10 interesting stories served every morning and every evening.




1 1,039 shares, 67 trendiness, 1000 words and 9 minutes reading time

Stepping up for a truly open source Elasticsearch

Last week, Elastic an­nounced they will change their soft­ware li­cens­ing strat­egy, and will not re­lease new ver­sions of Elasticsearch and Kibana un­der the Apache License, Version 2.0 (ALv2). Instead, new ver­sions of the soft­ware will be of­fered un­der the Elastic License (which lim­its how it can be used) or the Server Side Public License (which has re­quire­ments that make it un­ac­cept­able to many in the open source com­mu­nity). This means that Elasticsearch and Kibana will no longer be open source soft­ware. In or­der to en­sure open source ver­sions of both pack­ages re­main avail­able and well sup­ported, in­clud­ing in our own of­fer­ings, we are an­nounc­ing to­day that AWS will step up to cre­ate and main­tain a ALv2-licensed fork of open source Elasticsearch and Kibana.

We launched Open Distro for Elasticsearch in 2019 to pro­vide cus­tomers and de­vel­op­ers with a fully fea­tured Elasticsearch dis­tri­b­u­tion that pro­vides all of the free­doms of ALv2-licensed soft­ware. Open Distro for Elasticsearch is a 100% open source dis­tri­b­u­tion that de­liv­ers func­tion­al­ity prac­ti­cally every Elasticsearch user or de­vel­oper needs, in­clud­ing sup­port for net­work en­cryp­tion and ac­cess con­trols. In build­ing Open Distro, we fol­lowed the rec­om­mended open source de­vel­op­ment prac­tice of upstream first.” All changes to Elasticsearch were sent as up­stream pull re­quests (#42066, #42658, #43284, #43839, #53643, #57271, #59563, #61400, #64513), and we then in­cluded the oss” builds of­fered by Elastic in our dis­tri­b­u­tion. This en­sured that we were col­lab­o­rat­ing with the up­stream de­vel­op­ers and main­tain­ers, and not cre­at­ing a fork” of the soft­ware.

Choosing to fork a pro­ject is not a de­ci­sion to be taken lightly, but it can be the right path for­ward when the needs of a com­mu­nity di­verge—as they have here. An im­por­tant ben­e­fit of open source soft­ware is that when some­thing like this hap­pens, de­vel­op­ers al­ready have all the rights they need to pick up the work them­selves, if they are suf­fi­ciently mo­ti­vated. There are many suc­cess sto­ries here, like Grafana emerg­ing from a fork of Kibana 3.

When AWS de­cides to of­fer a ser­vice based on an open source pro­ject, we en­sure that we are equipped and pre­pared to main­tain it our­selves if nec­es­sary. AWS brings years of ex­pe­ri­ence work­ing with these code­bases, as well as mak­ing up­stream code con­tri­bu­tions to both Elasticsearch and Apache Lucene, the core search li­brary that Elasticsearch is built on—with more than 230 Lucene con­tri­bu­tions in 2020 alone.

Our forks of Elasticsearch and Kibana will be based on the lat­est ALv2-licensed code­bases, ver­sion 7.10. We will pub­lish new GitHub repos­i­to­ries in the next few weeks. In time, both will be in­cluded in the ex­ist­ing Open Distro dis­tri­b­u­tions, re­plac­ing the ALv2 builds pro­vided by Elastic. We’re in this for the long haul, and will work in a way that fos­ters healthy and sus­tain­able open source prac­tices—in­clud­ing im­ple­ment­ing shared pro­ject gov­er­nance with a com­mu­nity of con­trib­u­tors.

You can rest as­sured that nei­ther Elastic’s li­cense change, nor our de­ci­sion to fork, will have any neg­a­tive im­pact on the Amazon Elasticsearch Service (Amazon ES) you cur­rently en­joy. Today, we of­fer 18 ver­sions of Elasticsearch on Amazon ES, and none of these are af­fected by the li­cense change.

In the fu­ture, Amazon ES will be pow­ered by the new fork of Elasticsearch and Kibana. We will con­tinue to de­liver new fea­tures, fixes, and en­hance­ments. We are com­mit­ted to pro­vid­ing com­pat­i­bil­ity to elim­i­nate any need to up­date your client or ap­pli­ca­tion code. Just as we do to­day, we will pro­vide you with a seam­less up­grade path to new ver­sions of the soft­ware.

This change will not slow the ve­loc­ity of en­hance­ments we of­fer to our cus­tomers. If any­thing, a com­mu­nity-owned Elasticsearch code­base pre­sents new op­por­tu­ni­ties for us to move faster in im­prov­ing sta­bil­ity, scal­a­bil­ity, re­siliency, and per­for­mance.

Developers em­brace open source soft­ware for many rea­sons, per­haps the most im­por­tant be­ing the free­dom to use that soft­ware where and how they wish.

The term open source” has had a spe­cific mean­ing since it was coined in 1998. Elastic’s as­ser­tions that the SSPL is free and open” are mis­lead­ing and wrong. They’re try­ing to claim the ben­e­fits of open source, while chip­ping away at the very de­f­i­n­i­tion of open source it­self. Their choice of SSPL be­lies this. SSPL is a non-open source li­cense de­signed to look like an open source li­cense, blur­ring the lines be­tween the two. As the Fedora com­mu­nity states, [to] con­sider the SSPL to be Free’ or Open Source’ causes [a] shadow to be cast across all other li­censes in the FOSS ecosys­tem.”

In April 2018, when Elastic co-min­gled their pro­pri­etary li­censed soft­ware with the ALv2 code, they promised in We Opened X-Pack”: We did not change the li­cense of any of the Apache 2.0 code of Elasticsearch, Kibana, Beats, and Logstash — and we never will.” Last week, af­ter reneg­ing on this promise, Elastic up­dated that same page with a foot­note that says circumstances have changed.”

Elastic knows what they’re do­ing is fishy. The com­mu­nity has told them this (e.g., see Brasseur, Quinn, DeVault, and Jacob). It’s also why they felt the need to write an ad­di­tional blus­tery blog (on top of their ini­tial li­cense change blog) to try to ex­plain their ac­tions as AWS made us do it.” Most folks aren’t fooled. We did­n’t make them do any­thing. They be­lieve that re­strict­ing their li­cense will lock oth­ers out of of­fer­ing man­aged Elasticsearch ser­vices, which will let Elastic build a big­ger busi­ness. Elastic has a right to change their li­cense, but they should also step up and own their own de­ci­sion.

In the mean­time, we’re ex­cited about the long-term jour­ney we’ve em­barked on with Open Distro for Elasticsearch. We look for­ward to pro­vid­ing a truly open source op­tion for Elasticsearch and Kibana us­ing the ALv2 li­cense, and build­ing and sup­port­ing this fu­ture with the com­mu­nity.

An ear­lier ver­sion of this post in­cor­rectly in­di­cated that the Jenkins CI tool was a fork. We thank @abayer for the cor­rec­tion.

...

Read the original on aws.amazon.com »

2 748 shares, 30 trendiness, 280 words and 3 minutes reading time

microsoft/windows-rs

The win­dows crate lets you call any Windows API past, pre­sent, and fu­ture us­ing code gen­er­ated on the fly di­rectly from the meta­data de­scrib­ing the API and right into your Rust pack­age where you can call them as if they were just an­other Rust mod­ule.

The Rust lan­guage pro­jec­tion fol­lows in the tra­di­tion es­tab­lished by C++/WinRT of build­ing lan­guage pro­jec­tions for Windows us­ing stan­dard lan­guages and com­pil­ers, pro­vid­ing a nat­ural and id­iomatic way for Rust de­vel­op­ers to call Windows APIs.

Start by adding the fol­low­ing to your Cargo.toml file:

[dependencies]

win­dows = 0.2.1”

[build-dependencies]

win­dows = 0.2.1”

This will al­low Cargo to down­load, build, and cache Windows sup­port as a pack­age. Next, spec­ify which types you need in­side of a build.rs build script and the win­dows crate will gen­er­ate the nec­es­sary bind­ings:

fn main() {

win­dows::build!(

win­dows::data::xml::dom::*

win­dows::win32::sys­tem_ser­vices::{Cre­ateEventW, SetEvent, WaitForSingleObject}

win­dows::win32::win­dows_pro­gram­ming::Close­Han­dle

Finally, make use of any Windows APIs as needed.

mod bind­ings {

::windows::include_bindings!();

use bind­ings::{

win­dows::data::xml::dom::*,

win­dows::win32::sys­tem_ser­vices::{Cre­ateEventW, SetEvent, WaitForSingleObject},

win­dows::win32::win­dows_pro­gram­ming::Close­Han­dle,

fn main() -> win­dows::Re­sult

To re­duce build time, use a bind­ings crate rather sim­ply a mod­ule. This will al­low Cargo to cache the re­sults and build your pro­ject far more quickly.

There is an ex­per­i­men­tal doc­u­men­ta­tion gen­er­a­tor for the Windows API. The doc­u­men­ta­tion is pub­lished here. This can be use­ful to fig­ure out how the var­i­ous Windows APIs map to Rust mod­ules and which use paths you need to use from within the build macro.

For a more com­plete ex­am­ple, take a look at Robert Mikhayelyan’s Minesweeper. More sim­ple ex­am­ples can be found here.

...

Read the original on github.com »

3 715 shares, 56 trendiness, 6511 words and 51 minutes reading time

Still Alive

This was a tri­umph

I’m mak­ing a note here, huge suc­cess

No, se­ri­ously, it was aw­ful. I deleted my blog of 1,557 posts. I wanted to pro­tect my pri­vacy, but I ended up with ar­ti­cles about me in New Yorker, Reason, and The Daily Beast. I wanted to pro­tect my anonymity, but I Streisand-Effected my­self, and a bunch of trolls went around post­ing my real name every­where they could find. I wanted to avoid los­ing my day job, but ended up quit­ting so they would­n’t be af­fected by the fall­out. I lost a five-digit sum in ad­ver­tis­ing and Patreon fees. I ac­ci­den­tally sent about three hun­dred emails to each of five thou­sand peo­ple in the process of try­ing to put my blog back up.

I had, not to mince words about it, a re­ally weird year.

513,000 peo­ple read my blog post com­plain­ing about the New York Times’ at­tempt to dox me (for com­par­i­son, there are 366,000 peo­ple in Iceland). So many peo­ple can­celled their sub­scrip­tion that the Times’ ex­as­per­ated cus­tomer ser­vice agents started pre-empt­ing callers with Is this about that blog thing?” A friend of a friend re­ports her grand­mother in Slovakia heard a story about me on Slovak-language ra­dio.

I got emails from no fewer than four New York Times jour­nal­ists ex­press­ing sym­pa­thy and of­fer­ing to ex­plain their pa­per’s stan­dards in case that helped my cause. All four of them gave to­tally dif­fer­ent ex­pla­na­tions, dis­agree­ing about whether the re­porter I dealt with was just fol­low­ing the rules, was fla­grantly vi­o­lat­ing the rules, was un­af­fected by any rules, or what. Seems like a fun place to work. I was nev­er­the­less hum­bled by their sup­port.

I got an email from Balaji Srinivasan, a man whose anti-cor­po­rate-me­dia cru­sade strad­dles a pre­vi­ously un­rec­og­nized bor­der be­tween en­dear­ing and ter­ri­fy­ing. He had some very cre­ative sug­ges­tions for how to deal with jour­nal­ists. I’m not sure any of them were es­pe­cially ac­tion­able, at least not while the Geneva Convention re­mains in ef­fect. But it was still a good learn­ing ex­pe­ri­ence. In par­tic­u­lar, I learned never to make an en­emy of Balaji Srinivasan. I am hum­bled by his sup­port.

I got emails from two dif­fer­ent pre­dic­tion ag­gre­ga­tors say­ing they would show they cared by open­ing mar­kets into whether the Times would end up doxxing me or not. One of them ended up with a to­tal trade vol­ume in the four dig­its. For a brief mo­ment, I prob­a­bly had more ad­vanced de­ci­sion-mak­ing tech­nol­ogy ad­vis­ing me in my stu­pid con­flict with a news­pa­per than the CIA uses for some wars. I am hum­bled by their sup­port.

I got an email from a very an­gry man who be­lieved I per­son­ally wrote the en­tirety of Slate.com. He told me I was a hyp­ocrite for want­ing pri­vacy even though Slate.com had ap­par­ently pub­lished some pri­vacy-vi­o­lat­ing sto­ries. I tried to cor­rect him, but it seemed like his email client only ac­cepted replies from peo­ple on his con­tact list. I think this might be what the Catholics call invincible ig­no­rance”. But, uh, I’m sure if we got a chance to sort it out I would have been hum­bled by his sup­port.

I got an email from a for­mer mem­ber of the GamerGate move­ment, of­fer­ing ad­vice on man­ag­ing PR. It was very thor­ough and they had ob­vi­ously put a lot of ef­fort into it, but it was all premised on this idea that GamerGate was some kind of shin­ing PR suc­cess, even though as I re­mem­ber it they man­aged to take a com­plaint about a video game re­view and mis­han­dle it so badly that they lit­er­ally got con­demned by the UN General Assembly. But it’s the thought that counts, and I am hum­bled by their sup­port.

I got an email from a Russian reader, which I will quote in full: In Russia we wit­nessed sim­i­lar things back in 1917. 100 years later the same sit­u­a­tion is in your coun­try :)”. I am not sure it re­ally makes sense to com­pare my at­tempted doxxing to the Bolshevik Revolution, and that smi­ley face will haunt my dreams, but I am hum­bled by his sup­port.

Eventually it be­came kind of over­whelm­ing. 7500 peo­ple signed a pe­ti­tion in my fa­vor. Russia Today wrote an ar­ti­cle about my sit­u­a­tion as part of their pro­pa­ganda cam­paign against the United States. Various tech fig­ures started a cam­paign to stop grant­ing in­ter­views to NYT in protest. All of the hum­bling sup­port kind of blended to­gether. At my char­ac­ter level, I can only cast the spell Summon Entire Internet once per decade or so. So as I clicked through email af­ter email, I asked my­self: did I do the right thing?

I’m not even an­gry

I’m be­ing so sin­cere right now

Before we go any fur­ther: your con­spir­acy the­o­ries are false. An SSC reader ad­mit­ted to telling a New York Times re­porter that SSC was in­ter­est­ing and he should write a story about it. The re­porter pur­sued the story on his rec­om­men­da­tion. It was­n’t an at­tempt by the Times to crush a com­peti­tor, it was­n’t re­tal­i­a­tion for my hav­ing writ­ten some crit­i­cal things about the news busi­ness, it was­n’t even a po­lit­i­cal at­tempt to can­cel me. Someone just told a re­porter I would make a cool story, and the re­porter went along with it.

Nor do I think it was go­ing to be a hit piece, at least not at first. I heard from most of the peo­ple who the Times in­ter­viewed. They were mostly sym­pa­thetic sources, the in­ter­viewer asked mostly sym­pa­thetic ques­tions, and some­one who knows New York Times re­porters says the guy on my case was their non-hit-piece guy; they have a dif­fer­ent re­porter for hatchet jobs. After I torched the blog in protest, they seem to have briefly flirted with turn­ing it into a hit piece, and the fol­low­ing week they switched to in­ter­view­ing every­one who hated me and ask­ing a lot of lead­ing ques­tions about po­ten­tially bad things I did. My con­tacts in the news in­dus­try said even this was­n’t nec­es­sar­ily sin­is­ter. They might have as­sumed I had some­thing to hide, and wanted to fig­ure out what it was just in case it was a bet­ter story than the orig­i­nal. Or they might have been de­lib­er­ately in­ter­view­ing friendly sources first, in or­der to make me feel safe so I would grant them an in­ter­view, and then moved on to the un­friendly ones af­ter they knew that would­n’t hap­pen. I’m not sure. But the pat­tern does­n’t match hit piece from the be­gin­ning”.

As much crappy po­lit­i­cal stuff as there is in both the news in­dus­try and the blog­sphere these days, I don’t think this was a left-right po­lit­i­cal is­sue. I think the New York Times wanted to write a fairly bor­ing ar­ti­cle about me, but some guide­line said they had to re­veal sub­jects’ real iden­ti­ties, if they knew them, un­less the sub­ject was in one of a few pre­de­fined sym­pa­thetic cat­e­gories (eg sex work­ers). I did get to talk to a few sym­pa­thetic peo­ple from the Times, who were pretty con­fused about whether such a guide­line ex­isted, and cer­tainly it’s hon­ored more in the breach than in the ob­ser­vance (eg Virgil Texas). But I still think the most likely ex­pla­na­tion for what hap­pened was that there was a rule sort of like that on the books, some de­part­ments and ed­i­tors fol­lowed it more slav­ishly than oth­ers, and I had the bad luck to be as­signed to a de­part­ment and ed­i­tor that fol­lowed it a lot. That’s all. Anyway, they did the right thing and de­cided not to pub­lish the ar­ti­cle, so I have no re­main­ing beef with them.

I also owe the Times apolo­gies for a few things I did while fight­ing them. In par­tic­u­lar, when I told them I was go­ing to delete the blog if they did­n’t promise not to dox me, I gave them so lit­tle warn­ing that it prob­a­bly felt like a bizarre ul­ti­ma­tum. At the time I was wor­ried if I gave them more than a day’s warn­ing, they could just pub­lish the story while I waited; later, peo­ple con­vinced me the Times is in­ca­pable of act­ing quickly and I could have let them think about it for longer.

Also, I asked you all to email an NYT tech ed­i­tor with your com­plaints. I as­sumed NYT ed­i­tors, like Presidents and Senators, had un­lim­ited flunkies sort­ing through their mail­bags, and would not be per­son­ally af­fected by any email del­uge. I was wrong and I ac­tu­ally di­rected a three to four digit num­ber of emails to the per­sonal work in­box of some nor­mal per­son with a fi­nite num­ber of flunkies. That was prob­a­bly pretty har­row­ing and I’m sorry.

As for the Times’ mis­takes: I think they just did­n’t ex­pect me to care about anonymity as much as I did. In fact, most of my sup­port­ers, and most of the savvy peo­ple giv­ing me ad­vice, did­n’t ex­pect me to care as much as I did. Maybe I should ex­plain more of my his­tory here: back in the early 2010s I blogged un­der my real name. When I in­ter­viewed for my dream job in psy­chi­a­try, the in­ter­viewer had Googled my name, found my blog, and asked me some re­ally pointed ques­tions about whether hav­ing a blog meant I was ir­re­spon­si­ble and un­pro­fes­sional. There was­n’t even any­thing con­tro­ver­sial on the blog - this was back in the early 2010s, be­fore they in­vented con­tro­versy. They were just old-school pre-so­cial-me­dia-era peo­ple who thought hav­ing a blog was fun­da­men­tally in­com­pat­i­ble with the dig­nity of be­ing a psy­chi­a­trist. I did­n’t get that job, nor sev­eral oth­ers I thought I was a shoo-in for. I ac­tu­ally failed my en­tire first year of ACGME match and was pretty close to hav­ing to give up on a med­ical ca­reer. At the time I felt like that would mean my life was over.

So I took a bunch of steps to be in a bet­ter po­si­tion for the next year’s round of in­ter­views, and one of the most im­por­tant was delet­ing that blog, scrub­bing it off the Web as best I could, and restart­ing my whole on­line pres­ence un­der a pseu­do­nym. I was never able to com­pletely erase my­self from the Internet, but I made some strate­gic de­ci­sions - like leav­ing up a bunch of older stuff that men­tioned my real name so that ca­sual searchers would find that in­stead of my real blog. The next year, I tried the job in­ter­view cir­cuit again and got hired.

