Threads for utzig

    1. 24

      It is safe to say that nobody can write memory-safe C, not even famous programmers that use all the tools.

      For me, it’s a top highlight. My rule of thumb is that if OpenBSD guys sometimes produce memory corruption bugs or null dereference bugs, then there is very little chance (next to none) than an average programmer will be able to produce a secure/rock solid C code.

      1. -1

        My rule of thumb is that if OpenBSD guys sometimes produce memory corruption bugs or null dereference bugs, then there is very little chance (next to none) than an average programmer will be able to produce a secure/rock solid C code.

        Why do you think “the OpenBSD guys” are so much better than you?

        Or if they are better than you, where do you get the idea that there isn’t someone that much better still? And so on?

        Or maybe let’s say you actually don’t know anything about programming, why would you trying to convince anyone else of anything coming directly from a place of ignorance? Can your gods truly not speak for themselves?

        I think you’re better than you realise, and could be even better than you think is possible, and that those “OpenBSD guys” need to eat and shit just like you.

        1. 24

          Why do you think “the OpenBSD guys” are so much better than you?

          It’s not about who is better than who. It’s more about who has what priorities; OpenBSD guys’ priority is security at the cost of functionality and convenience. Unless this is average Joe’s priority as well, statistically speaking OpenBSD guys will produce more secure code than Joe does, because they focus on it. And Joe just wants to write an application with some features, he doesn’t focus on security that much.

          So, since guys that focus on writing safe code sometimes produce exploitable code, then average Joe will certainly do it as well.

          If that weren’t true, then it would mean that OpenBSD guys security skill is below average, which I don’t think is true.

          1. 5

            OpenBSD guys’ priority is security at the cost of functionality

            I have heard that claim many times before. However, in reality I purely use OpenBSD for convenience. Having sndio instead of pulse, having no-effort/single command upgrades, not having to mess with wpa_supplicant or network manager, having easy to read firewall rules, having an XFCE desktop that just works (unlike Xubuntu), etc. My trade-off is that for example Steam hasn’t been ported to that platform.

            So, since guys that focus on writing safe code sometimes produce exploitable code, then average Joe will certainly do it as well.

            To understand you better. Do you think average Joe both will use Rust and create less mistakes? Also, do you think average Joe will make more logic errors with C or with Rust? Do you think average Joe will use Rust to implement curl?

            I am not saying that you are wrong - not a C fan, nor against Rust, quite the opposite actually - but wonder what you base your assumptions on.

          2. 3

            I’d also add that there is deep & widespread misunderstanding of the OpenBSD philosophy by the wider developer community, who are significantly influenced by the GNU philosophy (and other philosophies cousin to it). I have noticed this presenting acutely around the role of C in OpenBSD since Rust became a common topic of discussion.

            C, the existing software written in C, and the value of that existing software continuing to be joined by new software also written in C, all have an important relationship to the Unix and BSD philosophies (most dramatically the OpenBSD philosophy), not merely “because security”.

            C is thus more dramatically connected to OpenBSD than projects philosophically related to the “GNU is Not Unix” philosophy. Discussions narrowly around the subject of C and Rust as they relate to security are perfectly reasonable (and productive), but OpenBSD folks are unlikely to participate in those discussions to disabuse non-OpenBSD users of their notions about OpenBSD.

            I’ve specifically commented about this subject and related concepts on the orange site, but have learned the lesson presumably already learned many times over by beards grayer than my own: anyone with legitimate curiosity should watch or read their own words to learn what OpenBSD folks care about. Once you grok it, you will see that looking to that source (not my interpretation of it) is itself a fundamental part of the philosophy.

          3. 1

            If that weren’t true, then it would mean that OpenBSD guys security skill is below average, which I don’t think is true.

            At least not far above average. And why not? They’re mostly amateurs, and their bugs don’t cost them money.

            And Joe just wants to write an application with some features, he doesn’t focus on security that much.

            I think you’re making a straw man. OpenBSD people aren’t going to make fewer bugs using any language other than C, and comparing Average Joe to any Expert just feels sillier and sillier.

