Category Archives: News

Shared items and notes from my feeds and browsing. Subscribe as feed.

Adding is favoured over subtracting in problem solving

Source: Hacker News

Article note: Interesting how general it is. People point to incentive structures ("lines of code == productivity" "new features get rewarded because we can't measure maintenance" etc.) in software, but it all comes down to Chesterton's fence - you really have to understand how something works to shrink it without breaking it, and the potential cost of removing and maybe replacing is generally much more than the (more predictable) cost of adding.
Comments
Posted in News | Leave a comment

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

Source: Hacker News

Article note: That's some solid research. Also, Bluetooth is the complexity-disaster that keeps on giving.
Comments
Posted in News | Leave a comment

Signal Adds Cryptocurrency Support

Source: Schneier on Security

Article note: Oh, good, I wasn't the only one whose immediate thought was that adding money transfer features constitutes an enormous attractive nuisance for a secure communication app, and will attract criminals and regulatory scrutiny. Also, possibly another crypto-bro pump-and-dump scheme.

According to Wired, Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.”

Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend Signal’s privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations. “There’s a palpable difference in the feeling of what it’s like to communicate over Signal, knowing you’re not being watched or listened to, versus other communication platforms,” Marlinspike told WIRED in an interview. “I would like to get to a world where not only can you feel that when you talk to your therapist over Signal, but also when you pay your therapist for the session over Signal.”

I think this is an incredibly bad idea. It’s not just the bloating of what was a clean secure communications app. It’s not just that blockchain is just plain stupid. It’s not even that Signal is choosing to tie itself to a specific blockchain currency. It’s that adding a cryptocurrency to an end-to-end encrypted app muddies the morality of the product, and invites all sorts of government investigative and regulatory meddling: by the IRS, the SEC, FinCEN, and probably the FBI.

And I see no good reason to do this. Secure communications and secure transactions can be separate apps, even separate apps from the same organization. End-to-end encryption is already at risk. Signal is the best app we have out there. Combining it with a cryptocurrency means that the whole system dies if any part dies.

EDITED TO ADD: Commentary from Stephen Deihl:

I think I speak for many technologists when I say that any bolted-on cryptocurrency monetization scheme smells like a giant pile of rubbish and feels enormously user-exploitative. We’ve seen this before, after all Telegram tried the same thing in an ICO that imploded when SEC shut them down, and Facebook famously tried and failed to monetize WhatsApp through their decentralized-but-not-really digital money market fund project.

[…]

Signal is a still a great piece of software. Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy. Don’t become a dodgy money transmitter business. This is not the way.

EDITED TO ADD (4/14): Moxie Marlinspike is on the advisory board for MobileCoin, which was designed for the purpose of providing a payment function in Signal.

Posted in News | Leave a comment

Supreme Court rules API copying is fair use

Source: Ars Technica

Article note: Good. Good because interoperability. Good because fair use. Good because common sense. Good because it would turn programming into a copyright shitshow to decide otherwise. And last and also least, Good because Fuck Oracle.
A large Google sign seen on a window of Google's headquarters.

Enlarge / Exterior view of a Googleplex building, the corporate headquarters of Google and parent company Alphabet, May 2018. (credit: Getty Images | zphotos)

The Supreme Court has sided with Google in its decade-long legal battle with Oracle over the copyright status of application programming interfaces. The ruling means that Google will not owe Oracle billions of dollars in damages. It also has big implications for the broader software industry, since a ruling in the opposite direction could have triggered a wave of lawsuits against software companies that re-implemented other companies' APIs.

The case dates back to the creation of the Android platform in the mid-2000s. Google decided to base Android on Sun's Java programming language, enabling existing Java programmers to easily develop for the platform. Google independently implemented the Java API methods, but to ensure compatibility, it copied Java's method names, argument types, and the class and package hierarchy.

A few years later, Oracle acquired Sun and soon afterward sued Google, arguing that Google's copying had infringed Sun's copyrights. Over a decade of litigation, Google won twice at the trial court level, but each time, the ruling was overruled by the Federal Circuit appeals court. The case finally reached the Supreme Court last year.

Read 2 remaining paragraphs | Comments

Posted in News | Leave a comment

Yahoo Answers to shut down May 4, 2021

Source: Hacker News

Article note: How will children learn "HOW IS BABBY FORMED" now? ...but seriously, is there _anything_ of value left in Yahoo anymore?
Comments
Posted in News | Leave a comment

Windows 95 – How Does It Look Today?

Source: Hacker News

Article note: UI elements that are distinct and discoverable? How quaint!
Comments
Posted in News | Leave a comment

Adjustable, Low-Impact Keeb is About as Comfortable as It Gets

Source: Hack a Day

Article note: Oh no, the Datahand clones are getting credible. I really like the optical/magnetic switch/sensor rig every time I look at it... it's getting dangerously close to "looks like a fun project." Also, the word "keeb" needs to not enter the lexicon.