But I still had this re­ally strong sense that my ca­reer hung on this thread of stay­ing anony­mous. Sure, my se­cu­rity was ter­ri­ble, and a few trolls and male­fac­tors found my real name on­line and used it to taunt me. But my at­tend­ings and my fu­ture em­ploy­ers could­n’t just Google my name and find it im­me­di­ately. Also, my pa­tients could­n’t Google my name and find me im­me­di­ately, which I was in­creas­ingly re­al­iz­ing the psy­chi­atric com­mu­nity con­sid­ered im­por­tant. Therapists are sup­posed to be blank slates, avail­able for pa­tients to pro­ject their con­flicts and fan­tasies upon. Their dis­tant fa­ther, their abu­sive boyfriend, their what­ever. They must not know you as a per­son. One of my more ded­i­cated pro­fes­sors told me about how he used to have a pic­ture of his chil­dren on a shelf in his of­fice. One of his pa­tients asked him whether those were his chil­dren. He de­scribed sud­denly re­al­iz­ing that he had let his de­sire to show off over­come his duty as a psy­chi­a­trist, mum­bling a non­com­mi­tal re­sponse lest his pa­tient learn whether he had chil­dren or not, tak­ing the pic­ture home with him that night, and never dis­play­ing any per­sonal items in his of­fice ever again. That guy was kind of an ex­treme case, but this is some­thing all psy­chi­a­trists think about, and bet­ter py­chi­a­trist-blog­gers than I have quit once their side gig reached a point where their pa­tients might hear about it. There was even a very nice and nu­anced ar­ti­cle about the phe­nom­e­non in - of all places - The New York Times.

After all that, yeah, I had a pho­bia of be­ing doxxed. But psy­chother­apy classes also teach you to not to let past trau­mas con­trol your life even af­ter they’ve stopped be­ing rel­e­vant. Was I get­ting too worked up over an is­sue that no longer mat­tered?

The New York Times thought so. Some peo­ple kept me abreast of their pri­vate dis­cus­sions (in Soviet America, news­pa­per’s dis­cus­sions get leaked to you!) and their re­porters had spir­ited in­ter­nal de­bates about whether I re­ally needed anonymity. Sure, I’d got­ten some death threats, but every­one gets death threats on the Internet, and I’d pro­vided no proof mine were cred­i­ble. Sure, I might get SWATted, but re­al­is­ti­cally that’s a re­ally scary fif­teen sec­onds be­fore the cops apol­o­gize and go away. Sure, my job was at risk, but I was a well-off per­son and could prob­a­bly get an­other. Also, had­n’t I blogged un­der my real name be­fore? Hadn’t I pub­lished pa­pers un­der my real name in ways that a clever per­son could use to un­mask my iden­tity? Hadn’t I played fast and loose with every form of opsec other than whether the av­er­age pa­tient or em­ployer could Google me in five sec­onds?

Some of the savvy peo­ple giv­ing me ad­vice sug­gested I fight back against this. Release the ex­act death threats I’d re­ceived and ex­plain why I thought they were scary. Play up ex­actly how many peo­ple lived with me and ex­actly why it would be trau­matic for them to get SWATted. Explain ex­actly how se­ri­ously it would harm my pa­tients if I lost my job. Say why it was nec­es­sary for my ca­reer to pub­lish those pa­pers un­der my real name.

Why did­n’t I do this? Partly be­cause it was­n’t true. I don’t think I had par­tic­u­larly strong ar­gu­ments on any of these points. The amount I dis­like death threats is ba­si­cally the av­er­age amount that the av­er­age per­son would dis­like them. The amount I would dis­like los­ing my job…and et cetera. Realistically, my anonymity let me feel safe and com­fort­able. But it prob­a­bly was­n’t lit­er­ally nec­es­sary to keep me alive. I feel bad ad­mit­ting this, like I con­scripted you all into a cru­sade on false pre­tenses. Am I an en­ti­tled jerk for caus­ing such a stir just so I can feel safe and com­fort­able? I’m sure the New York Times cus­tomer ser­vice rep­re­sen­ta­tives who had to deal with all your phone calls thought so.

But the other rea­son I did­n’t do it was…well, sup­pose Power comes up to you and says hey, I’m gonna kick you in the balls. And when you protest, they say they don’t want to make any­one un­safe, so as long as you can prove that kick­ing you in the balls will cause long-term ir­recov­er­able dam­age, they’ll hold off. And you say, well, it’ll hurt quite a lot. And they say that’s sub­jec­tive, they’ll need a doc­tor’s note prov­ing you have a chronic pain con­di­tion like hy­per­al­ge­sia or fi­bromyal­gia. And you say fine, I guess I don’t have those, but it might be dan­ger­ous. And they ask you if you’re some sort of ex­pert who can prove there’s a high risk of or­gan rup­ture, and you have to ad­mit the risk of or­gan rup­ture is­n’t ex­actly high. But also, they add, did­n’t you prac­tice taek­wondo in col­lege? Isn’t that the kind of sport where you can get kicked in the balls pretty eas­ily? Sounds like you’re not re­ally that com­mit­ted to this not-get­ting-kicked-in-the-balls thing.

No! There’s no dig­ni­fied way to an­swer any of these ques­tions ex­cept fuck you”. Just don’t kick me in the balls! It is­n’t rocket sci­ence! Don’t kick me in the fuck­ing balls!

In the New York Times’ world­view, they start with the right to dox me, and I had to earn the right to re­main anony­mous by prov­ing I’m the per­fect sym­pa­thetic vic­tim who sat­is­fies all their cri­te­ria of vic­tim­hood. But in my world­view, I start with the right to anonymity, and they need to make an af­fir­ma­tive case for doxxing me. I ad­mit I am not the per­fect vic­tim. The death threats against me are all by losers who prob­a­bly don’t know which side of a gun you shoot some­one with. If any­thing hap­pened at work, it would prob­a­bly in­con­ve­nience me and my pa­tients, but prob­a­bly would­n’t lit­er­ally kill ei­ther of us. Still! Don’t kick me in the fuck­ing balls!

I don’t think any­one at the Times bore me ill will, at least not orig­i­nally. But some­how that just made it even more in­fu­ri­at­ing. In Street Fighter, the hero con­fronts the Big Bad about the time he de­stroyed her vil­lage. The Big Bad has de­stroyed so much stuff he does­n’t even re­mem­ber: For you, the day [I burned] your vil­lage was the most im­por­tant day of your life. For me, it was Tuesday.” That was the im­pres­sion I got from the Times. They weren’t hos­tile. I was­n’t a tar­get they were des­per­ate to take out. The main emo­tion I was able to pick up from them was an­noy­ance that I was mak­ing their lives harder by mak­ing a big deal out of this. For them, it was Tuesday.

It’s bad enough to get kicked in the balls be­cause Power hates you. But it’s in­fu­ri­at­ing to have it hap­pen be­cause Power can’t bring it­self to care. So sure, delet­ing my blog was­n’t the most, shall we say, ra­tio­nal re­sponse to the sit­u­a­tion. But it­er­ated games some­times re­quire a strat­egy that de­vi­ates from ap­par­ent first-level ra­tio­nal­ity, where you let your­self con­sider lose-lose op­tions in or­der to in­flu­ence an op­po­nen­t’s be­hav­ior.

Or, in lay­man’s terms, some­times you have to be a crazy bas­tard so peo­ple won’t walk all over you.

In 2010, a cor­rupt po­lice­woman de­manded a bribe from im­pov­er­ished push­cart ven­dor Mohammed Bouazizi. He could­n’t af­ford it. She con­fis­cated his goods, in­sulted him, and (according to some sources) slapped him. He was hu­mil­i­ated and des­ti­tute and had no hope of ever get­ting back at a po­lice of­fi­cer. So he made the very rea­son­able de­ci­sion to douse him­self in gaso­line and set him­self on fire in the pub­lic square. One thing led to an­other, and even­tu­ally a mostly-peace­ful rev­o­lu­tion ousted the gov­ern­ment of Tunisia. I am very sorry for Mr. Bouazizi and his fam­ily. But he did find a way to make the of­fend­ing po­lice­woman re­mem­ber the day she ha­rassed him as some­thing other than Tuesday. As the say­ing goes, sometimes set­ting your­self on fire sheds light on the sit­u­a­tion”.

As I burned it hurt be­cause

I was so happy for you

But as I was think­ing about all this, I got other emails. Not just the pre­dic­tion ag­gre­ga­tors and Russians and so on; emails of a to­tally dif­fer­ent sort.

I got emails from other peo­ple who had deleted their blogs out of fear. Sometimes it was be­cause of a job search. Other times it was be­cause of *gestures ex­pan­sively at every­thing*. These peo­ple wanted me to know they sym­pa­thized with what I was go­ing through.

I got emails from peo­ple who had­n’t deleted their blogs, but wished they had. A lot of them had sto­ries like mine - failed an in­ter­view they should have aced, and the in­ter­viewer men­tioned their blog as an is­sue. These peo­ple sym­pa­thized too.

I got emails that were like that, only it was grad stu­dents. Apparently if you have a blog about your field, that can make it harder to get or keep a job in acad­e­mia. I’m not sure what we think we’re gain­ing by en­sur­ing the smartest and best ed­u­cated peo­ple around aren’t able to talk openly about the fields they’re ex­perts in, but I hope it’s worth it.

I got an email from a far-left blog­ger with a sim­i­lar story, which got me think­ing about so­cial­ists in par­tic­u­lar. Imagine you’re writ­ing a so­cial­ist blog - as is 100% your right in a de­mo­c­ra­tic so­ci­ety. Aren’t em­ploy­ers go­ing to freak out as soon as they Google your name, ex­pect­ing you to start a union or ag­i­tate for higher wages or seize the means of pro­duc­tion or some­thing? This is a to­tally dif­fer­ent prob­lem from the can­cel cul­ture sto­ries I usu­ally hear about, but just as se­ri­ous. How are you sup­posed to write about com­mu­nism in a world where any news­pa­per can just fig­ure out your real name, ex­pose you, and lock you out of most nor­mal jobs?

I got emails from some trans­gen­der blog­gers, who talked about how trans peo­ple go by some­thing other than their le­gal name and have a spe­cial in­ter­est in not get­ting outed in the na­tional news. I don’t think the Times would de­lib­er­ately out trans peo­ple - prob­a­bly there’s some of­fi­cial pol­icy against it. But the peo­ple email­ing me un­der­stood that we’re all in this to­gether, and that if op­pressed peo­ple don’t stand up for the rights of the priv­i­leged, no one will. Or some­thing. Man, it’s been a weird year.

