You're all holding on to your old Thinkpads and PowerPC due to having slightly lower exploits. At some point the industry might kill any use it has. Firefox gets more and more bloated over time, new codec's are more difficult to run real time without lots of complex FP units or a hardware decoder. Heck, even encryption will start to be a burden as filesizes AND stronger encryption standards are neccecairy due to bigger supercomputers. Risk-v and Elbrus are still so far away from consumers and still haven't fixed or improved fundamental security issues that powerPC and Thinkpads are suffering from. Like how FP units almost always exclusively leak enough information for power analysis to work. Then we have projects like selinux and other microkernels failing to reduce complexity in order to be usefull for everything from realtime applications to desktops and servers. Their threat model also doesn't include all manners of operation. Denial of Service is still an issue.
There is no hardware in sight to fix this. There is no software to limit all theoretically preventable computing issues. Software that does, is most likely too complex to give guarantees. We've moved the industry forward based on risk taking without knowing wether a doomsday can happen. Secure CPU's should have stayed with integer operations. floating points are clearly too advanced for our weak brained species still.
>What is the Final Solution?
There's no final solution. Mathematics is imperfect by itself.
That said, there is some advancements being done:
>Firefox gets more and more bloated over time
Don't use Firefox, then. I'm sending this message through Links 2.18. Alternative web browsers will always exist.
>new codec's are more difficult to run real time without lots of complex FP units or a hardware decoder.
Once AV1 decoder gets more optimized, we'll probably not see a change in this for more than a decade to come. Also, Simple-V guys can probably implement a ASIC for this until then.
>stronger encryption standards are neccecairy due to bigger supercomputers.
Might not be the case. See Isogenies:
http://isogeny.org/ >Risk-v and Elbrus are still so far away
Not really. Microcontrollers are already starting being used. See SweRV and FADU SSD.
>Like how FP units almost always exclusively leak enough information for power analysis to work.
Sail can solve this on RISC-V:
https://github.com/rsnikhil/Temporary_TGISA/blob/master/Sail.md >microkernels failing to reduce complexity in order to be usefull for everything
The issue is not the microkernels. It's the drivers and firmwares. Microkernels like seL4 is very simple and secure, but the drivers cannot be easily adapted. One solution is rumprun kernels:
https://github.com/rumpkernel/rumprun >Their threat model also doesn't include all manners of operation.
This doesn't even makes sense.
>Denial of Service is still an issue.
That's a issue with the protocol. A distributed meshnet could be the solution but I highly doubt this will happen.
>Software that does, is most likely too complex to give guarantees.
Computers are complex by itself. But, I do think we could get in a state of "high-assurance" of security. This will require:
- A processor that has formal specification and verification. Bluespec is doing this, for example, with Draper DOVER.
- A firmware that is formally verified. The ADACore Company is doing this to Nvidia (not open-sourced). Maybe some madman manages to get coreboot verified in the future (doubt so)
- Secure boot firmware. SABLE bootloader and a secure "enclave" such as Keystone.
- A secure compiler and a safe language. Currently only CompCert and CakeML. For languages, general purpose only F-star, but domain-specific there's many (Cryptol and Cogent, for example).
- A verified kernel. seL4 already solves that.
- Making it usable and secure. That's complicated. Using rumprun unikernels and genode separation could be a solution:
https://genodl4arm.critical.com/
>>4420 >Firefox
I understand there are plenty of alternatives, for nanochan browsing. But if I have to use firefox for menial tasks like banking or govt websites then its pointless.
>Simple-V guys can probably implement a ASIC for this until then.
A reality check has changed my view on this. These open arches are incredibly underfunded and fight an uphill battle for everything compared to Intel/AMD/Nvidia's several tapeouts each costing anywhere between 1-10 million. Developing an Asic to do 2Mbps from the ground up is probaly more expensive than software decode for the same 2Mbps. But what if you license decode IP? Then your arch wouldn't be fully open source anymore and others wont even be able to fully audit your arch. Not to mention the goal of Risk-V was in part, open source and free of licensing.
