GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)

  1. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Thursday, 29-May-2025 21:34:38 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Eva Winterschön

    @winterschon

    the same applies to so many package managers, I

    The one that still always bites me on Debian-based systems is that apt install and apt upgrade do not imply apt update. So they will try doing the thing with a stale snapshot of the state of the remote repository. Often this means it will install the five packages that haven't been updated and then notice that the sixth doesn't exist (it was replaced with a newer version) and fail in the middle of modifying my system.

    Conversely, this is two of my favourite features of FreeBSD's pkg. First, any operation that involves the remote repo implies pkg update (this doesn't always help. One time I forgot I had done pkg upgrade and then came back two days later after a new package set had been deployed), so it always starts from a plausible state. Second, it has a separate fetch and install phase, so will not start installing until it has a consistent snapshot of packages that it needs, so if the package repo changes in the middle, you don't end up having to uninstall packages that were installed but are now the wrong version.

    In conversation about a day ago from infosec.exchange permalink
  2. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Thursday, 29-May-2025 21:32:47 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Eva Winterschön

    @winterschon One of the things that makes me believe the systemd people are not serious is that they decided to turn the noun-verb interface of service into a verb-noun interface in systemctl, in spite of decades of HCI research telling them to do the opposite.

    In conversation about a day ago from infosec.exchange permalink
  3. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Friday, 23-May-2025 00:34:41 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)

    I would be a much happier person if I could spend 10% less of my life not saying to people 'Please don't do the obviously stupid thing, it will cause long-term problems that are avoidable by simply not doing the thing, or, ideally, by doing a less-stupid thing'.

    In conversation about 8 days ago from infosec.exchange permalink
  4. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Friday, 23-May-2025 00:25:01 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)

    Why do web browsers not include breathalysers?

    In conversation about 8 days ago from infosec.exchange permalink
  5. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Wednesday, 21-May-2025 21:01:10 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Nowhere Girl

    @gwynnion

    I want my browser to be a user agent. The thing that extends the agency of the user to their interaction with a remote system. That's basically the opposite of what any 'AI' integration does.

    In conversation about 9 days ago from infosec.exchange permalink
  6. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 18-May-2025 02:31:40 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)

    We want to grow our economy. I know, let's listen to companies that keep laying off thousands of employees! They'll be experts in job creation!

    UK Labour Party strategy, as far as I can tell.

    In conversation about 13 days ago from infosec.exchange permalink
  7. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Thursday, 15-May-2025 05:24:00 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)

    Our 2015 #CHERI paper won the Test of Time Award at IEEE Security and Privacy today!

    Back then, CHERI capabilities were 256 bits (for a 64-bit address space) and were only just usable as C pointers. We didn’t have the pure-capability ABI properly supported in the compiler and were mostly using explicit annotations. Oh, and the prototype was still using MIPS.

    CHERI has come a long way since then!

    Oh, and back then we thought 15 authors on a paper was a lot!

    (They told us a while ago but it was embargoed until the official announcement)

    In conversation about 16 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/507/887/306/455/545/original/f36005e734851dbb.png
  8. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Wednesday, 14-May-2025 12:00:22 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • lproven
    • The Register

    @lproven @theregister

    But if you're not interested in running Docker containers on your storage server, or you don't want to integrate your storage with your Kubernetes clusters, there's good news: zVault has picked up the final FreeBSD version of TrueNAS CORE.

    Note that you can run FreeBSD Docker / OCI containers on zVault with Podman or containerd. And many Linux ones, if they work in the Linuxulator.

    I hope we'll have a bhyve shim soon so that it's also possible to run Linux containers in a VM with the storage exported from the host (so ZFS clones and so on, but shared over VirtIO-FS rather than nullfs mounts).

    In conversation about 17 days ago from infosec.exchange permalink
  9. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Tuesday, 13-May-2025 20:39:02 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)

    @ariadne

    I really struggle to understand the motivation for things like Flatpack. As I understand it, the train of thought is something like:

    1. Shipping up-to-date software is hard.
    2. When a security update in a library comes out, we need to update everything that depends on it.
    3. This requires effort and is an intrinsically hard problem.
    4. Let’s make it a distributed system where everyone has to do the work independently and no one gets to benefit from amortising the effort!
    5. ???
    6. Easy software distribution!
    In conversation about 17 days ago from infosec.exchange permalink
  10. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 11-May-2025 07:36:50 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    • Steve Herman

    @w7voa That’s the wrong headline. Their party affiliation doesn’t matter. The executive is threatening to arrest members of the legislature for doing their jobs. That is a direct attack on the independence of the legislature, not a partisan issue. It should be immediate grounds for impeachment.

    In conversation about 20 days ago from infosec.exchange permalink
  11. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 11-May-2025 01:40:45 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Emeritus Prof Christopher May

    @ChrisMayLA6 The only reason I didn't 'buy the dips' is that I don't think he's sufficiently competent to do market manipulation. The dips will be where he expects, but I don't think the recovery will be.

    In conversation about 20 days ago from infosec.exchange permalink
  12. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 11-May-2025 01:30:18 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Dave Rahardja

    @drahardja I read elsewhere that the margin call comes when the stock price hits around 140 (144?). It's currently more than double that, at 298. The lowest it got since the takedown effort was around 220. It's really not clear who is still buying TSLA: presumably people with a vested interest in propping up Musk personally rather than people who think the company has a future.

