Unfortunately the blog didn't link to the SFP+ module they're using, but everyone should know there's effectively 2 different generations of 10gbit sfp+ to ethernet^H10BASE-T modules. The old gen, labeled as 30 meters, draws ~3 W, and gets extremely hot (to the point it'll usually cause link flaps), and the newer gen, usually labeled as 100m or 80m, draws ~1.5 W, and runs much, much cooler.
Nobody actually cares "what it takes to do it", that's not our problem. You're not entitled to knowing even a single bit of information about us without our consent. Try innovating a way to do it without spying on people.
So if you don't want to spend the time doing that, or as is more accurate in corporate settings, the general turnover of the team is high enough that no one is around long enough to build that deep foundational product knowledge, and to be frank most people do not care enough.
This is why telemetry happens, its faster, easier and more resilient to organizational turmoil.
the problem is that nobody listened to Alan Kay and writes dynamic code the way they'd write static code but without the types.
I always liked Rich Hickey's point, that you should program on the inside the way you program on the outside. Over the wire you don't rely on types and make sure the entire internet is in type check harmony, it's on you to verify what you get, and that was what Alan Kay thought objects should do.
That's why I always find these complaints a bit puzzling. Yes in a dynamic language like Ruby, Python, Clojure, Smalltalk you can't impose global meaning, but you're not supposed to. If you have to edit countless of existing code just because some sender changed that's an indication you've ignored the principle of letting the recipient interpret the message. It shouldn't matter what someone else puts in a map, only what you take out of it, same way you don't care if the contents of the post truck change as long as your package is in it.
Early BSD VM pre-allocated swap backing for every anonymous page — you couldn't allocate virtual memory without a swap slot reserved for it, even if the page was never paged out.
When a process forks, the child needed swap reservations for the parent's entire address space (before exec replaces it). A large process forking temporarily needs double its swap allocation. If your working set is roughly equal to physical RAM, fork alone gets you to 2x.
This was the practical bottleneck people actually hit. Your system had enough RAM, swap wasn't full, but fork() failed because there wasn't enough contiguous swap to reserve. 2x was the number that made fork() stop failing on a reasonably loaded system.
The later overcommit/copy-on-write changes made this less relevant, but the rule of thumb outlived the technical reason. Most people repeating "2x RAM" today are running systems where anonymous pages aren't swap-backed until actually paged out.
Today swap is no longer about extending your address space, it's about giving the kernel room to page out cold anonymous pages so that RAM can be used for disk cache.
A little swap makes the system faster even when you're nowhere near running out of memory, because the kernel can evict pages it hasn't touched in hours and use that RAM for hot file data instead.
The exception is hibernation — you need swap >= RAM for that, which is why Ubuntu's recommendations are higher than RedHat's 20% of RAM.
When you have Apple managing your keychain, your passwords stored in that, your passkeys stored in that, them filling in your MFA info by reading your email and SMS on every device, supplying your primary email account and all your throwaway addresses, and possibly trying to tie you into their OAuth or whatever for a third party, you are fucked if something goes trivially wrong.
S3 sleep was a solved problem until Microsoft decided that your laptop must download ads^Wsuggestions in the background and deprecated it. On firmwares still supporting S3, it works perfectly.
It started in the '80s. PostScript was the big deal. It was a printer language, not a document language. It was not limited to “(mostly) text documents”, even though complex vector fonts and even hinting were introduced. For example, you could print some high quality vector graphs in native printer resolution from systems which would never ever get enough memory to rasterise such giant bitmaps, by writing/exporting to PostScript. That's where Adobe's business was. See also NeWS and NeXT.
However, arbitrary non-trivial PostScript files were of little use to people without a hardware or software rasteriser (and sometimes fonts matching the ones the author had, and sometimes the specific brand of RIP matching the quirks of authoring software, etc.), so it was generally used by people in publishing or near it. PDF was an attempt to make a document distribution format which was more suitable to more common people and more common hardware (remember the non-workstation screen resolutions at the time). I doubt that anyone imagined typical home users writing letters and bulletins in Acrobat, of all things (though it does happen). It would be similar to buying Photoshop to resize images (and waiting for it to load each time). Therefore, competitor to Word it was not. Vice versa, Word file was never considered a format suitable for printing. The more complex the layout and embedded objects, the less likely it would render properly on publisher's system (if Microsoft Office did exist for its architecture at all). Moreover, it lacked some features which were essential for even small scale book publishing.