>FP units almost always exclusively leak enough information for power analysis to work.
Sail can solve this on RISC-V:
Just in time for the next security bulletin.
https://rambleed.com/ >RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes.
There is so much information that can be gained from simple power analysis tools and brute force bit flipping. we're lucky no one truly evil and smart has found a computer hobby. If developing a new arch is more complex than a kernel, and if the kernel can't even guarantee a properly abstracted userspace. Then there's no state we can trust anything the computer tells us.
>>Their threat model also doesn't include all manners of operation.
>This doesn't even makes sense.
I'm talking about anything from storage space to bandwidth requirements. Anything that can prevent or influence another program's state in a severe capacity is dangerous, like sharing Dram bandwith without restrictions or cache evictions. Intel is already notorious for adjusting clockspeed in a very specific way when using AVX512. Literally signalling to all threads in the vicinity that another program is present and which threads it uses. This issue is similar to traffic bandwith analysis on the ISP level. Realtime or high priority processes are another security bane. imagine having to have a realtime thread next to several threads that can destroy all your performance. Sattelites and rovers fixed this by just redesigning all software and hardware to have hard realtime limits. Yet your Tor node and credentials server doesn't have this luxury and unless you're google you can't have seperate hardware for everything.
>A distributed meshnet could be the solution but I highly doubt this will happen.
That's my thinking too. Just that I'm even more Nihilistic about computing.
>- A secure compiler and a safe language.
I'm very sceptical towards "Safe Language" as it usually involves practices like rusts way of being "thread safe" exept when you explicitly tell it to not worry about thread safety. Which kinda defeats the point of the language. you can add compiler time checks for thread safety in gcc and clang and achieve the same with C. I dont see how these languages revolutionised programming in the same way C did for ASM. Or ASM did for ML.
>>4399 AFAIK that project is dead. dev lead is now working on risk-v GPU support.
security scares aren't going to be limited to CPU's from now on. lots of components have DMA to your RAM. which means the next sec scare is gonna come from GPU's, Wifi cards, bios and NVME drives.
>>4431 >for nanochan browsing.
I actually use it in nearly all cases. Even accessing webmail.
But, I do understand your point. I also think this is a issue with "banking or govt websites". There's more secure ways to access these services, they just don't care or don't have enough resources to make it happen. In serious bussiness they already use VPNs (the case of intelligence agencies such as BND and GCHQ).
>A reality check has changed my view on this.
I agree, but RISC-V is different in some ways. There's some people with money working on it (Google, Microsoft, WesternDigital, SiFive, etc). And, it's already being deployed in real world. For example, in Hensoldt and Galois.
>Just in time for the next security bulletin.
Yeah, I've read that too. Notice that one of the researchers work on Data61, the same company that did seL4. Gernot Heiser did a nice research on timing attacks too:
https://eprint.iacr.org/2016/613 >Then there's no state we can trust anything the computer tells us.
Agreed. In the current state, is a massive chain-of-trust. Check DeepSpec:
https://deepsec-prover.github.io/ >"thread safe" exept when you explicitly tell it to not worry about thread safety.
That's not the case of pure functional dependently-typed languages like F-star.
>>4432 >That's not the case of pure functional dependently-typed languages like F-star.
Looks very promising. I haven't used Fstar. skimming over it, it seems to integrate unit-type tests with coding which I like. It prevents error paradigms that compilers can't catch, like proof of sanitised data structures.
My primary criticism with functional programming languages is that they dont communicate well with other languages like C. They claim to compile to OCAML C, ASM etc. As long as their compiler is decent enough and I dont have to touch the files then I think they have a great product.
Maybe I should build a program to check Fstar's assertions...
Coming on github soon; Fstar-Check, AKA, F*CK for short.
