ActivityPub: The “Worse Is Better” Approach to Federated Social Networking

In the modern day, myself and many other developers working on libre software have been exposed to a protocol design philosophy that emphasizes safety and correctness. That philosophy can be summarized with these goals:

  • Simplicity: the protocol must be simple to implement. It is more important for the protocol to be simple than the backend implementation.
  • Correctness: the protocol must be verifiably correct. Incorrect behavior is simply not allowed.
  • Safety: the protocol must be designed in a way that is safe. Behavior and functionality which risks safety is considered incorrect.
  • Completeness: the protocol must cover as many situations as is practical. All reasonably expected cases must be covered. Simplicity is not a valid excuse to reduce completeness.

Read more

How 3ve’s BGP hijackers eluded the Internet—and made $29M

Over the past decade, many attackers have exploited design weaknesses in the Internet’s global routing system. Most commonly, the Border Gateway Protocol (BGP) is abused to divert gigabytes, or possibly even petabytes, of high-value traffic to ISPs inside Russia or China, sometimes for years at a time, so that the data can be analyzed or manipulated. Other times, attackers have used BGP hijackings more surgically to achieve specific aims, such as stealing cryptocurrency or regaining control of computers monitored in a police investigation.

Late last month came word of a new scheme. In one of the most sophisticated uses of BGP hijacking yet, criminals used the technique to generate $29 million in fraudulent ad revenue, in part by taking control of IP addresses belonging to the US Air Force and other reputable organizations.

In all, “3ve,” as researchers dubbed the ad fraud gang, used BGP attacks to hijack more than 1.5 million IP addresses over a 12-month span beginning in April 2017. The hijacking was notable for the precision and sophistication of the attackers, who clearly had experience with BGP—and a huge amount of patience.

Continue reading

IPFS The Interplanetary File System

The Internet is the most important tool in our everyday lives. It’s how we consume media, conversate with friends and family, interact with colleagues, learn new skills, and handle our finances. However, the internet that we know and love has flaws. The biggest of those flaws is that the information on it is mostly centralized. This means that the information we access every day is held on servers that are under the control of a central company.

Continue reading

What makes BeOS and Haiku unique

The first area to take a look at is Haiku’s latest feature in its Beta release: packaging.

Packages (but not just packages!)

Reading just ‘packages’ might evoke merely running a package manager on Gnu/Linux, etc. and while Haiku can do that, it’s far more.

As I mentioned in the Haiku Beta review, it was the first official release to feature package management. Best I can give anyone new to Haiku a mental picture of it is this: think of PackageFS of being like (but not the same as) having the old Slax 6 modules system running, along with all the usual ‘package’ tools to go with it.

A recap of it can be summarized in five quick points (versatile command-line packaging tools (as you might expect), the HaikuDepot and software updaterpackage and/or system states, the PackageFS, (where all packages are mounted seamlessly and mesh at startup), and as a side effect of the FS, a gentle layer of safety to the system.)

Continue reading

Why BSD/OS is the best candidate for being the only tested legally open UNIX

The UNIX® system is an old operating system, possibly older than many of the readers of this post. However, despite its age, it still has not been open sourced completely. In this post, I will try to detail which parts of which UNIX systems have not yet been open sourced. I will focus on the legal situation in Germany in particular, taking it representative of European law in general – albeit that is a stretch, knowing the diversity of European jurisdictions. Please note that familiarity with basic terms of copyright law is assumed.

Continue reading