there is no other way to get large numbers of people to know about something, following your advice would be suicide.

                                All these conversations are done like it’s all or nothing. We allow politics/marketing/etc on Lobsters or… it never happens anywhere with massive damage to individuals and society. Realistically, this is a small site with few monetary opportunities for a SaaS charging as little as he does. If the goal is spreading the word, it’s best done on sites and platforms with large numbers of potential users and (especially) paying customers. Each act of spreading the word should maximize the number of people they reach for both societal impact and profit for sustainability.

                                Multiple rounds on Lobsters means, aside from the first announcement with much fan fare, the author sacrificed each time opportunities to reach new, larger audiences to show the same message again to the same small crowd. Repeating it here is the opposite of spreading the word. Especially since most here that like Sourcehut are probably already following it. Maybe even buying it. He’s preaching to the choir here more than most places.

                                Mind-killer or not, anyone talking about large-scale adoption of software, ideology, etc should be using proven tactics in the kinds of places that get those results. That’s what you were talking about, though. I figured he was just trying to show latest BSD-related progress on one of his favorite tech forums. More noise than signal simply because he was sharing excitement more than doing technical posts or focused marketing.

                              2. 5

                                Every blog post is an ad for something. It may not be a product, directly, but it’s advertising an idea, the person, or persons the idea was thought by, the writing (which, btw can be a product) of the author, etc.

                                If you want to sincerely flag advertising, you might as well get offline—it’s pervasive.

                                1. 3

                                  It may not be a product, directly, but it’s advertising an idea

                                  Not a native english speaker here. I may be wrong, but after looking at the dictionnary definition

                                  advertisement

                                  noun

                                  A paid notice that tells people about a product or service.

                                  it seems that an advertisement has a precise definition: an ad is directly related to a paid product, not an idea.

                                  1. 1

                                    it seems that an advertisement has a precise definition: an ad is directly related to a paid product, not an idea.

                                    This is a fairly pedantic interpretation. A person promotes an idea to sell something, if even themselves. That “sale” might only come later in the form of a job offer, or support through Patreon, etc, etc.. But, to say that you can’t advertise an idea is wrong. The cigarette industry’s ad campaigns have always been about selling an image, an idea that if you smoke you become part of something bigger. Oh, and btw, you’ll probably remember the brand name, and buy that kind instead of something else.

                                    iPods were sold on the very basis of white headphones, TO THE POINT, that people without iPods started wearing white headphones to be part of the “club.” Advertisements sell you the idea of a better life, and hopefully you’ll buy my product to get it.

                            2. 2

                              Somewhat amusing that this post with an interesting fully FOSS service, is marked -29 spam, whereas an actual advertisement about Huawei making macbook clones that run Linux has only -3 spam (one of which is mine).

                              1. 3

                                Said FOSS service has been on the Lobsters front page multiple times recently. I suspect the reaction is: “We get it, sr.ht exists and SirCmpwn is apparently desperate to attract a paying customerbase, but a clickbaity title for a blogspam ad on the usual suspect’s software is probably crossing the line.”

                            1. 4

                              Starship is the minimal, blazing fast, and extremely customizable prompt for any shell!

                              As long a said shell is one of bash, fish or zsh.

                              1. 15

                                Your point is fair, because installing for Fish/Bash/Zsh is all they explain; but I’m not sure it’s accurate, because Starship’s core is indeed shell-agnostic AFAICT. Below is the core call. It prints the colourized prompt for the current user/host/directory, which is what every shell’s prompt function must boil down to. Starship’s shell-specific initialisations provide code to compute $cmd_duration etc. for every prompt, but in the end they all make the core call.

                                starship prompt \
                                    --status=$exit_code \
                                    --keymap=$keymap \
                                    --cmd-duration=$cmd_duration_in_seconds \
                                    --jobs=(jobs -p | wc -l)
                                

                                All those flags are optional, if you shell doesn’t store command duration or whatever.

                                To prove this particular shelly pudding, I edited my ~/.tclshrc to look mostly as follows:

                                if {$tcl_interactive} {
                                
                                    package require tclreadline
                                
                                    namespace eval tclreadline {
                                        proc prompt1 {} {
                                            return [exec starship prompt]  # <-- Starship here
                                        }
                                    }
                                    # go to tclrealdine's main loop.
                                    tclreadline::Loop
                                }
                                

                                That got me the Starship prompt in my Tcl REPL. And cd’ing to a Git repository got the Starship prompt to display information on Git’s dirtyness, active branch, and all that jazz. So yes, as long as your shell’s prompt-function can call external programmes, and is running in a VT100 terminal emulator, and that terminal emulator has a Powerline font installed to render the fancy characters — Starship will work for that shell!