>>4431 >Firefox is the only graphical browser and all other alternativies are text based
>what is Pale Moon, what is Falkon, what is -insert one of a large assortment of independent graphical browsers here-
While, as far as I know, Pale Moon is the only graphical browser that could survive just fine if Google and Mozilla died as companies right now (Pale Moon isn't dependent on Google or Mozilla code, unlike Ungoogled Chromium, Falkon, Otter, IceCat, etc.), it is VERY silly to be all doom and gloom and cuckey to Mozilla in this aspect.
Are nanons living under a rock, or am I missing something here?
that's not the problem. security, privacy and control over your hardware/software is all pointless if you are unable to use it for all tasks in your life. if your work simply mandates the use of trackers and nothing exept firefox/chrome can be used to access email/govt website then your work is pointless. pale moon doesn't have feature parity with ff therefore it might not be feasible in the future. and even if it had. the complexity of it would make it fall in all the same traps as ff. like how remote code execution "can" be done safely yet javascript is what we've gotten.
Just buy some shit that just works, bridge it through hardware you control and lock it down as much as possible.
Bitching about computers getting heavier and more locked down is pointless if you're all in the x86 botnet which is concerned solely with performance metrics for vidya and penis waving.
>>4342 laptops have been dead unusable corporate bullshit since (((U)))EFI
>At some point the industry might kill any use it has.
That's not a thing.
>Firefox gets more and more bloated over time,
Firefox has been unusable since around 2011 m8. The web is already dead, you literally can't use it without limiting yourself to one of the 5 non-bloated websites like nanochan, or using some bloated plugin like u-Whateverthefuck.
>new codec's are more difficult to run real time without lots of complex FP units or a hardware decoder.
It looks like you think clickbait becoming more bloated means we can't use our computers for any purpose anymore. Noone who actually has real work to do is going to buy some $4000 (projected price for 5 years from now when what you say happens) gaymer machine to watch some videos needed for their work.
>>4833 >Are nanons living under a rock, or am I missing something here?
Palemoon is actual garbage. I used it for years. I'm using it right now. It's unusable and the web is unusable. This will never be fixed. The web will will die for good soon. And Google or some faggots will pitch some gay shit as the successor unless someone else acts fast.
there are people using ultraportable netbooks and shits like that. if they make software too slow it won't work on them
>At some point the industry might kill any use it has.
false, industry can't do shit
>Firefox gets more and more bloated over time
then we can make fork to remove bloat from it. or stick to old versions. or use another browser
>new codec's are more difficult to run real time without lots of complex FP units or a hardware decoder.
then don't use them, there are no reasons to use them
h265 is 10 times slower to encode and decode than h264, but only offers maybe 30% smaller file size. don't use h265 and fuck this 30%. also don't use high resolution video as it's a meme
>Heck, even encryption will start to be a burden as filesizes AND stronger encryption standards are neccecairy due to bigger supercomputers.
false. make long password and your encryption won't be bruteforced even by magic alien ultracomputer. current encryption standards are very strong, might be enough for your lifetime or longer
>Then we have projects like selinux and other microkernels failing to reduce complexity in order to be usefull for everything from realtime applications to desktops and servers.
that's because they are open source. open source developers are shit, open source development doesn't work
>There is no hardware in sight to fix this.
use old hardware and many layers of defense
>>4431 >But if I have to use firefox for menial tasks like banking or govt websites then its pointless.
you don't have to use banking and govt websites
if you really want you could implement something like Weboob/youtube-dl for your bank or govt site
>>7206 >laptops have been dead unusable corporate bullshit since (((U)))EFI
can use old one without UEFI
>It's unusable and the web is unusable.
why aren't we doing what Weboob is doing? or youtube-dl? we need more software like this
implement websites or class of websites as an application
https://weboob.org
>>7206 Not even gonna disagree.
Use ungoogled-chromium with uMatrix , uBlock and HTTPS Everywhere.
That will cut the fuckin pork down.
Throw in DNS over TLS for extra security.
