Brief items

Facebook even creates "shadow profiles" of nonusers. That is, even if you are not on Facebook, the company may well have compiled a profile of you, inferred from data provided by your friends or from other data. This is an involuntary dossier from which you cannot opt out in the United States.

In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like and how difficult it would be in practice to implement one. In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against "golden chips". We demonstrate the effectiveness of our approach by inserting Trojans into two designs—a digital post-processing derived from Intel's cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation—and by exploring their detectability and their effects on security.

But the Monero problems exemplify a special problem of blockchain anonymity. By design, every transaction in the blockchain is irrevocably, universally, permanently public. That means that when new defects are discovered in a blockchain-based anonymity tool, attackers can download all the transactions that ever took place under the flawed anonymity protocol and go to work de-anonymizing them.

That's a problem in other privacy domains: spy agencies are understood to be storing vast quantities of encrypted traffic intercepted from the public internet against the day that a defect is discovered in the encryption method used to scramble it; hashed password archives live on forever in the web, waiting to be decrypted using new, superior attacks on their hashing algorithms, and so on.

    #define __typecheck(x, y) \
		(!!(sizeof((typeof(x)*)1 == (typeof(y)*)1)))

    #define __is_constant(x) \
	(sizeof(int) == sizeof(*(1 ? ((void*)((long)(x) * 0l)) : (int*)1)))

    #define __no_side_effects(x, y) \
		(__is_constant(x) && __is_constant(y))

    #define __safe_cmp(x, y) \
		(__typecheck(x, y) && __no_side_effects(x, y))

    #define __cmp(x, y, op)	((x) op (y) ? (x) : (y))

    #define __cmp_once(x, y, op) ({	\
		typeof(x) __x = (x);	\
		typeof(y) __y = (y);	\
		__cmp(__x, __y, op); })

    #define __careful_cmp(x, y, op)			\
		__builtin_choose_expr(__safe_cmp(x, y),	\
				      __cmp(x, y, op), __cmp_once(x, y, op))
 
    #define max(x, y)	__careful_cmp(x, y, >)

Filesystems aren't like drivers or memory management - you can't reboot to fix a filesystem corruption or data loss bug. User's tend to care a lot more about their data and cat photos than they do about how often the dodgy hardware they bought on ebay needs OS rebooting to get working again.

A small voice in my head says "that wants a comment".

But a bigger voice disagrees.

It is a work of art, and maybe the best documentation is just the name. It does what it says it does.

Art shouldn't be explained. It should be appreciated.

At that point I decided to give up on NuTyX's more esoteric features. There was another interesting option I had wanted to check - moving from SysV to systemd - but, frankly, I was slowly losing the will to live.

If there were 14 source-based distros out there we could all pick the one that most aligns with our favorite communications philosophy, PID 1, and text editor. Unfortunately there are barely enough of us to make one distro viable, so we're just going to have to find something we can all live with before everybody ends up rage quitting.

As much as they call it "computer science", most software development and operations is part cargo-cult and part performance art. Some people will say you have to dance naked in front of the database server for the accounts receivable to work, and others will say that a chicken sacrificed is all that is required. We all know that the few times we didn't do it, bad stuff happened.. but we can't be sure which one gets us a paycheck or not. [This of course an exaggeration. Payroll completes because the plane gods flew over and no amount of dancing or chicken sacrifices will fix that.]

Next I tried to pop up a level to give a general tenet instead of just a laundry list of dumb things I had worked around, and looking around at the public furniture in the town square, it came to me: look for the duct tape. Look for the patches to the original system which were done by people who actually work in a given space. Track down the sharp edges which have been systematically covered up by users who were more interested in being productive and weren't willing to fight with the owners of the system to get things changed upstream.

In concrete terms, go around and find out what kind of little one-off tools people have designed. Talk to them and hear their stories. Look in their personal bin directories. Take notes and look for patterns. See if anything stands out, or if anything particularly compelling grabs you during the interviews.

Then, if you go off and build something new to soften a rough edge, not only do they get to remove the duct tape, but you have a bunch of interested users from day one. Also, just think of the goodwill that is bound to follow when they realize that finally, someone cares about the end-user experience, and is willing to adapt upstream to make their lives better.

There are many more suggestions I might make, but I'll leave you with one final one. Don't expect the project you re-join to be the same project you left. In your absence things will have progressed with respect to the project, others in the community, and yourself. Don't be saddened by this, instead rejoice in the diversity of life and dig back in with gusto.