    In conversation about 20 days ago from infosec.exchange permalink
  13. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 11-May-2025 01:30:17 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Dave Rahardja

    @drahardja I certainly hope so. Currently it's up 35% above a week or so ago.

    Stock prices normally reflect the company's fundamentals eventually, but, as John Maynard Keynes said:

    Markets can remain irrational longer than you can remain solvent.

    This works in both directions: a stock can remain overvalued for a long time.

    Buying Tesla stock isn't just a way of investing in the company, it's also a way of buying favour with Musk. As long as he is shadow President, there are going to be a lot of people (Russian and Chinese governments, for example, as well as wealthy individuals) who are happy to throw a few billion at the stock in exchange for influence with Musk. And guess who just gutted the SEC?

    In conversation about 20 days ago from infosec.exchange permalink
  14. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 11-May-2025 01:30:16 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Dave Rahardja

    @drahardja Fingers crossed!

    I did read today that a big pension fund voted yesterday to ban their fund managers from buying any more TSLA because they don't think it's long-term viable. They're not dumping yet, but they probably want to sell slowly to avoid tanking their value while they do. Hopefully others will start to follow soon.

    In conversation about 20 days ago from infosec.exchange permalink
  15. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Friday, 09-May-2025 00:27:53 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc So, C?

    In conversation about 22 days ago from infosec.exchange permalink
  16. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Monday, 05-May-2025 17:16:24 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • Patrick C Miller :donor:

    @patrickcmiller

    Judge Vince Chhabria pushed back on Meta attorneys arguing that the company's Llama AI models posed no threat to authors in their markets

    Even if this were 100% true, it doesn't matter. The DMCA established statutory damages in addition to actual damages for copyright infringement. You don't have to show that you lost money as a result of copyright infringement, only that the infringement occurred. I'm not a fan of this, given how it's been abused, but if the law is going to be enforced against poor people it should be enforced against multi-billion-dollar corporations.

    The argument that I'd love to see them make is that training a neural network is a form of lossy compression (they can easily find expert witnesses to testify this). If training a neural network is not copyright infringement then a camera recording of a cinema is not and neither is creating an H.264 rip of a DVD. And that's really not a precedent anyone wants to set.

    In conversation about a month ago from infosec.exchange permalink
  17. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Monday, 05-May-2025 05:19:36 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • aeva

    @aeva

    It's been over 20 years since audio made me switch from Linux to FreeBSD.

    The new version of OSS is proprietary, what shall we do?

    FreeBSD: Well, the old version is still BSDL, I guess we'll just fork it and add low-latency in-kernel sound mixing and extend it with the features OSS 4 added.

    Linux: Rip that stuff out of the kernel and replace it with ALSA, which doesn't do software mixing in the kernel at all!

    KDE: Wait, now two apps can't go 'ping' on Linux. Let's write a sound daemon.

    GNOME: Wait, now two apps can't go 'ping' on Linux. Let's write a sound daemon.

    KDE and GNOME: Oh, now KDE and GNOME apps can't go 'ping' at the same time. I guess we should agree on some standards.

    PulseAudio: Hi everyone! I have come to save you from the perils of usable sound! But now you can have sound move from your speakers to USB headphones when you plug them in! Maybe! If you get the config right.

    Everyone: Nooo, someone let Lennart Poettering write some code! We're doomed!

    Hans Petter Selasky: Wait, that thing with moving audio sounds useful. Rewriting all of your software to do it? Less so. *Writes virtual_oss to provide a layer that lets you send audio to USB devices with userspace drivers or to different in-kernel devices*.

    PipeWire: Okay everyone, we can all agree PulseAudio was a bad idea, but we've rewritten all of the code and have a migration path. I guess we're good now?

    FreeBSD: Curses, hps just died. I guess he won't be fixing all the things anymore. We'll need to start maintaining virtual_oss and integrate it with the base system. Should probably also fix a bunch of issues in the kernel drivers and make sure low-latency sound mixing is reliable and robust with new hardware. By the way, software that you wrote 20+ years ago still works fine with the kernel and userspace drivers and has low-latency mixing.

    In conversation about a month ago from infosec.exchange permalink
  18. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Saturday, 03-May-2025 21:33:52 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)

    Does anyone still click on links to YouTube? If I wanted to be bombarded by ads, I'd move to the USA and buy a TV.

    In conversation about a month ago from infosec.exchange permalink
  19. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Friday, 02-May-2025 20:02:10 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)

    I remain confused by the 'it's not a Nazi salute, it's a Roman salute' defence. Oh, sorry, I didn't mean to associate you with a genocidal imperial regime that put people in death camps, when you actually meant to be associated with the genocidal imperial regime built on slavery that just murdered people without transporting them anywhere first and then enslaved their families. My mistake?

    In conversation about a month ago from infosec.exchange permalink
  20. Embed this notice
    David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Thursday, 01-May-2025 17:32:59 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
    in reply to
    • ✧✦Catherine✦✧

    @whitequark I use Vivado on a Mac using Docker and Rosetta with a load of LD_PRELOAD things to stop it crashing on launch. Is there a non-cursed way of running this nightmare of a program?

    In conversation about a month ago from infosec.exchange permalink
  • Before

User actions

    David Chisnall (*Now with 50% more sarcasm!*)

    David Chisnall (*Now with 50% more sarcasm!*)

    I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the #CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the #CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler.Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated.Warning: May contain greater than the recommended daily allowance of sarcasm.No license, implied or explicit, is granted to use any of my posts for training AI models.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          241214
          Member since
          8 Feb 2024
          Notices
          160
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.