Father, Hacker (Information Security Professional), Open Source Software Developer, Inventor, and 3D printing enthusiast

  • 2 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: June 23rd, 2023

help-circle
  • The largest contributors to Open Source make their money from patents and other IP.

    The data in that video is (probably) accurate but your statement is completely wrong: In that list only Intel makes anything but trivial amounts of money from patents. In fact, Microsoft, Google, and Docker have famously lost shittons of money thanks to patents. They basically siphoned money out of those companies into the pockets of lawyers and provided absolutely no benefit to society.

    For fuck’s sake: Features were removed from Android because of software patents!

    Not only that but Google makes almost all of its money from advertising, not “IP”. Same for Meta which is oddly missing from the graph (even though they contribute to and maintain a ton of FOSS stuff).

    Then let’s talk about #1: Redhat. They absolutely would be 1000% behind banning software patents. It’s nothing but trouble for them.

    I’d also like to note that Microsoft has been very much in favor of software patents since they were invented by the courts (remember: no legislation added software as a category of patentable subject matter: They exist as a result of court rulings!) because they thought they would put an end to open source software (see: Halloween documents). However, software patents have actually cost Microsoft more than they ever helped the company! In short: They’re idiots. They opened a can of worms that’s kept them constantly under attack but because those worms also hurt their perceived enemies they’ve doubled down on their decision.



  • Why? Software patents are already covered by copyright. Anyone can write software and they automatically get assigned the copyright for it. The barrier to entry is basically zero since everyone has a computer and nearly anyone can learn to program by simply taking the time to do so.

    I mean, I also don’t think patents should exist in general but there’s a pretty clear difference between software and things in the physical world. Software is “just math”. And I mean that literally: 100% of all software that exists can be reduced to math that you could–in theory–perform with a pencil and paper.

    There’s a lot of reasons why software patents shouldn’t exist far beyond the scope of patents in general.


  • Imagine if any company could just copy an indie game and scale it up/polish a bit and get all the sales.

    You’re describing the entire mobile games industry. You think all those top apps in the app stores are 100% original? No. They copied other games.

    Also, patents have nothing to do with that. Software is covered by copyright.

    Furthermore, “back in the day” manufacturing was expensive and required huge factories to build stuff (in quantity). The barrier to entry was enormous! People were mostly uneducated and there was not much in the way of “shared engineering knowledge”. Ten thousand people could look at a car engine and have no friggin clue how it worked. That’s why patents were necessary: Disclosure

    These days disclosure has become irrelevant. Any engineer can look at an invention or product and figure out both how it works and how it was made. At the very least, they can figure out a way to make it. Just look at all the Youtube channels where every day people are making complicated machines, parts, and electronics! The mysteries are gone. Disclosure is unnecessary.

    Since the entire point of patents was disclosure why do we still need them?





  • You had corruption with btrfs? Was this with a spinning disk or an SSD?

    I’ve been using btrfs for over a decade on several filesystems/machines and I’ve had my share of problems (mostly due to ignorance) but I’ve never encountered corruption. Mostly I just run out of disk space because I forgot to balance or the disk itself had an issue and I lost whatever it was that was stored in those blocks.

    I’ve had to repair a btrfs partition before due to who-knows-what back when it was new but it’s been over a decade since I’ve had an issue like that. I remember btrfs check --repair being totally useless back then haha. My memory on that event is fuzzy but I think I fixed whatever it was bitching about by remounting the filesystem with an extra option that forced it to recreate a cache of some sort. It ran for many years after that until the disk spun itself into oblivion.


  • I wouldn’t say, “repairing XFS is much easier.” Yeah, fsck -y with XFS is really all you have to do 99% of the time but also you’re much more likely to get corrupted stuff when you’re in that situation compared to say, btrfs which supports snapshotting and redundancy.

    Another problem with XFS is its lack of flexibility. By that I don’t mean, “you can configure it across any number of partitions on-the-fly in any number of (extreme) ways” (like you can with btrfs and zfs). I mean it doesn’t have very many options as to how it should deal with things like inodes (e.g. tail allocation). You can increase the total amount of space allowed for inode allocation but only when you create the filesystem and even then it has a (kind of absurdly) limited number that would surprise most folks here.

    As an example, with an XFS filesystem, in order to store 2 billion symlimks (each one takes an inode) you would need 1TiB of storage just for the inodes. Contrast that with something like btrfs with max_inline set to 2048 (the default) and 2 billion symlimks will take up a little less than 1GB (assuming a simplistic setup on at least a 50GB single partition).

    Learn more about btrfs inlining: https://btrfs.readthedocs.io/en/latest/Inline-files.html


  • One point: ext4 has a maximum file size of 16TiB. To a regular user that is stupidly huge and of no concern but it’s exactly the type of thing you overlook if you “just use ext4” on anything and everything then end up with your database broken at work because of said bad advice.

    Use the filesystem that makes the most sense for your use case. Consider it every single time you format a disk. Don’t become complacent! Also fuck around with the new shit from time to time! I decided to format my Linux desktop partitions with btrfs over a decade ago and as a result I’m an excellent user of that filesystem but you know what? I’m thinking I’ll try bcachefs soon and fiddle around more with my zfs partition on my HTPC.