Append-only or versioned-indexed chunk-based file formats for things we consider trivial plain data today were common at the time. Files could be too big to rewrite completely each time even without edits, just because of disk throughput and size limits. The system could not be able to load all of the data into memory because of addressing or size limitations (especially when we talk about illustrations in resolutions suitable for printing). Just like modern games only load the objects in player's vicinity instead of copying all of the dozens or hundreds of gigabytes into memory, document viewers had to load objects only in the area visible on screen. Change the page or zoom level, and wait until everything reloads from disk once again. Web browsers, for example, handle web pages of any length in the same fashion. I should also remind you that default editing mode in Word itself in the '90s was not set to WYSIWYG for similar performance reasons. If you look at the PDF object tree, you can see that some properties are set on the level above the data object, and that allows overwriting the small part of the index with the next version to change, say, position without ever touching the chunk in which the big data itself stays (because appending the new version of that chunk, while possible, would increase the file size much more).
Document redraw speed can be seen in this random video. But that's 1999, and they probably got a really well performing system to record the promotional content.
https://www.youtube.com/watch?v=Pv6fZnQ_ExU
PDF is a terrible format not because of that, but because its “standard” retroactively defined everything from the point of view of Acrobat developer, and skipped all the corner cases and ramifications (because if you are an Acrobat developer, you define what is a corner case, and what is not). As a consequence, unless you are in a closed environment you control, the only practical validator for arbitrary PDFs is Acrobat (I don't think that happened by chance). The external client is always going to say “But it looks just fine on my screen”.
Good post. For anyone wondering "why do we have these particular resolutions, sampling and frame rates, which seem quite random", allow me to expand and add some color to your post (pun intended). Similar to how modern railroad track widths can be traced back to the wheel widths of roman chariots, modern digital video standards still reverberate with echoes from 1930s black-and-white television standards.
BT.601 is from 1982 and was the first widely adopted analog component video standard (sampling analog video into 3 color components (YUV) at 13.5 MHz). Prior to BT.601, the main standard for video was SMPTE 244M created by the Society of Motion Picture and Television Engineers, a composite video standard which sampled analog video at 14.32 MHz. Of course, a higher sampling rate is, all things equal, generally better. The reason for BT.601 being lower (13.5 MHz) was a compromise - equal parts technical and political.
Analog television was created in the 1930s as a black-and-white composite standard and in 1953 color was added by a very clever hack which kept all broadcasts backward compatible with existing B&W TVs. Politicians mandated this because they feared nerfing all the B&W TVs owned by voters. But that hack came with some significant technical compromises which complicated and degraded analog video for over 50 years. The composite and component sampling rates (14.32 MHz and 13.5 MHz) are both based on being 4x a specific existing color carrier sampling rate from analog television. And those two frequencies directly dictated all the odd-seeming horizontal pixel resolutions we find in pre-HD digital video (352, 704, 360, 720 and 768) and even the original PC display resolutions (CGA, VGA, XGA, etc). To be clear, analog television signals were never pixels. Each horizontal scanline was only ever an oscillating electrical voltage from the moment photons struck an analog tube in a TV camera to the home viewer's cathode ray tube (CRT). Early digital video resolutions were simply based on how many samples an analog-to-digital converter would need to fully recreate the original electrical voltage.
For example, 720 is tied to 13.5 Mhz because sampling the active picture area of an analog video scanline at 13.5 MHz generates 1440 samples (double per-Nyquist). Similarly, 768 is tied to 14.32 MHz generating 1536 samples. VGA's horizontal resolution of 640 is simply from adjusting analog video's rectangular aspect ratio to be square (720 * 0.909 = 640). It's kind of fascinating all these modern digital resolutions can be traced back to decisions made in the 1930s based on which affordable analog components were available, which competing commercial interests prevailed (RCA vs Philco) and the political sensitivities present at the time.
Where is the next cheap lentils/legumes/nuts/yogurt/vegetables fast food restaurant?
I think it's a weird concept of a society where all the parts of it with money are directing people to do one thing - but at the same time, the people are expected to do the exact opposite and it's their own fault if they follow the coercion...
this date obsession is moronic, especially when we are talking about technology over forty years old. Next time you are tempted to spam the date, wait, and see if conversation still happens without your vital input.
There are many articles missing a (2025) addition, so get to work!
Name a single prevented bootkit that wasn't able to avoid the encryption and signature verification toolchain altogether.