            1. 3

              What’s your source for the assertion ‘They’re mostly amateurs’?

              1. 2

                What a weird question.

                Most openbsd contributors aren’t paid to contribute.

                1. 3

                  What a weird answer. Would you also argue that attorneys who accept pro bono work are amateurs because they’re not paid for that specific work?

                  Most of the regular OpenBSD contributors are paid to program computers.

                  1. 1

                    because they’re not paid for that specific work?

                    Yes. In part because they’re not paid for that specific work, I refuse to accept dark_grimoire’s insistence that “if they can’t do it nobody can”.

                2. 1

                  You seem to be using the word “amateur” with multiple meanings. It can mean someone not paid to do something, aka “not a professional”. But when I use it in day to day conversation I mean something more similar to “hobbyist”, which does not tell much about ability. Also saying they are amateurs, thus do not write “professional” code, implies anyone can just submit whatever patch they want and it will be accepted, which is very far from the truth. I assume with reasonable certainty that you never contributed to OpenBSD yourself, to say that. I am not a contributor, but whenever I look at the source code, it looks better than much of what I saw in “professional” work. This may be due to the focus on doing simple things, and also very good reviews by maintainers. And as you said, the risk of loosing money may be a driver for improvement, but it is certainly not the only one (and not at all for some people).

                  1. 1

                    You seem to be using the word “amateur” with multiple meanings,

                    I’m not.

                    as you said, the risk of loosing money may be a driver for improvement, but it is certainly not the only one

                    So you do understand what I meant.

          4. -1

            nailed it

    2. 1

      Really cool, I would like to get an invite as well!

    3. 2

      Trying to register results in: “502 Bad Gateway”

      1. 1

        That was fixed. Thanks for reporting it.

    4. 2

      MIT like licence are sooo cool, Multi billionaire companies have work for free, when esclavagism was abolist last time ?

      1. 6

        Since you don’t seem to have any idea what slavery means, I can assure you they are not forcing anyone to do work. Btw, not only “multi billion” but also small startups with a handful of people can put out source code and get contributions or even use other’s people work.

        1. 3

          Also, slavery as a concept isn’t really grounded in “forced labour”, it’s “human as property”. The forced labour part is simply the main reason one would happen to own slaves.

      2. 4

        Intel using it doesn’t take away from anyone else, it probably helps other people. I don’t see why people would be bitter about the license. Intel would do that crap with or without a micro kernel.

        Even if intel released all the code modifications, how would that change anything? Its still there running… Or are you also against GPL too?

        1. 1

          Even if intel released all the code modifications, how would that change anything

          Yeah, exactly — all the GPL compliance dumps we’ve seen rarely contained interesting stuff, the “secret sauce” on embedded Linux devices remained secret.

      3. 1


    5. 20

      “That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.” Rejoice!

      1. 1

        The letter from Andrew S. Tanenbaum is interesting too:

        Apparently an older version of MINIX was used. Older versions were primarily for education and newer ones were for high availability. Military-grade security was never a goal.

    6. 17

      “This means MINIX (specifically a version of MINIX 3) is in all likelihood the most popular OS shipping today on modern Intel-based computers (desktops, laptops and servers)”. Aside from the catchy “in the world” title this could be true.

      1. 4

        To turn the question around, how many need to die under Capitalism in order for us to see that as a bad system?

        1. 5

          This Lobsters thread, especially with @rama_dan’s start, is not going to be the conversation that hashes out the historical judgment and future prospects for these political and economic systems. Maybe let’s settle for linking to the good sources that must exist on the topic.

          1. 1

            Thank you for the link, I’m sure folks will find it useful for understanding these huge topics.

      2. -1

        round, how many need to die under Capitalism in order for us to see that as a bad system?

        Yup, people die every day. But fortunately it seems like the world has never been better:

  1. 2

    Tedu’s blog is not accessible from Brazil so I end up having to access using a proxy located in the USA. Not sure this is intentional.

    1. 4

      That was not entirely intentional. I’ve been been getting crazy amounts of spam from virtua recently, maybe you got a bad IP. I made a few changes to separate email and www filters.