What’s the coolest-looking way to ease the repetitive stress of typing without quitting altogether? Move nothing but your fingers, and move them as little as possible without any stretching or reaching. We’ve been fans of the weirdly wonderful DataHand keyboard since we first laid eyes on one, but [Ben Gruver] has actually been using these out-of-production keyboards for years as a daily driver. And what do we do when we love something scarce? Make our own, improved version like [Ben] has done, with the lalboard.

[Ben] has been using the lalboard for about two years now and has a laundry list of improvements for version two, a project we are proud to host over on IO. Many of the improvements are designed to make this massive undertaking a bit easier to print and put together. Version one uses copper tape traces, but [Ben] is working on a fab-able PCB that will use something other than a pair of Teensy 2.0s, and perhaps QMK firmware.

Something that won’t be changing is the fantastic optical key switch design that uses an IR LED and phototransistor to capture key presses, and tiny square magnets to return the key to the home position and deliver what we’re quite sure is a satisfying clack.

The absolute coolest part of this keyboard is that it’s so adjustable. Every key cluster can be adjusted in 6 directions, which includes the ability to dial in different heights for each finger if that’s what works best. Once that’s all figured out, then it’s time to print some perfect permanent standoffs. Want to make one of these sci-fi clackers for yourself? [Ben] has the BOM, some printing instructions and tips, and a guide to making the copper tape PCBs over on GitHub. Check it out in action after the break as [Ben] rewrites Kafka’s Metamorphosis at 120 WPM.

Interested in learning more about the original DataHand keyboard? Here’s our take.

Posted in News | Leave a comment

Armv9 introduced at Arm Vision Day 2021

Source: OSNews

Article note: Huh, I missed the SystemReady UEFI thing. The lack of any kind of standard boot environment on commodity ARM hardware has been a major problem. Like the article implies, UEFI would not have been my choice, but something standard is better than nothing.

ServeTheHome attended Arm Vision Day 2021 and posted a quick overview.

At the event, the company introduced Armv9 which will bring about key advancements for machine learning, digital signal processing, and security.

One of the key drivers of Arm expecting to see massive shipment growth is the need for specialized compute. Or another way to look at this is that a number of traditional analog devices will convert to some level of “smart” and connected over the next few years. An example was given of a mechanical pump (like a water pump) that could be monitored for failure signs and efficiency versus just pumping water. For each of those applications, there will be different needs in terms of sensor connectivity and processing, general-purpose and accelerated compute (CPU and AI as examples), memory, and communications infrastructure. Arm sees the lower power cost of new chips enabling a wider array of chips and therefore more chips being sold.

[…]

Another key push will be for Arm SystemReady. This is building on Arm ServerReady which helped Arm servers go from being a science experiment to boot each server to our experience with the Ampere Altra Wiwynn Mt. Jade Server where it worked (mostly) out-of-the-box using a standard image.

Arm SystemReady is probably the biggest thing for OS enthusiasts. One of the weaknesses of the Arm hardware ecosystem, compared to the x86 ecosystem, is the lack of a standardized boot environment. x86 has a BIOS or UEFI, and Arm has UEFI (server) and something (probably devicetrees and a fork of Das U-Boot). Going forward Arm SystemReady systems will be able to boot via UEFI to allow for a standard OS image like x86.

They could have picked something else (coreboot, Barebox, Das U-Boot), but UEFI is at least better then what it was.

Posted in News | Leave a comment

Arm Announces Armv9 Architecture: SVE2, Security, and the Next Decade

Source: AnandTech Articles

Article note: Interesting. Calling it v9 seems like a little bit of a press-bump relative to the v7/v8 completely different architectures situation, but there are big changes. I'm suspicious of the variable-width vector engines that have been cropping up, but at first glance this looks more like first class partition-able SIMD than the silly expensive vector system the RISCV vector setup. Advanced hardware support for container isolation has been ...hit or miss... in the past, if they do a good job with it it should be really useful both for the hosted VM market and for isolating the many badly-behaved things that want to run on our pocket computers. If not it's going to be one of those architectural liabilities that's irritating to fix. Somehow I missed the tagged memory that came in in v8.5. Tagged architectures are always interesting, though this is a _very_ limited tagging setup that seems to just do reference liveness.

Today, as part of Arm’s Vision Day event, the company is announcing the first details of the company’s new Armv9 architecture, setting the foundation for what Arm hopes to be the computing platform for the next 300 billion chips in the next decade.

Posted in News | Leave a comment

The final official release of Classilla

Source: Hacker News

Article note: Bummer. An entirely reasonable decisions because supporting the modern web stack is unreasonable for...anyone on any platform... and a single volunteer with occasional help working on vintage machines is far from the ideal case. The fact that the modern web stack is that awful is a huge problem in general though. I don't know if it's simple complexity fetishism and not thinking interactions through, or actual malicious standards-engineering to benefit specific incumbents, but it's really, really unsustainable.
Comments
Posted in News | Leave a comment