>>7226 >why aren't we doing what Weboob is doing? or youtube-dl? we need more software like this
correct
>>7227 >Use ungoogled-chromium with uMatrix , uBlock and HTTPS Everywhere.
no
>Throw in DNS over TLS for extra security.
jesus christ shut the fuck up
>>7228 i think he's talking about 4K+ resolutions, which don't have any real evidence of making a (big) difference. i mean for starters just look at a 4K video on 1080p and it will look better than any 1080p video on 1080p, because compressed movies are terrible to begin with.
Is this thread basically just the having a problem with things getting too big to be able to ethically use them?
>the emoma thing
Great so now we'll have more throwaway culture, now in a libre™ package.
>I can't 4k on old computers, which makes me sad because they are better than newer ones
>Business people won't care about the performance intensive "BEST QUALITY!" fad and so things will be okay
"Business" people don't give a single shit about anything, all they want is their MS Office, Adobe Cloud, AutoCAD and whatever messaging app is the flavor of the day bullshit.
If you need permanence and give a shit about ethics, here's the Talos II, Purism and arguably System76 if you have the $.
Or get some derp ass freedom-board RPI clone, hook it up to the cheapest non-smart 4k TV and play your shit that way.
Or if you need a mobile device, Purism has a couple, or LineageOS is your friend.
>F-Star
Human readability is the reason why shitty programming languages win and better ones have and will fail.
Example:
Python? Yeah you might be able to figure that out.
C? Haha what the fuck. You need 4 fucking lines of code just to make sure your int (that's acting as the godamn reference point for whatever it is you are doing because some thought that was a good idea) doesn't choke itself to death because of a "segfault", a missplaced semi-colon or some archaic error of "LMAO RTFM FAGGOT". WHO GIVES A FUCKING SHIT ABOUT THAT, I HAVE SHIT TO DO, I DON'T WANNA WORRY ABOUT A FUCKING SEMICOLON SHITTING EVERYTHING UP!!!!!!!!!!!!!
Eventually it will probably all get too big for the existing processing units, and so they will be forced to software optimize finally. In the meantime, support ethical shit and shit that isn't bloated. All you can do, really.
The real problem is not "things getting to big", it's things getting too complicated, for what they do.
>>7228 >This is the level of retardation we have here now?
This is the level of goyism we have here now?
>>7230 >i think he's talking about 4K+ resolutions, which don't have any real evidence of making a (big) difference.
even 1080p is a meme
360p@crf23 = acceptable, but a bit blurry
480p@crf23 = pretty good
540p@crf23 = good
720p@crf23 = very good, sharp
what do you gain from more? if you pause 720p and 1080p and look from close you will see more text on person's underwear or cap, but what's the point? you don't watch the video to see what brand is someone's underwear
if someone trades his freedom for botnet to get some more pixels he is a fucking goy
>>7235 >Human readability is the reason why shitty programming languages win and better ones have and will fail.
if readability is a thing then why pascal family languages (pascal, object pascal, ada) are barely used?
>Python?
>C?
both of those are shit
>Eventually it will probably all get too big for the existing processing units, and so they will be forced to software optimize finally
even then, they will only optimize it minimally enough so it barely runs on newest goy Intel-Aviv Core i666
we need to split up with the normalfags. there needs to be two kind computers, software, internet. it already happens, as we sit here on Tor nanochan with Lynx and old hardware, while normals are on facebook with Chrome and newest Intel
>>7273 >pascal
That was only relevant in the before time so doesn't count.
Same reason why BSD never took off, yeah it was there before, but everyone flocks to the newest meme on the block.
Anti-big tech?
Used to be the position of people who want things like FREEDOM and PRIVACY.
Now?
It's the position of people who are mad their cuckservative Twitter or YouTube got taken down.
They, just like the business people they are, don't give a shit and just want their Windows, their MS Office and their Twitter & YouTube.
So they just want the government to force the corps to not ban them. Who cares about the larger issue, or trying to understand it, MUH BOTTOM LINE!!!!!1111
Gab and BitChute!!11111 Who gives a shit about client-side JavaScript, privacy, free software, federation, and minimalism or Tor.
The people who were there before they 'jumped' on the band-wagon and highjacked it for their own purposes, are all but forgotten in the minds of the normies.
