Makura no Soshi

Some older texts, all about blockchains …

• Bitcoin’s Academic Pedigree – ACM Queue, Arvind Narayanan and Jeremy Clark
  The concept of cryptocurrencies is built from forgotten ideas in research literature.
• Git, PGP, and the Blockchain: A Comparison – Netfuture, Marcel Waldvogel
  An attempt at technological genealogy.
• XML, blockchains, and the strange shapes of progress – apenwarr
  XML solved syntax, which turned out not to be the problem. Blockchains [purport to] solve centralization, which will turn out not to be the problem. But they do create the incentive to slash and burn and invest a lot of money hiring consultants.
• 10 years of… whatever this has been – apenwarr
  I forgot one essential reason bitcoin has survived: Because people really, really, really want it to.
• Ten years in, nobody has come up with a use for blockchain – Kai Stinchcombe
  After years of tireless effort and billions of dollars invested, nobody has actually come up with a use for the blockchain—besides currency speculation and illegal transactions.
• Cryptocurrency is an abject disaster – Drew DeVault
  Cryptocurrency has invented an entirely new category of internet abuse.

I still keep a rather old PGP key around, and I have extended its lifetime by changing its expiry date. Something I would not recommend, because everyone with an old copy of the key in their keyring gets an “expired” warning or error.

Read the rest of this entry »

For an easy way to lookup a domain’s SMTP TLS Reporting Policy try my nice MTA-STS Policy Viewer.

After writing the first notes on SMTP TLS Reporting I thought it would be nice to see all setting on one page, without using multiple tools and lookups for DNS and HTTPS data. The first iteration was a shell script, and the second iteration was a Python function. With some more fiddling I set it up as a Google Cloud Function, with a simple web frontend.

The SMTP standard is just as ubiquitous as it is ossified and hard to change. Thus all newer RFCs follow similar patterns of a) adding optional extensions and b) providing feedback loops to detect usage, problems, and abuse of these extensions.

One more recent extension tries to enforce TLS transport between mailservers. This sounds very simple (and would be very simple if one could change the SMTP standard to require TLS), but is not trivial when compatibility is necessary and all TLS policies are “opt-in”.

Read the rest of this entry »

On Open Source and AWS …

• research!rsc: Our Software Dependency Problem – Russ Cox
  Software dependencies carry with them serious risks that are too often overlooked.
• What comes after “open source” – Steve Klabnik
  Software licenses can only restrict what people can do when they distribute the source code, and that’s it. It cannot force someone to have a bug tracker, or a code of conduct, or accept your patch.
• The Cloud and Open Source Powder Keg – Stephen O’Grady, RedMonk
  The Amazon and Elastic controversy is the product of a collision of models.
• The problem with Amazon and Open Source isn’t Amazon – VM (Vicky) Brasseur
  These projects are not being relicensed to protect them from Amazon. Claiming that they are is at best naive and at worst wilfully lying.
• The Complicated Economy of Open Source Software – Daniel Oberhaus, VICE
  A look at the complicated business of funding open source software development.
• AWS Ruins Own Attempt at Sabotage – Corey Quinn
  AWS has now found themselves in the headlines again for an unforced error that makes anyone with other job options reconsider accepting an offer—or even interviewing at AWS at all.

More on programming …

• The Lines of Code That Changed Everything, Slate
  To shed light on the software that has tilted the world on its axis, the editors polled computer scientists, software developers, historians, policymakers, and journalists. They were asked to pick: Which pieces of code had a huge influence? Which ones warped our lives?
• UTC is Enough for Everyone, Right? – Zach Holman
  Programming time is pretty weird. It can sometimes make you feel week in the knees, and very days and confused about how it all fits together. But watch it: this is hour burden to bear, and we can’t just let it past us over.
• So you want to be a wizard – Julia Evans
  This zine is about what the skill of “figure it out anyway” looks like.
• In space, no one can hear you kernel panic – Glenn Fleishman, Increment
  When you’re millions of miles from home, it’s hard to install an operating system update—but not impossible.
• Programmer’s critique of missing structure of operating systems – Bystroushaak
  As I was thinking about it, I’ve realized that architecture of the operating system itself is wrong for this kind of job. The stuff it offers and the stuff it allows us to do, is not what we want and expect. […] How about we take away all the weird string formats, whether it’s passing command line parameters when launching programs or communication in between the programs, and replace them with a concise, easy-to-write language for structure definitions?
• Programming for Everyone, Everyone’s a Programmer? – Observations from Uppsala
  It is probably good to be able to do a little bit of it at home for household needs. But don’t equate that to the professional development of industrial-strength software.

On programming …

• A Branchless UTF-8 Decoder – Chris Wellons
  This week I took a crack at writing a branchless UTF-8 decoder: a function that decodes a single UTF-8 code point from a byte stream without any if statements, loops, short-circuit operators, or other sorts of conditional jumps.
• Notes on structured concurrency, or: Go statement considered harmful — njs blog
  Every concurrency API needs a way to run code concurrently. Here’s some examples of what that looks like using different APIs:
• Some reasons for Go to not make system calls through the standard C library – Chris Siebenmann
  On the surface this makes Go sound unreasonable, and you might ask why it can’t just make Unix system calls through the system’s C library the way pretty much every other Unix language does.
• An analysis of performance evolution of Linux’s core operations – the morning paper
  This paper presents an analysis of how Linux’s performance has evolved over the past seven years… To our surprise, the study shows that the performance of many core operations has worsened or fluctuated significantly over the years.
• Git from the inside out – Mary Rose Cook
  The essay focuses on the graph structure that underpins Git and the way the properties of this graph dictate Git’s behavior.
• A half-hour to learn Rust, amos
  I’ll try to go through as many Rust snippets as I can, and explain what the keywords and symbols they contain mean.

On the Web and its tools …

• Front-End Performance Checklist 2019 — Smashing Magazine
  Let’s make 2020… fast! An annual front-end performance checklist, with everything you need to know to create fast experiences on the web today. Updated since 2016.
• Brutalist Web Design – David Copeland
  Brutalist Web Design is honest about what a website is and what it isn’t. […] A website is about giving visitors content to enjoy and ways to interact with you.
• What the hell is REST, Anyway? — programming is terrible
  Originating in a thesis, REST is an attempt to explain what makes the browser distinct from other networked applications.
• Is WebAssembly the return of Java Applets & Flash? – Steve Klabnik
  The first reason that WebAssembly is different is that it’s succeeded, and those technologies did not.
• How to get a direct WebRTC connections between two computers – François Marier
  Here’s how to tell whether or not your WebRTC calls are being relayed, and how to ensure you get a direct connection to the other host.
• Firefox Profilemaker
  This tool will help you to create a Firefox profile with the defaults you like. You select which features you want to enable and disable and in the end you get a download link for a zip-file with your profile template.