Apr 12

PSA: “E-Shielder Security” and “CyberSec Buzz” are gangs of idiotic scum

This is a public service announcement: E-Shielder Security, describing itself as “leading importers and suppliers of high end electronic technology solution systems” is a gang of idiotic scum.

Yesterday they posted a Hacktivists on the rampage in 2017, which largely reproduced my Hacker Archetypes post.

They did so in obvious ignorance of who the hackers I was referring to actually are, going off on a tear about “hacktivists”. That term is, in general, a flare-lit clue that the person using it is either an idiot or a vandal trying to cloak destructive behavior in respectability – real hackers are proud of what they do, take responsibility for it, and don’t wear masks (with a limited exception for those under direct threat from totalitarian governments). In this case it was clearly idiocy.

Mere idiocy turned into something nastier. I left a comment on the post pointing out their error, something I had clear standing to do as the author of the article they were quoting.

The comment was suppressed. That was scummy behavior; thus “idiotic scum”.

Don’t do business with these clowns. Warn your friends. Propagate this widely, the clowns deserve some serious reputation damage.

Addendum: Title amended because the article may have originated at CyberSec Buzz, another ‘security’ blog run by drivelheads who obviously have no fscking idea what they’re talking about. It has been taken down where I originally found it.

Apr 03

Hacker Archetypes

There’s a book about martial arts called On the Warrior’s Path that tries to understand the differing psychologies of martial artists through the lens of half a dozen archetypes – Seeker, Ronin, Tribal Warrior, and others.

I have not yet read the book, but my friend and regular A&D commenter Susan Sons reports having found it very effective for motivating young and newbie martial artists. “It gave them their first glimpse of what they were trying to become,” she reports, “They both knuckled down not just in the obvious physical parts of training, but in the mental aspects, far more than they had before and far more than their age/experience peers.”

So, Susan had the idea that it might be a good idea to develop a parallel gallery of hacker archetypes to help motivate newbies. We brainstormed this on IRC for a while. One thing that had been blocking Susan is that, by her own report, she sucks at naming things. I, on the other hand, am pretty good at that; I was able to come up with names that helped the archetypes develop more definition.

We don’t think this is a complete set, and some of the names might change. But it’s enough of a start for some public brainstorming.

Also note: no hacker is only one of these, but in talking about a number of mutual friends we found it was always pretty easy to agree on both the friend’s dominant archetype and the secondary one that they display most after it. I think this is an indication that we are, even if imperfectly, zeroing in on real traits.

Here they are. Descriptions mostly Susan, names mostly me.

Continue reading

Apr 02

Four modes of creole formation

A ‘pidgin’ is a language formed by contact between speakers of different languages. A ‘creole’ is what happens when a pidgin becomes a birth language for children raised where a pidgin is spoken. Pidgins are simple languages, stripped to the running gears, Often creoles re-complexify in later generations, retaining grammar mostly from one parent language and vocabulary mostly from the other.

My interest in the historical linguistics of pidgins and creoles began a very long time ago when I noticed that pidgins, wherever they arise, are usually morphologically a lot like English – analytic (positional) grammar with few inflections, SVO order oftener than can be accounted for by the fact that English is often one of the parent languages. Why should this be?

Nicholas Ostler’s excellent Empires of the Word deepened the question by proposing that analytic SVO grammar is the common factor in languages like English, Chinese and Malay that have been very successful at spreading from their original homelands. In his account, that is because this class of language has the lowest complexity barrier to acquisition for adult speakers.

That would explain pidgins all right – they look like they do because they’re invented by adults as the simplest possible way to establish communication. And English, with similar traits, is a non-pidgin that has spread like crazy because it combines the prestige of the Anglosphere with being exceptionally easy for native speakers of other languages to learn.

Er, but why is English like that in the first place?

Continue reading

Mar 28

Odlyzko-Tilly-Raymond scaling

I’ve been ill with influenza and bronchitis for the last week. Maybe this needs to happen more often, because I had a small but fundamental insight into network scaling theory a few minutes ago.