I got an email telling me to look into the story of Richard Horton, a po­lice of­fi­cer in the UK. He wrote a blog about his ex­pe­ri­ence on the force which was by all ac­counts in­cred­i­ble - it won the Orwell Prize for be­ing the best po­lit­i­cal writ­ing in Britain that year. The Times (a British news­pa­per un­re­lated to NYT) hacked his email and ex­posed his real iden­tity, and his chief forced him to delete the blog in or­der to keep his job. I won­der whether maybe if po­lice of­fi­cers were al­lowed to write anony­mously about what was go­ing on with­out get­ting doxxed by news­pa­pers, peo­ple would­n’t have to be so sur­prised every time some­thing hap­pens in­volv­ing the po­lice be­ing bad. See for ex­am­ple The Impact Of The Cessation Of Blogs Within The UK Police Blogosphere, a pa­per some­body ap­par­ently needed to write.

I got an email telling me to look into the story of Naomi Wu, a Chinese woman who makes videos about en­gi­neer­ing and DIY tech pro­jects un­der the name SexyCyborg. She granted an in­ter­view to a Vice re­porter un­der the con­di­tion that he not re­veal some sen­si­tive de­tails of her per­sonal life which could get her in trou­ble with the Chinese au­thor­i­ties. Vice agreed, then re­vealed the de­tails any­way (who could have guessed that a we­bzine founded by a vi­o­lent neo-fas­cist leader and named af­ter the ab­stract con­cept of evil would stoop so low?) In a Medium post, Wu wrote that Vice would en­dan­ger me for a few clicks be­cause in Brooklyn cer­tain things are no big deal…I had no pos­si­ble re­course against a bil­lion dol­lar com­pany who thought tit­il­lat­ing their read­ers with my per­sonal de­tails was worth putting me in jeop­ardy.” She then went on to dox the Vice re­porter in­volved, Which Was Morally Wrong And I Do Not Condone It - but also led to some in­ter­est­ing rev­e­la­tions about how much more jour­nal­ists cared when it’s one of their own and not just some vul­ner­a­ble woman in a dic­ta­tor­ship.

Getting all these emails made me re­al­ize that, what­ever the mer­its of my own case, maybe by ac­ci­dent, I was fight­ing for some­thing im­por­tant here. Who am I? I’m no­body, I’m a sci­ence blog­ger with some bad opin­ions. But these peo­ple - the trans peo­ple, the union or­ga­niz­ers, the po­lice whistle­blow­ers, the sexy cy­borgs - the New York Times is­n’t wor­thy to wipe the dirt off their feet. How dare they as­sert the right to ruin these peo­ple’s lives for a cou­ple of ex­tra bucks.

…but I was also grate­ful to get some emails from jour­nal­ists try­ing to help me un­der­stand the per­spec­tive of their field. They point out that re­port­ing is fun­da­men­tally about re­veal­ing in­for­ma­tion that was­n’t pre­vi­ously pub­lic, and hard-hit­ting re­port­ing nec­es­sar­ily in­volves dis­clos­ing things about sub­jects that they would rather you not know. Speculating on the iden­ti­ties of peo­ple like Deep Throat, or Satoshi Nakamoto, or QAnon, or that guy who wrote Primary Colors, is a long-stand­ing jour­nal­is­tic tra­di­tion, one I had never be­fore thought to ques­tion. Many of my cor­re­spon­dents brought up that some im­por­tant peo­ple read my blog (Paul Graham was the most cited name). Isn’t there a point past which you stop be­ing that-guy-with-a-Tum­blr-ac­count who it’s wrong to dox, and you be­come more like Satoshi Nakamoto where try­ing to dox you is a sort of na­tional sport? Wouldn’t it be fair to say I had passed that point?

With all due re­spect to these re­porters, and with com­plete ad­mis­sion of my own bias, I re­ject this en­tire way of look­ing at things. If some­one wants to re­port that I’m a 30-something psy­chi­a­trist who lives in Oakland, California, that’s fine, I’ve had it in my About page for years. If some re­porter wants to in­ves­ti­gate and con­firm, I have some sug­ges­tions for how they could use their time bet­ter - is­n’t there still a war in Yemen? - but I’m not go­ing to com­plain too loudly. But I don’t think what­ever claim the pub­lic has on me in­cludes a right to know my name if I don’t want them to. I don’t think the pub­lic needs to know the name of the cops who write cop blogs, or the dead­names of trans peo­ple, or the dat­ing lives of sexy cy­borgs. I’m not even sure the pub­lic needs to know the name of Satoshi Nakamoto. If he is­n’t harm­ing any­one, let him have his anonymity! I would rather we get what­ever patholo­gies come from peo­ple be­ing able to in­vent Bitcoin scot-free, than get what­ever patholo­gies come from any­one be­ing al­lowed to dox any­one else if they can ar­gue that per­son is influential”. Most peo­ple don’t start out try­ing to be in­flu­en­tial. They just have a Tumblr or a LiveJournal or some­thing, and a few peo­ple read it, and then a few more peo­ple read it, and bam! - they’re in­flu­en­tial! If in­flu­ence takes away your pro­tec­tion, then none of us are safe - not the ran­dom grad stu­dent with a Twitter ac­count mak­ing fun of bad sci­ence, not the teenager with a sex Tumblr, not the as­pir­ing fash­ion­ista with an Instagram. I’ve read lots of in­ter­est­ing dis­cus­sion on how much power tech oli­garchs should or should­n’t be al­lowed to have. But this is the first time I’ve seen some­one sug­gest their pow­ers should in­clude a magic pri­vacy-de­stroy­ing gaze, where just by look­ing at some­one they can trans­form them into a dif­fer­ent kind of cit­i­zen with fewer rights. Is Paul Graham some weird kind of basilisk, such that any­one he stares at too long turns into fair game?

And: a re­cent poll found that 62% of peo­ple feel afraid to ex­press their po­lit­i­cal be­liefs. This is­n’t just con­ser­v­a­tives - it’s also mod­er­ates (64%), lib­er­als (52%) and even many strong lib­er­als (42%). This is true even among mi­nor­ity groups, with more Latinos (65%) feel­ing afraid to speak out than whites (64%), and blacks (49%) close be­hind. 32% of peo­ple worry they would be fired if their po­lit­i­cal views be­came gen­er­ally known, in­clud­ing 28% of Democrats and 38% of Republicans. Poor peo­ple and Hispanics were more likely to ex­press this con­cern than rich peo­ple and whites, but peo­ple with post-grad­u­ate de­grees have it worse than any other de­mo­graphic group.

And the kicker is that these num­bers are up al­most ten per­cent­age points from the last poll three years ago. The biggest de­cline in feel­ing safe was among strong lib­er­als”, who feel an en­tire 12 per­cent­age points less safe ex­press­ing their opin­ion now than way back in the hoary old days of 2017. What hap­pens in a world where this trend con­tin­ues? Does every­one even­tu­ally feel so un­safe that we com­pletely aban­don the pub­lic square to pro­fes­sional-opin­ion-havers, talk­ing heads al­lowed to pon­tif­i­cate be­cause they have the back­ing of gi­ant in­sti­tu­tions? What bi­ases does that in­tro­duce to the dis­cus­sion? And if we want to avoid that, is there any bet­ter way then a firm stance that peo­ple’s on­line pseu­do­nymity is a ba­sic right, not to be chal­lenged with­out one hell of a com­pelling pub­lic in­ter­est? Not just they got kinda big, so now we can de­stroy them guilt-free”, but an ac­tual pub­lic in­ter­est?

I’m not try­ing to con­vince the New York Times - ob­vi­ously it would very much fit their busi­ness plan if we came to rely on pro­fes­sional-opin­ion-havers backed by big in­sti­tu­tions. I’m try­ing to con­vince you, the av­er­age Internet per­son. For the first ten or twenty years of its his­tory, the Internet had a ro­bust norm against doxxing. You could troll peo­ple, you could Goatse or Rickroll them, but doxxing was be­yond the pale. One of the vet­er­ans of this era is Lawrence Lessig, who I was de­lighted to see com­ing to my de­fense. We’ve lost a lot of that old Internet, sold our birthright to so­cial me­dia com­pa­nies and con­tent providers for a few spurts of dopamine, but I think this norm is still worth pro­tect­ing.

If me set­ting my­self on fire got the New York Times to re­think some of its poli­cies, and ac­ci­den­tally helped some of these peo­ple win their own fights, it was to­tally worth it.

Now these points of data make a beau­ti­ful line

And we’re out of beta, we’re re­leas­ing on time

So I’m glad I got burned

Think of all the things we learned

For the peo­ple who are still alive

There’s a scene in Tom Sawyer where Tom runs away from town and is pre­sumed dead. He re­turns just as they’re hold­ing his fu­neral, and gets to lis­ten to every­one praise his life and talk about how much they loved him. Seems like a good deal. Likewise, Garrison Keillor said that - since they say such nice things at peo­ple’s fu­ner­als - it was a shame he was go­ing to miss his own by just a few days.

After delet­ing the blog I felt like I was at­tend­ing my own fu­neral. I asked peo­ple to send the Times emails ask­ing them not to pub­lish the ar­ti­cle. Some peo­ple ccd me on them. These weren’t just Dear NYT, please do not dox this blog­ger, yours, John”. Some of them were a bit over-the-top. I be­lieve a few of them may have used the words national trea­sure”. I can only hope the peo­ple at my real fu­neral are as kind.

Other peo­ple just sent me the over-the-top emails di­rectly. I got emails from peo­ple in far-away, very poor coun­tries, telling me that there was noth­ing at all like a ra­tio­nal­ist move­ment in their coun­tries and my blog was how they kept up with the in­tel­lec­tual cur­rents of a part of the world they might never see. I am hum­bled to be able to help them.

I got emails from med­ical in­terns and res­i­dents, telling me they en­joyed hear­ing about my ex­pe­ri­ences in med­i­cine. You guys only have like three min­utes of free time a week, and I am hum­bled that you would spend some of it read­ing me.

I got emails from peo­ple say­ing I was one of their in­spi­ra­tions for go­ing into sci­ence acad­e­mia. I am so, so, sorry. I am hum­bled by their con­tin­ued sup­port even af­ter I ru­ined their lives.

