Forgot your password?

Comment: Re: Administrators dislike constraint based system (Score 1) 811

Your comment, along with all of the others, proves to be that nobody that dislikes systemd has actually used it.

Required service dependencies are *absolutely* trivial, unidirectional or bidirectional.

This whole comment section is hurting my head. So so so much misunderstanding and untruth.

On the contrary; I've fixed a number of the dependency orderings in ChromeOS using systemd. Like I said, it's fine if you are OK with rebooting, and as you said, it's possible to express the dependencies correctly. I don't think we are contradicting one another.

It's also possible to explicitly specify correct build order dependencies in the Debian build system, so that it can avoid retries. My issue is that it's also possible to express the dependencies as loose constraints, and things can still be made to work (rebooting in case the mouse didn't start up correctly in ChromeOS was one of the things I fixed; 95% of the time, it started fine, but the first reboot after an upgrade, before the boot cache files had been built, it didn't, due to timing). The Debian build system does it by retrying.

The problem is that people depend on this behaviour to get them out of jams, rather than drilling down and fixing the missing underlying dependency specification, *because the system _mostly_ works without them needing to do so*. And *that's* the problem. If it just freaking *broke* outright, like a reasonable system, you'd know (A) what to fix and (B) that you didn't have any more hidden timing related crap lurking in the shadows, which wouldn't show up in in house testing, but might show up as a heisenbug at some customer site. That's just not acceptable.

Comment: Administrators dislike constraint based systems (Score 5, Informative) 811

Administrators dislike constraint based systems.

This should surprise no one. One of the problems with a constraint based system is that you don't control the precise ordering of things.

This doesn't bother the Debian folks, because their build system is a constraint based system. If they have a package to install which has dependencies, they don't control the actual build order of the dependencies, or of their dependencies, and so on. Turtles all the way down. You do an apt-get install foo, and it's going to try to build subcomponents when they become available to try to build. And if they fail to build, they don't care: they "try again later", in case something that happens later satisfies the dependency that wasn't satisfied the first time around.

This is very disturbing to system administrators, who like things to be both orderly and predictable. All dependencies should be mapped out, known, and explicit. If something gets tried now, and fails, the correct response isn't "We'll try again later!", it's "Stop! Someone fix this fucking thing, it's obviously broken".

The build system is not deterministic; if there are two components, and one has a subdependency on some X of "at least version N", and another has a subdependency on X of "at least version N+2", then depending on the vagaries of network overhead, it's possible that half your code gets built with version N and the other half gets built with N+2, and things break. Things breaking is in fact far more acceptable to a system administrator than "things act weird", and "things act weird" is at least deterministic for a given build instance, and far, far, more preferable than "things sometimes work and sometimes don't".

So system administrators dislike Debian for large system installations. And they dislike systemd for starting things up and shutting things down.

A desktop system is far, far more forgiving: "It's not working; I'll just reboot!". As long as things "mostly work", then things are great! "Look! It's as good as Windows!".

Note that launchd in Mac OS X has many of the same problems as systemd; it's also a constraint based system. It's somewhat worse, in that it insists on controlling file descriptors and sockets and Mach ports for the things it starts - which means you have to rewrite a lot of at least the startup code in most Open Source software to tolerate being run by something that opens the files and sockets that it expects to do itself. But that's just a lot of make-work, and people who are paid to do work are paid because it's not something they'd be willing to do voluntarily, for free, and that's what they're exchanging for the money they are getting in exchange for putting up with that part of the job.

Unlike the people making things work with launchd, though, the people expected to make things work with systemd aren't being paid. And so systemd represents make-work and change for chage's sake, which doesn't sit well with volunteers.


So yeah, a lot of people find systemd annoying. Kirk McKusick once accused "vnode" as being "the structure that's taken over the kernel"; in Linux, systemd is fast becoming "the program that's taken over user space".

How this will all play out, I don't know, but don't expect it to be resolved any time soon, given the dichotomy between the philosophies of the stakeholders involved.

Comment: Re:Cool Idea, Bra (Score 1) 269

by tlambert (#48247841) Attached to: We Need Distributed Social Networks More Than Ello

A better model would be random partial replication between servers.

Not sufficient. My on-ramp server could potentially edit my post before passing it on for replication. I'm not sure if this is solved by your later comment about putatively authoritative servers or if that one only applies between the replication servers? I don't know enough about the iApple model to judge this one here.

It's possible to verify the signature on the message using the public key in the profile for purposes of authentication (*NOT* authorization!) and non-repudiation purposes. You would require the intersection of two information vectors be compromised in order to alter someone's message - equivalent to controlling both the forward and reverse DNS entries for SMTP spoofing; presumably, you would not be subject to unsigned information there, the way the DNS system *without* DNSSEC fails to protect SMTP today.

It also requires a level of cooperation that's unlikely between competing players.