I’m posting it here because I think my blog regulars cast a wide enough net to tell me if I’ve merely rediscovered a thing in the existing literature or, in fact, nobody quite got here before.

Continue reading

Mar 27

How to act like you’re bright

This blog post is brought to you by a recent bad experience I had watching a 5-minute clip from Big Bang Theory on the recommendation of a friend who thought I might find it amusing.

Bleagh. This is supposed to be a show about geniuses? It’s not. It’s a show about a dimwit’s idea of what bright people are like. The slowest person in my peer group could out-think and out-create any of these sad-sack imitations of “smart” on any day of the week.

These actors are not bright, and don’t know how to fake it on screen. It occurred to me that I have seen this pulled off occasionally; the example that leaps to mind was Jennifer Love-Hewitt playing a bright scientist opposite Jackie Chan in Tuxedo (2003). She did a good enough job that I was later quite surprised at how relatively free of the ravages of intelligence she sounds in propria persona.

Ms. Love-Hewitt must have been at least smart enough to know that she should emulate the mannerisms of very bright people, and then set about doing it. After thinking about this, I thought it would be entertaining (and possibly useful) to compile some actionable advice for actors finding themselves in a similar situation.

Here goes a list of bright-person behavior signals which, while not universal, are very common…

Continue reading

Mar 26

src 1.13 is released

My exercise in how small you can make a version-control system and still have it be useful, src, does seem to have a significant if quiet fanbase out there. I can tell because patches land in my mailbox at a slow but steady rate.

As the blurb says: Simple Revision Control is RCS/SCCS reloaded with a modern UI, designed to manage single-file solo projects kept more than one to a directory. Use it for FAQs, ~/bin directories, config files, and the like. Features integer sequential revision numbers, a command set that will seem familiar to Subversion/Git/hg users, and no binary blobs anywhere.

Mar 22

When ancient-history geeks go bad

A few minutes ago here at chez Raymond, my friend John Desmond says: “So, have you heard about the new Iraqi national anthem?”

I said “Uh, OK, I’m braced for this. What about it?”

He said “In the good old Sumer time.”

I pointed a finger at him and said “You’re Akkad!”

Yes. Yes, we probably do both deserve a swift kicking.

Mar 20

cvs-fast-export 1.43 is released

Maintaining cvs-fast-export is, frankly, a pain in the ass. Parts of the code I inherited are head-achingly opaque. CVS repositories are chronically prone to malformations that look like bugs in the tool and/or can’t be adapted to in any safe way. Its actual bugs are obscure and often difficult to fix – the experience is not unlike groping for razor-blades in the dark. But people expect cvs-fast-export to “just work” anyway and don’t know enough about what a Zeno’s tarpit the domain problem is to be properly grateful when it does.

Still I persevere. Somebody has to; the thought of vital code being trapped in CVS is pretty nervous-making if you know everything that can go wrong with it.

This release fixes a bug introduced by an incorrect optimization hack in 2014. It should only have affected you if you tried to use the -c option.

If you use this at a place that pays developers, please have your organization contribute to my Patreon feed. Some of my projects are a pleasure to do for free; this one is grubby, hard work.

Mar 16

An apologia for terminal games

Yes, to a certain segment of the population I suppose I define myself as a relic of ancient times when I insist that one can write good and absorbing computer games that don’t have a GUI – that throw down old-school in a terminal emulator.

Today I’m shipping a new release of the game greed – which is, I think, one of the better arguments for this proposition. Others include roguelike dungeon crawlers (nethack, angband, moria, larn), VMS Empire, the whole universe of text adventure games that began with ADVENT and Zork, and Super Star Trek.

I maintain a bunch of these old games, including an improved version of the BSD Battleships game and even a faithful port of the oldest of them all: wumpus, which I let you play (if you want) in a mode that emulates the awful original BASIC interface, all-caps as far as the eye can see.

Some of these I keep alive only because somebody ought to; they’re the heritage grain of computer gaming, even if they look unimpressive to the modern eye. But others couldn’t really be much improved by a GUI; greed, in particular, is like that. In fact, if you ranked heritage terminal games by how little GUIfication would improve then, I think greed would probably be right at the top (perhaps sharing that honor with ski). That in itself makes greed a bit interesting.