I got emails from peo­ple in a host of weird and dif­fi­cult sit­u­a­tions, telling me about how read­ing my blog was the only thing that kept them sane through dif­fi­cult times. One woman in­sisted that I start blog­ging be­fore she got preg­nant again be­cause I was her post­par­tum cop­ing strat­egy. I hope I’ve made it in time - but in any case I am hum­bled by their sup­port.

I got emails from cou­ples, say­ing that read­ing my blog to­gether once a week was their ro­man­tic bond­ing ac­tiv­ity. Again, I hope I’ve restarted in time, be­fore any­one’s had to di­vorce. They are very cute and I am hum­bled by their sup­port.

And more along the same lines, and some even more hum­bling than these. I want to grab some of you by the shoul­ders and shake you and shout IT’S JUST A BLOG, GET A LIFE. But of course I would be a hyp­ocrite. I re­mem­ber back to when I was a new col­lege grad­u­ate, des­per­ately try­ing to make sense of the world. I re­mem­ber the sheer re­lief when I came across a few blog­gers - I most clearly re­mem­ber Eliezer Yudkowsky - who seemed to be tuned ex­actly to my wave­length, peo­ple who were mak­ing sense when the en­tire rest of the world was say­ing vague fuzzy things that al­most but not quite con­nected with the mil­lions of ques­tions I had about every­thing. These peo­ple weren’t per­fect, and they did­n’t have all the an­swers, but their ex­is­tence re­as­sured me that I was­n’t crazy and I was­n’t alone. I was an em­bar­rass­ing fan­boy of theirs for many years - I kind of still am - and if my pun­ish­ment is to have em­barass­ing fan­boys of my own then I ac­cept it as part of the cir­cle of life.

And also - I am maybe the worst per­son pos­si­ble to ar­gue that this does­n’t mat­ter. Almost every­thing good in my life I’ve got­ten be­cause of you. I met most of my friends through blog­ging. I met my house­mates, who are ba­si­cally my fam­ily right now, through blog­ging. I got in­tro­duced to my girl­friend by some­one I know through blog­ging. My pa­tients are do­ing bet­ter than they could be - some of them vastly bet­ter - be­cause of things I learned from all of you in the process of blog­ging. Most of the in­tel­lec­tual progress I’ve made over the past ten years has been fol­low­ing up on leads peo­ple sent me be­cause of my blog­ging. To the de­gree that the world makes sense to me, to the de­gree that I’ve been able to un­tie some of the thornier knots and be re­warded with the re­lief of men­tal clar­ity, a lot of it has been be­cause of things I learned while blog­ging. However many over-the-top du­bi­ous claims you want to make about how much I have im­proved your life, I will one-up you with how much you have im­proved mine. And af­ter read­ing a few hun­dred of your emails, I’ve re­al­ized, crys­tal-clear, that I am go­ing to be spend­ing the rest of my life try­ing to de­serve even one per­cent of the love you’ve shown and the gifts you’ve given me.

So I’ve taken the steps I need to in or­der to feel com­fort­able re­veal­ing my real name on­line. I talked to an ag­gres­sively un­help­ful po­lice of­fi­cer about my per­sonal se­cu­rity. I got ad­vice from peo­ple who are more fa­mous than I am, who have al­layed some fears and of­fered some sug­ges­tions. Some of the steps they take seem ex­treme - the Internet is a scarier place than I thought - but I’ve taken some of what they said to heart, re­jected the rest in a cal­cu­lated way, and re­al­ized re­al­is­ti­cally I was never that pro­tected any­how. So here we are.

And I left my job. They were very nice about it, they were ten­ta­tively will­ing to try to make it work. But I just don’t think I can do psy­chother­apy very well while I’m also a pub­lic fig­ure, plus peo­ple were al­ready call­ing them try­ing to get me fired and I did­n’t want to make them deal with more of that.

As I was try­ing to fig­ure out how this was go­ing to work fi­nan­cially, Substack con­vinced me that I could make de­cent money here. With that in place, I felt like I could also take a chance on start­ing my dream busi­ness. You guys have had to lis­ten to me write ad nau­seum about cost dis­ease - why does health care cost 4x times more per capita than it did just a gen­er­a­tion ago? I have a lot of the­o­ries about why that hap­pened and how to fix it. But as Feynman put it, what I can­not cre­ate I can­not un­der­stand”. So I’m go­ing to try to start a med­ical prac­tice that pro­vides great health care to unin­sured peo­ple for 4x less than what any­one else charges. If it works, I plan to be in­suf­fer­able about it. If it does­n’t, I can at least have a fun con­ver­sa­tion with Alex Tabarrok about where our the­o­ries went wrong. Since I’m no longer pro­tect­ing my anonymity, I can ad­ver­tise it here - Lorien Psychiatry - though I’m not cur­rently ac­cept­ing blog read­ers as pa­tients, sorry.

That’s taken up most of my time over the past six months. Going back to blog posts like this is a strange feel­ing. I won­dered if I’d en­joy the break. I did­n’t par­tic­u­larly; it felt at least as much like try­ing to re­sist an ad­dic­tion as it did rest­ing from a dif­fi­cult task. There’s so much left to say! I never got the chance to tell you whether the SSC Survey found birth or­der ef­fects to be bi­o­log­i­cally or so­cially me­di­ated! And the pre­dic­tive pro­cess­ing com­mu­nity is start­ing to re­ally chip away at the ques­tion of why psy­chother­a­pies work - I need to ex­plain this to some­one else be­fore I can be sure I un­der­stand it! I only dis­cov­ered tax­o­met­rics a few months ago and I haven’t talked your ears off about it yet - that will change! I made pre­dic­tions about Trump - now that he’s come and gone I need to grade them pub­licly so you can raise or lower your opin­ion of me as ap­pro­pri­ate! And there’s the book re­view con­test! We are ab­solutely go­ing to do the book re­view con­test!

So here goes. With mal­ice to­wards none, with char­ity to­wards all, with firm­ness in the ṛta as re­flec­tive equi­lib­rium gives us to see the ṛta, let us restart our mu­tual ex­plo­rations, be­gin anew the joy­ful re­duc­tion of un­cer­tainty wher­ever it may lead us.

My name is Scott Siskind, and I love all of you so, so much.

But look at me, still talk­ing when there’s Science to do

When I look out there it makes me glad I’ve got you

I’ve ex­per­i­ments to run, there is re­search to be done

On the peo­ple who are still alive

And be­lieve me I am still alive

I’m do­ing sci­ence and I’m still alive

I feel fan­tas­tic and I’m still alive

Still alive

...

Read the original on astralcodexten.substack.com »

4 647 shares, 32 trendiness, 1013 words and 10 minutes reading time

Rehiring Retired CPU Architects

by on January 21, 2021 5:05 AM EST

We’re fol­low­ing the state of play with Intel’s new CEO, Pat Gelsinger, very closely. Even as an Intel em­ployee for 30 years, ris­ing to the rank of CTO, then tak­ing 12 years away from the com­pany, his ar­rival has been met with praise across the spec­trum given his back­ground and pre­vi­ous suc­cesses. He is­n’t even set to take his new role un­til February 15th, how­ever his re­turn is al­ready caus­ing a stir with Intel’s cur­rent R&D teams.

News in the last 24 hours, based on pub­lic state­ments, states that for­mer Intel Senior Fellow Glenn Hinton, who lists be­ing the lead ar­chi­tect of Intel’s Nehalem CPU core in his list of achieve­ments, is com­ing out of re­tire­ment to re-join the com­pany. (The other lead ar­chi­tect of Nehalem are Ronak Singhal and Per Hammerlund - Ronak is still at Intel, work­ing on next-gen proces­sors, while Per has been at Apple for five years.)

Hinton is an old Intel hand, with 35 years of ex­pe­ri­ence, lead­ing mi­croar­chi­tec­ture de­vel­op­ment of Pentium 4, one of three se­nior ar­chi­tects of Intel’s P6 proces­sor de­sign (which led to Pentium Pro, P2, P3), and ul­ti­mately one of the dri­vers to Intel’s Core ar­chi­tec­ture which is still at the fore­front of Intel’s port­fo­lio to­day. He also a lead mi­croar­chi­tect for Intel’s i960 CA, the world’s first su­per-scalar mi­cro­proces­sor. Hinton holds more than 90+ patents from 8 CPU de­signs from his en­deav­ors. Hinton spent an­other 10+ years at Intel af­ter Nehalem, but Nehalem is listed in many places as his pri­mary pub­lic achieve­ment at Intel.

On his so­cial me­dia posts, Hinton states that he will be work­ing on an ex­cit­ing high per­for­mance CPU pro­ject’. In the as­so­ci­ated com­ments also states that if it was­n’t a fun pro­ject I would­n’t have come back — as you know, re­tire­ment is pretty darn nice’. Glenn also dis­closes that he has been pon­der­ing the move since November, and Gelsinger’s re-hir­ing helped fi­nal­ize that de­ci­sion. His peers also opine that Glenn is prob­a­bly not the only ex-In­tel ar­chi­tect that might be head­ing back to the com­pany. We know a few ar­chi­tects and spe­cial­ists that have left Intel in re­cent years to join Intel’s com­peti­tors, such as AMD and Apple.

There are a few key things to note here worth con­sid­er­ing.

First is that com­ing out of re­tire­ment for a big CPU pro­ject is­n’t a triv­ial thing, es­pe­cially for an Intel Senior Fellow. Given Intel’s suc­cesses, one would as­sume that the fi­nan­cial sit­u­a­tion is not the main dri­ver here, but the op­por­tu­nity to work on some­thing new and ex­cit­ing. Plus, these sorts of pro­jects take years of de­vel­op­ment, at least three, and thus Glenn is sign­ing on for a long term de­spite al­ready hav­ing left to re­tire.

Second point is re­it­er­at­ing that last line — what­ever pro­ject Glenn is work­ing on, it will be a long term pro­ject. Assuming that Glenn is talk­ing about a fresh pro­ject within Intel’s R&D ecosys­tem, it will be 3-5 years be­fore we see the fruits of the la­bor, which also means cre­at­ing a de­sign aimed at what could be a va­ri­ety of process node tech­nolo­gies. Glenn’s ex­per­tise as lead ar­chi­tect is quite likely ap­plic­a­ble for any stage of an Intel R&D de­sign win­dow, but is per­haps best served from the ini­tial stages. The way Glenn seems to put it, this might be a black-ops style de­sign. It also does­n’t spec­ify if this is x86, leav­ing that door open to spec­u­la­tion.

