xv6 is an amazing teaching OS - it is very simple to dive into and play around with. A while ago I wanted to explore some filesystem/permissions stuff and use xv6 to play with some concepts (see http://sarahjamielewis.com/posts/file-system-permissions-and... - still lots I want to play around with there when I find some time) - If you are at all interested in OS dev it is a great gateway.
I just skimmed the PDF and it's really a good undergraduate text. I learned off the classic Tanenbaum stuff which is probably still good as a supplementary text, though it might be suffering the Dragon Book Syndrome at this point.
The Linux kernel itself is really well documented. Between the docs you can pull, KernelNewbies.org, the IRC channel, and the O'Reilly text "Understanding the Linux Kernel, 3rd ed", you can get up to speed re: conventions and develop a pretty good top-down view.
Then use strace/ltrace excessively on everything to get a bottom-up view. Strace is a great skill to have in general to help identify bugs in live code by attaching to the PID. Way more granular than a standard GDB attach. It's got a learning curve about on par with reading pre-C++11 template error msgs, but after a few months you'll start to recognize patterns, just as in tmpl error msgs, to the point where you can just skim the last few hundred lines strace piped to stdout and you'll know what sort of bug to deal with.
I haven't played with FreeBSD in nearly a decade but I do remember their documentation was second to none, including the IBM Red Books. So if you want to see another approach to a POSIX implementation (obviously Tanenbaum talks about MINIX which is semi-POSIX, so yeah, read that supplementary text), going through the Handbook from an end-user perspective then the mailing lists + source will give you a real interesting view as to why certain engineering decisions were made. I.e., why ipfw was replaced, the gradual progression of standard file systems from UFS all the way up to modern day ZFS, etc. The list offers a rare view behind the curtain exploring engineering decisions that end-users aren't often privy to, and the caliber of conversation is ridiculously high
One of the (many) reasons I went vegan was to cut my impact on the environment. I don't own or use cars. Where I can I walk, where I can't I take public transit. I've made considerable changes to what and how I buy, to source food with less of a total impact. I've started to look at alternative clothing and technology strategies to reduce my environmental impact there too.
I know there are plenty of geeks who have done similar things. The truth is that a new tech or more companies aren't going to solve this problem - the problem is we (who live in large economies) now live in a world which is completely separated from the daily realities of where our stuff comes from. We have spent the last 50 years enabling large mono-cultures and promoting specialization - which has done amazing things for food availability - at the expense that now a single plate of food easily contains ingredients from every continent - at a huge environmental impact. Similar trends have happened in manufacturing, textiles and practically every other industry.
Trends in tech that might help us:
* Hyper-local agriculture
* Locally-efficient down-cycling / recycling programs - for clothes, tech...pretty much everything.
* Teaching people how to buy and cook produce.
But the truth is that every individual needs to make a transition in how they live - that means eating less (hopefully no) meat and animal products, repairing instead of buying new, developing ethical supply chains (starting by knowing the supply chain is a good start!)
And yes, companies need to change and adapt too...that means more environmental regulation, more incentives to develop and adopt renewable sources of energy - how we structure those is completely beyond my expertise though...and I don't have much hope there.
> I went vegan was to cut my impact on the environment
Maybe you can explain to me then how it is that this makes a significant difference in global warming. The carbon that is released by cows and humans after consumption of plant matter was derived from said plant matter. The carbon in those plants came from the air. Hence, this is a closed system where carbon is taken from the air by the plants, consumed by the animals, and then put back into the air by the animals. There cannot be a net gain of carbon from this. The only reasonable argument I have thought of so far is that of methane, although in theory that can be pulled from the air and used as fuel (whereafter it becomes available to plants again).
The burning of fossil fuels, on the other hand, puts more net carbon into the air since those fossil fuels are being pulled from deep reservoirs that otherwise would be keeping their carbon to themselves. The fossil fuels are being burned far faster than they are being deposited back into the earth, which lacks the balance that the grass-cow-human-air-grass loop has.
I completely agree that transportation should use electricity and related energy sources wherever possible. However, I don't believe this will come any sooner than economics demands it. All the countries in the world cannot be controlled. Just look at all the unsuccessful wars where one country tries to control another's internal affairs. Without the majority agreeing to bite the bullet and use green energy, the first-world nations would become even less competitive than they currently are, making first-world jobs harder to find. Even many of the jobs related to building green technologies would most definitely be outsourced to lower-cost nations who don't follow the guidelines. Outside of fully socialised (zero-profit, public-benefit) production of green technologies, the cost is too prohibitive.
