HackerLangs
TopNewTrendsCommentsPastAskShowJobs

cyphar

12,457 karmajoined 12 lat temu


  Aleksa Sarai <[email protected]>
    pub   ed25519 2019-06-21
    C9C3 70B2 46B0 9F6D BCFC  744C 3440 1015 D1D2 D386
    <https://static.cyphar.com/cyphar%40cyphar.com.pub>
U+1F574. Maintainer of runc and umoci, as well as a contributor to the Linux kernel, openSUSE, the OCI specifications and Docker.

github.com/cyphar ; www.cyphar.com

comments

cyphar
·14 godzin temu·discuss
I've heard a lot of people argue that phonics are vastly superior to "whole word" techniques, and maybe that's true -- I'm definitely not an expert, though it is how I was taught English in Australia ~30 years ago.

However, I find it quite hard to believe that it is the most important cause of the modern literacy rate issues in the US. Why? Because "whole word" teaching was the conventional wisdom since at least the 1950s[1,2]! Most articles on the topic reference the book Why Johnny Can't Read (1955) which was written to argue in favour of phonics as a response to (perceived?) child illiteracy at the time and claims (page 1):

> Since the 1920s, most American schoolchildren have been taught to memorize the "appearance" of words, one after another, like Chinese characters, without reference to the sounds of the individual letters that make up each word.

The reintroduction of phonics in the US first started as "balanced literacy" (phonics and "whole word", ideally tailored to students) in the 1990s and "science-based reading" (basically just phonics) properly started in the 2000s[1,2], which means that the argument that phonics would improve reading scores is on quite shaky ground (most children in the US today get taught phonics and most people >40 were probably taught with "whole word" teaching).

[1]: https://wearealigned.org/brief-history-literacy-instruction-... [2]: https://www.lexialearning.com/blog/the-science-of-reading-vs...
cyphar
·22 godziny temu·discuss
I really wonder where all of these people who believe that tests perfectly encapsulate the behaviour of software come from. Maybe it's because LLMs happen to work better when you give them acceptance criteria and people struggle to distinguish between "better" and "good"?
cyphar
·wczoraj·discuss
1. Nobody, not even the Googles or NSAs of the world do that. No single entity has the expertise nor resources necessary to maintain a fork for every open source project they use -- forking and maintaining Linux alone takes teams of people. And no, going full psychosis mode with LLMs is not going to save you.

2. This project is AGPLv3.
cyphar
·wczoraj·discuss
The "establishment" parties' argument seems to be that they wanted to wait for the results of the commision into Farage's allegedly dodgy finances before triggering a by-election, and are refusing to play ball with his attempt to get a popular mandate before all the facts are known.

Binface has always involved himself in well-publicised constituency races, the idea that this was some pre-planned operation by "the establishment" (as you are implying) stretches credulity. None of the other parties have endorsed Binface, they all seem to have expected Farage to win anyway.
cyphar
·4 dni temu·discuss
"You're right to push back on that. Let me take a step back and reconsider the requirements for an application that people might entrust with their lives."
cyphar
·5 dni temu·discuss
Be honest, in the counterfactual where he had said that "AI" agents are the next industrial revolution and there is no future for human skills and so on -- would you have still valued his opinion as being effectively worthless?
cyphar
·6 dni temu·discuss
The man page does say that but there is no mechanism to actually make use of that at the moment.

It's not enough for it to be encrypted, it needs to be encrypted with a single-purpose key that is not known by the user. Otherwise the user could replace the hibernation image with a malicious one and chain-load a backdoored version of Windows in secure boot mode, which violates the security model that Windows has and Linux needs to uphold to continue to get signed by Microsoft.

It is my understanding that there is work on generating a non-exportable single-purpose key using the TPM to make this work, but that's still a WIP.
cyphar
·7 dni temu·discuss
To be fair the security argument for secure boot is weakened by the fact that everything is signed by the same set of trusted keys when using the default Microsoft trust root, but on paper it does protect against certain kinds of attacks. (In theory, distros could use UEFI setup mode to only trust their own keys but this causes issues with signed firmware and there have been cases of bricked devices.)

Even if you use full disk encryption, without secure boot someone can replace your kernel (or bootloader to inject a bad kernel) with one that is backdoored without you noticing. So someone only needs temporary access to your powered off laptop to gain access to your data once you use it again. I've had my devices taken away from me at airports and I know people who have had their laptops mysteriously missing screws when travelling overseas, so this is not an entirely hypothetical problem.

Of course, the fact that hibernation doesn't work on Linux is a negative from a practical security perspective, and so stuff like luksSuspend on suspend end up being quite important. And trusting the Microsoft keys is a little concerning if you're worried about state actors.

If you use TPM-backed keys with tools like systemd-pcrlock you can get some similar (and arguably nicer) protections but in practice nobody locks to enough PCRs to provide more protection than you would get if you also enabled secure boot.
cyphar
·8 dni temu·discuss
> Can I ask one question? Why not use hibernation at that point?

Not GP but hibernation is completely disabled for lockdown kernels[1], which is always enabled when booting under secure boot for kernels trusted by the Microsoft secure boot keys (it is considered a requirement to get you shim signed by rhboot[2] as it is believed that Microsoft considers it a hard requirement, as otherwise you could chain-load a patched version of Windows under secure boot).

This doesn't matter for custom kernels but most official distro kernels are built this way to be signed, as otherwise they won't Just Work (TM) on modern laptops. If you disable secure boot then hibernation works again, though I must admit I'm a little surprised how many people seem to disable secure boot.