Malware developers know how to avoid this facade of an unlocked door.
Users do not.
That's the problem. It's not about development, it's about user experience. Most users are afraid to open any Terminal window, let alone aren't even capable of typing a command in there.
If you argue about good intent from Microsoft here, think again. It's been 12 years since Stuxnet, and the malware samples still work today. Ask yourself why, if the reason isn't utter incompetence on Microsoft's part. It was never about securing the boot process, otherwise this would've been fixed within a day back in 2013.
Pretty much all other bootkits also still work btw, it's not a singled out example. It's the norm of MS not giving a damn about it.
This is such a stark contrast with how "critical infrastructure" is built now.
A university bought a 5ESS in the 80s, ran it for ~35 years, did two major retrofits, and it just kept going. One physical system, understandable by humans with schematics, that degrades gracefully and can be literally moved with trucks and patience. The whole thing is engineered around physical constraints: -48V, cable management, alarm loops, test circuits, rings. You can walk it, trace it, power it.
Modern telco / "UC" is the opposite: logical sprawl over other people's hardware, opaque vendor blobs, licensing servers, soft switches that are really just big Java apps hoping the underlying cloud doesn't get "optimized" out from under them. When the vendor loses interest, the product dies no matter how many 9s it had last quarter.
The irony is that the 5ESS looks overbuilt until you realize its total lifecycle cost was probably lower than three generations of forklifted VoIP, PBX, and UC migrations, plus all the consulting. Bell Labs treated switching as a capital asset with a 30-year horizon. The industry now treats it as a revenue stream with a 3-year sales quota.
Preserving something like this isn't just nostalgia, it's preserving an existence proof: telephony at planetary scale was solved with understandable, serviceable systems that could run for decades. That design philosophy has mostly vanished from commercial practice, but it's still incredibly relevant if you care about building anything that's supposed to outlive the current funding cycle.
It's exactly why taking a trip through the ops/infra side is so important for people - you learn why LTS-style engineering is so important. You learn to pick technologies that are stable, reliable, well-supported by a large-enough people who are conservative in their approach, for anything foundational, because the alternative is migration pain again and again.
Bzzt! Wrong! I have worked with ASN.1 for many years, and I love ASN.1. :)
Really, I do.
In particular I like:
- that ASN.1 is generic, not specific to a given encoding rules (compare to XDR, which is both a syntax and a codec specification)
- that ASN.1 lets you get quite formal if you want to in your specifications
For example, RFC 5280 is the base PKIX spec, and if you look at RFCs 5911 and 5912 you'll see the same types (and those of other PKIX-related RFCs) with more formalisms. I use those formalisms in the ASN.1 tooling I maintain to implement a recursive, one-shot codec for certificates in all their glory.
- that ASN.1 has been through the whole evolution of "hey, TLV rules are all you need and you get extensibility for free!!1!" through "oh no, no that's not quite right is it" through "we should add extensibility functionality" and "hmm, tags should not really have to appear in modules, so let's add AUTOMATIC tagging" and "well, let's support lots of encoding rules, like non-TLV binary ones (PER, OER) and XML and JSON!".
Protocol Buffers is still stuck on TLV, all done badly by comparison to BER/DER.
What they didn't mention in the article and most Wi-Fi historical narrative is the critical contribution from OFDM modulation waveform technology, the idea originated and patented by the radio astronomy research of CSIRO Australia [1],[2].
In the early days of Wi-Fi, IEEE 802.11 group was still testing spread spectrum and OFDM with 802.11b and 802.11a, respectively. But then it's become apparent that the best bandwidth come from the proper orthogonality of wireless modulation aka OFDM [1].
At the time of the OP article back in 2003 the incumbent cellular mobile modulation of 3G is still spread spectrum based CMDA system but by 4G it's OFDM all-in and the rest is history. CSIRO become much richer due to the patent, and radio astronomy based technology generated some hard cash for the research institute that mainly pursuing science.
The fact that people were uncomfortable with simply having their pictures taken and shown without their knowledge gives lie to the idea that "You're in a public place—of course you have no right to privacy." It's great to be given the chance to face your principles.
Yes they are. Unhelpful distractions that are workshopped and focus grouped. Stop adopting the bizarre terminology of the enemy, and their goofy neologisms, and just talk about the issue in straightforward English.
We didn't need a different word for not being able to install an application on your phone without the permission of the company that made it. We needed a different word for the thing that was new, which is the company that makes the thing that you own refusing you permission to use it as you see fit.