One of the reasons why this topic is rarely discussed here is because people often get very emotional. I hope people can understand that I'm simply trying to point out the problems with non-socialised green. Please don't shoot the messenger, as I care about the environment more than the average person; but that doesn't give me or you magical powers to make people stop using fossil fuel.
> Maybe you can explain to me then how it is that this makes a significant difference in global warming. The carbon that is released by cows and humans after consumption of plant matter was derived from said plant matter. The carbon in those plants came from the air. Hence, this is a closed system where carbon is taken from the air by the plants, consumed by the animals, and then put back into the air by the animals. There cannot be a net gain of carbon from this.
Instead of the energy taken to grow those plants going to feed people - they are used to grow animals. This takes an enormous amount of input energy from farming the plants, to transporting them to the animals. Not forgetting water transport also. Then there is the energy that is taken to manage the huge sums of waste that these animals produce (most of which is stored in huge silos or pits, which ends up leaching into ground water - but that's another thing). Then there is the energy to transport, kill, transport, package, transport and eventually sell - so the energy / calorie of animal food is no where near efficient as it is for plants and beans. Basically, it is not a closed system - we input so much energy into sustaining our meat habit (as well as the ethical implications of killing 100,000,000-500,000,000 sentient animals a day - including fish and the resulting bycatch)
I think we agree when it comes to the impact of a solution - there needs to be a HUGE concerted effort to even make a dent - people can't immediately change the nature of the worlds largest companies - but I believe that our only hope is to promote local change (to get people to commit to a lifestyle change that has to happen one way or another) - and push for governmental reform - will it be perfect? no. Will it be easy? nope. But we have to start somewhere - and I think diet and local economies might be a good first step.
> we input so much energy into sustaining our meat habit
Well, the energy alone wouldn't really be a problem if we were using green energy. The Sun provides more than enough energy for all sorts of human endeavours. At the same time, I absolutely agree that much of the current production and delivery system, food and otherwise, is inefficient. Efficiency is an important matter, but alone it's probably not enough to curb global warming in the long run, especially not if the population keeps growing.
As you might have guessed, I eat meat. The funny thing is, I don't do it for taste reasons. I do it because it's cheap protein that works well with my digestive system. For some reason, I can't consume more than 15g fibre per day without problems, and I've tried for months at a time before to see if I would simply adjust, but that didn't happen. If there were affordable, safe (no mercury or other contaminants), and quick-to-prepare plant-based food that went well with my body, I would certainly be on it. So far I haven't found such a thing. One of the most peculiar aspects of all this is that I constantly hear about how efficient plant-based foods are supposed to be in terms of production, yet plant based protein (without high fibre) is never cheap. It's always more expensive than meat/egg/milk based protein. How is it that plants are so expensive when they're supposed to be so efficient? Without that efficiency being seen by the consumer, it's unreasonable to expect everyone to switch.
On the topic of changes in the system, I personally would prefer the government-based approach where essential technologies for green energy were at least subsidised enough that they were on-par with fossil fuels. The problem is that companies might take advantage of the subsidies to increase their own profit margin, which is why I suggested that the production be fully socialised, so that profit doesn't get placed at higher priority than the environment. Moreover, there would be no unreasonable burden on individuals, as would be the case to expect everyone to simply buy a Tesla.
One of the reasons for the relative expense is the heavily-subsidised corn (and a few other) industries which pretty much all goes to animal feed.
That being said, my food costs were easily cut in half when I went vegan (and now, they are about 1/4 after some fine tuning of some other recipes) - I mostly get protein from chickpeas, kidney beans and lentils - which are all super-cheap compared to meat. I also eat a fair bit of tofu (which is very low in fibre and which is also very cheap compared to meat). Tempeh is another option, but I don't tend to make it often. We generally cook a big batch of food at the beginning of the week - which means time to prepare is amortized nicely (and frying tofu is very quick also)
I will admit that processed vegan meat-alternatives do tend to be more expensive than their animal derived counterparts, and not the healthiest - so I tend to avoid them - most of the expense is due to small production runs and limited quantity - and the extra processing.
I just looked up the price of bulk tofu, and it looks like the protein/price ratio is less than that of ground beef but ~2x that of milk or eggs. I can't say I've actually tried tofu. Maybe some day I'll give it a whirl.
For years now, I've wanted to see a wider availability of affordable plant-based proteins, particularly at normal grocery outlets. At the same time I understand that for many folks, beans are ideal since they're quite affordable. Soy milk is a prime example of the difference in cost between plant and animal protein. Not only does soy milk cost about 2x what cow milk costs, but it has only about 65% the protein per serving, making it more like 3x the price. Perhaps there will come a day when these things are more affordable, but I fear it may never happen since food seems only to get more expensive with time.
The main thread was talking about technology, so maybe someone can come up with a way to process and distribute plant products more efficiently. There is a certain dilemma here in that many plant-goers like small-scale operations, when large-scale operations and bulk processing are necessary for the lowest prices. In this sense, there seem to be two separate goals being combined together -- the desire to return to the olden days of family farming, and the desire not to eat meat. I have also felt that there is something of an elitist culture surrounding some of the vegan circles, where much of the food is very high quality yet rather pricey. Perhaps it dates back to Hitler's plant-based diet, which was also seen as high-class and elite. I can't help but wonder if the prices are kept where they are as a result of this elitist culture.
No it isn't accurate for hidden services. See https://www.torproject.org/docs/hidden-services.html.en - hidden service communication some some level of encryption end to end (whether that is sufficient or requiring another layer - say TLS - is a matter of usecase and threat model).
Pinning necessarily has to restrict the times a certificate can be changed because otherwise we have to solve a different problem "How can I tell this new certificate is a good certificate".
You have proposed a solution to that second problem, let's look at the threat model:
You adversary is:
* Capable of forcing or otherwise being able to create valid certificates.
* Has the capability to MITM nodes in a network.
The solution you have provided adds an additional hurdle for the adversary:
* must also be able to subvert your CA (or more generally, a specific CA - it doesn't actually matter if you or someone else controls it - what matters is it is a specific root certificate).
So the browser, now TOFU'ing the initial certificate makes a note of the current certificate (and pins it) as well as the secondary signing CA (and also pins that).
When you want to rotate certificates you have your new cert signed by the two CA's, one of which has to be the pinned CA.
I actually think this is a fairly elegant solution (for the operator), although it does come with some fairly large assumptions:
* If your adversary is large enough to be able to corrupt multiple CA's (say a federal government) - then they are powerful enough to corrupt all your CA's (even you - although, to be fair, if the can force you to do anything then the MITM capability is less interesting). So while this scheme benefits the operator, it provides negligible benefit to the client.
* You are reliant on the secondary CA to remain static (or having a backup CA) - this is the same problem as the original simply shifting the capability up one level - maybe this is OK.
Overall, this approach does provide more flexibility to the operator of the site - but provides no to negligible additional security on the client side (it upgrades the capability from being able to mimic any CA to being ale to mimic a specific CA), and may even put clients at greater risk - since there is now an additional avenue of certificate rotation which means extra code, extra verification to mess up etc.
These were a few thought that jumped into my brain - I would like to see a more detailed threat model / paper exploring some new schemes as I think there are wins in this space that haven't been realized yet - and there maybe improvements / clarifications which can improve this model further.
A few ideas from a quick brainstorm, none of them are perfect, but neither is the centralized server solution:
1. Bookmarklet - In a similar vein to the way some password managers work you could construct a bookmarklet that the user can click on to make a site do the right thing - there are some security configurations depending on your threat model - however this does require user interaction.
2. Browser plugin - like #1 but obviously with the pain of writing and maintaining a browser plugin.
3. Bake the site determination into the flow - so instead of a 1-click retweet it becomes a 2-click retweet with the second step requiring the user to provide the site where they want to retweet - again some security implications and breaks the regular flow (although you could get around this by doing it once and storing the value in a cookie)
4. Have a local app listening on a specified port (so retweets get POSTed to 127.0.0.1:7000 for example) and then from there onwards - requires extra setup, makes the system less portable (can't just throw it on a hosted server). Like #2 but more annoying.
Some of the technical points of this article are simply wrong...
> The exit node IP address of the user was easily obtained using the two different methods discussed briefly above.
This is really not a vulnerability but simply how tor, and the internet at large, works - hidden services by design protect the service not the user (the user is protected by tor by default) - what the author actually did here was "leak" their non-hidden services IP.
> and true external IP address (see partial data example to the above). And to answer the second question, “no”, this did not involve the placement of malicious malware. Read on…
The author then goes on to state that they gave the users malicious malware to run which revealed their ip address. They justify that this was not malware by stating:
> It should be noted that this was not malware per se. It did not replicate and was run voluntarily by the user. The user was notified that a “security scan” was going to be run on their machine and they freely chose to run the scan.