>both of those are shit
yes, but python is significantly easier to write in and thus has higher adoption rates among non-autists
>we need to split up with the normalfags
okay but that doesn't mean 4k TV is bad simply because it exists.
if it is to be deemed 'bad' it should be because there is no ethical way to run it.
>>7272 You clearly don't know shit about what you're talking about.
>but what's the point?
To have better image? To replicate what human vision does and, with that, be able to create art?
>trades his freedom for botnet
And how exactly more pixels means less freedom? Are you suffering from some neurodegenerative disease?
More pixels has nothing to do with the codec. You can simply use VP9 or AV1, both are completely free.
>>7292 it seems like you've missed the whole thread, vp9 and av1 are unbearibly slow to encode on slightly old hardware; they are only "free" on the matter of royalties that mean nothing to me
>>7289 >okay but that doesn't mean 4k TV is bad simply because it exists.
>if it is to be deemed 'bad' it should be because there is no ethical way to run it.
it is also bad because it is bloat and waste of bandwidth and storage space
it is also bad because it can be used to trick normalniggers into replacing their "old" 1080p devices
>>7292 >To have better image? To replicate what human vision does and, with that, be able to create art?
720p already provides very good quality for videos. higher resolution provides little improvement, it is not worth paying jews money for devices that support it. and those devices are botnet
>And how exactly more pixels means less freedom?
read thread retard. like >>7293 said
more useless pixels = you need newer hardware and software = more botnet
you cannot run 4k shit on old hardware and software
modern codecs are also making it worse, every new generation of codec require several times more processing power for encoding and decoding
>>7272 are you going to explain what "crf23" means? is that some shit about crap NTSC-tier framerates?
1080p video is compressed garbage and runs at ~25fps. barely even worth calling it video
>>7289 4K TV means Smart TV. even the quality of these products alone is a big enough ethical reason not to use them
>>7292 >And how exactly more pixels means less freedom?
it's been known since like 2009 that Smart TVs are insecure garbage, which is what all 4K TVs are. like they host wireless APs and you just connect and type some special character and it fucks up the code and lets you into the SSH/telnet server (dont ask why the fuck they need an SSH server there)
Even the non-Smart 4K TVs are probably trash. also they lack reviews so why even buy one? a good LCD is one in a million. Even 4K LCDs are worse in almost every way than 2010s LCDs and 2000s LCDs
>>7365 >4K TV means Smart TV.
Not necessarily.
RCA makes the cheapest by price of all 4k TVs, that isn't glowed last I checked.
There are really expensive (like 8-10k) ones that are called "viewscreens" I think, generally used in churches and such, that are more akin to monitors and have no smart device™️ in them.
>>7365 >are you going to explain what "crf23" means?
Constant Rate Factor, it's a setting in x264 encoder that tries to achieve specific, constant quality. 23 is enough. if someone encodes a video with low quality setting, it will look like shit even if it's 1080p or 4k.
>1080p video is compressed garbage and runs at ~25fps. barely even worth calling it video
that's because your video is shit, it doesn't use 1080p potential. if you want higher quality, you do not need 4k screen, you need higher quality video. you can even try to play 4k videos on your 1080p screen.
There's always the option of using newer hardware in application specific compartmentalization. Have your older (trusted) hardware offload specific tasks to the newer (untrusted) hardware that require more oomph. The new hardware doesn't actually have any wireless or Internet connectivity; it acts as a compute node.
>>7289 >So they just want the government to force the corps to not ban them.
>MUH BOTTOM LINE!!
>BUILD A NEW FUCKING NATION GOY
The internet is the new town square. It's were all politicians and any influential company is. The internet now decides if you're hired, whether your business succeeds, and whether you are blacklisted. The masses at large influence how your internet experience is going to be. You don't want to accept the reality of how people are and want everyone else to change to meet your standards which isn't happening. Do you actually reject regulating or restricting big business? It would be much easier for someone like you to be setting technology trends for the average normies and compete against big tech if we had regulations. It should also be much easier for people to sue these companies as many are currently trying to do.
