Hacker Newsnew | comments | show | ask | jobs | submit | marcosscriven's comments login

Minor point, there's a problem with the left margin on the main page (at least on an iPad)

Although it is possible to write everything, right up to the view model (but not the view) in something cross platform and performant, keeping the GUI/view using only those languages/frameworks which result in native feel (both in terms of look and performance).

Sure, writing the GUI properly for each platform still requires more work, but far far less if all but the front end is cross platform.

However, it very rarely seems to be done, even with modern additions and improvements in C++.


I like that approach, but there’s no abundance of such cross-platform stacks either. And then you have to convert parts of the model to fit the views, and sometimes you want to use non-view technologies only available on a certain platform (Keychain, …). While it makes sense and the results are very good, it’s still a very non-trivial work, especially compared to a simple native app.

Hence https://en.wikipedia.org/wiki/System_Integrity_Protection

Which is completely pointless. If a hacker wants to hack your system, the very last thing they want to do is destroy your OS. Who cares about the OS, it's just one re-install away and you got it back. If a hacker were to hack into your system they would want your data, your passwords, your bank account details etc. Or they would want to use your system to do illegal things that look like you did it.

It's in the best interest of the hacker that broke into your system that your system continues to work flawlessly for both you and the hacker. This is why Mac OS X "rootless" is just yet another obstacle for the power user, yet another obstacle when compiling and installing POSIX code from source, and yet another step closer to locking down OS X to be an appliance like iOS.


The point of rootless (SIP) is to prevent malware from being able to embed itself into the system such that it's difficult or impossible to remove. And it's also a completely different technology than sandboxing.

Which in of itself is pretty much an impossible goal, and in the meantime, it destroys a litany of use-cases that make computers useful to people.

No it doesn't. It should be vanishingly rare for software not shipped by Apple to be impacted by rootless. The whole point of the feature is to prevent files that should never be modified from being modified. The only software that I can think of that's impacted by rootless is Xcode, which is of course Apple's own app. I can't think of anything else that should be hampered by the inability to modify system files. Can you name any other software that has a problem with this?

And if you really want to disable rootless anyway, you can do so. Boot into the recovery partition and there's an option there to turn off rootless.

I'm also completely baffled by the claim that, just because no security solution is 100% perfect, that we shouldn't even try. That makes no sense at all. Yes, security is hard. But protecting you from 99% of all malware, even if there's the rare case of malware that gets past you, is still extremely useful. Besides, it's awfully cynical to declare that SIP is an impossible goal before you've even looked at it.


Just found one yesterday: https://github.com/binaryage/asepsis/issues/30

But, you can disable SIP so not sure how much it really matters.


Oh geeze. That doesn't even have anything to do with rootless. The issue there is library interposing. Asepsis works by interposing itself into every process that links DesktopServicesPriv.framework and replaces several libc calls.

Good catch on finding something that breaks with SIP, but even if you philosophically disagree with the idea of rootless, you should still agree with the notion that library interposing is a serious security threat and should welcome the changes to block interposing of system processes[1].

[1] From the What's New In El Capitan docs[2], the specific aspect of SIP that applies here is "Code injection and runtime attachments to system binaries are no longer permitted".

[2] https://developer.apple.com/library/prerelease/mac/releaseno...


I don't really know enough to form an opinion one way or the other, I just had recalled seeing it at the time I read your post. I wouldn't have used Asepsis even if I wasn't on El Capitan as I definitely didn't like the sound of how it achieved what it claimed (which you also pointed out).

The only way I can get features that are important to my daily work is to interpose system processes.

So no, I don't welcome "SIP". There are better ways to solve that problem.


There really aren't better ways to solve that on a mass scale at this time. I intend no offense but to be honest I care much more about my system's security vs your need to interpose system processes. SIP is a step in the correct direction for security. