Last week, Elastic an­nounced they will change their soft­ware li­cens­ing strat­egy, and will not re­lease new ver­sions of Elasticsearch and Kibana un­der the Apache License, Version 2.0 (ALv2). Instead, new ver­sions of the soft­ware will be of­fered un­der the Elastic License (which lim­its how it can be used) or the Server Side Public License (which has re­quire­ments that make it un­ac­cept­able to many in the open source com­mu­nity). This means that Elasticsearch and Kibana will no longer be open source soft­ware. In or­der to en­sure open source ver­sions of both pack­ages re­main avail­able and well sup­ported, in­clud­ing in our own of­fer­ings, we are an­nounc­ing to­day that AWS will step up to cre­ate and main­tain a ALv2-licensed fork of open source Elasticsearch and Kibana.

We launched Open Distro for Elasticsearch in 2019 to pro­vide cus­tomers and de­vel­op­ers with a fully fea­tured Elasticsearch dis­tri­b­u­tion that pro­vides all of the free­doms of ALv2-licensed soft­ware. Open Distro for Elasticsearch is a 100% open source dis­tri­b­u­tion that de­liv­ers func­tion­al­ity prac­ti­cally every Elasticsearch user or de­vel­oper needs, in­clud­ing sup­port for net­work en­cryp­tion and ac­cess con­trols. In build­ing Open Distro, we fol­lowed the rec­om­mended open source de­vel­op­ment prac­tice of “upstream first.” All changes to Elasticsearch were sent as up­stream pull re­quests (#42066, #42658, #43284, #43839, #53643, #57271, #59563, #61400, #64513), and we then in­cluded the “oss” builds of­fered by Elastic in our dis­tri­b­u­tion. This en­sured that we were col­lab­o­rat­ing with the up­stream de­vel­op­ers and main­tain­ers, and not cre­at­ing a “fork” of the soft­ware.

Choosing to fork a pro­ject is not a de­ci­sion to be taken lightly, but it can be the right path for­ward when the needs of a com­mu­nity di­verge—as they have here. An im­por­tant ben­e­fit of open source soft­ware is that when some­thing like this hap­pens, de­vel­op­ers al­ready have all the rights they need to pick up the work them­selves, if they are suf­fi­ciently mo­ti­vated. There are many suc­cess sto­ries here, like Grafana emerg­ing from a fork of Kibana 3.

When AWS de­cides to of­fer a ser­vice based on an open source pro­ject, we en­sure that we are equipped and pre­pared to main­tain it our­selves if nec­es­sary. AWS brings years of ex­pe­ri­ence work­ing with these code­bases, as well as mak­ing up­stream code con­tri­bu­tions to both Elasticsearch and Apache Lucene, the core search li­brary that Elasticsearch is built on—with more than 230 Lucene con­tri­bu­tions in 2020 alone.

Our forks of Elasticsearch and Kibana will be based on the lat­est ALv2-licensed code­bases, ver­sion 7.10. We will pub­lish new GitHub repos­i­to­ries in the next few weeks. In time, both will be in­cluded in the ex­ist­ing Open Distro dis­tri­b­u­tions, re­plac­ing the ALv2 builds pro­vided by Elastic. We’re in this for the long haul, and will work in a way that fos­ters healthy and sus­tain­able open source prac­tices—in­clud­ing im­ple­ment­ing shared pro­ject gov­er­nance with a com­mu­nity of con­trib­u­tors.

You can rest as­sured that nei­ther Elastic’s li­cense change, nor our de­ci­sion to fork, will have any neg­a­tive im­pact on the Amazon Elasticsearch Service (Amazon ES) you cur­rently en­joy. Today, we of­fer 18 ver­sions of Elasticsearch on Amazon ES, and none of these are af­fected by the li­cense change.

In the fu­ture, Amazon ES will be pow­ered by the new fork of Elasticsearch and Kibana. We will con­tinue to de­liver new fea­tures, fixes, and en­hance­ments. We are com­mit­ted to pro­vid­ing com­pat­i­bil­ity to elim­i­nate any need to up­date your client or ap­pli­ca­tion code. Just as we do to­day, we will pro­vide you with a seam­less up­grade path to new ver­sions of the soft­ware.

This change will not slow the ve­loc­ity of en­hance­ments we of­fer to our cus­tomers. If any­thing, a com­mu­nity-owned Elasticsearch code­base pre­sents new op­por­tu­ni­ties for us to move faster in im­prov­ing sta­bil­ity, scal­a­bil­ity, re­siliency, and per­for­mance.

Developers em­brace open source soft­ware for many rea­sons, per­haps the most im­por­tant be­ing the free­dom to use that soft­ware where and how they wish.

The term “open source” has had a spe­cific mean­ing since it was coined in 1998. Elastic’s as­ser­tions that the SSPL is “free and open” are mis­lead­ing and wrong. They’re try­ing to claim the ben­e­fits of open source, while chip­ping away at the very de­f­i­n­i­tion of open source it­self. Their choice of SSPL be­lies this. SSPL is a non-open source li­cense de­signed to look like an open source li­cense, blur­ring the lines be­tween the two. As the Fedora com­mu­nity states, “[to] con­sider the SSPL to be ‘Free’ or ‘Open Source’ causes [a] shadow to be cast across all other li­censes in the FOSS ecosys­tem.”

In April 2018, when Elastic co-min­gled their pro­pri­etary li­censed soft­ware with the ALv2 code, they promised in “We Opened X-Pack”: “We did not change the li­cense of any of the Apache 2.0 code of Elasticsearch, Kibana, Beats, and Logstash — and we never will.” Last week, af­ter reneg­ing on this promise, Elastic up­dated that same page with a foot­note that says “circumstances have changed.”

Elastic knows what they’re do­ing is fishy. The com­mu­nity has told them this (e.g., see Brasseur, Quinn, DeVault, and Jacob). It’s also why they felt the need to write an ad­di­tional blus­tery blog (on top of their ini­tial li­cense change blog) to try to ex­plain their ac­tions as “AWS made us do it.” Most folks aren’t fooled. We did­n’t make them do any­thing. They be­lieve that re­strict­ing their li­cense will lock oth­ers out of of­fer­ing man­aged Elasticsearch ser­vices, which will let Elastic build a big­ger busi­ness. Elastic has a right to change their li­cense, but they should also step up and own their own de­ci­sion.

In the mean­time, we’re ex­cited about the long-term jour­ney we’ve em­barked on with Open Distro for Elasticsearch. We look for­ward to pro­vid­ing a truly open source op­tion for Elasticsearch and Kibana us­ing the ALv2 li­cense, and build­ing and sup­port­ing this fu­ture with the com­mu­nity.

An ear­lier ver­sion of this post in­cor­rectly in­di­cated that the Jenkins CI tool was a fork. We thank @abayer for the cor­rec­tion.

The win­dows crate lets you call any Windows API past, pre­sent, and fu­ture us­ing code gen­er­ated on the fly di­rectly from the meta­data de­scrib­ing the API and right into your Rust pack­age where you can call them as if they were just an­other Rust mod­ule.

The Rust lan­guage pro­jec­tion fol­lows in the tra­di­tion es­tab­lished by C++/WinRT of build­ing lan­guage pro­jec­tions for Windows us­ing stan­dard lan­guages and com­pil­ers, pro­vid­ing a nat­ural and id­iomatic way for Rust de­vel­op­ers to call Windows APIs.

Start by adding the fol­low­ing to your Cargo.toml file:

[dependencies]

win­dows = “0.2.1”

[build-dependencies]

win­dows = “0.2.1”

This will al­low Cargo to down­load, build, and cache Windows sup­port as a pack­age. Next, spec­ify which types you need in­side of a build.rs build script and the win­dows crate will gen­er­ate the nec­es­sary bind­ings:

fn main() {

win­dows::build!(

win­dows::data::xml::dom::*

win­dows::win32::sys­tem_ser­vices::{Cre­ateEventW, SetEvent, WaitForSingleObject}

win­dows::win32::win­dows_pro­gram­ming::Close­Han­dle

Finally, make use of any Windows APIs as needed.

mod bind­ings {

::windows::include_bindings!();

use bind­ings::{

win­dows::data::xml::dom::*,

win­dows::win32::sys­tem_ser­vices::{Cre­ateEventW, SetEvent, WaitForSingleObject},

win­dows::win32::win­dows_pro­gram­ming::Close­Han­dle,

fn main() -> win­dows::Re­sult

To re­duce build time, use a bind­ings crate rather sim­ply a mod­ule. This will al­low Cargo to cache the re­sults and build your pro­ject far more quickly.

There is an ex­per­i­men­tal doc­u­men­ta­tion gen­er­a­tor for the Windows API. The doc­u­men­ta­tion is pub­lished here. This can be use­ful to fig­ure out how the var­i­ous Windows APIs map to Rust mod­ules and which use paths you need to use from within the build macro.

For a more com­plete ex­am­ple, take a look at Robert Mikhayelyan’s Minesweeper. More sim­ple ex­am­ples can be found here.

This was a tri­umph

I’m mak­ing a note here, huge suc­cess

No, se­ri­ously, it was aw­ful. I deleted my blog of 1,557 posts. I wanted to pro­tect my pri­vacy, but I ended up with ar­ti­cles about me in New Yorker, Reason, and The Daily Beast. I wanted to pro­tect my anonymity, but I Streisand-Effected my­self, and a bunch of trolls went around post­ing my real name every­where they could find. I wanted to avoid los­ing my day job, but ended up quit­ting so they would­n’t be af­fected by the fall­out. I lost a five-digit sum in ad­ver­tis­ing and Patreon fees. I ac­ci­den­tally sent about three hun­dred emails to each of five thou­sand peo­ple in the process of try­ing to put my blog back up.

I had, not to mince words about it, a re­ally weird year.

513,000 peo­ple read my blog post com­plain­ing about the New York Times’ at­tempt to dox me (for com­par­i­son, there are 366,000 peo­ple in Iceland). So many peo­ple can­celled their sub­scrip­tion that the Times’ ex­as­per­ated cus­tomer ser­vice agents started pre-empt­ing callers with “Is this about that blog thing?” A friend of a friend re­ports her grand­mother in Slovakia heard a story about me on Slovak-language ra­dio.

