mjg59

mjg59, 6 months ago to random

"Why does ACPI exist" in the beforetimes power management on x86 was done by jumping to an opaque BIOS entry point and hoping it would do the right thing. It frequently didn't. Failed to program your graphics card exactly the way the BIOS expected? Hurrah! Data corruption for you. ACPI made the reasonable decision that, well, maybe it should be up to the OS to set state and be able to recover it. But how should the OS deal with state that's fundamentally device specific?

mjg59, 2 months ago to random

Thought experiment: imagine a language model where you can describe exactly how you want software to behave, and it produces a binary that does that. You don't get the source code, but it works 100% of the time. As long as you can install this binary on whatever device you have, does this achieve the goals of free software?

mjg59, 7 months ago to random

Pretty much exactly 19 years ago I got on a train to Oxford and made Mark Shuttleworth's laptop successfully suspend and resume using ACPI and that was the turning point in my entire career

mjg59, 10 months ago to random

Let's not cheer for a company that attempted to assert that APIs were independently copyrightable

mjg59, 7 months ago to random

It's perfectly reasonable to buy a $25 thermostat and then spend hours figuring out how to bodge an ESP onto it rather than buying a $150 "smart" thermostat that's going to demand cloud access, right?

mjg59, 4 months ago to random

A common assertion is that conferences shouldn't remove anyone who hasn't been convicted in court. This means that conferences can't remove people who scream over speakers, who drunkenly harass other attendees, who shit in the catering, and so on - this may be disruptive, may even be criminal, but even if you saw it happen they haven't been found guilty and so should be allowed to continue attending.

I don't think people want to attend conferences run by people who sincerely believe this.

mjg59, 7 months ago to random

Thoughts on the Eben Moglen situation and how it reflects a wider problem in free software: https://mjg59.dreamwidth.org/68004.html

mjg59, 6 months ago to random

Today I got to tell my students that in the bad old days we used to write scripts that just SSHed into every machine and ran sed on config files but today we had puppet and I regret to inform you that based on their facial expressions we apparently still write scripts that just SSH into every machine and run sed on config files

mjg59, 10 months ago to random

Other than the bizarre pro-Series 60 Nokia story has anyone written any kind of story of how the brief glory period of desktop Linux on the smartphone in 2006-2010 caught fire and fell into the sea?

mjg59, 8 months ago to random

ML models being trained on information they can scrape from the internet provides a perverse incentive - if knowledge is shared in ways that can't easily be scraped, that knowledge remains outside the scope of what the models can learn from. People working in fields that are currently poorly documented suddenly have a reason to stop writing blog posts, and instead engage in spoken presentations. A new kind of passing down of secrets from generation to generation.

mjg59, 7 months ago to random

Hurrah recording of my Linux Security Summit talk on per-process hardware-backed secret management is up: https://www.youtube.com/watch?v=cMwQD0jtUfU

mjg59, 10 months ago to random

STOP DOING PKCS#11

• SECURITY SENSITIVE APPS WERE NOT SUPPOSED TO LOAD ARBITRARY CODE
• YEARS OF DEVELOPMENT but NO REAL-WORLD USE CASE FOUND for PROPRIETARY CODE
• Wanted to drive your HSM anyway for a laugh? We had a tool for that: it was called "GHIDRA"
• "Yes, please dlopen() /usr/lib/systemd/boot/efi/linuxx64.elf.stub. Please dlclose() libsegfault.so" - Statements dreamed up by the utterly Deranged

They have played us for absolute fools

mjg59, 4 months ago to random

You're running a conference and you receive reports of an attendee having sexually assaulted people. You have 3 choices:
(1) you behave as if you believe the accusation. You make it clear that the alleged assailant is permanently banned.
(2) you behave as if you don't believe the accusation. You make it clear that the alleged assailant is still welcome.
(3) you choose neither, and imply that the alleged assailant is not welcome but do nothing to enforce that

(3) is the worst choice here

mjg59, 15 days ago to random

My annual plea for a thing: I want a type 1 hypervisor that just has a small isolated VM and then passes through the rest of the hardware to the main VM which runs Linux. The small VM is intended to be used to run small pieces of code that the main OS should not be able to interfere with. Does such a thing exist? (Think Xen, but with a Dom0 that can't see into DomUs)

mjg59, 10 months ago to random

My take on the Web Environment Integrity thing: I think this is a bad idea, but I also think people are (understandably, given context and the company behind it!) interpreting it in the worst possible light. There is a clear attempt in the design to mitigate the risk of it being used to enforce browser choice - I don't know that it would work, but they have at least attempted to prevent it being easy to block ad-blockers with it.

mjg59, 7 months ago to random

PLEASE check your kids' Halloween candy. Just found an Okta admin access token in a Snickers bar.

mjg59, 10 months ago to random

Who wants a blogpost about what a root of trust actually is and why almost all existing implementations don't actually provide that trust

mjg59, 8 months ago to random

"Huh, that's interesting. I don't know what's going on here" is, it turns out, rather more concerning when it's coming from your ophthalmologist and the conversation isn't about software

mjg59, 9 months ago to random

How I skipped 10 releases of Fedora in one go - https://mjg59.dreamwidth.org/67126.html

mjg59, 9 months ago to random

STOP DOING SPECULATIVE EXECUTION

INSTRUCTIONS WERE NOT MEANT TO HAVE REVERSIBLE SIDE EFFECTS

mjg59, 1 month ago to random

I love that Debian discovered both the failure of crowdsourcing a web of trust via keysigning parties (someone used ID in their name but issued by a fake country) and the failure of assuming upstream is trustworthy (an upstream buried code that wouldn't trigger on the Debian maintainer's system but would everywhere else) back in the 2000s but the free software ecosystem is still trying to come up with social solutions to a technical problem

mjg59, 7 months ago to random

I've been nerdsniped into discovering that there is actually a way to get the framebuffer offset in UGA, but it's documented in a self-extracting zip file that's only available from the Wayback Machine

mjg59, 8 months ago to random

Say I have line of sight to a river and would like to monitor how its height is changing over time, is there anything that'll just bounce some sort of signal off it to tell me distance?

mjg59, 2 months ago to random

I have a bulb outdoors in a metal can. The switch for it is also outdoors, is outdoors rated, and is (unsurprisingly) also metal. I want to be able to automatically toggle the light state based on motion sensor and gate open/close state.

A zigbee smart bulb in the existing can doesn't work - no signal. A zigbee relay in the existing switch box will also not work for the same reason. What are my (outdoor rated) options here?

(Additional constraint: there's no neutral wire in the switch box)

mjg59, 11 months ago to random

I know there are people reading this who work for major companies still advertising on Twitter (Apple, Google, and Amazon at least), so: two days before the SF Trans March, Elon is making it even more explicit that Twitter is a transphobic platform. You have the ability to influence the behaviour of your employers. Maybe do that?