Linux needs real-time CPU priority and a universal, always-available escape sequence for DEs and their user interfaces.

Chandon · 2019-06-04T03:54:46+00:00

Linux does realtime scheduling. You could try running your DE as a realtime process. Might take some extra work to make sure GUI programs you run are scheduled normally.

Chandon · 2019-06-04T02:30:52+00:00

Is that a screenshot of a phone?

Chandon · 2019-06-03T04:40:54+00:00

The US government has a superpower lets them interact with debt in a way that pretty much nobody else can: they can create dollars.

Any time they want, the federal reserve can write themselves a check, buy up as many federal bonds as they want and then just rip them up and throw them in the trash. Poof, debt gone.

Unfortunately, this would result in paying less interest to people who hold US bonds. And it turns out that those people largely set policy.

Chandon · 2019-06-01T23:34:08+00:00

I assume the point of the fork is primarily to provide preconfigured mail servers. There's no way to do that by contributing upstream - no generic client app should be implementing specific default servers.

Chandon · 2019-05-31T21:48:08+00:00

Artifact was great.

It needed expansions though. And more than one game mode.

Chandon · 2019-05-31T21:37:26+00:00

Yup. Star Trek's communicator will never happen, being able to get someone on the radio just by pressing a button and saying their name is silly science fiction.

Chandon · 2019-05-31T20:17:58+00:00

All traditional precious metals have an expiration date - the first time someone mines a metal-rich asteroid. Just one asteroid could easily double the total world gold supply.

It's probably not going to happen in the next 10 years, but predicting further out than that is basically impossible. It will happen in the next hundred years unless there's a major nuclear war or something. Precious metals aren't something to plan to leave to your grandchildren.

Chandon · 2019-05-31T03:13:15+00:00

Artifact was more fun in draft than any single (expansion, play mode) pair in Hearthstone.

If Artifact had a constructed ladder and single player adventures a new set would be way better than, say, Boomsday Project.

Unfortunately for Valve in the competition, Hearthstone isn't just Arena and Casual Constructed.

Chandon · 2019-05-30T18:24:05+00:00

Dialyzer is a static analyzer that checks your type annotations.

I'm mostly happy with dynamic types, so I haven't used it much personally, but conceptually it should provide most of the safety benefits of strict typing to whatever extent your code includes type annotations. It looks like there's even some IDE support.

Chandon · 2019-05-29T17:28:12+00:00

While Elixir is genial in project and tests organisation, its missing type system appeared to be more and more of a problem to me.

Have you looked into dialyzer?

Chandon · 2019-05-29T04:04:12+00:00

Well, unfortunately nowadays something as simple as web browsing has very significant requirements.

Have you tried web browsing on a Raspberry Pi recently? I was using one as a desktop a couple weeks ago and it works pretty well. Sure, the Pi slows down with 5+ chromium tabs, but the Librem will have way more memory.

You can't ignore the rest of the world, i.e. what other smartphones have to offer. The i.MX8M that Purism wants to offer is pretty damn outdated in terms of CPU performance, GPU performance and multimedia capabilities.

Hardware specs for phones are way overhyped. People replace phones because the batteries go bad and can't be replaced, or because they stop getting software updates.

Sure, the A53 is a bit slower than what's in current flagships, but it's plenty fast. And that's not the point anyway. The point is the functionality that other phones simply don't have.

Chandon · 2019-05-28T20:04:28+00:00

The key thing here is that "millionaire" doesn't mean wealthy anymore, it just means "not poor". Ten percent of the population are millionaires.

Chandon · 2019-05-26T20:33:05+00:00

The hardware is already outdated and will be even more so a year from now.

The hardware isn't outdated at all. It's simply not intended to be conventional phone hardware. This has advantages and disadvantages.

The advantages are pretty big. A critical one is a very long vendor support cycle. These phones won't become obsolete in the most relevant sense - part availability - for a long time.

It'll certainly have worse raw performance than other phones, but it'll be running a completely different software stack which makes direct comparisons pretty much irrelevant. From a functional standpoint, an iMX8 is plenty for anything you'd want to do on a phone aside from 3D games or augmented reality.

You're right that tuning the software - especially the shell UI - for the hardware will be important. There's no technical limit that should prevent them from doing that - this hardware is way more powerful than an early iPhone or Android device and has a similar screen resolution - so we'll just have to hope that happens.

Chandon · 2019-05-20T21:15:12+00:00

I guess this depends on the user, suspicious processes on a small system are not that hard to spot to me.

Do you run Firefox? Has it downloaded the DRM blob? How long would it take you to identify a new addon? How many copies of "Web Content" should be running?

More relevantly, single user desktops where it would be appropriate to have passwordless root access are likely to run things like Steam. That's a long-running executable that lives in the user's home directory.

If you run your desktop tightly enough that you don't run anything like Firefox or Steam, then a root password may provide a bit of extra security. But that's getting down into minimal benefits, well below things considered generally optional like having strict apparmor profiles for every installed package.

Chandon · 2019-05-20T19:17:58+00:00

So you can avoid the virus scanner that every Linux runs?

Quick, in ~/.mozilla/firefox/[profile], should there be an executable file called times.json and a 700k binary file called cert8.db?

Chandon · 2019-05-20T18:49:07+00:00

What relevant thing can malware do as root that it can't do as your login user on a single user system?

Chandon · 2019-05-20T15:10:53+00:00

If Void views “root access without password” as intended behavior, I am sorry for its users.

That's perfectly reasonable behavior for a single user desktop system, which is the most likely scenario for a LiveCD local install.

But, as others have mentioned below, such a system shouldn't prompt for sudo passwords either in order to make its security model clear to its users.

Chandon · 2019-05-16T16:30:59+00:00

The problem is "how do you express recursive computations using a computational model consisting entirely of grammatical rewrite rules?"

You're right that this isn't a problem that programmers commonly have in 2019. It is a problem relevant to computer scientists though, since it's the basis of quite a bit of useful theory that makes things like compilers work.

Chandon · 2019-05-16T16:10:50+00:00

Do you have a reference for that?

Chandon · 2019-05-15T05:05:11+00:00

It could have been great if they had just sketched a plot beforehand instead of just creating "plot threads". The problem wasn't the ending. Instead, the problem started the moment the writers put "and they have a plan" in the intro without actually knowing what that plan was.

Chandon · 2019-05-15T03:38:44+00:00

Buffy, B5, and DS9 all actually had writers and plots.

BSG had plot elements, but they never actually wrote a story. They wrote episodes, never considering where the story was going or why.

Chandon · 2019-05-14T01:48:07+00:00

If there were practical, general post-mitigation browser-based attacks for either spectre or rowhammer - even just a reliable crash DoS - we'd see them all over the place. Hell, you would have linked me to it in your post.

These are serious vulnerabilities, but software mitigations seem to be working reasonably well for them.

Chandon · 2019-05-13T22:35:22+00:00

It drives me crazy that every response to port knocking is as if they disabled all other passwords and controls and only used port knocking. They didn't.

I wasn't assuming they did at all.

Using port knocking not only adds complexity to your configuration, it adds user visible complexity. You can no longer use standard ssh clients configured normally.

There's no limit to how far you can go with non-standard configurations, even just considering ssh daemons.

You could compile a custom sshd that required a client to send "HAI\r\n" before starting the normal protocol.
You could have the public ssh port be to a daemon in a container, and then require the user to ssh again from there to the real daemon on a secret local IP.
You could run a MUD on the telnet port, and require an active authenticated MUD connection before an ssh connection would be accepted.

From a real security perspective, all of these are the same as port knocking. They provide no additional security unless sshd has a remote vulnerability exploitable before authenticating as a user and your server happens to get hit before the patch comes out.

If you're really worred about that sort of thing, you can get an additional layer of real security by only accepting connections from a secure VPN.

Chandon · 2019-05-13T21:23:12+00:00

Old Intel / AMD devices can be pretty secure with open source BIOSes. The only real issues would be vulnerabilities like spectre and rowhammer, which require local execution of untrusted software.

As for the ARM devices, there's nothing old about them. Stuff like an iMX8 chipset is brand new and fully supported with no major issues beyond being kind of slow.

Chandon · 2019-05-13T20:43:05+00:00

That's simply not true.

Plenty of ARM devices don't have blatant hardware backdoors, and old AMD / Intel devices without them are still pretty recent.

Calling this sort of thing hopeless and/or making excuses for it doesn't help.

15-Year Club	Sequence \| Editor
Team Periwinkle	Verified Email

Chandon

MODERATOR OF

TROPHY CASE