    BTW: If you’re thinking about trying out btrfs I would encourage you to learn about it’s non-trivial maintenance tasks. btrfs needs you to fuck with it from time to time or you’ll run out of disk space “for no reason”. You can schedule cron jobs to take care of everything (as I have done) but you still need to learn how it all works. It’s not a “set it and forget it” FS like ext4.




  • There’s not much to learn in Windows land! Learn how to set file permissions, how the registry works (and some important settings that use it), and how Active Directory works (it’s LDAP) and you’ll be fine.

    If you’re used to using Linux nothing will frustrate you more than being forced to use a Windows desktop. The stuff you use every day just isn’t there. You can add on lots of 3rd party tools to make it better but it’ll never measure up.

    When you have to go out on the Internet to download endless amounts of 3rd party tools the security alarms in your head might start going off. Windows users have just learned over time to ignore them 🤣


  • I interview developers and information security people all the time. I always ask lots of questions about Linux. As far as I’m concerned:

    • If you’re claiming to be an infosec professional and don’t know Linux you’re a fraud.
    • If you’re a developer and you don’t know how to deploy to Linux servers you’re useless.

    So yeah: Get good with Linux. Especially permissions! Holy shit the amount of people I interview that don’t know basic Linux permissions (or even about file permissions in general) is unreal.

    Like, dude: Have you just been chmod 777 everything all this time? WTF! Immediate red flag this guy cannot be trusted with anything.


  • This is a, “it’s turtles all the way down!” problem. An application has to be able to store its encryption keys somewhere. You can encrypt your encryption keys but then where do you store that key? Ultimately any application will need access to the plaintext key in order to function.

    On servers the best practice is to store the encryption keys somewhere that isn’t on the server itself. Such as a networked Hardware Security Module (HSM) but literally any location that isn’t physically on/in the server itself is good enough. Some Raspberry Pi attached to the network in the corner of the data center would be nearly as good because the attack you’re protecting against with this kind of encryption is someone walking out of the data center with your server (and then decrypting the data).

    With a device like a phone you can’t use a networked HSM since your phone will be carried around with you everywhere. You could store your encryption keys out on the Internet somewhere but that actually increases the attack surface. As such, the encryption keys get stored on the phone itself.

    Phone OSes include tools like encrypted storage locations for things like encryption keys but realistically they’re no more secure than storing the keys as plaintext in the application’s app-specific store (which is encrypted on Android by default; not sure about iOS). Only that app and the OS itself have access to that storage location so it’s basically exactly the same as the special “secure” storage features… Except easier to use and less likely to be targeted, exploited, and ultimately compromised because again, it’s a smaller attack surface.

    If an attacker gets physical access to your device you must assume they’ll have access to everything on it unless the data is encrypted and the key for that isn’t on the phone itself (e.g. it uses a hash generated from your thumbprint or your PIN). In that case your effective encryption key is your thumb(s) and/or PIN. Because the Signal app’s encryption keys are already encrypted on the filesystem.

    Going full circle: You can always further encrypt something or add an extra step to accessing encrypted data but that just adds inconvenience and doesn’t really buy you any more security (realistically). It’s turtles all the way down.



  • You say that because you don’t realize the benefits:

    • Better support for Linux with any new PC hardware on day 1. This includes things like USB devices, monitors, KVMs, UPS, everything.
    • Better support for all commercial software in general. More software will become available and it’ll be higher quality.
    • Vendors will be forced to test all their stuff on Linux which means it’ll all become more reliable and less glitchy.
    • There will be more diversity in software and distros which means widespread attacks (aka hacking, worms, viruses, etc) will have less success and smaller impacts.
    • The more Linux users there are the more Linux developers will result. It’s also much easier to start learning how to code on a Linux desktop than it is in Windows.
    • Better security for the entire world. Linux has a vastly superior security architecture than Windows and a vastly superior track record. The more Linux users there are, the harder it will be for malicious entities to break into their PCs which translates into a more secure world.
    • It’s much easier (for experienced users) to troubleshoot and fix problems in Linux than in Windows. This will lead to support teams everywhere getting frustrated whenever they have to deal with Windows users (this is already the case for many software vendors, haha). Therefore, it makes support people happy and easy going. Who doesn’t want to reach a happy, helpful person for technical support instead of the usual defiant/adversarial support tech? 😁
    • The worst sorts of hardware vendors won’t be able to get away with their usual bullshit. For example, if there were enough Linux users HP wouldn’t be offering extremely invasive 2GB printer “drivers” because their Windows customers would know enough Linux users that they’d be rightfully pissed and not depressively submissive like they are now.
    • When you do have a problem it will be easier to find a solution because the likelihood that someone else already had it and posted a solution will be higher (though admittedly this factor doesn’t seem to do much for Windows currently because of how obtuse and obfuscated everything is in that OS).

    There’s actually a lot more reasons but that’s probably enough for now 😁



  • I’d love to see more adoption of… I2C!

    Bazillions of motherboards and SBCs support I2C and many have the ability to use it via GPIO pins or even have connectors just for I2C devices (e.g. QWIIC). Yet there’s very little in the way of things you can buy and plug in. It feels like such a waste!

    There’s all sorts of neat and useful things we could plug in and make use of if only there were software to use it. For example, cheap color sensors, nifty gesture sensors, time-of-flight sensors, light sensors, and more.

    There’s lmsensors which knows I2C and can magically understand zillions of temperature sensors and PWM things (e.g. fan control). We need something like that for all those cool devices and chips that speak I2C.