No, that isn't the problem. The problem is that you are comparing a human in one corner (mortal, fallible, made of meat, imperfect, objectively poor) with a very large conglomerate of corporations on the other side (immortal, disembodied, transnational, legal staff on retainer, very, very wealthy, made of paper, hard to criticize in the same way that you could criticize a person). No corporation is even going to put weird stuff in their mouth on camera or look unkempt. They'll make their arguments, reasonably, legally watertight and accompanied with bags of money through their lobbyists.
Corporations get away with a lot precisely because they're not the government. That’s the trick: shift functions out of the state and into private enterprise, and suddenly the protections that would have applied no longer do. Every "free speech" thread eventually devolves into the same conclusion: the First Amendment only binds the government.
So the threat model isn't uniform. There's no one-size-fits-all. Depending on how you assess risk, you might reasonably conclude that government services pose less danger than private actors, and someone else might see the inverse.
Exactly and literally; from the roots of "de"="off" and "caedere"="to cut" [0]
If you can't cut something off, you cannot decide.
decision (n.)
mid-15c., decisioun, "act of deciding," from Old French décision (14c.), from Latin decisionem (nominative decisio) "a decision, settlement, agreement," noun of action from past-participle stem of decidere "to decide, determine," literally "to cut off," from de "off" (see de-) + caedere "to cut" (from PIE root *kae-id- "to strike").
I'm reminded of how time pieces such as sundials changed societies, and how some ancients almost lost their minds due to this new development.
“The Gods confound the man who first found out
How to distinguish the hours---confound him, too Who in this place set up a sundial
To cut and hack my days so wretchedly
Into small pieces
! . . . I can't (even sit down to eat) unless the sun gives leave. The town's so full of these confounded dials . . .”
― Plautus
> What could they possibly want with the data of a group of people who are by construction not spending money on a VPN? They'd be storing it at a loss.
This is the exact point where our conclusions diverge.
Why are they sending themselves so much "useless" data-intensive logs by default, from their non-paying clients that accounts for roughly ~95% of the userbase and from a profitable business perspective, largely ineligible for troubleshooting support? For me, the only logical conclusion is that the data is valuable to them.
As someone who also cares about privacy, hear are a few things that IMO suggest that free customers' logs are a part of their business model:
* Their documentation has plenty of references to security, but no references to privacy outside of the privacy policy.
* They have all but eliminated any revenue stream from average user when they made an unsolicted announcement that they upgraded their free plan to allow 100 devices and 5 users.
* The content they sponsor for marketing/advertising seems targeted for consumers instead of networking professionals. I don't see Cisco and Palo Alto Networks sponsoring every Linux/self-hosting podcast or YouTube channels for example.
* Even the flag-name for turning off logging is mild deterrent based on what you will lose (`--no-support`) as opposed to being neutral '--no-logging' or truly descriptive like most FOSS companies that are not pushing an ulterior motive such as '--no-analytics'.
* logs cannot be disabled for phones
* In my experience, disabling logs was perhaps the only thing that was not configurable through the GUI
I'm into privacy and still relatively new on the networking scene thanks to setting up OpenWrt on my router. Am I correct that when tailscale updates/hijacked resolv.conf, subsequent DNS resolution is passed onto them on visited websites even when tailscale is not being used? No, they can't "read" your traffic, but if I understand things right, they know every website you visited and for how long, which is more than enough data for a rich marketing profile. That was my takeaway before I jumped ship for a self-hosted solution.
My understanding is that they have the holy grail of data because they are getting all of your LAN, WAN and mobile network traffic. I'm not aware of (m)any companies whose business model allows access to all three? It's like if your ISP and your Mobile Network had a baby on your local server, and that baby reports every website you visit.
That is the self-interested feeling that Open Source preys on.
And I do mean "prey" with a negative connotation. One of the biggest perks of Open Source from a company's perspective is that you can get developers to work on your project for free without paying them. However, those same developers have very little say in the direction of your product, and any forking of your project would have to compete the economies of scale that come from being a company. The only downside is that you have to worry about being out-scaled by a bigger company, as the developers of ElasticSearch, Redis, Docker, and others found out first-hand.