[1]: https://www.man7.org/linux/man-pages/man7/kernel_lockdown.7.... [2]: https://github.com/rhboot/shim-review#how-does-your-signed-k...
cyphar
·8 dni temu·discuss
I'm confused why you're saying this is a Debian-specific thing -- luksSuspend is upstream and was added back in 2009[1] in release v1.1.0[2]. I've used it (though somewhat sparingly) on Arch and openSUSE in the past and it definitely exists on non-Debian distributions. Maybe you're thinking of the automatic integration with system suspend? If so, that's kind of besides the point -- luksSuspend documents itself as clearing the keys from system memory, which stopped happening in Linux 6.9 due to the referenced refactor patch.

Though it should be noted that it seems that this is actually a bug in cryptsetup in that it was depending on very specific lifetime behaviour of kernel keyring keys, when it arguably should've been more explicitly cleared by userspace[3].

[1]: https://gitlab.com/cryptsetup/cryptsetup/-/commit/3cea5dcc7b... [2]: https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/docs/v1... [3]: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/93...
cyphar
·12 dni temu·discuss
Would that be pheonixmaxxing or pheonixxing these days?
cyphar
·12 dni temu·discuss
I'm also taken aback with how naive folks are about companies, they really seem to have bought the whole "capitalism is efficient" maxim hook, line, and sinker.

I really struggle to imagine how anyone in a corporate environment has managed to never run into obvious examples of waste like you describe (overpaid consultants and mandatory budgets are classic examples). Office Space came out 27 years ago and has a plotline making fun of overpaid "efficiency consultants" whose only job is to tell management to fire people.
cyphar
·12 dni temu·discuss
Why would a carpentry shop buy hundreds of thousands of dollars of power tools without consulting with their employees to see what they actually need to get their job done more effectively? The logic of buying the tools then forcing the employees to use them "or else" is completely backwards in any sane world.

(Of course, we've all had bosses that went to some marketing seminar and come back having been tricked^Wsold into buying some wizz-bang widget that we need to now integrate because of a sunk-cost fallacy, but I thought everyone was on the same page that this is not how normal procurement was supposed to work.)

> the point is that if you wanna see if the tools are working you wanna see proof they're actually being used.

That is way too charitable, people were being fired based on these metrics and people were absolutely talking about token burn as being a metric for productivity (do I really need to link the Jensen Huang quote?). That isn't an indication of this hysteria being based on "just trying to see if the tools work".

If you want to see if the tools work, why don't you just ask your employees? Like any normal employer would?
cyphar
·16 dni temu·discuss
I use Cozette[1] at the moment, which is basically a modern form of Dina (the first bitmap font I started with ~15 years ago now). It is pretty nice, though they recently started adding some kanji and I don't particularly like the style they went with (maybe I should send a PR to support more and fix up the existing styles)...

[1]: https://github.com/the-moonwitch/Cozette
cyphar
·17 dni temu·discuss
I'm more of a bitmap font guy (at least, as long as my eyes continue to forgive me for it) but I'm always interested to see what other fonts there are around. It does look quite nice.

I must admit when I ran across the second real paragraph from the main page, I couldn't help but only think more and more about how we will look back on marketing copy like this in a decade from now:

AI assistants produce both code and prose. MonoLisa Text renders long-form explanations with optimal readability, while MonoLisa Code keeps your code crystal clear. The perfect pairing for the AI era. (Under the title "A perfect pairing for the AI era.")

Ignoring the deep pit of sadness I felt when thinking about the incredibly long (and revolutionary) history of typefaces that led us to today for just a moment, I'm honestly curious how effective this marketing is. How many people would assume a font would be suitable for general text but not LLM-generated text and would need to be dissuaded from that notion? I wonder if someone has started selling keyboards that are "perfect for prompting" (but I'm too scared to look at this stage).
cyphar
·18 dni temu·discuss
I mean, cultures are also a kind of technology, arguably one of the first we developed as Homo Sapiens.

In my view the actual issue has always been that cryptocurrency folks don't understand what purpose money serves, mostly because they're all basically gold bugs. To strain the "money is a technology" metaphor, this is a product-market-fit issue -- like trying to build a cloud orchestration framework that only works on DIY Belwulf clusters or a web framework that only looks nice on teletype.
cyphar
·19 dni temu·discuss
"This particular band of gambling addicts have bet money on a particular outcome at a ratio of 68:32, so there is a 32% chance of it happening."

Wow, how informative. Maybe I should go check my horoscope for if the Iran war will end next week...
cyphar
·19 dni temu·discuss
Their point is that that functionality is not available on older kernels (such as those in RHEL 9 and 10) and so most sandboxes will continue to block it outright for a while, though eventually one would expect Red Hat to backport it.

(We haven't even added support for the new cBPF io_uring stuff to low-level container runtimes like runc yet, though I did review the patchset on LKML earlier this year and planned to get working on it when I have time. But as it requires spec changes, expect it to take 6-12 months at best...)
cyphar
·20 dni temu·discuss
Sure, but that falls under the "no unauthorised GET data" thing I talked about...?
cyphar
·20 dni temu·discuss
Japanese also underwent simplification post-WW2, but there is important context here.

In both cases, the original plan was for Chinese characters to fall out of use entirely via gradual simplifications, but in both cases the simplifications stopped soon after the first planned stages and it seems very unlikely it would be a popular initiative at this stage. Basically what happened in both cases was the equivalent of a spelling reform, not the elimination of a writing system.

In the case of Japanese, it seems there is some regret around simplification because characters not in the 常用漢字表 do not have the component simplifications applied that the standardised characters do (for instance, 攪拌 is more commonly used than 撹拌 despite the 覚 component being the "modern" simplified form -- and there are characters with no simplified form like the first character in 艱難, first character in 辻褄, or 迄).