      1. 1

        Yup, it works again! Thanks.

    2. 1

      How is it not accessible?

      1. 4

        Tedu’s blog is not accessible from anywhere because he intentionally broke SSL on it to make a point and also set up a forced redirect.

        1. 2

          Ooh. I have a script set up which sends articles from various RSS feeds to my Kindle, including tedu’s blog. Sometime earlier this week it stopped working. I haven’t SSH’d in yet to check, but maybe this is why.

        2. 1

          Tedu’s blog is not accessible from anywhere

          That is not true.

          Your comment does nothing answer the question I had. How exactly is it broken for utzig, and why in Brazil in particular?

      2. 1

        I use virtua which is the biggest cable internet provider in Brazil. As he answered already, seems that there were some filters which were filtering both email and www

  2. 1

    Already has a fair amount of C code in it. So there needs to be one prior C compiler to compile this one. Someone should get the original asm sources for the first one! :P

    1. 3

      I thought the original was in BCPL?

  3. 4

    I never programed OCaml but there is this match/option stuff like Rust’s match/Option/Some/None. So this is where it came from (or rather ML?). Looks really neat!

    1. 13

      Rust actually pulls from the ML world in a number of ways. Also, the original Rust compiler was written in OCaml!

  4. 13

    Even if the FTC and the DOJ don’t proactively do anything about this, I can’t imagine there not being lawsuits over it.

    I don’t understand why people give Google so much leeway when it comes to being a crappy company. Their behavior is worse than anything Microsoft’s ever done, but they get always get a free pass.

    1. 9

      I’ve been using DuckDuckGo for about two years now, and I still miss the doodles. They were the only thing I ever missed, really.

  5. 5

    What are some examples of bad behavior that Google has done that is worse than Microsofts?

    1. 7

      I don’t get this at all.

      All of these are actively better than the status quo. iOS is most definitely not open source (nor was , Chromium works well and is also OSS. Auto-updating Chrome has made browser support sooo much nicer. Dev tools. YouTube has made it so people can make some money off of their content without having to run their own ad sales, a boon for smaller video producers.

      I have complaints about all of these (namely Android’s current move to be more Google-centric), but it’s possible to acknowledge these and acknowledge that they were still a good move forward. And the OSS nature means that there is almost always a way out.

      EDIT: not much defense on some of the anti-competitive behavior on their part though.

      1. 1

        I hear your issues with Android and Chrome (and mostly agree), but I don’t grasp your YouTube complaint.

        Their monetization strategy hasn’t worked for years. YouTubers these days partner with 3rd party “networks” such as Machinima, Maker Studios, Wonderly, etc.

        I have to admit ignorance on the monetization side of YouTube other than knowing generally that it is always losing money. But what are the “3rd party networks” and what makes them better? Or rather, what are the alternatives that they are better than?

        The entire structure of the website promotes this shitty self-promoting garbage to be churned out day in and day out, with people constantly yelling “LIKE COMMENT SUBSCRIBE” over and over again.

        My sense here is the exact opposite. On the user side I finally actually feel like I’m enjoying YouTube! In just the last 8-or-so months. For the first time, I am actively using YouTube to discover long-form content, rather than my previous interactions with it, which were mostly a 90-second clip someone would link me to over [insert name of other medium here], or finding long-form content linking to YouTube from other aggregation points (e.g. Confreaks). I finally subscribed to a channel for the first time last year! In that time I’ve subscribed to 6 or 7 more, and although YouTube’s own recommendations can occasionally be crap, but the few channels I follow have some new content every-other day or so, which is nice.

        As a minor point on the consumer/user side, I can almost appreciate that Google is probably still losing money on YouTube, and so I am (in theory) getting a better service at a cheaper cost than would be necessary were YouTube is a standalone company. Is your concern that this leads to a monopoly because other services can’t compete?

        I would agree with the statement that a monopoly is not desirable, for all of the classic reasons. Is that your issue with YouTube? I could get behind that.

        YouTube has bastardized online video publishing.

        Maybe part of our difference in opinion lies here.
        I don’t have any memory of “online video publishing” before YouTube.