Third here is to rec­og­nize that Intel has a num­ber of proces­sor de­sign teams in-house and de­spite the man­u­fac­tur­ing process de­lays, they haven’t been idle. We’ve been see­ing re­fresh af­ter re­fresh of Skylake lead Intel’s port­fo­lio, and while the first it­er­a­tions of the 10nm Cove cores come to mar­ket, Intel’s in­ter­nal de­sign teams would have been work­ing on the next gen­er­a­tion, and the next gen­er­a­tion af­ter that — the only bar­rier to de­ploy­ment would have been man­u­fac­tur­ing. I re­call a dis­cus­sion with Intel’s en­gi­neers around Kaby Lake time, when I asked about Intel’s progress on IPC — I re­quested a +10% gen-on-gen in­crease over the next two years at the time, and I was told that those de­signs were done and baked — they were al­ready work­ing on the ones be­yond that. Those de­signs were likely Ice/Tiger Lake, and so Intel’s core de­sign teams have been surg­ing ahead de­spite man­u­fac­tur­ing is­sues, and I won­der if there’s now a 3-4 year (or more) de­lay on some of these de­signs. If Glenn is hint­ing at a pro­ject be­yond that, then we could be wait­ing even longer.

Fourth and fi­nally, one of the crit­i­cal el­e­ments listed by a num­ber of an­a­lysts on the an­nounce­ment of Gelsinger’s ar­rival was that he would­n’t have much of an ef­fect un­til 3+ years down the line, be­cause of how prod­uct cy­cles work. I re­jected that premise out­right, stat­ing that Pat can come in and change el­e­ments of Intel’s cul­ture im­me­di­ately, and could sit in the room with the rel­e­vant en­gi­neers and dis­cuss prod­uct de­sign on a level that Bob Swan can­not. Pat has the op­por­tu­nity to arrange the lead­er­ship struc­ture and in­still new con­fi­dence in those struc­tures, some of which may have caused key ar­chi­tects in the past to re­tire, in­stead of build on ex­cit­ing pro­jects.

As we can see, Pat is al­ready hav­ing an ef­fect be­fore his name is even on the door at HQ.

Today is also Intel’s end-of-year fi­nan­cial dis­clo­sure, at 5pm ET. We are ex­pect­ing Intel’s cur­rent CEO, Bob Swan, to talk through what looks to be an­other record break­ing year of rev­enue, and likely the state of play for Intel’s own 7nm process node tech­nolo­gies. That last point is some­what thrown into doubt given the new CEO an­nounce­ment and if Gelsinger is on the call. It is un­known if Gelsinger will par­tic­i­pate.

...

Read the original on www.anandtech.com »

5 466 shares, 24 trendiness, 498 words and 4 minutes reading time

Retiring Tucows Downloads.

We have made the dif­fi­cult de­ci­sion to re­tire the Tucows Downloads site. We’re pleased to say that much of the soft­ware and other as­sets that made up the Tucows Downloads li­brary have been trans­ferred to our friends at the Internet Archive for pos­ter­ity.

The share­ware down­loads bul­letin board sys­tem (BBS) that would be­come Tucows Downloads was founded back in 1993 on a li­brary com­puter in Flint, MI. What started as a place for peo­ple in the know to down­load soft­ware be­came the place to down­load soft­ware on the bur­geon­ing Internet. Far more quickly than any­one could have imag­ined.

A lot has changed since those early years. Tucows has grown and evolved as a busi­ness. It’s been a long time since Tucows has been TUCOWS, which stood for The Ultimate Collection of Winsock Software.

Today, Tucows is the sec­ond-largest do­main name reg­is­trar in the world be­hind Go Daddy and the largest whole­saler of do­main names in the world with cus­tomers like Shopify and other global web­site builder plat­forms. Hover of­fers do­main names and email at re­tail to help peo­ple brand their life on­line. OpenSRS (and along the way our ac­qui­si­tions of Enom, Ascio and EPAG) are the SaaS plat­forms upon which tens of thou­sands of cus­tomers have built their own do­main reg­is­tra­tion busi­nesses, reg­is­ter­ing tens of mil­lions of do­mains on be­half of their cus­tomers. Ting Internet is build­ing fiber-op­tic net­works all over the U. S. At the same time, we’re build­ing the Mobile Services Enabler SaaS plat­form that is pow­er­ing DISHs en­try into the US mo­bile mar­ket.

For the past sev­eral years, his­tory, well sen­ti­men­tal­ity, has been the only rea­son to keep Tucows Downloads around. We talked about shut­ting the site down be­fore. Most se­ri­ously in 2016 when in­stead, we de­cided to go ad-free, keep­ing the site up as a pub­lic ser­vice.

Today is dif­fer­ent. Tucows Downloads is old. Old sites are a main­te­nance chal­lenge and there­fore a risk. Maintaining the Tucows Downloads site pulls peo­ple away from the work that moves our busi­nesses for­ward.

Tucows Downloads has had an in­cred­i­ble run. Retiring it is the right move but that does­n’t al­ter the fact that it will al­ways hold a spe­cial place in hearts and our story. We’re thank­ful to the thou­sands of soft­ware de­vel­op­ers who used Tucows Downloads to get their soft­ware in front of mil­lions of peo­ple, dri­ving bil­lions of down­loads over more than 25 years.

If you’re a de­vel­oper who used the Tucows Author Resource Center (ARC) as part of your soft­ware dis­sem­i­na­tion, to buy code sign­ing or other ser­vices, we’re happy to help with the tran­si­tion.

Any cer­tifi­cates pur­chased through ARC re­main valid. If you’re look­ing to buy or re­new code sign­ing cer­tifi­cates, we in­vite you to go straight to the source; Sectigo was our sup­plier and will be happy to be yours too.

Feel free to reach out to us at help@tu­cows.com if we can help with any­thing at all.

...

Read the original on www.tucows.com »

6 422 shares, 23 trendiness, 882 words and 8 minutes reading time

The Next Gen Database Servers Powering Let's Encrypt

Let’s Encrypt helps to pro­tect a huge por­tion of the Web by pro­vid­ing TLS cer­tifi­cates to more than 235 mil­lion web­sites. A data­base is at the heart of how Let’s Encrypt man­ages cer­tifi­cate is­suance. If this data­base is­n’t per­form­ing well enough, it can cause API er­rors and time­outs for our sub­scribers. Database per­for­mance is the sin­gle most crit­i­cal fac­tor in our abil­ity to scale while meet­ing ser­vice level ob­jec­tives. In late 2020, we up­graded our data­base servers and we’ve been very happy with the re­sults.

Our CA soft­ware, Boulder, uses MySQL-style schemas and queries to man­age sub­scriber ac­counts and the en­tire cer­tifi­cate is­suance process. It’s de­signed to work with a sin­gle MySQL, MariaDB, or Percona data­base. We cur­rently use MariaDB, with the InnoDB data­base en­gine.

We run the CA against a sin­gle data­base in or­der to min­i­mize com­plex­ity. Minimizing com­plex­ity is good for se­cu­rity, re­li­a­bil­ity, and re­duc­ing main­te­nance bur­den. We have a num­ber of repli­cas of the data­base ac­tive at any given time, and we di­rect some read op­er­a­tions to replica data­base servers to re­duce load on the pri­mary.

One con­se­quence of this de­sign is that our data­base ma­chines need to be pretty pow­er­ful. Eventually we may need to shard or break the sin­gle data­base into mul­ti­ple data­bases, but hard­ware ad­vance­ments have al­lowed us to avoid that so far.

The pre­vi­ous gen­er­a­tion of data­base hard­ware was pow­er­ful but it was reg­u­larly be­ing pushed to its lim­its. For the next gen­er­a­tion, we wanted to more than dou­ble al­most every per­for­mance met­ric in the same 2U form fac­tor. In or­der to pull that off, we needed AMD EPYC chips and Dell’s PowerEdge R7525 was ideal. Here are the spec­i­fi­ca­tions:

By go­ing with AMD EPYC, we were able to get 64 phys­i­cal CPU cores while keep­ing clock speeds high: 2.9GHz base with 3.4GHz boost. More im­por­tantly, EPYC pro­vides 128 PCIe v4.0 lanes, which al­lows us to put 24 NVMe dri­ves in a sin­gle ma­chine. NVMe is in­cred­i­bly fast (~5.7x faster than the SATA SSDs in our pre­vi­ous-gen data­base servers) be­cause it uses PCIe in­stead of SATA. However, PCIe lanes are typ­i­cally very lim­ited: mod­ern con­sumer chips typ­i­cally have only 16 lanes, and Intel’s Xeon chips have 48. By pro­vid­ing 128 PCI lanes per chip (v4.0, no less), AMD EPYC has made it pos­si­ble to pack large num­bers of NVMe dri­ves into a sin­gle ma­chine. We’ll talk more about NVMe later.

We’ll start by look­ing at our me­dian time to process a re­quest be­cause it best re­flects sub­scribers’ ex­pe­ri­ence. Before the up­grade, we turned around the me­dian API re­quest in ~90 ms. The up­grade dec­i­mated that met­ric to ~9 ms!

We can clearly see how our old CPUs were reach­ing their limit. In the week be­fore we up­graded our pri­mary data­base server, its CPU us­age (from /proc/stat) av­er­aged over 90%:

The new AMD EPYC CPUs sit at about 25%. You can see in this graph where we pro­moted the new data­base server from replica (read-only) to pri­mary (read/write) on September 15.

The up­grade greatly re­duced our over­all data­base la­tency. The av­er­age query re­sponse time (from INFORMATION_SCHEMA) used to be ~0.45ms.

Queries now av­er­age three times faster, about 0.15ms.

NVMe dri­ves are be­com­ing in­creas­ingly pop­u­lar be­cause of their in­cred­i­ble per­for­mance. Up un­til re­cently, though, it was nearly im­pos­si­ble to get many of them in a sin­gle ma­chine be­cause NVMe uses PCIe lanes. Those were very lim­ited: Intel’s Xeon proces­sors come with just 48 PCIe v3 lanes, and a num­ber of those are used up by the chipset and add-on cards such as net­work adapters and GPUs. You can’t fit many NVMe dri­ves in the re­main­ing lanes.