I got emails from no fewer than four New York Times jour­nal­ists ex­press­ing sym­pa­thy and of­fer­ing to ex­plain their pa­per’s stan­dards in case that helped my cause. All four of them gave to­tally dif­fer­ent ex­pla­na­tions, dis­agree­ing about whether the re­porter I dealt with was just fol­low­ing the rules, was fla­grantly vi­o­lat­ing the rules, was un­af­fected by any rules, or what. Seems like a fun place to work. I was nev­er­the­less hum­bled by their sup­port.

I got an email from Balaji Srinivasan, a man whose anti-cor­po­rate-me­dia cru­sade strad­dles a pre­vi­ously un­rec­og­nized bor­der be­tween en­dear­ing and ter­ri­fy­ing. He had some very cre­ative sug­ges­tions for how to deal with jour­nal­ists. I’m not sure any of them were es­pe­cially ac­tion­able, at least not while the Geneva Convention re­mains in ef­fect. But it was still a good learn­ing ex­pe­ri­ence. In par­tic­u­lar, I learned never to make an en­emy of Balaji Srinivasan. I am hum­bled by his sup­port.

I got emails from two dif­fer­ent pre­dic­tion ag­gre­ga­tors say­ing they would show they cared by open­ing mar­kets into whether the Times would end up doxxing me or not. One of them ended up with a to­tal trade vol­ume in the four dig­its. For a brief mo­ment, I prob­a­bly had more ad­vanced de­ci­sion-mak­ing tech­nol­ogy ad­vis­ing me in my stu­pid con­flict with a news­pa­per than the CIA uses for some wars. I am hum­bled by their sup­port.

I got an email from a very an­gry man who be­lieved I per­son­ally wrote the en­tirety of Slate.com. He told me I was a hyp­ocrite for want­ing pri­vacy even though Slate.com had ap­par­ently pub­lished some pri­vacy-vi­o­lat­ing sto­ries. I tried to cor­rect him, but it seemed like his email client only ac­cepted replies from peo­ple on his con­tact list. I think this might be what the Catholics call “invincible ig­no­rance”. But, uh, I’m sure if we got a chance to sort it out I would have been hum­bled by his sup­port.

I got an email from a for­mer mem­ber of the GamerGate move­ment, of­fer­ing ad­vice on man­ag­ing PR. It was very thor­ough and they had ob­vi­ously put a lot of ef­fort into it, but it was all premised on this idea that GamerGate was some kind of shin­ing PR suc­cess, even though as I re­mem­ber it they man­aged to take a com­plaint about a video game re­view and mis­han­dle it so badly that they lit­er­ally got con­demned by the UN General Assembly. But it’s the thought that counts, and I am hum­bled by their sup­port.

I got an email from a Russian reader, which I will quote in full: “In Russia we wit­nessed sim­i­lar things back in 1917. 100 years later the same sit­u­a­tion is in your coun­try :)”. I am not sure it re­ally makes sense to com­pare my at­tempted doxxing to the Bolshevik Revolution, and that smi­ley face will haunt my dreams, but I am hum­bled by his sup­port.

Eventually it be­came kind of over­whelm­ing. 7500 peo­ple signed a pe­ti­tion in my fa­vor. Russia Today wrote an ar­ti­cle about my sit­u­a­tion as part of their pro­pa­ganda cam­paign against the United States. Various tech fig­ures started a cam­paign to stop grant­ing in­ter­views to NYT in protest. All of the hum­bling sup­port kind of blended to­gether. At my char­ac­ter level, I can only cast the spell Summon Entire Internet once per decade or so. So as I clicked through email af­ter email, I asked my­self: did I do the right thing?

I’m not even an­gry

I’m be­ing so sin­cere right now

Before we go any fur­ther: your con­spir­acy the­o­ries are false. An SSC reader ad­mit­ted to telling a New York Times re­porter that SSC was in­ter­est­ing and he should write a story about it. The re­porter pur­sued the story on his rec­om­men­da­tion. It was­n’t an at­tempt by the Times to crush a com­peti­tor, it was­n’t re­tal­i­a­tion for my hav­ing writ­ten some crit­i­cal things about the news busi­ness, it was­n’t even a po­lit­i­cal at­tempt to can­cel me. Someone just told a re­porter I would make a cool story, and the re­porter went along with it.

Nor do I think it was go­ing to be a hit piece, at least not at first. I heard from most of the peo­ple who the Times in­ter­viewed. They were mostly sym­pa­thetic sources, the in­ter­viewer asked mostly sym­pa­thetic ques­tions, and some­one who knows New York Times re­porters says the guy on my case was their non-hit-piece guy; they have a dif­fer­ent re­porter for hatchet jobs. After I torched the blog in protest, they seem to have briefly flirted with turn­ing it into a hit piece, and the fol­low­ing week they switched to in­ter­view­ing every­one who hated me and ask­ing a lot of lead­ing ques­tions about po­ten­tially bad things I did. My con­tacts in the news in­dus­try said even this was­n’t nec­es­sar­ily sin­is­ter. They might have as­sumed I had some­thing to hide, and wanted to fig­ure out what it was just in case it was a bet­ter story than the orig­i­nal. Or they might have been de­lib­er­ately in­ter­view­ing friendly sources first, in or­der to make me feel safe so I would grant them an in­ter­view, and then moved on to the un­friendly ones af­ter they knew that would­n’t hap­pen. I’m not sure. But the pat­tern does­n’t match “hit piece from the be­gin­ning”.

As much crappy po­lit­i­cal stuff as there is in both the news in­dus­try and the blog­sphere these days, I don’t think this was a left-right po­lit­i­cal is­sue. I think the New York Times wanted to write a fairly bor­ing ar­ti­cle about me, but some guide­line said they had to re­veal sub­jects’ real iden­ti­ties, if they knew them, un­less the sub­ject was in one of a few pre­de­fined sym­pa­thetic cat­e­gories (eg sex work­ers). I did get to talk to a few sym­pa­thetic peo­ple from the Times, who were pretty con­fused about whether such a guide­line ex­isted, and cer­tainly it’s hon­ored more in the breach than in the ob­ser­vance (eg Virgil Texas). But I still think the most likely ex­pla­na­tion for what hap­pened was that there was a rule sort of like that on the books, some de­part­ments and ed­i­tors fol­lowed it more slav­ishly than oth­ers, and I had the bad luck to be as­signed to a de­part­ment and ed­i­tor that fol­lowed it a lot. That’s all. Anyway, they did the right thing and de­cided not to pub­lish the ar­ti­cle, so I have no re­main­ing beef with them.

I also owe the Times apolo­gies for a few things I did while fight­ing them. In par­tic­u­lar, when I told them I was go­ing to delete the blog if they did­n’t promise not to dox me, I gave them so lit­tle warn­ing that it prob­a­bly felt like a bizarre ul­ti­ma­tum. At the time I was wor­ried if I gave them more than a day’s warn­ing, they could just pub­lish the story while I waited; later, peo­ple con­vinced me the Times is in­ca­pable of act­ing quickly and I could have let them think about it for longer.

Also, I asked you all to email an NYT tech ed­i­tor with your com­plaints. I as­sumed NYT ed­i­tors, like Presidents and Senators, had un­lim­ited flunkies sort­ing through their mail­bags, and would not be per­son­ally af­fected by any email del­uge. I was wrong and I ac­tu­ally di­rected a three to four digit num­ber of emails to the per­sonal work in­box of some nor­mal per­son with a fi­nite num­ber of flunkies. That was prob­a­bly pretty har­row­ing and I’m sorry.

As for the Times’ mis­takes: I think they just did­n’t ex­pect me to care about anonymity as much as I did. In fact, most of my sup­port­ers, and most of the savvy peo­ple giv­ing me ad­vice, did­n’t ex­pect me to care as much as I did. Maybe I should ex­plain more of my his­tory here: back in the early 2010s I blogged un­der my real name. When I in­ter­viewed for my dream job in psy­chi­a­try, the in­ter­viewer had Googled my name, found my blog, and asked me some re­ally pointed ques­tions about whether hav­ing a blog meant I was ir­re­spon­si­ble and un­pro­fes­sional. There was­n’t even any­thing con­tro­ver­sial on the blog - this was back in the early 2010s, be­fore they in­vented con­tro­versy. They were just old-school pre-so­cial-me­dia-era peo­ple who thought hav­ing a blog was fun­da­men­tally in­com­pat­i­ble with the dig­nity of be­ing a psy­chi­a­trist. I did­n’t get that job, nor sev­eral oth­ers I thought I was a shoo-in for. I ac­tu­ally failed my en­tire first year of ACGME match and was pretty close to hav­ing to give up on a med­ical ca­reer. At the time I felt like that would mean my life was over.

So I took a bunch of steps to be in a bet­ter po­si­tion for the next year’s round of in­ter­views, and one of the most im­por­tant was delet­ing that blog, scrub­bing it off the Web as best I could, and restart­ing my whole on­line pres­ence un­der a pseu­do­nym. I was never able to com­pletely erase my­self from the Internet, but I made some strate­gic de­ci­sions - like leav­ing up a bunch of older stuff that men­tioned my real name so that ca­sual searchers would find that in­stead of my real blog. The next year, I tried the job in­ter­view cir­cuit again and got hired.

But I still had this re­ally strong sense that my ca­reer hung on this thread of stay­ing anony­mous. Sure, my se­cu­rity was ter­ri­ble, and a few trolls and male­fac­tors found my real name on­line and used it to taunt me. But my at­tend­ings and my fu­ture em­ploy­ers could­n’t just Google my name and find it im­me­di­ately. Also, my pa­tients could­n’t Google my name and find me im­me­di­ately, which I was in­creas­ingly re­al­iz­ing the psy­chi­atric com­mu­nity con­sid­ered im­por­tant. Therapists are sup­posed to be blank slates, avail­able for pa­tients to pro­ject their con­flicts and fan­tasies upon. Their dis­tant fa­ther, their abu­sive boyfriend, their what­ever. They must not know you as a per­son. One of my more ded­i­cated pro­fes­sors told me about how he used to have a pic­ture of his chil­dren on a shelf in his of­fice. One of his pa­tients asked him whether those were his chil­dren. He de­scribed sud­denly re­al­iz­ing that he had let his de­sire to show off over­come his duty as a psy­chi­a­trist, mum­bling a non­com­mi­tal re­sponse lest his pa­tient learn whether he had chil­dren or not, tak­ing the pic­ture home with him that night, and never dis­play­ing any per­sonal items in his of­fice ever again. That guy was kind of an ex­treme case, but this is some­thing all psy­chi­a­trists think about, and bet­ter py­chi­a­trist-blog­gers than I have quit once their side gig reached a point where their pa­tients might hear about it. There was even a very nice and nu­anced ar­ti­cle about the phe­nom­e­non in - of all places - The New York Times.

After all that, yeah, I had a pho­bia of be­ing doxxed. But psy­chother­apy classes also teach you to not to let past trau­mas con­trol your life even af­ter they’ve stopped be­ing rel­e­vant. Was I get­ting too worked up over an is­sue that no longer mat­tered?

The New York Times thought so. Some peo­ple kept me abreast of their pri­vate dis­cus­sions (in Soviet America, news­pa­per’s dis­cus­sions get leaked to you!) and their re­porters had spir­ited in­ter­nal de­bates about whether I re­ally needed anonymity. Sure, I’d got­ten some death threats, but every­one gets death threats on the Internet, and I’d pro­vided no proof mine were cred­i­ble. Sure, I might get SWATted, but re­al­is­ti­cally that’s a re­ally scary fif­teen sec­onds be­fore the cops apol­o­gize and go away. Sure, my job was at risk, but I was a well-off per­son and could prob­a­bly get an­other. Also, had­n’t I blogged un­der my real name be­fore? Hadn’t I pub­lished pa­pers un­der my real name in ways that a clever per­son could use to un­mask my iden­tity? Hadn’t I played fast and loose with every form of opsec other than whether the av­er­age pa­tient or em­ployer could Google me in five sec­onds?

Some of the savvy peo­ple giv­ing me ad­vice sug­gested I fight back against this. Release the ex­act death threats I’d re­ceived and ex­plain why I thought they were scary. Play up ex­actly how many peo­ple lived with me and ex­actly why it would be trau­matic for them to get SWATted. Explain ex­actly how se­ri­ously it would harm my pa­tients if I lost my job. Say why it was nec­es­sary for my ca­reer to pub­lish those pa­pers un­der my real name.

Why did­n’t I do this? Partly be­cause it was­n’t true. I don’t think I had par­tic­u­larly strong ar­gu­ments on any of these points. The amount I dis­like death threats is ba­si­cally the av­er­age amount that the av­er­age per­son would dis­like them. The amount I would dis­like los­ing my job…and et cetera. Realistically, my anonymity let me feel safe and com­fort­able. But it prob­a­bly was­n’t lit­er­ally nec­es­sary to keep me alive. I feel bad ad­mit­ting this, like I con­scripted you all into a cru­sade on false pre­tenses. Am I an en­ti­tled jerk for caus­ing such a stir just so I can feel safe and com­fort­able? I’m sure the New York Times cus­tomer ser­vice rep­re­sen­ta­tives who had to deal with all your phone calls thought so.

But the other rea­son I did­n’t do it was…well, sup­pose Power comes up to you and says hey, I’m gonna kick you in the balls. And when you protest, they say they don’t want to make any­one un­safe, so as long as you can prove that kick­ing you in the balls will cause long-term ir­recov­er­able dam­age, they’ll hold off. And you say, well, it’ll hurt quite a lot. And they say that’s sub­jec­tive, they’ll need a doc­tor’s note prov­ing you have a chronic pain con­di­tion like hy­per­al­ge­sia or fi­bromyal­gia. And you say fine, I guess I don’t have those, but it might be dan­ger­ous. And they ask you if you’re some sort of ex­pert who can prove there’s a high risk of or­gan rup­ture, and you have to ad­mit the risk of or­gan rup­ture is­n’t ex­actly high. But also, they add, did­n’t you prac­tice taek­wondo in col­lege? Isn’t that the kind of sport where you can get kicked in the balls pretty eas­ily? Sounds like you’re not re­ally that com­mit­ted to this not-get­ting-kicked-in-the-balls thing.

No! There’s no dig­ni­fied way to an­swer any of these ques­tions ex­cept “fuck you”. Just don’t kick me in the balls! It is­n’t rocket sci­ence! Don’t kick me in the fuck­ing balls!

In the New York Times’ world­view, they start with the right to dox me, and I had to earn the right to re­main anony­mous by prov­ing I’m the per­fect sym­pa­thetic vic­tim who sat­is­fies all their cri­te­ria of vic­tim­hood. But in my world­view, I start with the right to anonymity, and they need to make an af­fir­ma­tive case for doxxing me. I ad­mit I am not the per­fect vic­tim. The death threats against me are all by losers who prob­a­bly don’t know which side of a gun you shoot some­one with. If any­thing hap­pened at work, it would prob­a­bly in­con­ve­nience me and my pa­tients, but prob­a­bly would­n’t lit­er­ally kill ei­ther of us. Still! Don’t kick me in the fuck­ing balls!

I don’t think any­one at the Times bore me ill will, at least not orig­i­nally. But some­how that just made it even more in­fu­ri­at­ing. In Street Fighter, the hero con­fronts the Big Bad about the time he de­stroyed her vil­lage. The Big Bad has de­stroyed so much stuff he does­n’t even re­mem­ber: “For you, the day [I burned] your vil­lage was the most im­por­tant day of your life. For me, it was Tuesday.” That was the im­pres­sion I got from the Times. They weren’t hos­tile. I was­n’t a tar­get they were des­per­ate to take out. The main emo­tion I was able to pick up from them was an­noy­ance that I was mak­ing their lives harder by mak­ing a big deal out of this. For them, it was Tuesday.

It’s bad enough to get kicked in the balls be­cause Power hates you. But it’s in­fu­ri­at­ing to have it hap­pen be­cause Power can’t bring it­self to care. So sure, delet­ing my blog was­n’t the most, shall we say, ra­tio­nal re­sponse to the sit­u­a­tion. But it­er­ated games some­times re­quire a strat­egy that de­vi­ates from ap­par­ent first-level ra­tio­nal­ity, where you let your­self con­sider lose-lose op­tions in or­der to in­flu­ence an op­po­nen­t’s be­hav­ior.

Or, in lay­man’s terms, some­times you have to be a crazy bas­tard so peo­ple won’t walk all over you.

In 2010, a cor­rupt po­lice­woman de­manded a bribe from im­pov­er­ished push­cart ven­dor Mohammed Bouazizi. He could­n’t af­ford it. She con­fis­cated his goods, in­sulted him, and (according to some sources) slapped him. He was hu­mil­i­ated and des­ti­tute and had no hope of ever get­ting back at a po­lice of­fi­cer. So he made the very rea­son­able de­ci­sion to douse him­self in gaso­line and set him­self on fire in the pub­lic square. One thing led to an­other, and even­tu­ally a mostly-peace­ful rev­o­lu­tion ousted the gov­ern­ment of Tunisia. I am very sorry for Mr. Bouazizi and his fam­ily. But he did find a way to make the of­fend­ing po­lice­woman re­mem­ber the day she ha­rassed him as some­thing other than Tuesday. As the say­ing goes, “sometimes set­ting your­self on fire sheds light on the sit­u­a­tion”.

As I burned it hurt be­cause

I was so happy for you

But as I was think­ing about all this, I got other emails. Not just the pre­dic­tion ag­gre­ga­tors and Russians and so on; emails of a to­tally dif­fer­ent sort.

I got emails from other peo­ple who had deleted their blogs out of fear. Sometimes it was be­cause of a job search. Other times it was be­cause of *gestures ex­pan­sively at every­thing*. These peo­ple wanted me to know they sym­pa­thized with what I was go­ing through.

I got emails from peo­ple who had­n’t deleted their blogs, but wished they had. A lot of them had sto­ries like mine - failed an in­ter­view they should have aced, and the in­ter­viewer men­tioned their blog as an is­sue. These peo­ple sym­pa­thized too.

I got emails that were like that, only it was grad stu­dents. Apparently if you have a blog about your field, that can make it harder to get or keep a job in acad­e­mia. I’m not sure what we think we’re gain­ing by en­sur­ing the smartest and best ed­u­cated peo­ple around aren’t able to talk openly about the fields they’re ex­perts in, but I hope it’s worth it.

I got an email from a far-left blog­ger with a sim­i­lar story, which got me think­ing about so­cial­ists in par­tic­u­lar. Imagine you’re writ­ing a so­cial­ist blog - as is 100% your right in a de­mo­c­ra­tic so­ci­ety. Aren’t em­ploy­ers go­ing to freak out as soon as they Google your name, ex­pect­ing you to start a union or ag­i­tate for higher wages or seize the means of pro­duc­tion or some­thing? This is a to­tally dif­fer­ent prob­lem from the can­cel cul­ture sto­ries I usu­ally hear about, but just as se­ri­ous. How are you sup­posed to write about com­mu­nism in a world where any news­pa­per can just fig­ure out your real name, ex­pose you, and lock you out of most nor­mal jobs?

I got emails from some trans­gen­der blog­gers, who talked about how trans peo­ple go by some­thing other than their le­gal name and have a spe­cial in­ter­est in not get­ting outed in the na­tional news. I don’t think the Times would de­lib­er­ately out trans peo­ple - prob­a­bly there’s some of­fi­cial pol­icy against it. But the peo­ple email­ing me un­der­stood that we’re all in this to­gether, and that if op­pressed peo­ple don’t stand up for the rights of the priv­i­leged, no one will. Or some­thing. Man, it’s been a weird year.

I got an email telling me to look into the story of Richard Horton, a po­lice of­fi­cer in the UK. He wrote a blog about his ex­pe­ri­ence on the force which was by all ac­counts in­cred­i­ble - it won the Orwell Prize for be­ing the best po­lit­i­cal writ­ing in Britain that year. The Times (a British news­pa­per un­re­lated to NYT) hacked his email and ex­posed his real iden­tity, and his chief forced him to delete the blog in or­der to keep his job. I won­der whether maybe if po­lice of­fi­cers were al­lowed to write anony­mously about what was go­ing on with­out get­ting doxxed by news­pa­pers, peo­ple would­n’t have to be so sur­prised every time some­thing hap­pens in­volv­ing the po­lice be­ing bad. See for ex­am­ple The Impact Of The Cessation Of Blogs Within The UK Police Blogosphere, a pa­per some­body ap­par­ently needed to write.

I got an email telling me to look into the story of Naomi Wu, a Chinese woman who makes videos about en­gi­neer­ing and DIY tech pro­jects un­der the name SexyCyborg. She granted an in­ter­view to a Vice re­porter un­der the con­di­tion that he not re­veal some sen­si­tive de­tails of her per­sonal life which could get her in trou­ble with the Chinese au­thor­i­ties. Vice agreed, then re­vealed the de­tails any­way (who could have guessed that a we­bzine founded by a vi­o­lent neo-fas­cist leader and named af­ter the ab­stract con­cept of evil would stoop so low?) In a Medium post, Wu wrote that “Vice would en­dan­ger me for a few clicks be­cause in Brooklyn cer­tain things are no big deal…I had no pos­si­ble re­course against a bil­lion dol­lar com­pany who thought tit­il­lat­ing their read­ers with my per­sonal de­tails was worth putting me in jeop­ardy.” She then went on to dox the Vice re­porter in­volved, Which Was Morally Wrong And I Do Not Condone It - but also led to some in­ter­est­ing rev­e­la­tions about how much more jour­nal­ists cared when it’s one of their own and not just some vul­ner­a­ble woman in a dic­ta­tor­ship.

Getting all these emails made me re­al­ize that, what­ever the mer­its of my own case, maybe by ac­ci­dent, I was fight­ing for some­thing im­por­tant here. Who am I? I’m no­body, I’m a sci­ence blog­ger with some bad opin­ions. But these peo­ple - the trans peo­ple, the union or­ga­niz­ers, the po­lice whistle­blow­ers, the sexy cy­borgs - the New York Times is­n’t wor­thy to wipe the dirt off their feet. How dare they as­sert the right to ruin these peo­ple’s lives for a cou­ple of ex­tra bucks.

…but I was also grate­ful to get some emails from jour­nal­ists try­ing to help me un­der­stand the per­spec­tive of their field. They point out that re­port­ing is fun­da­men­tally about re­veal­ing in­for­ma­tion that was­n’t pre­vi­ously pub­lic, and hard-hit­ting re­port­ing nec­es­sar­ily in­volves dis­clos­ing things about sub­jects that they would rather you not know. Speculating on the iden­ti­ties of peo­ple like Deep Throat, or Satoshi Nakamoto, or QAnon, or that guy who wrote Primary Colors, is a long-stand­ing jour­nal­is­tic tra­di­tion, one I had never be­fore thought to ques­tion. Many of my cor­re­spon­dents brought up that some im­por­tant peo­ple read my blog (Paul Graham was the most cited name). Isn’t there a point past which you stop be­ing that-guy-with-a-Tum­blr-ac­count who it’s wrong to dox, and you be­come more like Satoshi Nakamoto where try­ing to dox you is a sort of na­tional sport? Wouldn’t it be fair to say I had passed that point?

With all due re­spect to these re­porters, and with com­plete ad­mis­sion of my own bias, I re­ject this en­tire way of look­ing at things. If some­one wants to re­port that I’m a 30-something psy­chi­a­trist who lives in Oakland, California, that’s fine, I’ve had it in my About page for years. If some re­porter wants to in­ves­ti­gate and con­firm, I have some sug­ges­tions for how they could use their time bet­ter - is­n’t there still a war in Yemen? - but I’m not go­ing to com­plain too loudly. But I don’t think what­ever claim the pub­lic has on me in­cludes a right to know my name if I don’t want them to. I don’t think the pub­lic needs to know the name of the cops who write cop blogs, or the dead­names of trans peo­ple, or the dat­ing lives of sexy cy­borgs. I’m not even sure the pub­lic needs to know the name of Satoshi Nakamoto. If he is­n’t harm­ing any­one, let him have his anonymity! I would rather we get what­ever patholo­gies come from peo­ple be­ing able to in­vent Bitcoin scot-free, than get what­ever patholo­gies come from any­one be­ing al­lowed to dox any­one else if they can ar­gue that per­son is “influential”. Most peo­ple don’t start out try­ing to be in­flu­en­tial. They just have a Tumblr or a LiveJournal or some­thing, and a few peo­ple read it, and then a few more peo­ple read it, and bam! - they’re in­flu­en­tial! If in­flu­ence takes away your pro­tec­tion, then none of us are safe - not the ran­dom grad stu­dent with a Twitter ac­count mak­ing fun of bad sci­ence, not the teenager with a sex Tumblr, not the as­pir­ing fash­ion­ista with an Instagram. I’ve read lots of in­ter­est­ing dis­cus­sion on how much power tech oli­garchs should or should­n’t be al­lowed to have. But this is the first time I’ve seen some­one sug­gest their pow­ers should in­clude a magic pri­vacy-de­stroy­ing gaze, where just by look­ing at some­one they can trans­form them into a dif­fer­ent kind of cit­i­zen with fewer rights. Is Paul Graham some weird kind of basilisk, such that any­one he stares at too long turns into fair game?

And: a re­cent poll found that 62% of peo­ple feel afraid to ex­press their po­lit­i­cal be­liefs. This is­n’t just con­ser­v­a­tives - it’s also mod­er­ates (64%), lib­er­als (52%) and even many strong lib­er­als (42%). This is true even among mi­nor­ity groups, with more Latinos (65%) feel­ing afraid to speak out than whites (64%), and blacks (49%) close be­hind. 32% of peo­ple worry they would be fired if their po­lit­i­cal views be­came gen­er­ally known, in­clud­ing 28% of Democrats and 38% of Republicans. Poor peo­ple and Hispanics were more likely to ex­press this con­cern than rich peo­ple and whites, but peo­ple with post-grad­u­ate de­grees have it worse than any other de­mo­graphic group.

And the kicker is that these num­bers are up al­most ten per­cent­age points from the last poll three years ago. The biggest de­cline in feel­ing safe was among “strong lib­er­als”, who feel an en­tire 12 per­cent­age points less safe ex­press­ing their opin­ion now than way back in the hoary old days of 2017. What hap­pens in a world where this trend con­tin­ues? Does every­one even­tu­ally feel so un­safe that we com­pletely aban­don the pub­lic square to pro­fes­sional-opin­ion-havers, talk­ing heads al­lowed to pon­tif­i­cate be­cause they have the back­ing of gi­ant in­sti­tu­tions? What bi­ases does that in­tro­duce to the dis­cus­sion? And if we want to avoid that, is there any bet­ter way then a firm stance that peo­ple’s on­line pseu­do­nymity is a ba­sic right, not to be chal­lenged with­out one hell of a com­pelling pub­lic in­ter­est? Not just “they got kinda big, so now we can de­stroy them guilt-free”, but an ac­tual pub­lic in­ter­est?

I’m not try­ing to con­vince the New York Times - ob­vi­ously it would very much fit their busi­ness plan if we came to rely on pro­fes­sional-opin­ion-havers backed by big in­sti­tu­tions. I’m try­ing to con­vince you, the av­er­age Internet per­son. For the first ten or twenty years of its his­tory, the Internet had a ro­bust norm against doxxing. You could troll peo­ple, you could Goatse or Rickroll them, but doxxing was be­yond the pale. One of the vet­er­ans of this era is Lawrence Lessig, who I was de­lighted to see com­ing to my de­fense. We’ve lost a lot of that old Internet, sold our birthright to so­cial me­dia com­pa­nies and con­tent providers for a few spurts of dopamine, but I think this norm is still worth pro­tect­ing.

If me set­ting my­self on fire got the New York Times to re­think some of its poli­cies, and ac­ci­den­tally helped some of these peo­ple win their own fights, it was to­tally worth it.

Now these points of data make a beau­ti­ful line

And we’re out of beta, we’re re­leas­ing on time

So I’m glad I got burned

Think of all the things we learned

For the peo­ple who are still alive

There’s a scene in Tom Sawyer where Tom runs away from town and is pre­sumed dead. He re­turns just as they’re hold­ing his fu­neral, and gets to lis­ten to every­one praise his life and talk about how much they loved him. Seems like a good deal. Likewise, Garrison Keillor said that - since they say such nice things at peo­ple’s fu­ner­als - it was a shame he was go­ing to miss his own by just a few days.

After delet­ing the blog I felt like I was at­tend­ing my own fu­neral. I asked peo­ple to send the Times emails ask­ing them not to pub­lish the ar­ti­cle. Some peo­ple ccd me on them. These weren’t just “Dear NYT, please do not dox this blog­ger, yours, John”. Some of them were a bit over-the-top. I be­lieve a few of them may have used the words “national trea­sure”. I can only hope the peo­ple at my real fu­neral are as kind.

Other peo­ple just sent me the over-the-top emails di­rectly. I got emails from peo­ple in far-away, very poor coun­tries, telling me that there was noth­ing at all like a ra­tio­nal­ist move­ment in their coun­tries and my blog was how they kept up with the in­tel­lec­tual cur­rents of a part of the world they might never see. I am hum­bled to be able to help them.

I got emails from med­ical in­terns and res­i­dents, telling me they en­joyed hear­ing about my ex­pe­ri­ences in med­i­cine. You guys only have like three min­utes of free time a week, and I am hum­bled that you would spend some of it read­ing me.