Much has been gained by GUIfying games; I have my own favorites in that style, notably Civilization II and Spaceward Ho! and Battle For Wesnoth (on which I was a developer for years). But the very best terminal games retain, I think, a distinct charm of their own.

Some of them (text adventures, roguelikes) work, I think, the way a novel does, or Scott McCloud taught us minimalist cartooning does; they engage the user’s own imagination as a peripheral, setting up a surprisingly strong interaction between the user’s private imagery and the bare elements of the game. At their best, such games (like novels) can have a subtle imaginative richness that goes well beyond anything this week’s graphical splatterfest offers.

More abstract puzzle games like greed don’t quite do that. What they offer instead is some of the same appeal as tiling window managers. In these games there is no waste, no excess, no bloat, no distraction; it’s all puzzle value all the way down. There’s a bracing quality about that.

Ski is kind of hermaphroditic that way. You can approach it as a cartoon (Aieee! Here comes the Yeti! Flee for your life!) or as a pure puzzle game. It works either way.

Finally, maybe it’s just me, but one thing I think these old-school terminal games consistently do better than their modern competition is humor. This is probably the McCloud effect again. I’ve laughed harder at, and retained longer, the wry turns of phrase from classic text adventures than any sight gag I’ve ever seen in a GUI game.

So, enjoy. It’s an odd and perhaps half-forgotten corner of our culture, but no less valuable for that.

UPDATE: I probably shouldn’t have described wumpus (1972) as “the oldest of them all”, because there were a few older games for teletypes like Hammurabi, aka Hamurabi (with a single ‘m’) aka The Sumer game from 1968. But wumpus is the oldest one that seems to be live in the memory of the hacker culture; only SPACEWAR (1961) has a longer pedigree, and it’s a different (vector graphics) kind of thing.

Mar 14

Semantic locality and the Way of Unix

An important part of the Way of Unix is to try to tackle large problems with small, composable tools. This goes with a tradition of using line-oriented textual streams to represent data. But…you can’t always do either. Some kinds of data don’t serialize to text streams well (example: databases). Some problems are only tractable to large, relatively monolithic tools (example: compiling or interpreting a programming language).

Can we say anything generatively useful about where the boundary is? Anything that helps us do the Way of Unix better, or at least help us know when we have no recourse but to write something large?

Continue reading

Mar 12

Ones-complement arithmetic: it lives!

Most hackers know how the twos-complement representation of binary numbers works, and are at least aware that there was an older representation called “ones-complement” in which you negated a binary number by inverting each bit.

This came up on the NTPsec development list recently, with a question about whether we might ever have to port to a non-twos-complement machine. To my utter, gob-smacked astonishment, it turns out ones-complement systems still exist – though, thankfully, not as an issue for us.

I thought I could just mumble something about the CDC 6600 and be done, but if you google “one’s-complement machines” you’ll find that Unisys still ships a series of machines with the brand “Clear-Path Dorado” (latest variant introduced 2015) that are emulations of their old 1100-series mainframes running over Intel Xeon hardware – and these have one’s-complement arithmetic.

This isn’t a practical port blocker for NTPsec, as NTP will never run over the batch OS on these things – it’s about as POSIX-compatible as the Bhagavad-Gita. It’s just weird and interesting that ones-complement machines survive in any form at all.

And a bit personal for me. My father was a programmer at Univac in the 1950s and early ’60s. He was proud of his work. My very first interaction with a computer ever was getting to play a very primitive videogame on the oscilloscope-based video console of a Univac 1108. This was in 1968. I was 11 years old, and my game machine cost $8M and took up the entire ground floor of an office building in Rome, Italy.

Other than the 1100, the ones-complement machines Wikipedia mentions (LINC, PDP-1, and CDC6600) are indeed all long dead. There was a ones-complement “CDC Cyber” series as late as 1989, but again this was never going to implement POSIX.

