1. 2

    I hope someday that Microsoft will give up on trying to create a working browser, and focus on creating a working operating system.

    1. 2

      I don’t know their strategy, but given WSL, I suspect they will soon give up on trying to create a working operating system.

      1. 2

        “… a buggy set of drivers…” is my hope, but with less “buggy” :)

    1. 1

      I’m pretty impressed.

      I’m considering to add an additional NES mode to my website (after the recently added Dark mode).

      It shows pretty well how creative the web can be with “just” CSS.

      1. 1

        In Plan 9 the default filesystem is pretty different:

        • all programs are bound to /bin
        • / contains several folder dedicated to the various supported architectures
        • $path usually contains just /bin and .
        • /usr is what /home is to Unix

        In Jehanne I moved all architectures in /arch (to reduce name clashes in /) and renamed /bin in /cmd (since several comands are not really binaries).

        This sort of changes are usually disregarded as bikeshadding, but since I want to build the simplest possible operating system, it’s important to fix them before the OS is actually used.

        1. 1

          Impressive!

          I have no idea about the process one need to follow to get assigned a TLD.

          1. 1

            Either a pull request to the repo, adding your zone file, or an email to ubergeek at yourtilde dot com will do it.

          1. 2

            According to the homepage of tilde.team anything that people here learn, try (either with success or not) or hack.

            1. 2

              This looks very interesting.

              De Vault explicitly name operating systems as target and I have had a lot of annoyance with travis-ci.

              I will give a try through the free alpha, but the service seems worth of 20 $ a year.

              1. 2

                I really appreciate that it’s all open source and self-hostable as well.

                I dropped the $20 just to support further development on it.

                1. 1

                  Yes… and no JavaScript!

                  It really looks like a service designed for hackers.

                  1. 1

                    any ideas on how to submit a form with ctrl+enter without using javascript?

                    task on sr.ht

              1. 1

                I’m never going to refer to the site as a “safe space” or ban anyone just for occasionally acting like a jerk in an argument—I’d probably have to ban myself fairly quickly. However, it will also never be described as anything like “an absolute free speech site”.

                I love this passage.
                On one hand he acknowledge his own personal responsibility.
                On the other he call for dialogue and good sense.

                A question though: what’s the relationship between the different tildes? I thought I was reading something about tilde.team (and was surprised by the pastel colours :-D ) till I realized that I was on a different domain.

                1. 2

                  It turns out that the relationship between the tildes.net site and tilde GNU/Linux boxes like tilde.team is mostly coincidental. Deimos wrote about it in an FAQ: https://docs.tildes.net/faq#why-is-the-site-named-tildes

                1. 1

                  Cool! I didn’t know Phrack has a papers feed.

                    1. 1

                      Not Everyone Should Code

                      Indeed! Everybody should be a hacker!

                      Programming now is what writing was 5000 years ago

                      1. 3

                        I disagree. Just like not everyone should know how to tear down a car engine, and rebuild it, not everyone needs to learn to code.

                        Personally, I think some other skills are more important than coding. ie, starting a fire without matches. Construction of a basic water filtering system. Wood and metal craft. etc etc etc

                        1. 1

                          The problem is that while water filtering is something you do, a programmer is something you are.

                          Programming is a fundamental way of expressing one freedom.

                          We don’t see it as such, we see it as a job, just because it is still too primitive in itself (like writing was during Ancient Egypt). But we should work to make programming simpler (not necessarily easier) and teach everybody how to do that.

                          Think of this: in the very moment the majority of people will be able to hack, proprietary software will stop to have an advantage over free software: free software will have most programmers and a competitive advantage over ANY closed source solution.

                          Even better: imagine a dumb politician facing hacker crews wherever he talk! :-D

                    1. 2

                      I think replacing it with something else is the wrong way of looking at it. We should not encourage any “perceived safe” way of allowing others to execute code on our machine in a drive by fashion.

                      1. 2

                        Totally agree.

                        With Adrian Cochrane (the author of Odisseus Web Browser) and a couple other guys, we are brainstorming on the principles that should drive the design and development of a better web (in no order… sorry):

                        Unfortunately the mastodon ui is not great for brainstorming.

                        The idea is to go back to a JS-free web, with an better designed markup to support cool HyperTexts but not applications.

                        That is, forums but not chats.

                        We are still brainstorming, but you are welcome to join.

                        1. 1

                          It’s also worth noting that artical does not presume there’s a “safe” way to allow others to execute code on our computers. We really just have to trust the developers.

                          The suggestions from the artical (to sum it up) are basically to 1) make link targets more powerful and 2) allow CSS to be made conditional on the presence of another selector.