        Worded differently: the only things that come to mind as “online video” pre-2006 didn’t feel like they qualified for the term “publishing”. I remember flash video sites (a mix of actual flash animation and filmed video of variable quality), a few sites that were aggregating .avi or .mpeg files of non-flash content, and of course pirating movies overnight on 56k internet. Avast.

        Now that I’m typing this, I realize I have used two “TV on Internet” services. I spent a few year streaming, and also tried that website the TV broadcasters (iirc) set up to host their videos together and compete with YouTube and/or Piracy. Was that Hulu? I remember using that a few times when someone had linked me.

        But back to my point: I have many, many fond memories of the older, less-centralized internet, its culture, how its culture inter-operated with the broader culture and so forth. Video is not especially present in any of those memories, unless you count the Numa Numa video. If YouTube bastardized anything, I either don’t know what it was, or I don’t miss it.

        What about pre-YouTube online video publishing do I not know about, and what advantages did it have?

  6. 6

    Massive amounts of anticompetitive behavior (Chrome advertising on Google; Google Docs and YouTube broken on non-Chrome browsers); massive privacy violations (StreetView cars picking up passwords). The behavior is so bad Google is the subject of multiple EU investigations.

  • 3

    I don’t understand why people give Google so much leeway when it comes to being a crappy company.

    It is also strange that so many good hackers, even prominent FLOSS hackers want to work for them. Building a big spy machine is apparently ok when you have cool perks and a big salary. Whatever happened to ethics?

    1. 2

      Most people there are not building a “big spy machine”.

      1. 4

        Most people at the NSA are not building a “big spy machine,” either.

  • 2

    Wow, lot’s of hardware/retro/embedded posts this week. And I’m loving it!

    1. 1

      Ditto! Also amused that the author of the pagetable blog chimed in.

      I cut my teeth on an Atari 400. Membrane keyboard and ATTRACT mode and all! :)

      (I still remember loading Preppie off cassette tape - took 20 minutes :)

  • 4

    This series of blog posts is somewhat old now, but to people who haven’t seen it previously, the whole series is linked in the left menu under “Veronica”.

  • 2

    I’m not sure I get the point. If you want to write code for a tiny, resource-constrained CPU you’ve got the ESP8266 module sitting right there …

    1. 6

      Apart from the “retro” factor, it is actually a very different experience developing for a Z80 compared to an ESP. You can really write code from scratch for a Z80, and also you will have to learn at least some basics about digital electronics like how to connect RAM, EEPROM, etc. For the ESP you surely will end up using a provided SDK and since it’s a SOC with everything integrated it “limits” what you can really do.

      1. 5

        You can also troubleshoot and test by observing and manipulating the signals on the bus, which I think is the greatest reason to play with an old microprocessor vs a microcontroller or modern SoC.

    1. 3

      Oh wow, so Moxie stated over three years ago what they’d need to avoid Play services, and five months ago what they’d need to get a WebSocket-only non-GCM version, and so far there’s been no pull requests just a bunch of blogs posts complaining that someone else hasn’t done the work yet. Open source at its best.

      1. 1

        True. From my limited experience that isn’t too different from Closed Source though. The only difference is that it’s less noisy in closed source environments, or kept completely internal.

        My limited experience though.

        1. 1

          But with open source you are still able to fork, fix the issues, put your own servers online and release your own service.

  • 3

    Huh, I always thought people saw letters in wrong places never that they would be moving around…

    1. 13

      I think this isn’t the best simulation – at least not for my experience w/ dyslexia. It’s not so much that letters jump around (especially not that fast. I’ve seen them flip/slide around in words, but usually less noticably, which is part of what makes it so frustrating). For me, it’s that I’ll glance at a word like ‘dope’ and see ‘pope’ or ‘pode’. I also tend to see ‘chunks’ of letters – especially ligatures – move and ‘slide’ around a word, occasionally making for unpronouncable mess that makes me do a double-take.

      So “unpronouncable” might look like “unropnoucanbel” The first time, and then “unpronuncoable” the second take, and so on until my brain figures out what it ‘should’ be.