                                1. 7

                                  Oh, well in that case, I’m happy to be proven wrong. I do wish they had a section along the lines of

                                  For other shells, the command starship prompt may be used to generate the prompt, but setting it depends on the shell itself.

                                  if only to prevent my embarassing myself with a kneejerk response.

                                  1. 3

                                    Noted!

                                    We will be writing up some docs on how to write your own starship wrapper for your shell of choice.

                                2. 6

                                  tcsh users unite. (My default shell since 1995.)

                                  1. 5

                                    Similar to how “portable” these days mostly means “works on Windows, macOS and GNU/Linux [sometimes musl/busybox/Linux by accident]” these days, I guess. Not that it’s a good thing, but I can see how they’d arrive at that marketing claim.

                                    1. 1

                                      Works on the most common shells on the most common operating systems.

                                      ?

                                      1. -3

                                        And people use some strictly posix shell interactively as their preferred shell?

                                        get real.

                                        1. 10

                                          Who said anything about strictly posix? There’s quite a few BSD users and developers on here. OpenBSD for example uses ksh as a default, and its version of ksh has even been ported to various linux distros (under oksh or loksh, usually). FreeBSD uses tcsh, and NetBSD (IIRC) ash.

                                          1. 2

                                            Your parent comment was just plainly POSIXLY_INCORRECT

                                          2. 5

                                            I use eshell as my preferred shell.

                                        1. 4

                                          No likes, no faves, no polls, no stars, no claps, no counts.

                                          But that’s largely the appeal of social media. It’s why Twitter is so fun to use when you’re in a good mood. Without these kinds of features you’re basically on IRC

                                          1. 3

                                            You’ll find that IRC hasn’t died yet and there are some diehards who are on it precisely because of its spartan interface.

                                            1. 3

                                              Don’t get me wrong, I too use IRC a lot and love it.

                                          1. 4

                                            Similar things/self-hosted offerings of interest:

                                            1. 4

                                              I want to add https://github.com/mozsearch/mozsearch which is trying to replace DXR. It’s already live at searchfox.org

                                            1. 4

                                              I’m happy to see FTP die. But aren’t some websites still providing download links over FTP? I think it was just a year ago when I noticed I was downloading an ISO file from an FTP server..

                                              1. 9

                                                There’s nothing wrong with downloading an ISO from an FTP server. You can verify the integrity of a download (as you should) independently of the mechanism (as many package managers do).

                                                1. 4

                                                  I agree! The same goes for downloading files from plain HTTP, as long as you verify the download you know the file is okay.

                                                  The reason I don’t like FTP has to do with the mode of operation; port 21 as control channel and then a high port for actual data transfer. Also the fact that there is no standard for directory listings (I think DOS-style listings are the most common?).

                                                  1. 2

                                                    The reason there’s no standard for directory listings is possibly more to do with the lack of convention on filesystem representation as it took off. Not everything uses the same delimiter, and not everything with a filesystem has files behind it (e.g. Z-Series).

                                                    I absolutely think that in the modern world we should use modern tools, but FTP’s a lot like ed(1): it’s on everything and works pretty much anywhere as a fallback.

                                                    1. 1

                                                      If you compare FTP to ed(1), I’d compare HTTP and SSH to vi(1). Those are also available on virtually anywhere.

                                                      1. 1

                                                        According to a tweet by Steven D. Brewer, it seems that at least modern Ubuntu rescue disks only ship nano, but not ed(1) or vi(1)/vim(1).

                                                        1. 1

                                                          Rescue disks are a special case. Space is a premium.

                                                          My VPS running some Ubuntu version does return output from man ed. (I’m not foolish enough to try to run ed itself, I quite like have a usable terminal).

                                                    2. 1

                                                      Yes, FTP is a vestige of a time where there was no NAT. It was good until the 90s and has been terrible ever since

                                                    3. 1

                                                      Most people downloading files over FTP using Chrome don’t even know what a hash is, let alone how to verify one.

                                                      1. 1

                                                        That’s not really an argument for disabling FTP support. That’s more of an argument for implementing some form of file hash verification standard tbh.

                                                      2. 1

                                                        There is everything wrong with downloading an ISO over FTP.

                                                        Yeah, you can verify the integrity independently. But it goes against all security best practice to expect that users will do something extra to get security.

                                                        Security should happen automatically whenever possible. Not saying that HTTPS is the perfect way to guarantee secure downloads. But at the very least a) it works without requiring the user to do anything special and b) it protects against trivial man in the middle attacks.

                                                        1. 1

                                                          But it goes against all security best practice to expect that users will do something extra to get security.