I got emails from peo­ple say­ing I was one of their in­spi­ra­tions for go­ing into sci­ence acad­e­mia. I am so, so, sorry. I am hum­bled by their con­tin­ued sup­port even af­ter I ru­ined their lives.

I got emails from peo­ple in a host of weird and dif­fi­cult sit­u­a­tions, telling me about how read­ing my blog was the only thing that kept them sane through dif­fi­cult times. One woman in­sisted that I start blog­ging be­fore she got preg­nant again be­cause I was her post­par­tum cop­ing strat­egy. I hope I’ve made it in time - but in any case I am hum­bled by their sup­port.

I got emails from cou­ples, say­ing that read­ing my blog to­gether once a week was their ro­man­tic bond­ing ac­tiv­ity. Again, I hope I’ve restarted in time, be­fore any­one’s had to di­vorce. They are very cute and I am hum­bled by their sup­port.

And more along the same lines, and some even more hum­bling than these. I want to grab some of you by the shoul­ders and shake you and shout “IT’S JUST A BLOG, GET A LIFE”. But of course I would be a hyp­ocrite. I re­mem­ber back to when I was a new col­lege grad­u­ate, des­per­ately try­ing to make sense of the world. I re­mem­ber the sheer re­lief when I came across a few blog­gers - I most clearly re­mem­ber Eliezer Yudkowsky - who seemed to be tuned ex­actly to my wave­length, peo­ple who were mak­ing sense when the en­tire rest of the world was say­ing vague fuzzy things that al­most but not quite con­nected with the mil­lions of ques­tions I had about every­thing. These peo­ple weren’t per­fect, and they did­n’t have all the an­swers, but their ex­is­tence re­as­sured me that I was­n’t crazy and I was­n’t alone. I was an em­bar­rass­ing fan­boy of theirs for many years - I kind of still am - and if my pun­ish­ment is to have em­barass­ing fan­boys of my own then I ac­cept it as part of the cir­cle of life.

And also - I am maybe the worst per­son pos­si­ble to ar­gue that this does­n’t mat­ter. Almost every­thing good in my life I’ve got­ten be­cause of you. I met most of my friends through blog­ging. I met my house­mates, who are ba­si­cally my fam­ily right now, through blog­ging. I got in­tro­duced to my girl­friend by some­one I know through blog­ging. My pa­tients are do­ing bet­ter than they could be - some of them vastly bet­ter - be­cause of things I learned from all of you in the process of blog­ging. Most of the in­tel­lec­tual progress I’ve made over the past ten years has been fol­low­ing up on leads peo­ple sent me be­cause of my blog­ging. To the de­gree that the world makes sense to me, to the de­gree that I’ve been able to un­tie some of the thornier knots and be re­warded with the re­lief of men­tal clar­ity, a lot of it has been be­cause of things I learned while blog­ging. However many over-the-top du­bi­ous claims you want to make about how much I have im­proved your life, I will one-up you with how much you have im­proved mine. And af­ter read­ing a few hun­dred of your emails, I’ve re­al­ized, crys­tal-clear, that I am go­ing to be spend­ing the rest of my life try­ing to de­serve even one per­cent of the love you’ve shown and the gifts you’ve given me.

So I’ve taken the steps I need to in or­der to feel com­fort­able re­veal­ing my real name on­line. I talked to an ag­gres­sively un­help­ful po­lice of­fi­cer about my per­sonal se­cu­rity. I got ad­vice from peo­ple who are more fa­mous than I am, who have al­layed some fears and of­fered some sug­ges­tions. Some of the steps they take seem ex­treme - the Internet is a scarier place than I thought - but I’ve taken some of what they said to heart, re­jected the rest in a cal­cu­lated way, and re­al­ized re­al­is­ti­cally I was never that pro­tected any­how. So here we are.

And I left my job. They were very nice about it, they were ten­ta­tively will­ing to try to make it work. But I just don’t think I can do psy­chother­apy very well while I’m also a pub­lic fig­ure, plus peo­ple were al­ready call­ing them try­ing to get me fired and I did­n’t want to make them deal with more of that.

As I was try­ing to fig­ure out how this was go­ing to work fi­nan­cially, Substack con­vinced me that I could make de­cent money here. With that in place, I felt like I could also take a chance on start­ing my dream busi­ness. You guys have had to lis­ten to me write ad nau­seum about cost dis­ease - why does health care cost 4x times more per capita than it did just a gen­er­a­tion ago? I have a lot of the­o­ries about why that hap­pened and how to fix it. But as Feynman put it, “what I can­not cre­ate I can­not un­der­stand”. So I’m go­ing to try to start a med­ical prac­tice that pro­vides great health care to unin­sured peo­ple for 4x less than what any­one else charges. If it works, I plan to be in­suf­fer­able about it. If it does­n’t, I can at least have a fun con­ver­sa­tion with Alex Tabarrok about where our the­o­ries went wrong. Since I’m no longer pro­tect­ing my anonymity, I can ad­ver­tise it here - Lorien Psychiatry - though I’m not cur­rently ac­cept­ing blog read­ers as pa­tients, sorry.

That’s taken up most of my time over the past six months. Going back to blog posts like this is a strange feel­ing. I won­dered if I’d en­joy the break. I did­n’t par­tic­u­larly; it felt at least as much like try­ing to re­sist an ad­dic­tion as it did rest­ing from a dif­fi­cult task. There’s so much left to say! I never got the chance to tell you whether the SSC Survey found birth or­der ef­fects to be bi­o­log­i­cally or so­cially me­di­ated! And the pre­dic­tive pro­cess­ing com­mu­nity is start­ing to re­ally chip away at the ques­tion of why psy­chother­a­pies work - I need to ex­plain this to some­one else be­fore I can be sure I un­der­stand it! I only dis­cov­ered tax­o­met­rics a few months ago and I haven’t talked your ears off about it yet - that will change! I made pre­dic­tions about Trump - now that he’s come and gone I need to grade them pub­licly so you can raise or lower your opin­ion of me as ap­pro­pri­ate! And there’s the book re­view con­test! We are ab­solutely go­ing to do the book re­view con­test!

So here goes. With mal­ice to­wards none, with char­ity to­wards all, with firm­ness in the ṛta as re­flec­tive equi­lib­rium gives us to see the ṛta, let us restart our mu­tual ex­plo­rations, be­gin anew the joy­ful re­duc­tion of un­cer­tainty wher­ever it may lead us.

My name is Scott Siskind, and I love all of you so, so much.

But look at me, still talk­ing when there’s Science to do

When I look out there it makes me glad I’ve got you

I’ve ex­per­i­ments to run, there is re­search to be done

On the peo­ple who are still alive

And be­lieve me I am still alive

I’m do­ing sci­ence and I’m still alive

I feel fan­tas­tic and I’m still alive

Still alive

by on January 21, 2021 5:05 AM EST

We’re fol­low­ing the state of play with Intel’s new CEO, Pat Gelsinger, very closely. Even as an Intel em­ployee for 30 years, ris­ing to the rank of CTO, then tak­ing 12 years away from the com­pany, his ar­rival has been met with praise across the spec­trum given his back­ground and pre­vi­ous suc­cesses. He is­n’t even set to take his new role un­til February 15th, how­ever his re­turn is al­ready caus­ing a stir with Intel’s cur­rent R&D teams.

News in the last 24 hours, based on pub­lic state­ments, states that for­mer Intel Senior Fellow Glenn Hinton, who lists be­ing the lead ar­chi­tect of Intel’s Nehalem CPU core in his list of achieve­ments, is com­ing out of re­tire­ment to re-join the com­pany. (The other lead ar­chi­tect of Nehalem are Ronak Singhal and Per Hammerlund - Ronak is still at Intel, work­ing on next-gen proces­sors, while Per has been at Apple for five years.)

Hinton is an old Intel hand, with 35 years of ex­pe­ri­ence, lead­ing mi­croar­chi­tec­ture de­vel­op­ment of Pentium 4, one of three se­nior ar­chi­tects of Intel’s P6 proces­sor de­sign (which led to Pentium Pro, P2, P3), and ul­ti­mately one of the dri­vers to Intel’s Core ar­chi­tec­ture which is still at the fore­front of Intel’s port­fo­lio to­day. He also a lead mi­croar­chi­tect for Intel’s i960 CA, the world’s first su­per-scalar mi­cro­proces­sor. Hinton holds more than 90+ patents from 8 CPU de­signs from his en­deav­ors. Hinton spent an­other 10+ years at Intel af­ter Nehalem, but Nehalem is listed in many places as his pri­mary pub­lic achieve­ment at Intel.

On his so­cial me­dia posts, Hinton states that he will be work­ing on ‘an ex­cit­ing high per­for­mance CPU pro­ject’. In the as­so­ci­ated com­ments also states that ‘if it was­n’t a fun pro­ject I would­n’t have come back — as you know, re­tire­ment is pretty darn nice’. Glenn also dis­closes that he has been pon­der­ing the move since November, and Gelsinger’s re-hir­ing helped fi­nal­ize that de­ci­sion. His peers also opine that Glenn is prob­a­bly not the only ex-In­tel ar­chi­tect that might be head­ing back to the com­pany. We know a few ar­chi­tects and spe­cial­ists that have left Intel in re­cent years to join Intel’s com­peti­tors, such as AMD and Apple.

There are a few key things to note here worth con­sid­er­ing.

First is that com­ing out of re­tire­ment for a big CPU pro­ject is­n’t a triv­ial thing, es­pe­cially for an Intel Senior Fellow. Given Intel’s suc­cesses, one would as­sume that the fi­nan­cial sit­u­a­tion is not the main dri­ver here, but the op­por­tu­nity to work on some­thing new and ex­cit­ing. Plus, these sorts of pro­jects take years of de­vel­op­ment, at least three, and thus Glenn is sign­ing on for a long term de­spite al­ready hav­ing left to re­tire.

Second point is re­it­er­at­ing that last line — what­ever pro­ject Glenn is work­ing on, it will be a long term pro­ject. Assuming that Glenn is talk­ing about a fresh pro­ject within Intel’s R&D ecosys­tem, it will be 3-5 years be­fore we see the fruits of the la­bor, which also means cre­at­ing a de­sign aimed at what could be a va­ri­ety of process node tech­nolo­gies. Glenn’s ex­per­tise as lead ar­chi­tect is quite likely ap­plic­a­ble for any stage of an Intel R&D de­sign win­dow, but is per­haps best served from the ini­tial stages. The way Glenn seems to put it, this might be a black-ops style de­sign. It also does­n’t spec­ify if this is x86, leav­ing that door open to spec­u­la­tion.

Third here is to rec­og­nize that Intel has a num­ber of proces­sor de­sign teams in-house and de­spite the man­u­fac­tur­ing process de­lays, they haven’t been idle. We’ve been see­ing re­fresh af­ter re­fresh of Skylake lead Intel’s port­fo­lio, and while the first it­er­a­tions of the 10nm Cove cores come to mar­ket, Intel’s in­ter­nal de­sign teams would have been work­ing on the next gen­er­a­tion, and the next gen­er­a­tion af­ter that — the only bar­rier to de­ploy­ment would have been man­u­fac­tur­ing. I re­call a dis­cus­sion with Intel’s en­gi­neers around Kaby Lake time, when I asked about Intel’s progress on IPC — I re­quested a +10% gen-on-gen in­crease over the next two years at the time, and I was told that those de­signs were done and baked — they were al­ready work­ing on the ones be­yond that. Those de­signs were likely Ice/Tiger Lake, and so Intel’s core de­sign teams have been surg­ing ahead de­spite man­u­fac­tur­ing is­sues, and I won­der if there’s now a 3-4 year (or more) de­lay on some of these de­signs. If Glenn is hint­ing at a pro­ject be­yond that, then we could be wait­ing even longer.

Fourth and fi­nally, one of the crit­i­cal el­e­ments listed by a num­ber of an­a­lysts on the an­nounce­ment of Gelsinger’s ar­rival was that he would­n’t have much of an ef­fect un­til 3+ years down the line, be­cause of how prod­uct cy­cles work. I re­jected that premise out­right, stat­ing that Pat can come in and change el­e­ments of Intel’s cul­ture im­me­di­ately, and could sit in the room with the rel­e­vant en­gi­neers and dis­cuss prod­uct de­sign on a level that Bob Swan can­not. Pat has the op­por­tu­nity to arrange the lead­er­ship struc­ture and in­still new con­fi­dence in those struc­tures, some of which may have caused key ar­chi­tects in the past to re­tire, in­stead of build on ex­cit­ing pro­jects.

As we can see, Pat is al­ready hav­ing an ef­fect be­fore his name is even on the door at HQ.

Today is also Intel’s end-of-year fi­nan­cial dis­clo­sure, at 5pm ET. We are ex­pect­ing Intel’s cur­rent CEO, Bob Swan, to talk through what looks to be an­other record break­ing year of rev­enue, and likely the state of play for Intel’s own 7nm process node tech­nolo­gies. That last point is some­what thrown into doubt given the new CEO an­nounce­ment and if Gelsinger is on the call. It is un­known if Gelsinger will par­tic­i­pate.

We have made the dif­fi­cult de­ci­sion to re­tire the Tucows Downloads site. We’re pleased to say that much of the soft­ware and other as­sets that made up the Tucows Downloads li­brary have been trans­ferred to our friends at the Internet Archive for pos­ter­ity.

The share­ware down­loads bul­letin board sys­tem (BBS) that would be­come Tucows Downloads was founded back in 1993 on a li­brary com­puter in Flint, MI. What started as a place for peo­ple in the know to down­load soft­ware be­came the place to down­load soft­ware on the bur­geon­ing Internet. Far more quickly than any­one could have imag­ined.

A lot has changed since those early years. Tucows has grown and evolved as a busi­ness. It’s been a long time since Tucows has been TUCOWS, which stood for The Ultimate Collection of Winsock Software.

Today, Tucows is the sec­ond-largest do­main name reg­is­trar in the world be­hind Go Daddy and the largest whole­saler of do­main names in the world with cus­tomers like Shopify and other global web­site builder plat­forms. Hover of­fers do­main names and email at re­tail to help peo­ple brand their life on­line. OpenSRS (and along the way our ac­qui­si­tions of Enom, Ascio and EPAG) are the SaaS plat­forms upon which tens of thou­sands of cus­tomers have built their own do­main reg­is­tra­tion busi­nesses, reg­is­ter­ing tens of mil­lions of do­mains on be­half of their cus­tomers. Ting Internet is build­ing fiber-op­tic net­works all over the U. S. At the same time, we’re build­ing the Mobile Services Enabler SaaS plat­form that is pow­er­ing DISH’s en­try into the US mo­bile mar­ket.

For the past sev­eral years, his­tory, well sen­ti­men­tal­ity, has been the only rea­son to keep Tucows Downloads around. We talked about shut­ting the site down be­fore. Most se­ri­ously in 2016 when in­stead, we de­cided to go ad-free, keep­ing the site up as a pub­lic ser­vice.

Today is dif­fer­ent. Tucows Downloads is old. Old sites are a main­te­nance chal­lenge and there­fore a risk. Maintaining the Tucows Downloads site pulls peo­ple away from the work that moves our busi­nesses for­ward.

Tucows Downloads has had an in­cred­i­ble run. Retiring it is the right move but that does­n’t al­ter the fact that it will al­ways hold a spe­cial place in hearts and our story. We’re thank­ful to the thou­sands of soft­ware de­vel­op­ers who used Tucows Downloads to get their soft­ware in front of mil­lions of peo­ple, dri­ving bil­lions of down­loads over more than 25 years.

If you’re a de­vel­oper who used the Tucows Author Resource Center (ARC) as part of your soft­ware dis­sem­i­na­tion, to buy code sign­ing or other ser­vices, we’re happy to help with the tran­si­tion.

Any cer­tifi­cates pur­chased through ARC re­main valid. If you’re look­ing to buy or re­new code sign­ing cer­tifi­cates, we in­vite you to go straight to the source; Sectigo was our sup­plier and will be happy to be yours too.

Feel free to reach out to us at help@tu­cows.com if we can help with any­thing at all.

Let’s Encrypt helps to pro­tect a huge por­tion of the Web by pro­vid­ing TLS cer­tifi­cates to more than 235 mil­lion web­sites. A data­base is at the heart of how Let’s Encrypt man­ages cer­tifi­cate is­suance. If this data­base is­n’t per­form­ing well enough, it can cause API er­rors and time­outs for our sub­scribers. Database per­for­mance is the sin­gle most crit­i­cal fac­tor in our abil­ity to scale while meet­ing ser­vice level ob­jec­tives. In late 2020, we up­graded our data­base servers and we’ve been very happy with the re­sults.

Our CA soft­ware, Boulder, uses MySQL-style schemas and queries to man­age sub­scriber ac­counts and the en­tire cer­tifi­cate is­suance process. It’s de­signed to work with a sin­gle MySQL, MariaDB, or Percona data­base. We cur­rently use MariaDB, with the InnoDB data­base en­gine.

We run the CA against a sin­gle data­base in or­der to min­i­mize com­plex­ity. Minimizing com­plex­ity is good for se­cu­rity, re­li­a­bil­ity, and re­duc­ing main­te­nance bur­den. We have a num­ber of repli­cas of the data­base ac­tive at any given time, and we di­rect some read op­er­a­tions to replica data­base servers to re­duce load on the pri­mary.

One con­se­quence of this de­sign is that our data­base ma­chines need to be pretty pow­er­ful. Eventually we may need to shard or break the sin­gle data­base into mul­ti­ple data­bases, but hard­ware ad­vance­ments have al­lowed us to avoid that so far.

The pre­vi­ous gen­er­a­tion of data­base hard­ware was pow­er­ful but it was reg­u­larly be­ing pushed to its lim­its. For the next gen­er­a­tion, we wanted to more than dou­ble al­most every per­for­mance met­ric in the same 2U form fac­tor. In or­der to pull that off, we needed AMD EPYC chips and Dell’s PowerEdge R7525 was ideal. Here are the spec­i­fi­ca­tions:

By go­ing with AMD EPYC, we were able to get 64 phys­i­cal CPU cores while keep­ing clock speeds high: 2.9GHz base with 3.4GHz boost. More im­por­tantly, EPYC pro­vides 128 PCIe v4.0 lanes, which al­lows us to put 24 NVMe dri­ves in a sin­gle ma­chine. NVMe is in­cred­i­bly fast (~5.7x faster than the SATA SSDs in our pre­vi­ous-gen data­base servers) be­cause it uses PCIe in­stead of SATA. However, PCIe lanes are typ­i­cally very lim­ited: mod­ern con­sumer chips typ­i­cally have only 16 lanes, and Intel’s Xeon chips have 48. By pro­vid­ing 128 PCI lanes per chip (v4.0, no less), AMD EPYC has made it pos­si­ble to pack large num­bers of NVMe dri­ves into a sin­gle ma­chine. We’ll talk more about NVMe later.

We’ll start by look­ing at our me­dian time to process a re­quest be­cause it best re­flects sub­scribers’ ex­pe­ri­ence. Before the up­grade, we turned around the me­dian API re­quest in ~90 ms. The up­grade dec­i­mated that met­ric to ~9 ms!

We can clearly see how our old CPUs were reach­ing their limit. In the week be­fore we up­graded our pri­mary data­base server, its CPU us­age (from /proc/stat) av­er­aged over 90%:

The new AMD EPYC CPUs sit at about 25%. You can see in this graph where we pro­moted the new data­base server from replica (read-only) to pri­mary (read/write) on September 15.

The up­grade greatly re­duced our over­all data­base la­tency. The av­er­age query re­sponse time (from INFORMATION_SCHEMA) used to be ~0.45ms.

Queries now av­er­age three times faster, about 0.15ms.

NVMe dri­ves are be­com­ing in­creas­ingly pop­u­lar be­cause of their in­cred­i­ble per­for­mance. Up un­til re­cently, though, it was nearly im­pos­si­ble to get many of them in a sin­gle ma­chine be­cause NVMe uses PCIe lanes. Those were very lim­ited: Intel’s Xeon proces­sors come with just 48 PCIe v3 lanes, and a num­ber of those are used up by the chipset and add-on cards such as net­work adapters and GPUs. You can’t fit many NVMe dri­ves in the re­main­ing lanes.

AMD’s lat­est gen­er­a­tion of EPYC proces­sors come with 128 PCIe lanes - more than dou­ble what Intel of­fers - and they’re PCIe v4! This is enough to pack a 2U server full of NVMe dri­ves (24 in our case).

Once you have a server full of NVMe dri­ves, you have to de­cide how to man­age them. Our pre­vi­ous gen­er­a­tion of data­base servers used hard­ware RAID in a RAID-10 con­fig­u­ra­tion, but there is no ef­fec­tive hard­ware RAID for NVMe, so we needed an­other so­lu­tion. One op­tion was soft­ware RAID (Linux mdraid), but we got sev­eral rec­om­men­da­tions for OpenZFS and de­cided to give it a shot. We’ve been very happy with it!

There was­n’t a lot of in­for­ma­tion out there about how best to set up and op­ti­mize OpenZFS for a pool of NVMe dri­ves and a data­base work­load, so we want to share what we learned. You can find de­tailed in­for­ma­tion about our setup in this GitHub repos­i­tory.

This data­base up­grade was nec­es­sary as more peo­ple rely on Let’s Encrypt for the se­cu­rity and pri­vacy that TLS/SSL pro­vides. The equip­ment is quite ex­pen­sive and it was a siz­able un­der­tak­ing for our SRE team to plan and ex­e­cute the tran­si­tion, but we gained a lot through the process.

We de­pend on con­tri­bu­tions from our sup­port­ers in or­der to pro­vide our ser­vices. If your com­pany or or­ga­ni­za­tion would like to spon­sor Let’s Encrypt please email us at spon­sor@letsen­crypt.org. We ask that you make an in­di­vid­ual con­tri­bu­tion if it is within your means.

National Highway Traffic Safety Administration (NHTSA) has com­pleted a reg­u­la­tion per­mit­ting low vol­ume mo­tor ve­hi­cle man­u­fac­tur­ers to be­gin sell­ing replica cars that re­sem­ble ve­hi­cles pro­duced at least 25 years ago. Congress en­acted a DeLorean Motor Company-backed bill backed by the Specialty Equipment Market Association (SEMA) DeLorean Motor Company, and oth­ers into law in 2015, which stream­lined re­quire­ments for small au­tomak­ers, but im­ple­men­ta­tion was de­layed while await­ing the NHTSA reg­u­la­tions. Companies like DeLorean will now be able to ap­ply for au­tho­riza­tion to pro­duce and sell ve­hi­cles un­der this pro­gram.

The re­cent re­lease of the fi­nal rule doc­u­ment was un­ex­pected, and we’re very pleased to see it fi­nally hap­pen. Still, four years over­due with no clear idea of when (or if!) these would ever be re­leased did cer­tainly keep us from putting too many eggs in that stain­less steel bas­ket, so to speak.

Some pre­vi­ous sup­pli­ers that we had lined up have gone out of busi­ness dur­ing the pan­demic, oth­ers have been ab­sorbed by larger com­pa­nies that have made it clear low vol­ume com­po­nent pro­duc­tion is not some­thing they’re in­ter­ested in pur­su­ing. In that re­gard there will be a fair amount of work to be re-done. Perhaps worse, some “champions” we had at var­i­ous sup­pli­ers have re­tired or moved on. In some cases this has left a void, where be­fore there was a DeLorean fan, who ral­lied for us within their com­pany and man­age­ment.

Additionally, cer­tain staffing can­di­dates that were on our short-list have long since moved on in and while un­em­ploy­ment has in­creased dur­ing 2020, many of the spe­cial­ized roles that we re­quire are still hard to fill.

As men­tioned be­fore, in 2015 our planned en­gine had a life-cy­cle of emis­sions com­pli­ance through 2022. We had hoped to get into pro­duc­tion by 2017 and get 3-4 years out of it be­fore hav­ing to take on the en­gi­neer­ing for a new pow­er­train. It’s be­lieved that this en­gine has been ex­tended through per­haps 2024 now, but it does­n’t seem like a good idea to plan around an en­gine so near its end-of-life.

That said, with EV’s be­com­ing more main­stream, we’ve been con­sid­er­ing switch­ing to an all-elec­tric as the fu­ture. It cer­tainly makes for an eas­ier path through emis­sions maze which still looms large over any in­ter­nal com­bus­tion en­gine. While an elec­tric Cobra or Morgan may be a lit­tle ex­treme for their po­ten­tial mar­ket, we’ve al­ready seen that an EV DeLorean — as we dis­played at the 2012 New York International Auto Show — is not such an “out there” idea.

Most crit­i­cally, fi­nan­cial mar­kets have changed, and will change even more as the world nav­i­gates the con­tin­u­ing COVID cri­sis dur­ing the Biden ad­min­is­tra­tion. Will the fi­nan­cial sup­port that we had lined up a few years ago to carry us through the fi­nal de­vel­op­ment and into pro­duc­tion still be avail­able?

As the au­to­mo­tive brand with likely the high­est name recog­ni­tion across all de­mo­graph­ics in spite of not hav­ing a new prod­uct in 40 years, we still be­lieve that none of the above is in­sur­mount­able and be­lieve that oth­ers will see value in it, as well.

Amsterdam’s Rijksmuseum has put over 700,000 digi­tised copies of its huge art col­lec­tion on­line, and is mak­ing them avail­able to reuse as pub­lic do­main

It’s not a new fea­ture, but it’s not that well known, and it was re­vamped last November. The im­ages are be­ing re­leased un­der Creative Commons 1.0 Universal (CC0 1.0) Public Domain Dedication — which is es­sen­tially copy­right and roy­alty free.

The Rijksstudio, as the on­line gallery is called was funded by the BankGiro Lottery, the Netherlands cul­ture lot­tery that pro­vides long-term sup­port for in­sti­tu­tions.

You can browse and search the Rijksstudio by gen­rea, dates or artists, and even if you’re just brows­ing for plea­sure, the web­site pho­tos are of a high res­o­lu­tion qual­ity.

The col­lec­tion con­tains more than 2,000 paint­ings from the Dutch Golden Age by no­table painters such as Jacob van Ruisdael, Frans Hals, Johannes Vermeer, Jan Steen, Rembrandt, and Rembrandt’s pupils.

Each of the paint­ings, pho­tographs, and draw­ings they’ve scanned has de­tailed in­for­ma­tion about the sub­ject and the artist, along with some his­tory such as when and where it was ac­quired.

The Rijksmuseum re­quires you to open an ac­count on their web­site to down­load any­thing, but in ex­change, the down­loaded graph­ics are high res­o­lu­tion jpegs. You can even see brush strokes in some of the im­ages I down­loaded to test this.

In ad­di­tion, pro­fes­sion­als have an op­tion to re­quest a free TIFF file with colour ref­er­ence and tai­lored ad­vice.

The Rijksstudio, in English, is here.

The British Museum also re­leased nearly 2 mil­lion im­ages from their archive on­line last year.

When Apple re­leased their desk­top prod­ucts with the M1 proces­sor in November 2020, quite a few peo­ple in the tech com­mu­nity were sur­prised by the ex­cel­lent per­for­mance of these sys­tems. But those who have been fol­low­ing the de­vel­op­ment of Apple phone chipsets closely knew that the evo­lu­tion­ary path Apple fol­lowed would re­sult in a pow­er­ful 64-bit ARM proces­sor.

At Corellium, we’ve been track­ing the Apple mo­bile ecosys­tem since iPhone 6, re­leased in 2014 with two 64-bit cores. Since then, Apple has been fo­cus­ing their en­ergy on build­ing faster chips, pre­fer­ring to im­prove sin­gle-threaded per­for­mance over throw­ing more cores on the chip. This ap­proach was en­abled by their in-house hard­ware de­sign team, and re­sulted in unique parts with a broad fea­ture set, lead­ing the in­dus­try in terms of ar­chi­tec­tural fea­tures.

It also made Apple sil­i­con rather dis­tinct from all other 64-bit ARM hard­ware in terms of both CPU core and pe­riph­er­als. Our Corellium vir­tu­al­iza­tion plat­form has been pro­vid­ing se­cu­rity re­searchers with un­par­al­leled in­sight into how op­er­at­ing sys­tems and pro­grams work on Apple ARM proces­sors. But in the process of de­vel­op­ing our vir­tu­al­iza­tion sys­tem, we also gain knowl­edge about the hard­ware we are mod­el­ing, and this knowl­edge can be best re­fined by test­ing it against real hard­ware - which we have only been able to do with the emer­gence of checkm8, an ex­ploit that let us load pro­grams onto Apple smart­phones. This led di­rectly to the Sandcastle pro­ject, where we built a ker­nel port to the A10 proces­sor in early 2020.

So when Apple de­cided to al­low in­stalling cus­tom ker­nels on the Macs with M1 proces­sor, we were very happy to try build­ing an­other Linux port to fur­ther our un­der­stand­ing of the hard­ware plat­form. As we were cre­at­ing a model of the proces­sor for our se­cu­rity re­search prod­uct, we were work­ing on the Linux port in par­al­lel.

Many com­po­nents of the M1 are shared with Apple mo­bile SoCs, which gave us a good run­ning start. But when writ­ing Linux dri­vers, it be­came very ap­par­ent how non-stan­dard Apple SoCs re­ally are. Our vir­tual en­vi­ron­ment is ex­tremely flex­i­ble in terms of mod­els it can ac­com­mo­date; but on the Linux side, the 64-bit ARM world has largely set­tled on a well-de­fined set of build­ing blocks and firmware in­ter­faces - nearly none of which were used on the M1.