>the larger issue
Money and Power is the real issue you dumb faggot, not what you can blacklist and keep off your client browser. The best thing you suggested is federation but it still costs something. This isn't Mr. Robot. Do you think servers just exist? Do you think software is just developed entirely without any resources or money? Do think people will rebel or even jump ship especially with the demographic complexion turning to the point of no return at a 95 national IQ? It's possible but this would be much easier to deal with and transition away from this if you accepted a legal solution as well.
You don't acknowledge any of this. You sound like an 'individualist' cuckertarian.
>>8007 >You don't want to accept the reality of how people are
On the contrary, I very much am accepting the reality of their behavior, and am pointing out it's stupidity.
>Do you actually reject regulating or restricting big business?
No.
Perhaps you misunderstood >>7289, I am only opposed to short sighted regulation, a la "make it illegal for corporate platforms to ban people they disagree with".
As this solves non of the underlying (technical) problems that created the problem in the first place. I also oppose their (those who support such a "solution") seemingly uncaring attitude, about the underlying technical reasons, as they search only for a "quick fix" of the symptoms.
Not allowing them to ban people at the behest government(s) or while they are "in bed with" government(s), would be a good idea however.
As well as some basic, general privacy regulations, like "don't sell our data to china".
But if you do go ahead with said "solution", it's basically like saying "their is very little wrong with these platforms, aside from the fact they ban people they don't like". And with the symptoms out of the way, the issues fades from any concern.
Additionally, those who generally support such a solution (conservatives and/or free marketarians), are quite hypocritical in that they oppose all intervention in the market, until it no longer works for them (such as this case).
>Money and Power is the real issue you dumb faggot
Again, you seem to have missed the point of >>7289, which is about technical shortsightedness, not so much sociopolitical reasons. Although money is referenced as the preferred thing by those who are shortsighted technically by the presence of "MUH BOTTOM LINE!!!!!11".
>Do you think software is just developed entirely without any resources or money?
Obviously not, though it may be inferred that the system of allocation could be improved upon.
>>7380 >RCA makes the cheapest by price of all 4k TVs, that isn't glowed last I checked.
I saw some like this and they have no reviews so why would you buy them?
>>7385 >that's because your video is shit, it doesn't use 1080p potential.
well 1080p potential is an uncompressed 1920x1080 video at 60FPS with no color subsampling so....
>>8007 >Do you think servers just exist? Do you think software is just developed entirely without any resources or money?
Yes, and YOU are the one joining in the LARP imaginging corporate shit processes are anything special. In reality it's just a bunch of retards doing task #325235 their boss (who has no knowledge of engineering) put on paper, and never accomplishing anything other than what beuracracy can achieve. You're a fucking retard for claiming capital is required for something that doesn't need investment of any kind other than time to create.
>when ur so /pol/ you manage to call someone a cuck for being an individual
>being this cucked
You're all holding on to your old Thinkpads and PowerPC due to having slightly lower exploits. At some point the industry might kill any use it has. Firefox gets more and more bloated over time, new codec's are more difficult to run real time without lots of complex FP units or a hardware decoder. Heck, even encryption will start to be a burden as filesizes AND stronger encryption standards are neccecairy due to bigger supercomputers. Risk-v and Elbrus are still so far away from consumers and still haven't fixed or improved fundamental security issues that powerPC and Thinkpads are suffering from. Like how FP units almost always exclusively leak enough information for power analysis to work. Then we have projects like selinux and other microkernels failing to reduce complexity in order to be usefull for everything from realtime applications to desktops and servers. Their threat model also doesn't include all manners of operation. Denial of Service is still an issue.
There is no hardware in sight to fix this. There is no software to limit all theoretically preventable computing issues. Software that does, is most likely too complex to give guarantees. We've moved the industry forward based on risk taking without knowing wether a doomsday can happen. Secure CPU's should have stayed with integer operations. floating points are clearly too advanced for our weak brained species still.
What is the Final Solution?