The author then goes on to publish a list of tor exit nodes with tor user agents...which they could have gotten directly from the tor directory services...
And, as pointed out by others, the author never really goes on to state why they think Tor is the devil - they built a honeypot and were disgusted by the flies it attracted....I'm not really sure what they were expecting...
The author appears to believe that "Tor is the devil" because "4,000-5,000 hidden services are running at any given time. Secondly, the content served by these sites is almost universally illegal or immoral (by my definition anyway). A conservative estimate would be maybe 1 out of 200 or so hidden service websites contain content I would deem worthy of the protection an anonymous network provides. Sites featuring free speech dumps or libraries of hard-to-find underground literature are few and far between on the Dark Web."
Except that the approach the author used is in my opinion completely flawed.
The author states he started from 1 (one) seed URL, and then crawled the sites, visiting links. But that's not valid, as you'd only ever come across a possible fraction of what exists.
To be able to make any authoritative claim, he would need to scan the entire IP-space, like an actual search engine would.
I'm not condoning pedophelia or anything like it, but I think it's naive to take a simple approach and then make authoritative claims about the entirety of the TOR network.
But I also think that there were flagrant abuses that could be pursued under the CFAA. Just because something isn't "per se" malware doesn't mean it wouldn't fit the legal definition.
You used to be able to set yourself up as an HSDir server, and sniff the outgoing hidden service descriptors, but the author has clearly not done this given his level of technical expertise and domain knowledge.
Appreciate the comment RedditorThrowaway. My parenthetical headline that “tor is the devil” was facetious and apparently a failed attempt at dry humor.
Their argument doesn't appear to be "Tor is bad because it can be used for bad stuff" but "Tor is bad because it is overwhelmingly used for bad stuff today". That seems to be a meaningful distinction to me.
(I don't really care about the argument/premise itself, I just find your sloppy attempt at a counter-argument to be weak)
Since we're talking about the devil: The biblical standard for acceptable collateral damage is kind of interesting. God in the old testament said he wouldn't smite a city if there are at least 10 righteous people in it. /theologynerd
There's a much different notion of God in that passage (and much of the Old Testament) than most have now. The number 10 is arrived at after Abraham persuades God to lower the standard from 50. There are at least a few stories where mortals persuade God to change his/her mind.
Of course, him being God he would've probably known the exact amount of righteous individuals in the city. Not to mention being able to define 'righteous'.
That said, I've always been very fond of the passages in the OT where individuals managed to 'change' God's mind, as well as the general human emotions he appeared to have.
No, it argues that the Tor hidden services that the author knew about were overwhelmingly used for bad stuff. This is problematic in two ways: the methodology of gathering addresses was pretty suspect, and it glosses over the fact that the VAST majority of Tor traffic is headed to the open Internet, not a hidden service.
If you're looking for a shoddy metaphor you should probably use swords instead, because the legitimate uses of knives vastly outnumber the killing-people uses of them but swords have it the other way around.
Honest question - what examples are there of literature that can only be obtained on the dark web? Perhaps I'm closeted but I'm unaware of such books.
For example right now I'm reading a sci-fi book that remains unpublished in Russia, but it's available in the west. Or the other day had a browse of "steal this book".
A straightford way to find many of those who profit from its distribution would be to use a bot to locate forum threads that go on for hundreds of pages.
> the author never really goes on to state why they think Tor is the devil
According to the comments section, the author says "My parenthetical headline that “tor is the devil” was facetious and apparently a failed attempt at dry humor."
If you want to dive deeper then there is Tails: https://tails.boum.org/ - an OS which is designed with privacy in mind.
https://prism-break.org/en/ has a lots of links to various tools be they operating systems, messengers, browsers etc.
None of these tools are a silver bullet - most require some level of effort or perseverance to use and none of them will protect you against every attack imaginable. However, they will make it more expensive for an adversary to target you.
Second anec-data point, I'm logged in via TBB right now too. I get captcha-ed when I first hot the site over TOR, but it works "as expected" once past that.
(It wouldn't surprise me too much if some TOR exits end up filtered transiently due to abuse - it might be worth refreshing your circuit (or waiting ~10mins for the TBB to do it as usual))
I remember reading about Bitcoin a couple of years ago and expressing disbelief that many of the major advantages being heralded were little more than fantasy, these were:
* Micro-transactions.
* Replacing practically everything related to money in developing countries.