I already specifically noted that it's arranged as a mutual security game on the GloboCop model. This is the same model that was used during the cold war to prevent active warfare larger than brushfire wars. The math on it is rather complex to explain, but I could give you references to works by the Sante Fe Institute and the Brookings Institute. It's mathematically supportable.

This interferes with the "I want to be able to unsay stupid stuff"/"I want to be able to use the server while high or drunk and fix it later" feature

No it doesn't. If the protocol includes a "delete message X" command

Let me stop you right there. This would open the protocol to the "cancelbot" problem. It can't be allowed. What you can do instead is to implement "no_see_ums". You, or any exterior level of containing groups of subsets of the implied group "everybody" (but not "everybody" itself) can decide to "subscribe" to a set of of things in the category "I'd rather not see that". The top level is always unfiltered, and you can have "politeness" groups of "I'd rather you not see my drunken ramblings" on top of that. Polite people join the "politeness" group, and everyone else can (if they look hard enough) see your drunken ramblings. Forard distribution ACLS (immutable) would let you limit distribution to members of a politeness group. Thus - internal, but not external visibility + cancel. Assuming you group your drunken ramblings instead of flinging them to the winds.

But it solves the "domain name hostage" problem for profiles.

Again, its likely a "delete entire profile" command would be built into the protocol.

No. It's a permanent record of the data, or at least as permanent as "until an EMP takes out, simultaneously, all the replicas". Deleting a profile would be tantamount to deleting everything the profile has done in the past, which is tantamount to the historical rewrite, without the "polite consent" of those it's being rewritten out from under.

I'm not sure how you'd deal with "multiple persona" in a reasonable way; you could, I suppose, simply allow it, and allow for mutual adoption and unilateral dissociation - "A adopts B & B adopts A" and "A adopts B and B rejects the adoption", but the storage requirements balloon. For example, I have a number of distinct digital persona that I maintain for reasons of separation of roles, and I'd be sorry to lose that, but I probably would not maintain more than a handful in a social network setting in any case, corresponding to my current social networks and the roles the networks themselves are intended to fulfill. I have a persona on Facebook, I have a persona on LinkedIn, I have a persona on Google+, and so on.

I rather expect that any system that got built on this model would want to be able to subsume, or at lest replica the data and organizational structure from those networks. I think Google Groups / Google Wave / Google+ attempted (and failed) to do this by having groups and groups of groups, but the associative relationships necessary for such a thing are necessarily more complex than the representational geometry of the latest offering(s). It's something you have to design in - you can design large and scale down, but scaling up is a PITA if it requires a redesign. To put it another way: you have to map the absolute problem space, not the intended initial deployment space, with your architecture.

Like I said, I typically do not see a great deal of monteizable value in this, unless you get people to also self-select into profile groups. Perhaps you could get them to do this in exchange for Google Fiber service? I expect most people would do so to avoid paying for Internet service, but it would be a radical rethink of the value of physical communications infrastructure; I expect Verizon et. al. would shit themselves and hire hit men before they'd allow it to happen.

Comment: Re:Cuba sends doctors, US sends soldiers (Score 1) 117

by tlambert (#48238277) Attached to: Pentagon Builds Units To Transport Ebola Patients

Yeah, because all those US doctors who got ebola got sick because they were overseeing ebola patients in the mines they were overseeing. Your ignorance is showing, maybe your anti-US hatred is clouding your view of reality.

Just like the earthquake in Haiti and many similar situations prior to that, a disaster or a severe threat of some kind provided a justification for the US sending troops and establishing military bases (or otherwise an enduring military presence) in a nation that previously denied entry to the US military. A lot of awfully convenient series of events like this have happened in the last fifty years or so.

You mean that ... *GASP!!!!!* That earthquake machine I built for the government was used for *EVIL*, rather than for the peaceful, *GOOD* type of earthquakes?!?!

I am so glad you were here to enlighten me!!! I'm quitting my job at the government labs, right after I finish the solar flare machine I've been working on!!!!!

Comment: Re:So people figure out yet... (Score 1) 117

by tlambert (#48238269) Attached to: Pentagon Builds Units To Transport Ebola Patients

That mandatory quarantine and travel bans are a good idea yet?

No, nobody has figured that out yet.
The CDC says up to 1,050 people per week are coming into the USA from countries with active Ebola outbreaks.

Explain how you plan to run a rolling quarantine for 3,150 people?

Convert Larry Ellison's island back to it's historical use, when we had no effective treatments for Hansen's Disease (Leprosy)?

Historically, Ellis and Angel Islands managed quarantine just fine for massive numbers of immigrants. It's a solvable problem to run a rolling quarantine.

Comment: Re:This. (Score 1) 307

by tlambert (#48238191) Attached to: US Army May Relax Physical Requirements To Recruit Cyber Warriors

What do you mean, "[physical fitness] does not engage your brain"?

It's all muscle memory, once you have your routine down. It doesn't require thinking to accomplish. It's like the cross-country running I did in High School in order to get out of a PE credit so I could take the first CS class that was offered there. I did it because I had to, not because I wanted to.

If you're into the endorphins/runners high, great. If you're in a team sport that requires strategy and tactics, great. If you're sitting at a Nautilus machine going through a workout routine, you might as well get totally stoned first, because it's going to be your medulla doing all the thinking about moving your muscles; there's no higher brain function involved.

Some of us find it rather impossible to "just zone out".

Comment: PS (Score 1) 269

by tlambert (#48238135) Attached to: We Need Distributed Social Networks More Than Ello


Just because I could build this thing Bennett Haselton wants, doesn't mean that I agree that it would be a useful or monetarily rewarding or socially redeeming thing to do. I don't even think the technology would be all that tricky, or even patentable, for the most part. As far as I can tell, it's just a "I want to build an X just like Y, but different from Y in these ways" play, like all the other idiots who want to compete with a big player in a large market niche in the hopes of a big $$$ exist strategy.

Comment: Re:Cool Idea, Bra (Score 1) 269

by tlambert (#48238125) Attached to: We Need Distributed Social Networks More Than Ello

A potentially bigger issue though is even if I'm willing to move my profile after shuts it down, I'm still relying on allowing me to grab a copy of my profile to move off somewhere else. Its not as simple as just "changing providers." In order to 100% guarantee that my profile will never be censored, I would need to host it myself.

Technically not true. A better model would be random partial replication between servers. This would follow the usenet "flood fill" distribution model, where multiple replicas end up on different machines. This interferes with the "I want to be able to unsay stupid stuff"/"I want to be able to use the server while high or drunk and fix it later" feature you (effectively) required in another discussion we were having. But it solves the "domain name hostage" problem for profiles.

To prevent editorializing of your profile and posts by putatively authoritative servers, you'd have to deal with the trus/revocaction issue, but this could be handled by treating it like the iTunes/iCloud CDN model, and having signing key of signing keys, generational signing, and a monotonically increasing version number on the signature knapsack for a given profile. This also solves the "stale cache in fraudulent/stale replica holder" problem, but requires a hierarchical and strongly distributed authoritative UUID/OID distribution model.

You could still dick with someone's profile, but you'd have to be a trusted server to do it, and you'd have to deeply compromise the server software such that the authoritative signing key infrastructure was effectively back-doored. If anyone ever found out about it, you'd lose your position of authority forever, and presumably these positions would only be granted to "superpowers" in a GloboCop-style mutual security network. You'd effectively be exposing all your vouchsafed users and their users (in an arms race analogy, you'd be giving China the a ability to vote with France and the U.S. to deactivate all of Russia's nuclear arsenal). A major player is unlikely to risk that on a petty vendetta, or even for an intelligence agency.

Comment: Way to address the 18% and not the 82%! (Score 1) 307

by tlambert (#48237523) Attached to: US Army May Relax Physical Requirements To Recruit Cyber Warriors

Way to address the 18% and not the 82%!

Given that you're not OK with the 70% remaining people that are currently unqualified, that'll get you another 12.6% overall, instead of 57.4% overall. Way to go for the 22% solution to the 100% of the problem there! Let's see... that'll give you a "C+" grade, on the standard scale... way to overachieve!

Perhaps you need to hire some otherwise unqualified STEM people to do your math for you, before you start making policy decisions based on your back of the envelope calculations...

Comment: You're thinking about this wrong. (Score 1) 307

by tlambert (#48237491) Attached to: US Army May Relax Physical Requirements To Recruit Cyber Warriors

It's almost that simple. If the caloric intake is limited and the P.T. requirements met, I guarantee *anyone* would slim up in time. In the army they can control what you eat just as much as how much P.T. you do, so the usual laundry list of excuses for obesity don't matter.

You're thinking about this wrong.

Cardio myopathy? Heart murmur? Arterial-venous malformation? Scoliosis? Spina bifida? Multiple Sclerosis? Myasthenia Gravis? Hypertension? Etc.?

There are many medical reasons for turning inward to concentrate on ones intellect which I will freaking guarantee that you will dedicate yourself to the task, and without the help of Jesus personally laying hands on you, will preclude you from becoming physically fit.

Comment: This. (Score 1) 307

by tlambert (#48237461) Attached to: US Army May Relax Physical Requirements To Recruit Cyber Warriors

If they wanted to lose weight, they could have done so long ago.
You can filter out those that are unwilling, but then you risk potentially filtering out the best "cyber warriors".


OCD people can generally accomplish anything they become obsessive about. They typically do not obsess about physical fitness, because it does not engage your brain.