      This site is interesting, and perhaps I’m not ‘mainstream’ in my experience w/ dyslexia, but I think it’s overselling exactly what it feels like. It’s less that the page is ‘active’, more that everything I read I can’t trust. I have to make sure that I read everything a couple times, especially texts or emails, to ensure that I am receiving the communication as intended. I find also that I’m generally better at reading on screens then on paper; I hypothesize it might be related to the fact that one is actively lit (screens) and the other passive; but it’s just conjecture. Still, the site is worthwhile because it helps represent a version of the frustration one feels when what you read isn’t reliable. Slogging through books and trying to comprehend them and internalize what they say is very hard, when you feel like letters are constantly lying to you.

      1. 5

        Thanks for this. I was really hoping somebody would chime in with a firsthand description.

      2. 4

        I remember hearing somewhere that the widely hated Comic Sans can actually be easier to read for some people with dyslexia. Do you have that experience?

        1. 10

          I’ve not found font to be too much of a readability gain/loss unless the font is deliberately designed for one or the other. But then again, YMMV – I know my Uncle (who is somewhat more severely dyslexic than me) prefers certain fonts, but that may be for any number of reasons.

          I can say that low-contrast layouts tend to be ‘worse’, Fully-justified-and-full-width-all-caps is nightmarish (it’s basically just a wordsearch for me at that point), and that bigger text is better than smaller (though I suspect it’s just less-information-on-screen that helps). One thing this site doesn’t capture well is inter-word swaps and slides. For instance, re-reading this post, I have to double-take on the last sentence of the previous paragraph. “severely dyslexic” in particular is kind’ve being a persistent jumbled mess. I actually cut-pasted it to my wife to make sure it sounded right just a moment ago.

          Again, we’re sample-size of 1 here, but I think my case is relatively typical for the ‘mild dyslexia’ cadre. I definitely know some folks who may benefit from tailored fonts, I’ve read using the ‘dyslexie’ font before and thought it was maybe marginally better? It’s hard to science yourself, basically.

          I will say – one font I do have trouble with regularly is road signs (specifically highway signs), GPS is a godsend, I don’t think I could get anywhere without it. I think it’s the all-caps that does it. It feels like many more capital letters are symmetrical, and I think that might have something that tweaks my brain the wrong way. It’s a little tough because I can’t get an objective sense of how it ‘should’ look, so I have no good point of reference for what is driving my dyslexia to go nuts on some words and leave me alone on others.

        2. 2

          The evidence to support this always seems thin on the ground, but Urban Myths & Comic Sans give a good overview.

  • 7

    Should the second code block be i--?

    1. 5

      Heh. That was not the bug I was trying to demonstrate.

      1. 2


        Unsigned numbers will only ever be greater than 0.

        That should be “greater than or equal to”, right? (As in the code.)

        1. 9

          Damn kids and their reading!

      1. 2

        [insert Bettlejuice reference]

        1. 2

          I’m pretty sure that’s what jcs just did.

  • 14

    Looks like this is the PR thread that started this.

    1. 33

      I dont think the person who sent the PR did anything wrong. Guy was just ready to blow.

      1. 5

        Hi, I’m [the] “Guy”. Yup, certainly was ready to blow. Emails like this every weekend asking when I’m going to merge their patches is what sent me over the edge. I’ve had enough, and so I’m throwing in the towel.

    2. 9

      I hope he doesn’t start getting more comments like this. Guy gives away free work for like almost 5 years (based on git commit logs), and some random person (with an amazon wishlist as their github homepage link no less!) comes out of the woodwork to inform him how he should feel. eye roll

      1. 24

        I think that comment is pretty fair and the maintainer was kind of a jackass in implying guy was ruining his weekends asking how he can improve the quality of his own freely donated labor.

        I do find it hard not to hate any post that begins with “sigh” though.

        1. 5

          Yeah, the sigh and the second sentence (“It looks like..”) were what chapped my caboose I think. The rest of it was pretty reasonable.

      2. 13

        The “random person” is Rui Paulo. He is a FreeBSD core commiter for longer than 5 years!

        1. 4

          Must have been a high quality entropy device then. :P