It’s kinda fun to see the inverse of the “mysterious network delay” genre of evergreen network debugging post (usual solution: set TCP_NODELAY!).
However, it would be nice if the author had done some more investigation before concluding that TCP_NODELAY is at fault. After all, setting TCP_NODELAY is pretty common for HTTP clients — e.g., curl, Python’s http.client and urllib3.
It seems more likely that git-lfs doesn’t buffer properly. After some code inspection I noticed:
Introducing the magic OS-level buffering of Nagle’s algorithm won’t fix tiny filesystem reads, nor undersized buffers. The argument against TCP_NODELAY by default seems specious when making bulk transfers fast always requires looking through the full stack.
Given the leap to conclusion and inflammatory title I think this is more a rant about Golang than technical networking content.
I have never ever ever found or encountered a company that would value and define quality or give room to quality as defined in this post.
(I have seen company bragging and building up the story telling with similar messages).
Also, I believe not only the company is to blame, but also an ego-market-yourself kind of sociology/mentality that privilege individual visibility, “influencer profiles” and loves the story telling around it which ends up in teams mentality/incentive/rewards mechanisms & dynamics..
When the starification of tech has slowly replaced the fun…
My humble 2 cents as a nobody
While I agree with your point, this isn’t new. There have been people beating their own drum since the beginning. Think for example about Dijkstra’s famous egomania, DJB’s self-aggrandizement, and Jamie Zawinski’s inflated war stories, or Eric Raymond’s way of inflating his contributions to the hacker’s dictionary and fetchmail.
Dijkstra’s famous egomania, DJB’s self-aggrandizement, and Jamie Zawinski’s inflated war stories, or Eric Raymond’s way of inflating his contributions to the hacker’s dictionary and fetchmail.
not sure i understand this post really… basically you generate a binary (like you generate an API) from a definition (your program src) using a generator (your compiler) with a defined target (compiler options + ld scripts) and you obtain a defined/documented binary for the platform you’re targeting…(your service), maybe an ld script is what she/he is describing?
I have no idea why web fantabulous technologies who already ruined the web are supposed to be inspiring here, define another new abstraction spaghetti standard?
I’m probably stupid and did not understand, but it reminds me of the well known xkcd:
https://xkcd.com/927
Agreed. The reason I looked at honk initially was the relatively easy and painless data store in a world where everyone was using Postgres and Mongo. The fact it’s opinionated as hell and written in Go are just additional benefits
Yes. The standard requires that the first character of the line be a # to be recognised as a preprocessor directive (so it’s trivial for the preprocessor to differentiate between directives and source code) and then follows the normal C tokenisation rules, where # is a token, include is a token, pragma is a token and so on. C allows an arbitrary amount of whitespace between tokens (e.g. ++ i and ++i are equivalent).
This is the only way of indenting preprocessor directives that is actually allowed by the standard. clang-format will happily do this for you.
olvid.io / made by actual cryptographers / fully encrypted metadata (really) / verified E2E at the initialization of the conversation / no contact list sent / soon opensourced / made in EU.
Why would I put “my future” in the hands of Signal? Telegram? Berty? Session? or foobarBozoSecureMessenger :)
Sadly, our entire landscape is “for profit”, our phones are “for profit”, our computers are “for profit” and this is where the messenger runs.
I want alternatives, I’m happy to see them in EU (where I live) outside US or outside China, Russia where we have slightly stronger privacy protecting laws.
I don’t want to send my contact list for accessing a service and I don’t need to see who’s using the app.
I want to see competitors that actual have provable verified end to end cryptography at communication channel establishement, not just if/when you verify your peer by checking fingerprints or scan the QR codes, it helps improving the “landscape”.
Luckily, I’ve met with one of the cryptographer behind olvid back when he was a PhD student in Vaudenay’s lab and trust his (and peer’s) skills more than SV personality cults & stories and I guess not everybody has revenge (just a guess) driven billionaire’s friend to fund a competing “product” :)
I don’t mind to pay/bet for a product that works and reward people that did a great job, taking risks and trying to innovate and propose something different.
I am also fine with open, federated, community based and open services like IRC.
Maybe some interoperability would be nice, but haha utopia.. :)
Yeah I might be wrong, it’s just my nobody’s choice, btw here are olvid crypto specs:
Is there any way to support Lobsters’ hosting? Now that the server is not donated, I wouldn’t mind chipping in a little bit every month to subsidize operating costs.
That’s exactly what I was thinking. This isn’t reverse engineering in any sense that I’ve seen that term used. The real title for this post is Rewriting the LastPass CLI in Rust.
that one is impressive, the rlimit trick + execv vs execve, attention to the detail wow, impressive and simple old school bug, incredible code audit skills from Qualys.
It’s kinda fun to see the inverse of the “mysterious network delay” genre of evergreen network debugging post (usual solution: set
TCP_NODELAY!).However, it would be nice if the author had done some more investigation before concluding that
TCP_NODELAYis at fault. After all, settingTCP_NODELAYis pretty common for HTTP clients — e.g., curl, Python’s http.client and urllib3.It seems more likely that git-lfs doesn’t buffer properly. After some code inspection I noticed:
Readcall, then? Ouch.Introducing the magic OS-level buffering of Nagle’s algorithm won’t fix tiny filesystem reads, nor undersized buffers. The argument against TCP_NODELAY by default seems specious when making bulk transfers fast always requires looking through the full stack.
Given the leap to conclusion and inflammatory title I think this is more a rant about Golang than technical networking content.
+1
I have never ever ever found or encountered a company that would value and define quality or give room to quality as defined in this post. (I have seen company bragging and building up the story telling with similar messages). Also, I believe not only the company is to blame, but also an ego-market-yourself kind of sociology/mentality that privilege individual visibility, “influencer profiles” and loves the story telling around it which ends up in teams mentality/incentive/rewards mechanisms & dynamics.. When the starification of tech has slowly replaced the fun… My humble 2 cents as a nobody
While I agree with your point, this isn’t new. There have been people beating their own drum since the beginning. Think for example about Dijkstra’s famous egomania, DJB’s self-aggrandizement, and Jamie Zawinski’s inflated war stories, or Eric Raymond’s way of inflating his contributions to the hacker’s dictionary and fetchmail.
One of those things is not like the others!
But which one? :-P
not sure i understand this post really… basically you generate a binary (like you generate an API) from a definition (your program src) using a generator (your compiler) with a defined target (compiler options + ld scripts) and you obtain a defined/documented binary for the platform you’re targeting…(your service), maybe an ld script is what she/he is describing? I have no idea why web fantabulous technologies who already ruined the web are supposed to be inspiring here, define another new abstraction spaghetti standard? I’m probably stupid and did not understand, but it reminds me of the well known xkcd: https://xkcd.com/927
What comparable server would people recommend for real-world use right now?
I use honk which is written in Go and uses SQLite as its data store
+1 also. If microblog.pub used SQLite, I might be inclined to give it a go but I have no desire for Mongo (in or out of Docker.)
Agreed. The reason I looked at honk initially was the relatively easy and painless data store in a world where everyone was using Postgres and Mongo. The fact it’s opinionated as hell and written in Go are just additional benefits
+1
Any ActivityPub compatible S2S implementation (big ones are Mastodon and Pleroma; honk is a smaller one) should work with it.
that reminds me of the banned.h from MS during the SDLC buzz times, the old links are not working anymore, but here is copy: https://github.com/x509cert/banned/blob/master/banned.h
I’ve never seen preprocessor directives tabbed like that before, is that standard?
While most code is not like this, it’s not uncommon.
Yes. The standard requires that the first character of the line be a
#to be recognised as a preprocessor directive (so it’s trivial for the preprocessor to differentiate between directives and source code) and then follows the normal C tokenisation rules, where#is a token,includeis a token,pragmais a token and so on. C allows an arbitrary amount of whitespace between tokens (e.g.++ iand++iare equivalent).This is the only way of indenting preprocessor directives that is actually allowed by the standard.
clang-formatwill happily do this for you.nice article!
olvid.io / made by actual cryptographers / fully encrypted metadata (really) / verified E2E at the initialization of the conversation / no contact list sent / soon opensourced / made in EU.
NB: i’m not working there.
Looks like it’s a company with a for profit offering, why put your future in their hands? https://www.olvid.io/enterprise/en/#pricing
it sounds a bit dramatic, “my future” :)
Why would I put “my future” in the hands of Signal? Telegram? Berty? Session? or foobarBozoSecureMessenger :)
Sadly, our entire landscape is “for profit”, our phones are “for profit”, our computers are “for profit” and this is where the messenger runs.
I want alternatives, I’m happy to see them in EU (where I live) outside US or outside China, Russia where we have slightly stronger privacy protecting laws.
I don’t want to send my contact list for accessing a service and I don’t need to see who’s using the app. I want to see competitors that actual have provable verified end to end cryptography at communication channel establishement, not just if/when you verify your peer by checking fingerprints or scan the QR codes, it helps improving the “landscape”.
Luckily, I’ve met with one of the cryptographer behind olvid back when he was a PhD student in Vaudenay’s lab and trust his (and peer’s) skills more than SV personality cults & stories and I guess not everybody has revenge (just a guess) driven billionaire’s friend to fund a competing “product” :)
I don’t mind to pay/bet for a product that works and reward people that did a great job, taking risks and trying to innovate and propose something different. I am also fine with open, federated, community based and open services like IRC.
Maybe some interoperability would be nice, but haha utopia.. :)
Yeah I might be wrong, it’s just my nobody’s choice, btw here are olvid crypto specs:
Cheers :)
Is there any way to support Lobsters’ hosting? Now that the server is not donated, I wouldn’t mind chipping in a little bit every month to subsidize operating costs.
+1 to this, I’d donate!
+1 I would too.
Ditto. I can provide Sysadmin expertise and/or moderator time as well, if desired.
Ever hear the internet rule of thumb: “Anyone who asks to be a moderator should never be made one.” ?
Ditto re: sysadmin / SRE work.
Ditto, can volunteer with SRE work
+1
I must be becoming old, words do not have the same meaning anymore. reverse engineered reading src? …
That’s exactly what I was thinking. This isn’t reverse engineering in any sense that I’ve seen that term used. The real title for this post is Rewriting the LastPass CLI in Rust.
see also: https://eprint.iacr.org/2015/189.pdf
that one is impressive, the rlimit trick + execv vs execve, attention to the detail wow, impressive and simple old school bug, incredible code audit skills from Qualys.
ah indeed, will check why it does not behave, thx! and if you git clone then go build in cmd/pcrypt do you face the same?
so yeah sourcehut does not send the meta, it will be fixed soon, in the meantime i’ll update the readme, thanks for reporting.
$ go get -u git.sr.ht/~eau/passwd/cmd/pcrypt
package git.sr.ht/~eau/passwd/cmd/pcrypt: unrecognized import path “git.sr.ht/~eau/passwd/cmd/pcrypt” (parse https://git.sr.ht/~eau/passwd/cmd/pcrypt?go-get=1: no go-import meta tags ())
amdsouza-macbookair:tmp amdsouza$ go version
go version go1.11 darwin/amd64
it is on github btw :) https://github.com/ermites-io/passwd