                          I find these suggestions very intriguing and should be more than enough to, say, recreate this site’s interface, though it would be a little heavier on the server. Which could probably be fixed without reintroducing clientside scripting.

                        1. 2

                          I hacked my own license: https://tildegit.org/murii/ETUL-License

                          1. 2

                            Be careful that it lacks a NO WARRANTY disclaimer, and afaik without it you could be sued for demage that one of your users pretend the software caused them.

                            Also, without it, many companies wouldn’t modify your software to avoid the risk.

                            1. 2

                              NO WARRANTY disclaimer

                              Thanks, I’ll add it!

                              Edit 1: Could you check it out and tell me if it’s alright? Thanks!

                              1. 2

                                Well… I’m not a lawyer!

                                I can’t really say if it’s alright, but I don’t see any serious issue in it.

                                It seems a simple and permissive license. (which is a good thing)

                                1. 2

                                  That’s exactly my intention! Thanks!

                          1. 1

                            Do I have it correct that if I make a Derived Work the Hackers of the Inspiring Hack have the copyright of my Derived Work???? I personally am really opposed to this…

                            1. 1

                              Yes, you share the copyright of your Derived Work with the Hackers of the Inspiring Hack.

                              Note however that such grant is

                              • non-exclusive: you can grant it to others too and you still hold the copyright over your changes plenty, differently from what happens with CLAs (that this way become less sustainable)
                              • such upstream hackers need your Hack to use it in any way, so they become Users of your hack and thus such grant terminates if they use it to violate the rights of other users of your Hack (see Conditions, par 6)
                              • it can be transferred to third parties only with the Hack, its Source or any Derived Work but for no charge.

                              Maybe the wording is not clear enough? Or you are still opposed to this?

                              1. 2

                                Oh, you share it. So could I terminate any copyright the Hackers of the Inspiring Hack have on it?

                                1. 1

                                  No. But they can lose it by violating the license.

                                  Edit: to be clear, they can lose the rights you share with them, over your own modifications. They cannot lose the rights over the code or contents they created.

                            1. 2

                              Not a fan, personally. This is like the GPL, but with a sever ability and termination clause not very conducive to the 4 software freedoms.

                              1. 1

                                Actually it’s intended to be an AGPLv3 on steroids, but designed so that

                                • you can profit from the Hack but not from rights over such Hack (since I think such rights should be automatically granted to everybody)
                                • all users share such rights (independently of how they interact with the Hack)
                                • it forces corporations to share wrappers with a compatible license
                                • it move trusts from the License’s author (me or FSF for the AGPL) to the Hackers who created the Hack removing the need to use an “or later version”

                                It has a strong and definitive termination because I don’t want to let corporation use their power to get fix their sin.

                                not very conducive to the 4 software freedoms

                                I’d really like if you could elaborate. What do you mean?

                                1. 1

                                  Well, the 4 software freedoms, as defined by the FSF are:

                                  The freedom to run the program as you wish, for any purpose (freedom 0). The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this. The freedom to redistribute copies so you can help others (freedom 2). The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

                                  I “feel” (No legal theory) that the severability clause precludes #0.

                                  1. 1
                                    5. Severability

                                    The invalidity or unenforceability of any provision of this License does not affect the validity or enforceability of the remainder of this License. Such provision is to be reformed to the minimum extent necessary to make it valid and enforceable.

                                    Mind to elaborate?
                                    Maybe a language barrier, but I don’t undestand what you mean.

                                2. 1

                                  To be honest, I don’t like it heaps either, but I can see where it would be used. Personally I license most of my projects under the MIT License.

                                  1. 1

                                    Personally I license most of my projects under the MIT License.

                                    Which is totally fine!
                                    I’m not against permissive licenses: they are even defined as compatible for wrappers in the Hacking License.

                                    But may I ask what you don’t like about it?
                                    Are you against copyleft in general? Or maybe against AGPLv3 reach?
                                    Or is it just something related to this licence?

                                    I really appreciate feedbacks.

                                    1. 2

                                      I’m not against the idea of copyleft, I’m just against some of the extremes a license goes to. I’d prefer a permissive license over copyleft for a personal project, however copyleft over closed-source; copyright. The GPL and AGPL are a bit too extreme for me - the LGPL is ok. It’s just my opinion - nothing to do with your license. Your license is great for it’s intention.

                                1. 1

                                  This is one of my favourite reads!

                                  1. 2

                                    Yet another reason that js is Bad.

                                    Javascript is a security hole by design.

                                    I suppose the issue here is that it’s not a problem that affects just firefox.

                                    1. 1

                                      AFAIK it affects all browsers from WHATWG’s members, but in slightly different ways, depending on implementation details.