Comment: Re:Distributed social networks won't work. (Score 1) 269

by tlambert (#48231809) Attached to: We Need Distributed Social Networks More Than Ello

You're acting like a social network is a web site. It's not, it's a fabric. If you want to be able to do this type of editing, fine, put up a web page, but don't try to pretend that you posting something that makes you look like an asshole, and then me commenting on it, calling you out for being an asshole, and then you changing the original posting so that it looks like I'm the asshole for engaging in an ad hominim attack, is somehow OK.

I'm not sure how this relates to anything, or how "put up a webpage" makes any sense at all (every social media site I've heard of uses a webpage of sorts..)

You're being disingenuous, or intentionally obtuse. You putting up your own web page so people can see your rants is a far cry from some putative distributed Facebook competitor that exists only to get out from under the "heel" of what the OP dislikes as properties of Facebook he wants to make as architecturally difficult as possible to implement.

There's nothing about "social media" that says "permanence." Snapchat for example does the exact opposite of permanence and automatically deletes things for you.

No, that's a feature of snapchat in particular which is considered by most people to be a means of evading law enforcement, at worst, and the same thing as having an expiration date where the service effectively has a sliding "we're going out of business, sorry" at best. Think MySpace.

Ephemeral is a feature to only a very few.

It still falls under the label "social media" though.

That more of a consequence of the inability of the journalists to classify it, and so they pick a lexicographically "a cherry is like a tomato, because both are red and fruit" close thing, and call it that. IT also sells itself as that, because if you can sell yourself as that, you can pretty much get VC funding.

I can't just erase our shared context from my memory, if I decide Bob is a Nazi after the fact.

No, but you can go ahead and not tell all your friends that Bob's a great guy and cut him out of your life. I'm not sure how any of that has anything to do with any specific communication tool though. The internet does not work like a human brain, for better or worse.

Am I just supposed to "de-friend" everyone?

Or you could just you know, put Bob himself specifically on ignore or whatever equivalent exists. Sure he might still show up in your friends-of-friends lists but he shouldn't be able to shower your wall with hate speech (though again, you should really be questioning your associations if your "real" friends are perfectly OK with Bob's rants.)

I think I pretty much want to out Bob as a Nazi everywhere. I want to punish him for being a Nazi by ensuring he is socially ostracized to the point that he gives up being a Nazi because he's decided that his perceived costs outweigh his perceived benefit. It'd also be nice if he can't pass on his heinous meme to another unsuspecting person by being sly about slowly indoctrinating them, and it'd be nice if any woman who might get into a relationship with him and have his kids would be able to make that decision on the basis of complete information. People frequently make an emotional or financial investment in a bad venture, and then rather than cut their losses, they "throw good money after bad".

This is how gambling addiction works. It why people stay in abusive relationships.

By allowing the rewrite of history (discussed earlier), you remove the need for the social lubricants of politeness, civility, and (possibly pretend) rationality, which are required in real-world interactions.

Except this is explicitly a network of "friends." If you don't like someone, don't friend them.

You are either an old anarchist, or you are otherwise not very knowledgable about how younger people view "friends" on Facebook. Calling them "friends" is a terminology Facebook uses; these are not "friends" in terms of "web of trust". This is not like a PGP key-signing party.

Younger users accept *all* friend requests. If it turns out they don't like what the person is saying or doing, they "unfriend" them later. But the default is to accept *all* requests. This is not how older people do it, and it's not how you would expect them to treat an online relationship, but it's how it works.

That solves the troll problem in all but the worst cases (which would be the equivalent of a real-world stalker.) And even then, the worst they could do would be spam you with friend requests which you could ignore.

In fact its intrinsically not a part of the medium. Social media is about communication, not about history.

I think you haven't been following the whole GamerGate sock puppet situation very closely. Yes, it's the equivalent of real-world stalking, and there's no mechanism to deal with trolls now. In a distributed social network, you could be scrupulously upstanding with your immediate peer nodes, and be a total asshole otherwise. Once you are inside the web of trust, you're inside, and even if someone wants to not hear from you, as a peer node, your node doesn't have to run unadulterated software; it can imply graph relationships that don't exist outside their rogue node.

This is, in fact, precisely how the TOR network had been infiltrated by various third parties: peer-of-peer implied trust relationships.

I don't think this is a workable concept, unless you can figure out a way to (1) Stop the whole GamerGate thing in its traces, without hugely invasive surveillance to root out bad actors at their houses, and figure a way to cut out the cancers permanently and/or take criminal and/or civil action to force them to not be bad actors ("Bob is a Nazi; let's put social pressure on him to change that"/"Bob is a criminal; lets put social pressure on him to not act that way by locking him in a cell"), and (2) Figure out a way to do source verification so that if ted trusts Bob, and Alice trusts Ted, that Alice can legitimately not trust Bob without having to throw away the trust relationship with Ted.

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk