The CPU I’d Like to Buy

  • AMD Ryzen 5 PRO 2400GE Processor with Radeon™ Vega 11 Graphics
    • Quad-Core, 3.2GHz, 35W TDP, ECC Support (allegedly)

Not only cannot I not buy that but I cannot buy:

  • any AMD Ryzen PRO
  • any AMD Ryzen GE

I’ve read speculation that they are going to OEMs. That’s fine I guess. I would like to build a new desktop sometime soon. The Ryzen 5 2400G is an option but it would be preferable to get what I actually want.

So Many Crypto Libraries

In general I’m in favor of people running with ideas of how to make a better software library or app. The more ideas that are manifest the more data people have to identify what works best. However, especially in the open source world, I sometimes feel like there is too much effort being spread around when it could be focused to greater effect. I’ve been feeling this way about crypto libraries for some time. Here are a few.

  • SSL/TLS
    • OpenSSL – C
    • GnuTLS – FSF, C
    • BoringSSL – Google, C
    • LibreSSL – OpenBSD, C
    • S2n – Amazon, C
    • NSS – C
    • Also
  • Crypto
    • NaCl
    • libsodium – API compatible with NaCL
    • zinc – linux kernel
    • Tink – Google
    • Libgcrypt
    • Also
      • TweetNaCl – API compatible with NaCL but seemingly unmaintained
      • underlock – Ruby
      • many others

I understand that people feel this problem has not been solved well and that API’s and implementation goals and needs shift over time. Still, a common goal in software security is reducing the attack surface. It would be nice to see some coalescing in this space.

Update: Further Reading:

New Keyboard 2018

I’m once again looking for a new keyboard. I really liked the BTC 6100C and I haven’t found anything as good a fit for me since. I tried the Genius LuxeMate i200 and was not impressed by it. Here is what I’m looking at, mostly the most-popular mini-keyboard on various sites:

  • BTC 6100C on Amazon for picture reference, 86 keys, scissor-switch
  • SIIG JK-US0312-S1 ($17) – Similar layout to the BTC 6100C. Membrane key switches, tight keys.
  • Perixx PERIBOARD-407B – Spaced keys. Similar to Genius board.
  • GMYLE NPL710007 – Only 78 keys, different layout, full right shift, no dedicated Home, End, Page Up, Page Down, instead those are Fn + Up, Down, Left, Right. F11 and F12 are Fn + F1 and F2, spaced keys.

I think I’ll try the SIIG JK-US0312-S1 and see how that goes.

Josh Marshall on Facebook’s longterm problems

Facebook’s degenerate corporate culture and, specifically, its uses of data which may be technically legal (or were) but can’t withstand public scrutiny are at the heart of its business model…

Facebook’s predatory corporate culture and dubious uses of data are too deeply embedded in its business model to be easily extracted. And it may not be possible at all, not while sustaining the fantastical profit levels the company and its stock prices are based on.

Today’s Facebook Stock Drop Is Only the Beginning

MTA for linux systems

I’ve mostly been using msmtp as a mail transport agent on my linux systems but I wanted to review what was available:

My preference is something hosted on github given the ease through which issues can be reported and tracked.

 

Meltdown and Spectre – And Not Buying Computers

I have never been in this position in my life. I have been an avid computer user since my family’s first 4.77 MHz 8088 PC circa 1986. This is the first time I’ve ever actively recommended people not buy a computer. The reason is that this is the first time all major microprocessors on the market have serious flaws that I believe should be resolved before purchasing. And that’s not the only issue.

Intel

It is interesting how almost all coverage refers to “Spectre and Meltdown” instead of “Meltdown and Spectre”. Meltdown is by far the more serious vulnerability and it affects all Intel microprocessors on the market and most Intel microprocessors produced since 2011 (possibly many from as early as 1995). Mitigations to this attack will likely reduce computer performance. This is not the end of the world but it is understandable that customers would be troubled both by the possibility of undetectable security failures and by the loss of performance to correct security. However, if this was all there was to the story I’d probably tell people to wait until the patches are in place and then resume buying. But I can’t.

The CEO of Intel, Brian Krzanich, after learning of these vulnerabilities immediately sold as much stock in the company as he could. That is insider trading. Given months to come up with a solution the company failed. Once the vulnerabilities were revealed Intel actively downplayed the significance of the vulnerabilities and engaged in a campaigned of misinformation to the public. This is a corporate culture that I cannot support. I hope Intel is able to find a path back to integrity, but I will not hold by breath. And I will not support a company with such an unethical business culture.

AMD

This should have been great news for AMD. Their microprocessors are not affected by Meltdown. However there have been reports of system instability for certain tasks on AMD microprocessors. This information has been difficult to pin down and it has been reported that the problem is fixed and that if a person encounters the problem that AMD will replace the chip with one that is unaffected. This is a good stance for a business to take. I suspect an AMD Ryzen system may be my next computer purchase.

The world is ready for a new generation of programming languages

I believe the rise of so many new programming languages in the past few years is in response to a reconsideration and reflection of what people like and dislike about current programming languages and not yet finding a language that is as great as they imagine a language could be. I suspect someone could write a book on this topic but I just wanted to document a few thoughts and notes.

  • There is a renewed interest in performance (execution speed) and memory conservation. See: Rust, Go, Julia, Nim, Swift.
  • Focus on safety and concurrency. See Rust, Swift, Go.
  • More features from functional programming languages are being adopted to reduce side-effects such as immutable variables (at least optionally or by default as in Rust).
  • “Composition over inheritance” – See Rust (no inheritance, all composition), Go (no inheritance, all composition), Julia

The languages being explored, not all are new:

  • Rust
  • Go
  • Julia
  • Nim
  • Swift
  • Elixer (purely functional)
  • Clojure (purely functional)

The only thing I find missing is a focus on expressiveness. I would like to see some benchmarks that includes expressiveness as a metric. I really like Ruby because of it’s expressiveness. I am not a fan of purely functional languages but I like the idea of making functional concepts the default with optional ways to override when necessary, as Rust uses. I may try to come up with a benchmark to illustrate this issue. Mostly I think of this as a problem with large (think approximately 1GB in size) immutable arrays undergoing calculations. Plus, for loops with a variable for the current index or value is a pretty handy feature. I don’t prefer recursion as an alternative.

Links