About other competitors to twos-complement there is less to say. Some of them are still used in floating-point representations, but I can find no evidence that sign-magnitude or excess-k notation have been used for integers since the IBM 7090 in 1959.

There’s a comp.lang.std.c article from 1993 that argues in some technical detail that that a C compiler is not practical on ones-complement hardware because too many C idioms have twos-complement assumptions baked in. The same argument would apply to sign-magnitude and excess-k.

UPDATE: It seems that Unisys is the graveyard of forgotten binary formats. I have a report that its Clear-Path Libra machines, emulating an ancient Burroughs stack machine architecture, use sign-magnitude representation of integers.

Mar 08

How to change the world in Zen easy lessons

This morning I stumbled over a comment from last September that I somehow missed replying to at the time. I suspect it’s something more than one of my readers has wondered about, so here goes…

Edward Cree wrote:

If I’m really smart enough to impress esr, I feel like I ought to be doing more with myself than toy projects, games, and an obscure driver. It’s not that I’m failing to change the world, it’s that I’m not even trying. (Not for want of causes, either; there are plenty of things I’d change about the world if I could, and I suspect esr would approve of most of them.)

Obviously without Eric’s extroversion I won’t be as influential as him, but… dangit, Eric, what’s your trick? You make having a disproportionate effect on the course of history look easy! Why can I never find anything important to hack on?

There are several reasons people get stuck this way. I’ve experienced some of them myself. I’ve seen others.

If this sounds like you, dear reader, the first question to ask yourself is whether you are so attached to having a lot of potential that you fear failing in actuality. I don’t know Edward’s age, but I’ve seen this pattern in a lot of bright young people; it manifests as a lot of project starts that are potentially brilliant but a failure to follow through to the point where you ship something that has to meet a reality test. Or in an opposite way: as self-constraining to toy projects where the risk of failure is low.

So my first piece of advice is this: if you want to have “a disproportionate effect on the course of history”, the first thing you need to do is give yourself permission to fail – as long as you learn something from every failure, and are ready to keep scaling up your bets after success.

The second thing you need to do is finish something and ship it. No, more than that. You need to make finishing and shipping things a habit, something you do routinely. There are things that can be made to look easy only by cultivating a lot of self-discipline and persistence. This is one of them.

(The good news is that once you get your self-discipline to the required level it won’t feel like you have to flog yourself any more. It’ll just be habit. It’ll be you.)

Another thing you need to do is actually pay attention to what’s going on around you, at every scale. 99% of the time, you find important things to hack on by noticing possibilities other people have missed. The hard part here is seeing past the blinding assumptions you don’t know you have, and the hard part of that is being conscious of your assumptions.

Here’s my favorite example of this from my own life. After I described the many-eyeballs-make-bugs-shallow effect, I worried for years at the problem of why nobody in the hacker culture had noticed it sooner. After all, I was describing what was already a decades-old folk practice in a culture not undersupplied with bright people – why didn’t I or anybody else clue in faster?

I remember vividly the moment I got it. I was pulling on my pants in a hotel in Trondheim, Norway, idly chewing over this question yet again. It was because we all thought we knew why we were simultaneously innovating and achieving low error rates – we had an unexamined, unconscious explanation that suited us and we never looked past it.

That assumption was this: hackers write better software because we are geniuses, or at least an exceptionally gifted and dedicated elite among programmers. Our culture successfully recruits and selects for this.

The insidious thing about this explanation is that it’s not actually false. We really are an exceptionally gifted elite. But as long as you don’t know that you’re carrying this assumption, or know it and fail to look past it because it makes you feel so good, it will be nearly impossible to notice that something else is going on – that the gearing of our social machine matters a lot, and is an evolved instrument to maximize those gifts.

There’s an old saw that it’s not the things you don’t know that hurt you, it’s the things you think you know that ain’t so. I’m amplifying that: it’s the things you don’t know you think that hurt you the most.

It’s not enough to be rigorous about questioning your assumptions once you’ve identified them. The subtler work is noticing you have them. So when you’re looking for something important to hack on, the question to learn to ask is: what important problems are everybody, including you, seeing right past? Pre-categorizing and dismissing?