To start with, Apple CPUs boot the op­er­at­ing sys­tem ker­nel in a dif­fer­ent way. The boot­loader, tra­di­tion­ally called iBoot, loads an ex­e­cutable ob­ject file in a for­mat called Mach-O, op­tion­ally com­pressed and wrapped in a signed ASN.1 based wrap­per for­mat called IMG4. For com­par­i­son, nor­mal Linux on 64-bit ARM starts as a flat bi­nary im­age (optionally com­pressed and put in one of the few con­tainer for­mats), or a Windows-style “PE” ex­e­cutable on UEFI plat­forms.

But the real sur­prises start when fur­ther CPU cores are brought up. On other 64-bit ARM sys­tems, this is done by call­ing the firmware through an in­ter­face called PSCI (a few sys­tems use poll-ta­bles, but the firmware is still re­spon­si­ble for them). But on M1, CPU cores start at an ad­dress spec­i­fied by a MMIO reg­is­ter (set to a spe­cific off­set within the ker­nel im­age, then locked, by the boot­loader), and sim­ply be­gin run­ning the ker­nel.

If that was­n’t enough, Apple de­signed their own in­ter­rupt con­troller, the Apple Interrupt Controller (AIC), not com­pat­i­ble with ei­ther of the ma­jor ARM GIC stan­dards. And not only that: the timer in­ter­rupts - nor­mally con­nected to a reg­u­lar per-CPU in­ter­rupt on ARM - are in­stead routed to the FIQ, an ab­struse ar­chi­tec­tural fea­ture, seen more fre­quently in the old 32-bit ARM days. Naturally, Linux ker­nel did not sup­port de­liv­er­ing any in­ter­rupts via the FIQ path, so we had to add that.

When you try to get mul­ti­ple proces­sors in a sys­tem to talk to each other, you have to pro­vide a set of in­ter-proces­sor in­ter­rupts (IPIs). On older Apple SoCs, those were han­dled sim­i­larly to IRQs, by ex­e­cut­ing MMIO ac­cesses to the AIC. But on newer ones, Apple uses a set of proces­sor core reg­is­ters to dis­patch and ac­knowl­edge IPIs, and they are - again - de­liv­ered as FIQs. So the FIQ sup­port was re­ally quite im­por­tant. Fortunately, our work on vir­tual mod­els in our se­cu­rity re­search prod­uct has pre­pared us for this.

After work­ing out a few more hard­ware quirks, and adding a pre-loader that acts as a wrap­per for Linux and pro­vides a tram­po­line for start­ing proces­sor cores, we could set a frame­buffer and were greeted with the sight of eight pen­guins rep­re­sent­ing the eight cores of the M1.

Unfortunately, since we do not have a UART ca­ble for the M1 Macs, we had to find an­other way to add a key­board (and maybe even a mouse). There are fun­da­men­tally three paths to do that on the M1 Mac Mini: the built-in USB host in the M1 chip (serves the Thunderbolt/USB ports), the xHCI USB host on PCIe (serves the type A ports) and Bluetooth.

While we won’t get into the de­tails of Apple Bluetooth, we’ll note it uses a non-stan­dard PCIe-based pro­to­col that is sup­ported in our vir­tu­al­iza­tion prod­uct, and would re­quire not only bring­ing up PCIe ports on the M1 chip, but also writ­ing a cus­tom ker­nel dri­ver for this pro­to­col. That made it seem like the worst choice for get­ting this done quickly.

This means we had a choice be­tween bring­ing up PCIe and us­ing the stan­dard ker­nel xHCI dri­ver, or bring­ing up the built-in USB con­troller. Apple has been us­ing the Synopsys DWC3 dual-role USB con­troller for a while in their chips, and it has a Linux ker­nel dri­ver. Unfortunately, Apple is also in the habit of adding cus­tom logic around the con­troller, so this ended up be­ing a fair bit of work.

Both the PCIe and the built-in DWC3 USB con­troller on M1 use IOMMUs, called DARTs. Apple has been re­fin­ing their DART de­sign in a con­sis­tent, evo­lu­tion­ary way, re­sult­ing in an ex­cel­lent, full-fea­tured IOMMU. The last ver­sion even has sup­port for sub-page mem­ory pro­tec­tion, rarely seen else­where. (We had a blog post on IOMMUs and other sim­i­lar de­vices last month.)

To ac­tu­ally con­nect the USB port in­side the M1 to the USB type-C con­nec­tors on the back of the Mac Mini, we had to in­ter­act with a chip on I2C (which means GPIO and I2C dri­vers) which has cus­tomized firmware. We’ve seen the pro­to­col for these while build­ing our vir­tu­al­ized mod­els; noth­ing is a big sur­prise if you have a bird’s eye view of the sys­tem.

After a few days of fig­ur­ing out the de­tails of USB, we were fi­nally able to con­nect an ex­ter­nal USB hub and con­nect a key­board, mouse and a Flash drive, open­ing the pos­si­bil­ity for run­ning a nor­mal desk­top Linux dis­tri­b­u­tion.

The first step to boot­ing Linux on your Mac Mini M1 is to down­load the Ubuntu POC rootfs avail­able here. We used a Raspberry Pi im­age be­cause it was a live USB boot im­age, so we only had to make mi­nor mod­i­fi­ca­tions to boot it.

You will need a min­i­mum 16G ex­ter­nal USB drive. Extract the im­age by typ­ing:

Then, use disk util­ity to lo­cate the name of the ex­ter­nal disk. Finally, copy the im­age to the USB drive us­ing:

Connect your USB drive to the Mac Mini M1 us­ing a don­gle via the USB C port. The USB A ports are not cur­rently sup­ported.

To boot into 1TR (the one true re­cov­ery OS), turn off your Mac Mini M1 and then hold Power un­til you see “loading op­tions”. Once it loads, you can se­lect the ter­mi­nal op­tion from the menu bar at the top.

The next step is to in­stall the cus­tom ker­nel. We have made a script that makes this step eas­ier for you. You can run it by typ­ing:

The script will prompt you for your user­name and pass­word. One you see it print “Kernel in­stalled” it’s safe to type re­boot.

Once you’re booted, you’ll be prompted for a lo­gin. The user­name is “pi” and the pass­word is “raspberry.” The root pass­word is also “raspberry.”

To re­vert to boot­ing MacOS, in 1TR open ter­mi­nal and type bputil -n

If you’re in­ter­ested in sup­port­ing our work on open source pro­jects like these, please con­sider do­nat­ing on our be­half to the EFF, who work tire­lessly to de­fend se­cu­rity re­searchers and pro­tect the dig­i­tal rights of users and de­vel­op­ers. You should also con­sider sup­port­ing the work be­ing done by the folks over at Asahi Linux.

We’d like to ex­tend a very spe­cial thanks to the en­gi­neers be­hind PongoOS for con­tribut­ing their ex­per­tise and col­lab­o­ra­tion. We’re look­ing for­ward to up­dat­ing with a ver­sion that uses PongoOS as the boot­loader!

Bitwarden be­lieves source code trans­parency is an ab­solute re­quire­ment for se­cu­rity so­lu­tions like ours. View full, de­tailed Release Notes in GitHub us­ing any of the fol­low­ing links:

Dates on this page rep­re­sent Cloud Server and Web re­leases. Bitwarden in­cre­men­tally up­dates each client ap­pli­ca­tion (Desktop, Browser Extension, Mobile, etc.) fol­low­ing the ini­tial re­lease date to en­sure fea­ture ef­fi­cacy and sta­bil­ity.

As a re­sult, client ap­pli­ca­tions should ex­pect listed fea­tures fol­low­ing the ini­tial re­lease.

For the first ma­jor re­lease of 2021, the Bitwarden team com­bined mul­ti­ple ma­jor en­hance­ments to ad­dress the crit­i­cal needs of all users, in­clud­ing:

* Emergency Access: Bitwarden’s new Emergency Access fea­ture en­ables users to des­ig­nate and man­age trusted emer­gency con­tacts, who may re­quest ac­cess to their Vault in a Zero Knowledge/Zero Trust en­vi­ron­ment (see here for de­tails).

* Encrypted Exports: Personal users and Organizations can now ex­port Vault data in an en­crypted .json file (see here for de­tails).

* New Role: A Custom role is now avail­able to al­low for gran­u­lar con­trol over user per­mis­sions (see here for de­tails).

* New Enterprise Policy: The Personal Ownership pol­icy is now avail­able for use by Enterprise Organization (see here for de­tails).

* Biometric Unlock for Browser Extensions: Using an in­te­gra­tion with a na­tive Desktop ap­pli­ca­tion, you can now use Biometric in­put to un­lock Firefox and Chromium-based Browser Extensions (see here for de­tails).

The lat­est re­lease of Bitwarden adds SSO-related en­hance­ments to all client ap­pli­ca­tions, in­clud­ing:

* New Enterprise Policies: The Single Organization and Single Sign-On Authentication po­lices are now avail­able for use by Enterprise Organizations (see here for de­tails).

* API Key for CLI: Authenticate into the Bitwarden CLI us­ing an API Key newly avail­able from your Web Vault (see here for de­tails).

* Improvements to SSO Onboarding: We’ve made some im­prove­ments to the way users are on­boarded via SSO to pre­vent po­ten­tial se­cu­rity risks (see here for de­tails).

* GDPR Acknowledgement: From now on, new users of Bitwarden will be asked to ac­knowl­edge a Privacy Policy on reg­is­tra­tion.

* Android 11 Inline Auto-fill: For de­vices us­ing Android 11+, en­abling the Auto-fill Service will dis­play sug­ges­tions in­line for IMEs that also sup­port this fea­ture (see here for de­tails).

The lat­est re­lease of Bitwarden adds much-an­tic­i­pated Login with SSO func­tion­al­ity for all client ap­pli­ca­tions, and the Business Portal for Web Vaults. Read this blog post for more in­for­ma­tion about Login with SSO, and re­fer to our doc­u­men­ta­tion.

The fol­low­ing items were re­leased be­tween March and September of 2020.