                                                          Please don’t use the term best practice, it’s a weasel term that makes me feel ill. I can get behind the idea that an expectation that users will independently verify integrity is downright terrible UX. It’s not an unrealistic expectation that the user is aware of an integrity failure. It’s also not unrealistic that it requires the user to act specifically to gain some demonstrable level of security (in this case integrity)

                                                          To go further, examples that expect users to do something extra to get security (for some values of security) include:

                                                          1. PGP
                                                          2. SSH
                                                          3. 2FA

                                                          Security should happen automatically whenever possible.

                                                          And indeed, it does. Even over FTP

                                                          Not saying that HTTPS is the perfect way to guarantee secure downloads

                                                          That’s good because HTTPS doesn’t guarantee secure downloads at all. That’s not what HTTPS is designed for.

                                                          You’ve confused TLS (a transport security mechanism) with an an application protocol built on top of TLS (HTTPS) and what it does with the act of verifying a download (which it doesn’t). The integrity check in TLS exists for the connection, not the file. It’s a subtle but important difference. If the file is compromised when transferred (e.g. through web of trust, through just being a malicious file) then TLS won’t help you. When integrity is important, that integrity check needs to occur on the thing requiring integrity.

                                                      3. 7

                                                        You got it backwards.

                                                        Yeah, some sites still ofter FTP downloads, even for software, aka code that you’re gonna execute. So it’s a good thing to create some pressure so they change to a more secure download method.

                                                        1. 9

                                                          Secure against what? Let’s consider the possibilities.

                                                          Compromised server. Transport protocol security is irrelevant in that case. Most (all?) known compromised download incidents are of this type.

                                                          Domain hijacking. In that case nothing prevents attacker from also generating a cert that matches the domain, the user would have to verify the cert visually and know what the correct cert is supposed to be—in practice that attack is undetectable.

                                                          MitM attack that directs you to a wrong server. If it’s possible in your network or you are using a malicious ISP, you are already in trouble.

                                                          I would rather see Chrome stop sending your requests to Google if it thinks it’s not a real hostname. Immense effort required to support FTP drains all their resources and keeps them from making this simple improvemen I guess.

                                                          1. 1

                                                            MitM attack that directs you to a wrong server. If it’s possible in your network or you are using a malicious ISP, you are already in trouble.

                                                            How so? (Assuming you mostly use services that have basic security, aka HTTPS.)

                                                            What you call “malicious ISP” can also be called “open wifi” and it’s a very common way for people to get online.

                                                            1. 1

                                                              The ISP must be sufficiently malicious to know exactly what are you going to download and setup a fake server with modified but plausibly looking versions of the files you want. An attacker with a laptop in an open wifi network doesn’t have resources to do that.

                                                              Package managers already have signature verification built-in, so the attack is limited to manual downloads. Even with resources to setup fake servers for a wide range of projects, one can wait a long time for the attack to succeed.

                                                      1. 8

                                                        This is amazing. I remember vBulletin. I probably cycled through every free, hosted forum software the early 2000s had to offer.

                                                        1. 7

                                                          I used to have so much fun just installing random PHP software on shared hosting. It was honestly pretty simple to, back in the day - just upload it and make the database…

                                                          1. 2

                                                            So why did we move away from that?

                                                            1. 4

                                                              It’s exactly the same nowadays with docker without being tied down to a specific type of software.

                                                              1. 3

                                                                It’s exactly the same nowadays with docker without being tied down to a specific type of software.

                                                                Is it?

                                                                What kind of specific software do you mean? Docker is a specific type of software as well.

                                                              2. 1

                                                                Often doesn’t really scale. More complicated web apps in PHP haven’t been “deployed” like this for many many years. Stuff like zero downtime deployments might be harder. Also this was mostly the Apache mod_php way, other fastcgi-based webservers and integrations had a “server process” that work just like in other languages. But most of this is not a definining criterion I guess. Maybe phasing out FTP was also part of it. (Yes, SFTP and FTP/S and scp exist..)

                                                                1. 2

                                                                  I remember achieving zero downtime by just uploading two versions of the website to the same hosting account in a www and a www-beta folder which then could be used to test the next version on production. Rolling over to the new version with “zero downtime” used to be as simple as renaming www to www-old- and www-beta to www. It took the all server’s a few minutes to catch up due to server-caches and the files cached by the SAN, but nothing as simple as that seems to exist anymore.

                                                                  I think we lost something very efficient and precious when all those containers moved in.

                                                            2. 1

                                                              vBulletin seemed to have some kind of magic at its time that made it seem like the choice for web forums on the high end—even though there were other, competitive offers available at the time.

                                                              (I’ve kind of got the vain hope that the rightsholder(s) for vBulletin 1.x will open source it sometime. The code’s pretty worthless, as is evidenced by the shoddy state vB Lite is in, but it’s still historically interesting. Stranger things have happened; Microsoft released MS-DOS 1.x under the MIT license, after all.)