From this thread it is clear that many of those dreams are still very much dreams - the ever growing energy and resource requirements to participate significantly in the network is staggering, the amount of storage required for the blockchain is a burden to even tech-aware users (unless of course one would want to trust a third party...), and now it would seem that there are minimum bandwidth requirements which sit outside what is possible in even modest parts of the USA - impossible to achieve in places where the main link to the internet is a satellite.
If I was feeling particularly optimistic I would say that Bitcoin has been shown to be unscalable in it's current form. Further, the network itself tends towards centralization because of the ever growing storage, processing and bandwidth requirements.
I look forward to seeing where the future of crypocurrencies leads us- there is so much promise.
You wouldn't believe how clunky the Internet was when it first started. This stress test is fairly minor compared to the problems bitcoin had in 2011 and 2012. With time, the blockchain will improve. Just like the Internet. You should look into the Lightning Network paper, there's no shortages of solutions in bitcoin. Meanwhile, traditional financial platforms have been stagnant for decades.
In 2000, about 5-6 years after the internet was easily available to public, I had a dial up connection, email, IM, a web browser, etc in the middle-of-nowhere town in Pakistan where I was born. Bitcoin has been out for close to 6-7 years and does not even come close to the maturity / adoption of internet.
The technologies used in Bitcoin have also been in development for several decades, and by 1998 the first cryptocurrency was already released, according to a quick search on wikipedia.
Note the difference - "technologies used in Bitcoin were in development for X years" vs. "Internet as a whole concept of network of network was in development for Y years".
No, the internet as we perceive it today, as a global network, didn't exist back in 1969. The technologies we use in internet today were developed back then, though. Just like they were for bitcoin (cryptography, merkle trees, etc)
> Bitcoin whitepaper was released in 2008. Before that even the concept of cryptocurrency hardly existed.
Digital currency was, as I understand, the application usually highlighted for secure (cryptography-based) distributed capability-based computing, as typified by the E programming language in 1997. Not sure if there are precedents going back further or not.
While that's a reasonably valid assertion of the state of Bitcoin's protocol development compared against the state of the collection of protocols and services we call the "Internet", I believe that they are similar but not completely relatable.
For the vast majority of people in the World the advent of the Internet was a completely ground-breaking, and completely original, idea. The predecessor technologies that provided similar utility for people (such as phone, fax, radio, television, libraries, social clubs, lunch meetings, etc.) were functions that didn't have a cohesive string that tied them all together and put them in one place. The Internet served that need by providing lots of perceived benefits to people; wide-spread adoption rapidly followed.
On the other hand, Bitcoin has a very specific utility right now -- it facilitates the transfer of value quickly and at (relative) low cost in a (reasonably) anonymous fashion without oversight.
While a significant number of people all around the World use the banking system, I'd wager that if you asked if their banks and investment accounts "worked well enough" that you'd hear a majority say that they do (and then you'd hear all of the caveats of what doesn't work and what they hate about it -- but not enough to seek out alternatives yet).
Bitcoin is still looking for it's toe-hold to convert that mostly satisfied majority. I believe it (or another blockchain-based technology) will find it, and sooner than later, but I am not blinded to the fact that it could end up being viewed in history as simply an interesting experiment that ultimately was ahead of its time.
I've seen this argument several times. The flaw with it though is that it confuses growing resource needs with centralization. Even if a large percentage of people are no longer capable of easily hosting a full node, the benefits of decentralization are there. The resources required are not insane, so "normal" people (read: not power elite) are capable of running a node, and so there is still enough decentralization so that no entity can corrupt the blockchain. Besides that, the rate of transaction growth is slower than growth in bandwidth and disk space costs, so things will likely get better.
When the term centralization is used, it refers to the idea that a single entity can control or damage a system through a single (central) point. How is that the case with bitcoin?
They gave permission to Google to store, parse, tag and understand 16 years worth of family photos of themselves and others so that Google can more accurately present them (and by extension the other people in their photos) with adverts that they believe will result in a higher conversions for their customers - the advertisers.
> Should I be worried?
That really depends if you think the benefits of giving Google such information outweigh the negatives. I personally think that they do not (but then again, I'm not much of a photo person).
> Should my family and friends [be worried]?
We still live in a world where it is socially acceptable for people to take, upload and publish pictures to a variety of 3rd parties without the consent of the subject - even in what would typically be classified as "private" events. I've seen some movement in the direction of explicit consent or "you can take the picture but don't upload that to X" but the truth is that most people don't think too far ahead and frankly probably don't care - should they be worried? Again, that really depends on what they think of Google.