AMDs lat­est gen­er­a­tion of EPYC proces­sors come with 128 PCIe lanes - more than dou­ble what Intel of­fers - and they’re PCIe v4! This is enough to pack a 2U server full of NVMe dri­ves (24 in our case).

Once you have a server full of NVMe dri­ves, you have to de­cide how to man­age them. Our pre­vi­ous gen­er­a­tion of data­base servers used hard­ware RAID in a RAID-10 con­fig­u­ra­tion, but there is no ef­fec­tive hard­ware RAID for NVMe, so we needed an­other so­lu­tion. One op­tion was soft­ware RAID (Linux mdraid), but we got sev­eral rec­om­men­da­tions for OpenZFS and de­cided to give it a shot. We’ve been very happy with it!

There was­n’t a lot of in­for­ma­tion out there about how best to set up and op­ti­mize OpenZFS for a pool of NVMe dri­ves and a data­base work­load, so we want to share what we learned. You can find de­tailed in­for­ma­tion about our setup in this GitHub repos­i­tory.

This data­base up­grade was nec­es­sary as more peo­ple rely on Let’s Encrypt for the se­cu­rity and pri­vacy that TLS/SSL pro­vides. The equip­ment is quite ex­pen­sive and it was a siz­able un­der­tak­ing for our SRE team to plan and ex­e­cute the tran­si­tion, but we gained a lot through the process.

We de­pend on con­tri­bu­tions from our sup­port­ers in or­der to pro­vide our ser­vices. If your com­pany or or­ga­ni­za­tion would like to spon­sor Let’s Encrypt please email us at spon­sor@letsen­crypt.org. We ask that you make an in­di­vid­ual con­tri­bu­tion if it is within your means.

...

Read the original on letsencrypt.org »

7 375 shares, 22 trendiness, 524 words and 5 minutes reading time

NHTSA releases final Low-Volume Manufacturing Rules

National Highway Traffic Safety Administration (NHTSA) has com­pleted a reg­u­la­tion per­mit­ting low vol­ume mo­tor ve­hi­cle man­u­fac­tur­ers to be­gin sell­ing replica cars that re­sem­ble ve­hi­cles pro­duced at least 25 years ago. Congress en­acted a DeLorean Motor Company-backed bill backed by the Specialty Equipment Market Association (SEMA) DeLorean Motor Company, and oth­ers into law in 2015, which stream­lined re­quire­ments for small au­tomak­ers, but im­ple­men­ta­tion was de­layed while await­ing the NHTSA reg­u­la­tions. Companies like DeLorean will now be able to ap­ply for au­tho­riza­tion to pro­duce and sell ve­hi­cles un­der this pro­gram.

The re­cent re­lease of the fi­nal rule doc­u­ment was un­ex­pected, and we’re very pleased to see it fi­nally hap­pen. Still, four years over­due with no clear idea of when (or if!) these would ever be re­leased did cer­tainly keep us from putting too many eggs in that stain­less steel bas­ket, so to speak.

Some pre­vi­ous sup­pli­ers that we had lined up have gone out of busi­ness dur­ing the pan­demic, oth­ers have been ab­sorbed by larger com­pa­nies that have made it clear low vol­ume com­po­nent pro­duc­tion is not some­thing they’re in­ter­ested in pur­su­ing. In that re­gard there will be a fair amount of work to be re-done. Perhaps worse, some champions” we had at var­i­ous sup­pli­ers have re­tired or moved on. In some cases this has left a void, where be­fore there was a DeLorean fan, who ral­lied for us within their com­pany and man­age­ment.

Additionally, cer­tain staffing can­di­dates that were on our short-list have long since moved on in and while un­em­ploy­ment has in­creased dur­ing 2020, many of the spe­cial­ized roles that we re­quire are still hard to fill.

As men­tioned be­fore, in 2015 our planned en­gine had a life-cy­cle of emis­sions com­pli­ance through 2022. We had hoped to get into pro­duc­tion by 2017 and get 3-4 years out of it be­fore hav­ing to take on the en­gi­neer­ing for a new pow­er­train. It’s be­lieved that this en­gine has been ex­tended through per­haps 2024 now, but it does­n’t seem like a good idea to plan around an en­gine so near its end-of-life.

That said, with EVs be­com­ing more main­stream, we’ve been con­sid­er­ing switch­ing to an all-elec­tric as the fu­ture. It cer­tainly makes for an eas­ier path through emis­sions maze which still looms large over any in­ter­nal com­bus­tion en­gine. While an elec­tric Cobra or Morgan may be a lit­tle ex­treme for their po­ten­tial mar­ket, we’ve al­ready seen that an EV DeLorean — as we dis­played at the 2012 New York International Auto Show — is not such an out there” idea.

Most crit­i­cally, fi­nan­cial mar­kets have changed, and will change even more as the world nav­i­gates the con­tin­u­ing COVID cri­sis dur­ing the Biden ad­min­is­tra­tion. Will the fi­nan­cial sup­port that we had lined up a few years ago to carry us through the fi­nal de­vel­op­ment and into pro­duc­tion still be avail­able?

As the au­to­mo­tive brand with likely the high­est name recog­ni­tion across all de­mo­graph­ics in spite of not hav­ing a new prod­uct in 40 years, we still be­lieve that none of the above is in­sur­mount­able and be­lieve that oth­ers will see value in it, as well.

...

Read the original on www.newdelorean.com »

8 366 shares, 19 trendiness, 266 words and 3 minutes reading time

Over 700,000 paintings from the Rijksmuseum online copyright free

Amsterdam’s Rijksmuseum has put over 700,000 digi­tised copies of its huge art col­lec­tion on­line, and is mak­ing them avail­able to reuse as pub­lic do­main

It’s not a new fea­ture, but it’s not that well known, and it was re­vamped last November. The im­ages are be­ing re­leased un­der Creative Commons 1.0 Universal (CC0 1.0) Public Domain Dedication — which is es­sen­tially copy­right and roy­alty free.

The Rijksstudio, as the on­line gallery is called was funded by the BankGiro Lottery, the Netherlands cul­ture lot­tery that pro­vides long-term sup­port for in­sti­tu­tions.

You can browse and search the Rijksstudio by gen­rea, dates or artists, and even if you’re just brows­ing for plea­sure, the web­site pho­tos are of a high res­o­lu­tion qual­ity.

The col­lec­tion con­tains more than 2,000 paint­ings from the Dutch Golden Age by no­table painters such as Jacob van Ruisdael, Frans Hals, Johannes Vermeer, Jan Steen, Rembrandt, and Rembrandt’s pupils.

Each of the paint­ings, pho­tographs, and draw­ings they’ve scanned has de­tailed in­for­ma­tion about the sub­ject and the artist, along with some his­tory such as when and where it was ac­quired.

The Rijksmuseum re­quires you to open an ac­count on their web­site to down­load any­thing, but in ex­change, the down­loaded graph­ics are high res­o­lu­tion jpegs. You can even see brush strokes in some of the im­ages I down­loaded to test this.

In ad­di­tion, pro­fes­sion­als have an op­tion to re­quest a free TIFF file with colour ref­er­ence and tai­lored ad­vice.

The Rijksstudio, in English, is here.

The British Museum also re­leased nearly 2 mil­lion im­ages from their archive on­line last year.

...

Read the original on www.ianvisits.co.uk »

9 347 shares, 15 trendiness, 1469 words and 13 minutes reading time

How We Ported Linux to the M1

When Apple re­leased their desk­top prod­ucts with the M1 proces­sor in November 2020, quite a few peo­ple in the tech com­mu­nity were sur­prised by the ex­cel­lent per­for­mance of these sys­tems. But those who have been fol­low­ing the de­vel­op­ment of Apple phone chipsets closely knew that the evo­lu­tion­ary path Apple fol­lowed would re­sult in a pow­er­ful 64-bit ARM proces­sor.

At Corellium, we’ve been track­ing the Apple mo­bile ecosys­tem since iPhone 6, re­leased in 2014 with two 64-bit cores. Since then, Apple has been fo­cus­ing their en­ergy on build­ing faster chips, pre­fer­ring to im­prove sin­gle-threaded per­for­mance over throw­ing more cores on the chip. This ap­proach was en­abled by their in-house hard­ware de­sign team, and re­sulted in unique parts with a broad fea­ture set, lead­ing the in­dus­try in terms of ar­chi­tec­tural fea­tures.

It also made Apple sil­i­con rather dis­tinct from all other 64-bit ARM hard­ware in terms of both CPU core and pe­riph­er­als. Our Corellium vir­tu­al­iza­tion plat­form has been pro­vid­ing se­cu­rity re­searchers with un­par­al­leled in­sight into how op­er­at­ing sys­tems and pro­grams work on Apple ARM proces­sors. But in the process of de­vel­op­ing our vir­tu­al­iza­tion sys­tem, we also gain knowl­edge about the hard­ware we are mod­el­ing, and this knowl­edge can be best re­fined by test­ing it against real hard­ware - which we have only been able to do with the emer­gence of checkm8, an ex­ploit that let us load pro­grams onto Apple smart­phones. This led di­rectly to the Sandcastle pro­ject, where we built a ker­nel port to the A10 proces­sor in early 2020.

So when Apple de­cided to al­low in­stalling cus­tom ker­nels on the Macs with M1 proces­sor, we were very happy to try build­ing an­other Linux port to fur­ther our un­der­stand­ing of the hard­ware plat­form. As we were cre­at­ing a model of the proces­sor for our se­cu­rity re­search prod­uct, we were work­ing on the Linux port in par­al­lel.

Many com­po­nents of the M1 are shared with Apple mo­bile SoCs, which gave us a good run­ning start. But when writ­ing Linux dri­vers, it be­came very ap­par­ent how non-stan­dard Apple SoCs re­ally are. Our vir­tual en­vi­ron­ment is ex­tremely flex­i­ble in terms of mod­els it can ac­com­mo­date; but on the Linux side, the 64-bit ARM world has largely set­tled on a well-de­fined set of build­ing blocks and firmware in­ter­faces - nearly none of which were used on the M1.