                                                              That said, I firmly believe vBulletin 2.x was peak vBulletin, both aesthetically and in their selection of features. The code’s as terrible as in 1.x though (register_globals madness continued, amongst other headscratchers).

                                                              1. 1

                                                                So many memories. vBulletin is what I used to learn how to code. I started by tinkering with community mods, and then eventually wrote my own forum software, wtcBB, because that’s what everyone did in those days.

                                                                Damn, reading what I wrote makes me cringe a bit… Oof. This one is funny.

                                                                1. 0

                                                                  What is oof about that?

                                                                  1. 2

                                                                    I’m just (light-heartedly) reflecting on my youth, that’s all. e.g., “Regular expressions could perhaps be one of the harder parts of programming to understand…” And the spelling. My god. The spelling.

                                                                    1. 1

                                                                      Maybe I just have much cringier stuff in my internet footprint, haha. I think it’s cool. Maybe it’s because it looks like the type of stuff I write today.

                                                              1. 8

                                                                I’m not sure if it’s appropriate to talk about CGI like it’s dead. OpenBSD ships slowcgi(8) and their man page viewer in mandoc is a genuine CGI application. The BCHS people endorse pure CGI with C, too.

                                                                (Whether these are good ideas is another story, but they exist right now.)

                                                                1. 5

                                                                  I use them for a couple things (the order form on https://atreus.technomancy.us being one of them), and they’re fantastically useful for sites like that which can be 99% static. I wish more people realized that not everything has to be full of moving parts everywhere.

                                                                  1. 3

                                                                    Whenever I have some sort of local web thing, I still use CGI. It’s easy and, like you say, works well when the site is mostly static. Adding all that other stuff seems like a complete waste.

                                                                  2. 4

                                                                    Author does write

                                                                    CGI scripting was undoubtedly useful and continues to be useful for small scale web applications, such as developer utilities, simple form data collection and local intranet tools.

                                                                    (my emphasis)

                                                                    1. 1

                                                                      Oh, I see. My bad. I skimmed the article too quickly.

                                                                    2. 2

                                                                      In the first draft of this article, I used the term “near obsolescence” rather than just the term “obsolescence”, because you’re right, there are still people out there using CGI scripts (I am one of them).

                                                                      Ultimately, I removed the weakening word. Determining when a technology is obsolete is a tough call, and often opinion based. In this case, it’s my opinion. If the definition of obsolete is “no longer produced or used; out of date.”, then there are very few technologies that can truly and in all cases be described as obsolete. In the case of CGI scripts as they were used in the late 90’s, I think it’s safe to say that that train left the station a long time ago.

                                                                      1. 4

                                                                        First I thought no one needs this article, but then I realized I’m now old. ;)

                                                                        By the way, why your website keeps making requests to https://rickcarlino.com/owa/blank.php ?

                                                                        1. 1

                                                                          I realized I’m now old

                                                                          Same.

                                                                          making requests to https://rickcarlino.com/owa/blank.php

                                                                          Open Web Analytics

                                                                          1. 2

                                                                            It sounds like a rather intrusive approach, and for people on mobile, it’s not free of charge either.

                                                                    1. 3

                                                                      Please note that this may technically violate GitHub’s terms of service, see section B.3. Account Requirements:

                                                                      • One person or legal entity may maintain no more than one free Account (if you choose to control a machine account as well, that’s fine, but it can only be used for running a machine).
                                                                      1. 6

                                                                        Not necessarily - the clue is in the word free. One can have a free personal account and a business work account, and all is well :^)

                                                                        1. 1

                                                                          Thanks for pointing this out. I’ve adjusted my wording to make clear you’re not always going to be in violation.

                                                                      1. 28

                                                                        As much as I believe every single last person involved in cryptography yelling “use Signal”, it doesn’t fit everyone’s use case of a chat application.

                                                                        Signal has a hard requirement that you give them a mobile phone number to tie to an account and register from a smartphone. This number is also exposed to other contacts. As for the alternatives in the article, namely: Wire has monthly fees that may prove difficult to pay anonymously. WhatsApp is owned by Facebook; even if you consider this okay enough somehow, that still requires you to go through your smartphone, on which it requires a phone number for registration; not that you could install it on an OS that isn’t macOS or Windows anyway.

                                                                        People may suggest to “just get a burner SIM”. But that is not a reasonable option if your goal is to hide your real life identity: For example, in Greece and Spain, you must provide ID and formerly anonymous SIM cards were blocked see COM(2010) 253, p. 69. That’s a non-starter in these scenarios. Of course, you may still argue that people that need to go to such extents to hide are almost certainly criminals, terrorists or dissenters (none of which may be worth protecting depending on your morals), and you’d probably be right. Nonetheless, the increasing disappearance of an untied, non-real-life identity scenario is a worrying prospect to me.

                                                                          1. 5

                                                                            Read to the end of the article, where Signal clarifies that they don’t consider it a problem because the goal was never for Signal Desktop to provide at-rest encryption. (I will say however that I too have always wondered why they bothered using SQLCipher to begin with.) If you need that, use full-disk encryption. That will protect you much better.

                                                                            “But they should be aiming for at-rest encryption.” Let’s play this out:

                                                                            1. The only way Signal Desktop can accomplish this without some additional support from the platform*, AFAICT, is to require a decryption password that the user types in at startup. Already this breaks a lot of useful things: it breaks the ability for the app to autostart when the user logs in, and that means that if the user forgets to type in the password (and they will) notifications for new messages won’t work, silently. So already we’ve seriously broken the UX.
                                                                            2. The decryption password can’t even be secured properly. A malicious app on your system can just sniff the keystrokes. Or, it can just record the screen. AFAIK Windows and macOS don’t restrict these operations by default (maybe keylogging, but I’ve never gotten a prompt or anything for screen recording IIRC). Wayland on Linux is supposed to fix this but adoption is “in progress” at best on that front so that doesn’t do us any good.
                                                                            3. Let’s say that isn’t a problem. Maybe something changed since I used Windows or macOS and they’re better now. The password still isn’t secure. Your disk isn’t encrypted so the attacker can tamper with the Signal binary if they have physical access. Now Signal is malicious. Game over.
                                                                            4. But let’s say that the attacker doesn’t have physical access, and you’re sure all the apps on your system are trustworthy. Are you sure they don’t have a security vulnerability and won’t get compromised to sniff your Signal password?

                                                                            The list goes on. This can’t be mitigated at the app level because the platform is fundamentally not designed for this. Mobile devices isolate apps by default; you don’t routinely run processes that aren’t sandboxed. But on desktop, the opposite is true. There are valiant efforts to sandbox apps, like the Mac App Store requiring that all apps distributed through it enable sandboxing, and Flatpak on Linux. But those are still opt-in. Are you sure that everything on your system is sandboxed enough? To actually guarantee this, you need something like Qubes.

                                                                            Signal Desktop absolutely has problems… but I don’t think this is one.

                                                                            [*]: keyrings have this same problem. Usually they’re unlocked automatically on login, so any unsandboxed app running in the user’s session can just ask the keyring to give it the Signal password. At least AFAICT… I vaguely recall macOS having some sort of access control.

                                                                            1. 2

                                                                              The core premise of the article is completely mistaken. The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide. Full-disk encryption can be enabled at the OS level on most desktop platforms.

                                                                            2. 8

                                                                              I definitely agree that, when possible, people should avoid communication tools that require phone numbers and use something like XMPP with OMEMO instead.

                                                                              If you do need/want to use Signal or similar, there are phone number options that let you maintain anonymity. For example, https://jmp.chat/ gives you a Canadian or US number without requiring any identifying information (you can even signup over Tor). If you want to keep the number past 30 days, you can pay in Bitcoin Cash or Bitcoin, or use https://shapeshift.io/ to pay with other more anonymous cryptocurrencies.

                                                                              1. 8

                                                                                Yep. I use Signal extensively in my labor activism. This is an example of an activity which is entirely legal in the United States, but where I am putting people in danger simply by talking to them. I agree 100% with all your criticisms, and it’s quite unfortunate that there are many situations in which there isn’t a realistic alternative.

                                                                                1. 2

                                                                                  Is there at least groundwork for such an alternative to Signal that doesn’t require a phone number? I’m in the same situation.

                                                                                  1. 1

                                                                                    The protocol is open, although it’s my understanding somebody would need to do a lot of implementation. I’d also suggest that future work should be based around expecting users to explicitly manage their keys, rather than trying to abstract that away.

                                                                                    1. 2

                                                                                      I’d also suggest that future work should be based around expecting users to explicitly manage their keys

                                                                                      Why? To me this is the main selling point of Signal. And from my observations teaching PGP (long ago), key management is one of its biggest downfalls.

                                                                                      1. 1

                                                                                        Sure. It’s because the automatic management both introduces insecurities, and makes it so that good key-verification practices are more friction than sloppy practices.

                                                                                        The most significant insecurity is that anyone with control over your phone number can gain control of your account. A stolen SIM or a number-porting attack could both be used that way. They won’t see message history, but they’ll be able to impersonate you. The only defense against this is that there’s a small notice in each chat about the safety number being reset.

                                                                                        The point about safety numbers dovetails with my larger point about good practices being hard. When you’re scaling up a large organization, educating everybody about what the safety number means and how to verify it is a constant undertaking. Meanwhile, people are constantly replacing their devices, accidentally reinstalling the app, intentionally reinstalling the app, etc for a variety of reasons. It’s constant tedium, and if you just punt on doing the work, there’s a chance of an impersonation attack being successful.

                                                                                        What I would like is to put key management front and center, so that everybody gets the message that this is something they should be paying attention to and learning more about. I’m envisioning, for example, a first-start wizard that walks users through creating an offline key and using it to sign a per-device subkey, with alternatives also presented if they want to add a key some other way. Yes, it’s a lot of work which would slow down adoption immensely. Thus, I don’t realistically expect any for-profit entity to be the first to offer a product that works this way. Still, in my ideal world, it’s what I’d like to see.

                                                                                        1. 1

                                                                                          Hm. So if I can rephrase this position, basically you’re saying that good practices (i.e. verifying safety numbers) isn’t on a level playing field with unsafe practices, because it’s much easier to do the latter. And basically you want to level the playing field by making both take equal amounts of effort? Did I get that (somewhat) right?

                                                                                          1. 1

                                                                                            I think that’s right, yes. I know it’s in some ways a quixotic idea.

                                                                                2. 6

                                                                                  I use Signal constantly, but this is a sound comment and still only covers maybe half the serious concerns I have with Signal.

                                                                                  1. 2

                                                                                    We are pseudonymous in Peergos (no phone number or even email required to sign up). At the moment we are focussed on storage and sharing, but we plan to implement a group chat/messaging solution using Messaging Layer Security once it stabilises.

                                                                                  1. 2

                                                                                    Will this conflict with trousers?

                                                                                    1. 6

                                                                                      A more pressing question is whether or not it’s been ported to systemd? Or does systemd come with its own /usr/lib/systemd/systemd-pants?

                                                                                      1. 11

                                                                                        That was recently depreciated in favor of systemd-socks, actually. systemd-socks is missing the feature that it covers the upper half of the legs that systemd-pants had (by design, devs claim it’s no longer necessary in 2019, completely ignoring that this makes it impossible to port to BSD because of their notion of clothesd(8); of course, GNOME depends on the new behavior already).

                                                                                        The “officially sanctioned” workaround for this is to spin up multiple instances to cover the area by spinning up multiple instances and gluing them together with configuration files in /etc/systemd/ if required.

                                                                                        1. 2

                                                                                          Of course, all this glue will over time need refreshing and maintenance as well.

                                                                                          GNOME now depends on this, too

                                                                                    1. 3

                                                                                      While the Ruby scripting language and RoR aren’t as popular as they once were, they’re still embedded in numerous enterprise development environments, many of which might have used the default library, strong_password, in its infected version 0.0.7.

                                                                                      (my emphasis)

                                                                                      Call me old-fashioned, but I’d be leery to trust my password verification to a library with a version number not close to 1 ;)

                                                                                      1. 3

                                                                                        I don’t see your point, in that case the infected version would have just been 1.0.1 . The whole issue was someone hijacked the repository and published a new version.

                                                                                        1. 5

                                                                                          You’re right, the version number is not in any way sufficient to guarantee correctness.

                                                                                          My point was more that, faced with the requirement to include a password strength checker and perusing the list of gems, I’d pass on a gem with that low of a version number - on the assumption that it hasn’t really been tested enough. Again, someone could just start their versioning at 1 and “defeat” this heuristic.

                                                                                          1. 7

                                                                                            Oracle defeated this heuristic twice over: The Oracle database started at version 2.

                                                                                      1. 3

                                                                                        Unpopular opinion ahead: I don’t think this corporate point of view onto the issue solves the actual problem, it only gets it out of the hair of corporate and makes it someone else’s instead.

                                                                                        Let’s consider the assumption that an “asshole” can be “fixed”, i.e. will adjust their behavior after being reprimanded with sufficent frequency. As far as I can tell, you haven’t changed their nature, just the symptom. There must be an underlying reason why the person is like this: Be it stress, disliking their job (but feeling trapped into it with no viable alternatives) or possibly inherent malice. If and only if the cause was stress induced by other people at the workplace, this alleviates the cause as well as the symptoms. Otherwise, you’ve merely shifted the problem on someone else, such as their family or random strangers. Possibly, lacking an outlet for their “assholery”, this might even intensify the outlash at others outside a workplace. I’m not sure what would actually fix this; possibly some trips to the psychiatrist and subsequent therapdy and medication?

                                                                                        Let’s consider the assumption that an “asshole” cannot be “fixed”. In that case, it is a fixed personality trait, likely rooting in inherent malice. This article makes the point that assholes should not be permitted to work in a workplace. At the same time, the assumption is that they’re irredeemable. Thus, they cannot work in anything but one-person self-employment scenarios, which is an economically unrealistic scenario for many people. Therefore, these people cannot be allowed to work at all according to this line to thinking. What does a society do with people that cannot work? Banishing them out of the country or outright killing them is apparently out of the question for the morals of society right now, so they’d have to join welfare. In a capitalist state, the question turns into whether, on a macroeconomic scale, putting “assholes” on welfare comes cheaper than keeping them in the workforce.