This is distinct from Free Software, which has different dynamics that are much more friendly to mutual benefit, collaboration, and forking, especially if there's no CLA that pools all of the copyright into one corporate or non-profit entity. But then again, this sort of Free Software moralizing is expressly the reason why Open Source was created as an alternative in the first place. The OSI even used to admit as such on their website:
The original point of cable was Community Antenna TV, where you'd get a much better quality signal (and often even additional out-of-market but nearby channels). Then broadcasters decided to go into specifically seeking nationwide coverage (Ted Turner was a pioneer in this area). They also decided, due to the sports leagues, that cable should only deliver local stations in the same market as your location through blackouts (through my childhood I went from getting three ABC affiliates and two CBS affiliates, to one of each). It became unprofitable to manage blacking out the out-of-market station any time they were both running network or sports programming, so the out-of-market stations were generally removed (I also wouldn't be surprised if negotiations for retransmission consent included terms preventing carriage of out-of-market stations).
When something is off, way off, or you can't find a plausible explanation, that means it is a long term thing not in the general populace's sight, yet. It comes later, might be a move in order to pave way for something or moving something out of the way for something.
The big corps are NOT autonomous, they are moved around like chess pieces. They are tentacles of a bigger entity, whatever that is.
Not quite. There was nobody holding back on sharing for legal reasons, and it didn't prevent lawsuits.
The LiViD mailing list was full of people trying to get DVDs working with Linux, and they were already quite far into it. Derek Fawcus had already written the drive authentication code (so the drive would allow the host to read most disc sectors).
A piracy group, DrinkOrDie, reverse engineered the Xing DVD player for Windows and released DoD DVD Speed Ripper (no source code).
MoRE (Masters of Reverse Engineering) also reverse engineered the Xing DVD player and released DeCSS (no source code).
MoRE consisted of "mdx", "the nomad" and Jon Lech Johansen. "the nomad" reverse engineered the Xing DVD player. "mdx" used them to write a decrypter. Jon made a GUI frontend.
Prior to DeCSS's release, someone sent Derek Fawcus the decryption code. And he got around to playing with it, and was going to publish it on the LiViD list.
But before he did, DeCSS came out, and also its source code leaked, and Fawcus noticed his own code was in it (the drive authentication code), stripped of his credit. He complained about this and Johansen got in touch, and ultimately he allowed DeCSS to use his code under a non-GPL license.
Then, famously, Norway's "economic crime" unit brought criminal charges against Johansen. Ultimately, they concluded that Johansen himself hadn't infringed anything, because it was Derek Fawcus, "the nomad" and "mdx" who did that, and they're not Norwegian.
So, with that in mind:
- the LiViD mailing list would almost certainly have developed a DVD solution for Linux, not caring about clean room implementation, if DeCSS had not beaten them to the punch
- the fame DeCSS got also brought the angry litigators (though eventually justice prevailed)
> Something that may be of interest to people in the states is that I've had an offer of help to produce a specification of the algorithm - from which a third party could produce an implementation. i.e. proper clean room approach. This doesn't really matter from my point of view (or in my opinion most Europeans) but may be of use to the Yanks.
There's a nation proud of overspinning enrichment turbines with a complicated computer virus that can even work offline. No conspiracy, that's just StuxNet.
So, when you start learning about tech, you get paranoid. If you're not, it's even weirder.
The fact that someone can target you, individually, is undisputable. Whether it will or not, that's another question.
What I can recommend if you think you are being observed, is to avoid the common pitfalls:
Don't go full isolationist living without technology. That is a trap. There is nowhere to hide anyway.
Strange new friends who are super into what you do? Trap.
You were never good with girls but one is seemingly into you, despite you being an ugly ass dirty computer nerd? That is a trap. Specially online but not limited to it.
Go ahead, be paranoid. When an article comes to probe how paranoid you are, go ahead and explain exactly how paranoid you have become.
But live a normal life nonetheless, unaffected by those things. Allow yourself to laugh, and be cool with it.
Hundreds of clone accounts doxxing me? Well, thanks for the free decoys.
Constant surveillance? Well, thank you for uploading my soul free of charge to super protected servers.
Dodgy counter arguments in everything in care to discuss? Sounds like training.
The paranoid optimist is quite an underrated character. I don't see many of those around.
Example of the new gen: https://www.amazon.com/Wiitek-Transceiver-Compatible-UF-RJ45...
Old gen: https://www.amazon.com/10Gtek-SFP-10G-T-S-Compatible-10GBase...
Typically the old gen uses a Marvell AQR113C, and the new gen uses a Broadcom chip that I forget the number of off hand.