To start with, Apple CPUs boot the op­er­at­ing sys­tem ker­nel in a dif­fer­ent way. The boot­loader, tra­di­tion­ally called iBoot, loads an ex­e­cutable ob­ject file in a for­mat called Mach-O, op­tion­ally com­pressed and wrapped in a signed ASN.1 based wrap­per for­mat called IMG4. For com­par­i­son, nor­mal Linux on 64-bit ARM starts as a flat bi­nary im­age (optionally com­pressed and put in one of the few con­tainer for­mats), or a Windows-style PE ex­e­cutable on UEFI plat­forms.

But the real sur­prises start when fur­ther CPU cores are brought up. On other 64-bit ARM sys­tems, this is done by call­ing the firmware through an in­ter­face called PSCI (a few sys­tems use poll-ta­bles, but the firmware is still re­spon­si­ble for them). But on M1, CPU cores start at an ad­dress spec­i­fied by a MMIO reg­is­ter (set to a spe­cific off­set within the ker­nel im­age, then locked, by the boot­loader), and sim­ply be­gin run­ning the ker­nel.

If that was­n’t enough, Apple de­signed their own in­ter­rupt con­troller, the Apple Interrupt Controller (AIC), not com­pat­i­ble with ei­ther of the ma­jor ARM GIC stan­dards. And not only that: the timer in­ter­rupts - nor­mally con­nected to a reg­u­lar per-CPU in­ter­rupt on ARM - are in­stead routed to the FIQ, an ab­struse ar­chi­tec­tural fea­ture, seen more fre­quently in the old 32-bit ARM days. Naturally, Linux ker­nel did not sup­port de­liv­er­ing any in­ter­rupts via the FIQ path, so we had to add that.

When you try to get mul­ti­ple proces­sors in a sys­tem to talk to each other, you have to pro­vide a set of in­ter-proces­sor in­ter­rupts (IPIs). On older Apple SoCs, those were han­dled sim­i­larly to IRQs, by ex­e­cut­ing MMIO ac­cesses to the AIC. But on newer ones, Apple uses a set of proces­sor core reg­is­ters to dis­patch and ac­knowl­edge IPIs, and they are - again - de­liv­ered as FIQs. So the FIQ sup­port was re­ally quite im­por­tant. Fortunately, our work on vir­tual mod­els in our se­cu­rity re­search prod­uct has pre­pared us for this.

After work­ing out a few more hard­ware quirks, and adding a pre-loader that acts as a wrap­per for Linux and pro­vides a tram­po­line for start­ing proces­sor cores, we could set a frame­buffer and were greeted with the sight of eight pen­guins rep­re­sent­ing the eight cores of the M1.

Unfortunately, since we do not have a UART ca­ble for the M1 Macs, we had to find an­other way to add a key­board (and maybe even a mouse). There are fun­da­men­tally three paths to do that on the M1 Mac Mini: the built-in USB host in the M1 chip (serves the Thunderbolt/USB ports), the xHCI USB host on PCIe (serves the type A ports) and Bluetooth.

While we won’t get into the de­tails of Apple Bluetooth, we’ll note it uses a non-stan­dard PCIe-based pro­to­col that is sup­ported in our vir­tu­al­iza­tion prod­uct, and would re­quire not only bring­ing up PCIe ports on the M1 chip, but also writ­ing a cus­tom ker­nel dri­ver for this pro­to­col. That made it seem like the worst choice for get­ting this done quickly.

This means we had a choice be­tween bring­ing up PCIe and us­ing the stan­dard ker­nel xHCI dri­ver, or bring­ing up the built-in USB con­troller. Apple has been us­ing the Synopsys DWC3 dual-role USB con­troller for a while in their chips, and it has a Linux ker­nel dri­ver. Unfortunately, Apple is also in the habit of adding cus­tom logic around the con­troller, so this ended up be­ing a fair bit of work.

Both the PCIe and the built-in DWC3 USB con­troller on M1 use IOMMUs, called DARTs. Apple has been re­fin­ing their DART de­sign in a con­sis­tent, evo­lu­tion­ary way, re­sult­ing in an ex­cel­lent, full-fea­tured IOMMU. The last ver­sion even has sup­port for sub-page mem­ory pro­tec­tion, rarely seen else­where. (We had a blog post on IOMMUs and other sim­i­lar de­vices last month.)

To ac­tu­ally con­nect the USB port in­side the M1 to the USB type-C con­nec­tors on the back of the Mac Mini, we had to in­ter­act with a chip on I2C (which means GPIO and I2C dri­vers) which has cus­tomized firmware. We’ve seen the pro­to­col for these while build­ing our vir­tu­al­ized mod­els; noth­ing is a big sur­prise if you have a bird’s eye view of the sys­tem.

After a few days of fig­ur­ing out the de­tails of USB, we were fi­nally able to con­nect an ex­ter­nal USB hub and con­nect a key­board, mouse and a Flash drive, open­ing the pos­si­bil­ity for run­ning a nor­mal desk­top Linux dis­tri­b­u­tion.

The first step to boot­ing Linux on your Mac Mini M1 is to down­load the Ubuntu POC rootfs avail­able here. We used a Raspberry Pi im­age be­cause it was a live USB boot im­age, so we only had to make mi­nor mod­i­fi­ca­tions to boot it.

You will need a min­i­mum 16G ex­ter­nal USB drive. Extract the im­age by typ­ing:

Then, use disk util­ity to lo­cate the name of the ex­ter­nal disk. Finally, copy the im­age to the USB drive us­ing:

Connect your USB drive to the Mac Mini M1 us­ing a don­gle via the USB C port. The USB A ports are not cur­rently sup­ported.

To boot into 1TR (the one true re­cov­ery OS), turn off your Mac Mini M1 and then hold Power un­til you see loading op­tions”. Once it loads, you can se­lect the ter­mi­nal op­tion from the menu bar at the top.

The next step is to in­stall the cus­tom ker­nel. We have made a script that makes this step eas­ier for you. You can run it by typ­ing:

The script will prompt you for your user­name and pass­word. One you see it print Kernel in­stalled” it’s safe to type re­boot.

Once you’re booted, you’ll be prompted for a lo­gin. The user­name is pi” and the pass­word is raspberry.” The root pass­word is also raspberry.”

To re­vert to boot­ing MacOS, in 1TR open ter­mi­nal and type bputil -n

If you’re in­ter­ested in sup­port­ing our work on open source pro­jects like these, please con­sider do­nat­ing on our be­half to the EFF, who work tire­lessly to de­fend se­cu­rity re­searchers and pro­tect the dig­i­tal rights of users and de­vel­op­ers. You should also con­sider sup­port­ing the work be­ing done by the folks over at Asahi Linux.

We’d like to ex­tend a very spe­cial thanks to the en­gi­neers be­hind PongoOS for con­tribut­ing their ex­per­tise and col­lab­o­ra­tion. We’re look­ing for­ward to up­dat­ing with a ver­sion that uses PongoOS as the boot­loader!

...

Read the original on corellium.com »

10 333 shares, 20 trendiness, 159 words and 2 minutes reading time

Bitwarden Help & Support

Bitwarden be­lieves source code trans­parency is an ab­solute re­quire­ment for se­cu­rity so­lu­tions like ours. View full, de­tailed Release Notes in GitHub us­ing any of the fol­low­ing links:

Dates on this page rep­re­sent Cloud Server and Web re­leases. Bitwarden in­cre­men­tally up­dates each client ap­pli­ca­tion (Desktop, Browser Extension, Mobile, etc.) fol­low­ing the ini­tial re­lease date to en­sure fea­ture ef­fi­cacy and sta­bil­ity.

As a re­sult, client ap­pli­ca­tions should ex­pect listed fea­tures fol­low­ing the ini­tial re­lease.

For the first ma­jor re­lease of 2021, the Bitwarden team com­bined mul­ti­ple ma­jor en­hance­ments to ad­dress the crit­i­cal needs of all users, in­clud­ing:

* Emergency Access: Bitwarden’s new Emergency Access fea­ture en­ables users to des­ig­nate and man­age trusted emer­gency con­tacts, who may re­quest ac­cess to their Vault in a Zero Knowledge/Zero Trust en­vi­ron­ment (see here for de­tails).

* Encrypted Exports: Personal users and Organizations can now ex­port Vault data in an en­crypted .json file (see here for de­tails).

* New Role: A Custom role is now avail­able to al­low for gran­u­lar con­trol over user per­mis­sions (see here for de­tails).

* New Enterprise Policy: The Personal Ownership pol­icy is now avail­able for use by Enterprise Organization (see here for de­tails).

* Biometric Unlock for Browser Extensions: Using an in­te­gra­tion with a na­tive Desktop ap­pli­ca­tion, you can now use Biometric in­put to un­lock Firefox and Chromium-based Browser Extensions (see here for de­tails).

The lat­est re­lease of Bitwarden adds SSO-related en­hance­ments to all client ap­pli­ca­tions, in­clud­ing:

* New Enterprise Policies: The Single Organization and Single Sign-On Authentication po­lices are now avail­able for use by Enterprise Organizations (see here for de­tails).

* API Key for CLI: Authenticate into the Bitwarden CLI us­ing an API Key newly avail­able from your Web Vault (see here for de­tails).

* Improvements to SSO Onboarding: We’ve made some im­prove­ments to the way users are on­boarded via SSO to pre­vent po­ten­tial se­cu­rity risks (see here for de­tails).

* GDPR Acknowledgement: From now on, new users of Bitwarden will be asked to ac­knowl­edge a Privacy Policy on reg­is­tra­tion.

* Android 11 Inline Auto-fill: For de­vices us­ing Android 11+, en­abling the Auto-fill Service will dis­play sug­ges­tions in­line for IMEs that also sup­port this fea­ture (see here for de­tails).

The lat­est re­lease of Bitwarden adds much-an­tic­i­pated Login with SSO func­tion­al­ity for all client ap­pli­ca­tions, and the Business Portal for Web Vaults. Read this blog post for more in­for­ma­tion about Login with SSO, and re­fer to our doc­u­men­ta­tion.

The fol­low­ing items were re­leased be­tween March and September of 2020.

...

Read the original on bitwarden.com »

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

If you like 10HN please leave feedback and share

Visit pancik.com for more.