                                                                                        In either case, you have an unsolved problem.

                                                                                        1. 8

                                                                                          “Therefore, these people cannot be allowed to work at all according to this line to thinking. “

                                                                                          A tiny percentage of environments that read and apply writing like this won’t hire them. Most environments hire assholes. So, these people will be allowed to work in most environments. Might even thrive in them. They’ll simply go to the asshole-tolerating companies.

                                                                                          1. 3

                                                                                            you’ve merely shifted the problem on someone else, such as their family or random strangers.

                                                                                            They are already assholes to other people in their lives.

                                                                                            1. 2

                                                                                              It is interesting to consider what you propose from a “corporate social responsibility” perspective: a company might then help society in general by helping resolve “assholistic” behaviour, and offering an environment where the person can improve and eventually resolve or reduce the problematic behaviour. This leads to interesting moral and ethical questions, and ultimately to the role of a company and its indirect social impact.

                                                                                            1. 5

                                                                                              I consider git send-email to be unsuitable these days for several reasons, each of them contributing to why I consider it to be an anti-feature for my use cases at least.

                                                                                              1. git send-email does not work out of the box on almost any setup. SMTP configuration is explicitly necessary. Often, the e-mail support is separate as well. (As an aside: The fact that SMTP configuration is required is a testament to how fundamentally broken e-mail is in general; you can’t just set up a *NIX box on defaults and expect it to send e-mail.)
                                                                                              2. Making e-mail your only way to send a patch is a gamble if you’re using any of the big e-mail providers; gmail amd hotmail come to mind. They tend to have aggressive anti-spam policies that may silently drop e-mail for non-discernible reasons. I vividly remember trying to sort out issues sending e-mail for an IRC network. Maybe it also just lands in the spam folder, never to be actually acknowledged.
                                                                                              3. I’m a happy ProtonMail user, personally. However, by design, it does not support sending e-mail via SMTP, instead requiring a separate program to do so. git-send-email.io recommends hydroxide, which seems to work with the free plan; ProtonMail is making their own, for-profit ProtonMail Bridge. There might be a murky legal battle there coming up, pushing contribution for ProtonMail users behind a paywall. You might argue that this is the ProtonMail users’ problem, but few are in the position to dictate people’s e-mail providers.
                                                                                              4. This is the only contribution process that I’m aware of that mandates use of a specific program. I can contribute patches to, say, OpenBSD via e-mail just fine by sending them inline (admittedly, they don’t use Git). As a contributor, this seems like an excessive amount of work.

                                                                                              Having said that, I still respect SirCmpwn’s choices and I’m sure they were made with due consideration.

                                                                                              1. 7

                                                                                                I for one use permissive licenses in the hope that one day an aerospace company will use my code and it will end up in orbit.

                                                                                                1. 10

                                                                                                  Maybe they already do? With a permissive license you have good chances of never finding out.

                                                                                                  1. 3

                                                                                                    And how would the GPL change that?

                                                                                                    1. 2

                                                                                                      Because the aerospace company would have to publish their code.

                                                                                                      1. 11

                                                                                                        s/publish/provide to customers/

                                                                                                        1. 6

                                                                                                          No. It is not required to publish GPL code of the modified version if it remains private (= not distributed).

                                                                                                          So you have the same chances of never finding out about usage in either case (but the virality of GPL might actually decrease the odds).

                                                                                                          1. 1

                                                                                                            I was referring to this aspect of the license:

                                                                                                            But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program’s users, under the GPL.

                                                                                                            Whether or not that would come into play with the hypothetical aerospace company in question is beside the point.

                                                                                                          2. 0

                                                                                                            Or not.

                                                                                                        2. 1

                                                                                                          https://www.gnu.org/licenses/gpl-faq.en.html#GPLRequireSourcePostedPublic

                                                                                                          I guess what you mean is better chances of finding out?

                                                                                                        3. 7

                                                                                                          I found out that my open source code was being used in nuclear missiles. It did not make me feel good.

                                                                                                          1. 2

                                                                                                            What license were you using?

                                                                                                            1. 2

                                                                                                              GPL

                                                                                                              1. 2

                                                                                                                Interesting that you could have discovered this, would presume such things would be quite secretive. I guess there’s nothing you can do to stop them using it either?

                                                                                                                1. 2

                                                                                                                  It was a shock. And nope, nothing could be done. In fact, I suspect that Stallman would say restricting someone from using software for nuclear weapons (or torture devices or landmines or surviellance systems) would be a violation of the all important issue of software freedom.

                                                                                                                    1. 1

                                                                                                                      It would be an interesting argument to try to make. The FSF already recognizes the AGPL – which explicitly does not grant Freedom Zero as defined by the FSF – as a Free Software license, and the general argument for that is one of taking a small bit of freedom to preserve a greater amount over time. A similar argument could be made about weapons (i.e., that disallowing use for weapons purposes preserves the greatest amount of long-term freedom).

                                                                                                                      1. 1

                                                                                                                        … Stallman would say … violation of the all important issue of software freedom

                                                                                                                        Restricting use on ethical basis is quite difficult to implement for practical reasons.

                                                                                                                        1. 1

                                                                                                                          That’s not really the issue. One of the things I dislike about FSF/Stallman is that they claim, on moral principal, that denying a software license to , let’s say, Infant Labor Camp and Organ Mart Inc. would be wrong. I think that “software freedom” is pretty low down on the list of moral imperatives.

                                                                                                                          1. 1

                                                                                                                            Being able to (legally) restrict the use of my creative output (photographs in my case) is the reason I retain the “all rights reserved” setting on Flickr. I’d hate to see an image of mine promote some odious company or political party, which is what can happen were I to license it using Creative Commons.

                                                                                                                2. 2

                                                                                                                  How did you find out?

                                                                                                                  1. 2

                                                                                                                    They asked me to advise them.

                                                                                                                  2. 2

                                                                                                                    For ethical reasons or for fear of some possible liabilities somewhere down the line?

                                                                                                                    1. 11

                                                                                                                      What a question. I didn’t want to be a mass murderer.

                                                                                                                1. 10

                                                                                                                  It’s also my experience that a simple “Please fill in ‘yes’ here to prove you’re not a bot”-type of questions work well for the vast majority of sites.

                                                                                                                  I’m not so sure about some of the proposed alternatives though. Some of them seem really easy to break with OCR, and most seem problematic for users with less-than-perfect motor skills, vision, etc.

                                                                                                                  This is also the weakest point in reCAPTCHA: the audio fallback. It would seem that accessibility and an effective Turing test are not compatible goals. I presume this is why Google also falls back to all the tracking, so there is a legitimate reason to do so. That this also aligns with other Google business interests is convenient for Google, and uncomfortable for the rest of us.

                                                                                                                  1. 2

                                                                                                                    This is also the weakest point in reCAPTCHA: the audio fallback.

                                                                                                                    They’re aware of this and try to mitigate it: If you try to request the audio fallback via e.g. Tor, your request will be denied with the usual “Your computer or network may be sending automated queries. To protect our users, we can’t process your request right now. For more details visit our help page.”

                                                                                                                  1. 3

                                                                                                                    Wonder if it actually checks the crypto or just a string match on the issuer. Could you maybe try that?

                                                                                                                    1. 4

                                                                                                                      I can’t see any chance they’re that stupid, they know what they’re doing when they implement something like this. This doesn’t eliminate the possibility of more subtle vulnerabilities.

                                                                                                                      I don’t have/intend to procure any i.MX8M devices, so I don’t possess a copy of its boot ROM. Anyone want to dump it?

                                                                                                                      1. 6

                                                                                                                        Stupider things have happened.

                                                                                                                        1. 6
                                                                                                                      1. 16

                                                                                                                        The cat-v bunch will just love this ;-P

                                                                                                                        It’s like poking them in the eye with a stick.

                                                                                                                        1. 2

                                                                                                                          It just need a more complex build system like autoconf or cmake.

                                                                                                                          1. 2

                                                                                                                            cmake really is the way to go to troll in this fashion. It forces an external dependency for building, whereas a release tarball could prebuild the autoconf/automake files.

                                                                                                                          2. -1

                                                                                                                            ^w^

                                                                                                                          1. 3

                                                                                                                            As far as I know, this has been done before, namely by Vesta. Unfortunately, the website makes it horribly difficult to figure out how it all works together.

                                                                                                                            1. 3

                                                                                                                              Yes! I’ve never used it, but once I downloaded the source code because some co-workers mentioned it:

                                                                                                                              https://lobste.rs/s/fosip5/should_version_control_build_systems#c_bkq3ve

                                                                                                                              IIRC it was like 200K lines of C or C++ … quite a big effort! The paper I linked there gives a description.

                                                                                                                              It sounds pretty cool. There is always an argument whether the build language needs to be a “real” programming language and they answered with the affirmative there (correctly IMO). Much better than Make, which started out as a config language and then grew into a really bad Lisp.

                                                                                                                              IIRC the GNU Make Standard Library uses something like Peano numbers since it doesn’t have real integers. And Android even used that for several years.