                                      Firefox was just the one I thought was more interested in protecting users. But I was wrong, they prefer to build safety ports that everyone can admire without giving a shit about the missing walls in their house.

                                      Anyway, I know JS pretty well as my daily job is mostly developing web applications with it (and looking for workarounds to weird bugs in JS frameworks).

                                      JavaScript sucks in many ways.
                                      WebAssembly can make it even worse.

                                      But this are browser problems: had they used Rust instead of JS it would have been exactly the same.

                                    1. 2

                                      So the gist of it is that you brought a flaw in the design of the internet up as a bug on a browser that implements the flawed design? That’s what I read from this.

                                      1. 1

                                        Well, to be precise these bugs are in the design of a Web protocol (HTTP) and a Web standard (JavaScript).
                                        The Internet (which is way more than the Web) is fine.

                                        Anyway yes, I opened a bug report to Firefox as suggested by a Mozilla developers.

                                        Mozilla (like Google, Microsoft and Apple) is a founding member of WHATWG, they write these Living Standards, so they are responsible for those bugs.

                                        Also, be it standard or not, if the users of your application can have their firewalls bypassed through it, its your fault.

                                        And it’s your responsibility to inform the users of the risks you are exposing them to.

                                        Stating that it’s a problem in the standards (that you wrote), without informing them is not what I expected from Mozilla.
                                        This is particularly weird becauae the fixes are technically easy to implement for a browser vendor and AFAIK there is no line in the WHATWG standard imposing Javascript to be opt-out instead of opt-in.
                                        So to be even more precise only the HTTP cache control usagw I described is a problem in the standards: the JS issue is more a hole in the standard.

                                        Indeed that’s why I started informing Mozilla of the attacks in the first place. To fix the Living Standards that follow the implementations you need to fix an implementation first.

                                      1. 1

                                        How did you get here, why were you banned, who the f* are you anyway?

                                        1. 3

                                          I was invited by @ben.

                                          Basically I asked several times to members of Mozilla Security if their users were vulnerable to a wide class of attacks I described in a bug report (and have been then proved with 2 exploit).
                                          For the full story you should read the article, but you can find here a short summary.

                                          My name is Giacomo Tesio, I’m a father, a husband and a programmer.
                                          I’m from Italy. I am a hacker too. Actually I’m also many other things… it’s a bit complex to answer the last question properly.
                                          On tilde.team you can find me as giacomo.

                                        1. 1

                                          interesting discussion in the comments on lobste.rs

                                          1. 1

                                            The problem is that browsers cannot be trusted to run arbitrary computations.

                                            Not just because of the attacks that can exploit JavaScript and HTTP cache control (two of which have been proved with a PoC exploit), but because they are not informing the users about the risks.

                                            While I could have expected this behaviour from surveillance companies like Google or Microsoft, Mozilla was able to fool me for years by simply stating Firefox is “built for people, not for profit”.

                                            Bulshit.

                                            As of today, they didn’t answer to the question “are Firefox users vulnerable to this wide class of attacks?”

                                            But don’t recall this on Lobste.rs or they will ban you too.

                                          1. 2

                                            We de-facto instituted what my colleague Richard Fontana once called the “Rule of Three” — assuring that any potential FOSS license should be met with suspicion unless (a) the OSI declares that it meets their Open Source Definition, (b) the FSF declares that it meets their Free Software Definition, and (c) the Debian Project declares that it meets their Debian Free Software Guidelines.

                                            What I find funny is that they candidly admit how they managed to gain power over software licensing, while they propose to put their people in charge of new license proposals. I guess they totally ignore what “conflict of interest” means.

                                            GPLv1 and GPLv2 were designed in private, by Stallman and Cohen.

                                            I think hackers should avoid groupthink and manipulations like

                                            The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting process should be rejected for the meta-reason of “non-transparent drafting”, regardless of their actual text. This will have the added benefit of forcing future license drafters to come to OSI, on their public mailing lists, before the license is finalized.

                                            They are not protecting free software here, but their own interests.

                                            1. 2

                                              I think FOSS licenses would benefit from the same thing I believe will fix the FOSS software problem of mob rule and groupthink: Completely anonymous authorship.

                                              Remove the ego, ethnicity, gender, et al, and base your opinion on the commit.

                                              1. 2

                                                This is a very interesting perspective. I need to think about it.

                                                Note however that, given the current Copyright laws, no authorship means no copyright and no copyright means no Copyleft.

                                                Thus basically every corporation out there would free ride the generosity of hackers.

                                                At a first look, this would be possible in a world where propertary software is illegal.

                                                1. 2

                                                  Anonymous doesn’t mean no ownership, though.

                                                  However, it would require something along the lines of a CLA to allow another party (aka A foundation) to enforce your copyright.