There’s a kind of relaxed openness to what is, a seeing past preconceptions, that is essential to creativity. We all half-know this; it’s why hackers resonate so strongly with Zen humor. It’s in that state that you will notice the problems that are really worth your effort. Learn to go there.

As for making it look easy…it’s only easy in the same way that mastery always looks a skill easier than it is. When someone like John Petrucci or Andy Timmons plays a guitar lick with what looks like simple, effortless grace, you’re not seeing the years of practice and effort they put into getting to where that fluency and efficiency is natural to them.

Similarly, when you see me doing things with historical-scale consequences and making it look easy, you’re not seeing the years of practice and effort I put in on the component skills (chopping wood, drawing water). Learning to write well. Learning to speak well. Getting enough grasp on what makes people tick that you know how to lead them. Learning enough about your culture that you can be a prophet, speak its deepest yearnings and its highest aspirations to it, bringing to consciousness what was unconscious before. These are learnable skills – almost certainly anyone reading this is bright enough to acquire them – but they’re not easy at all.

Want to change the world? It’s doable. It’s not magic. Be aware. Be courageous. And will it – want it enough that you accept your failures, learn from them, and never stop pushing.

Mar 06

Reposturgeon recruits the CryptBitKeeper!

I haven’t announced a reposurgeon release on the blog in some time because recent releases have mostly been routine stuff and bugfixes. But today we have a feature that many will find interesting: reposurgeon can now read BitKeeper repositories. This is its first new version-control system since Monotone was added in mid-2015.

Continue reading

Feb 20

Things Every Hacker Once Knew: 1.10

And the latest revision:
Things Every Hacker Once Knew.

This time: The Break key. uuencode/uudecode. Why older Internet protocols only assume a 7-bit link. The original meanings of SO/SI. WRU and station ID on teletypes. BITNET and other pre-Internets.

There is one respect in which working on this is changing my historical perspective. The section now titled “WAN time gone: The forgotten pre-Internets” started out just being about UUCP but has gradually expanded to include the BBS scene, commercial timesharing, and academic networks in the period 1978-1996 (and especially 1981-1991).

At the time those of us exposed to more than one of these networks saw mostly differences – differences in capability, differences in addressing schemes, differences in underlying protocols.

Now, twenty years later, I’m finding that it’s the similarities that look more significant. These experiments were all evolving in parallel, offering services that converged over time.

Wide-area TCP/IP was the eventual winner, of course. It’s not hard to see why: being designed for internetworking and not being gated by proprietary IP gave it two insuperable advantages.

Feb 19

The simplest possible method syntax in C

I’ve been thinking a lot about language design lately. Part of this comes from my quite successful acquisition of Go and my mostly failed attempt to learn Rust. These languages make me question premises I’ve held for a long time, and that questioning has borne some fruit.

In the remainder of this posting I will describe a simple syntax extension in C that could be used to support a trait-centered object system similar to Rust’s (or even Go’s). It is not the whole design, but it is a simple orthogonal piece that could fit with several different possible designs.

Continue reading

Feb 17

Things Every Hacker Once Knew: 1.9

I’ve shipped another revision of Things Every Hacker Once Knew

The pace of suggested additions and corrections has slowed down a lot; I think this thing is stabilizing.

I gave in and added the one bit of paper-tape lore people have been bugging me to include, about why DEL is 0xb1111111. Learning that the NSA still distributed crypto keys on paper tape until last year smashed that one through my relevance filter.

There’s a short addition on the Trek family of games, a mention of xyzzy, and some minor corrections and typo fixes as well.

Feb 14

Things Every Hacker Once Knew: 1.8

Heritage games. The legacy of all-uppercase terminals. Where README came from. What “core” is. The ARPANET. Monitoring your computer with a radio. And more…

Things Every Hacker Once Knew

The response to this document has been nothing short of astonishing. More than half of my non-spam mail over the last three weeks has been people writing to suggest additions and corrections or just to thank me. The count of respondents must be over a hundred by now.

Continue reading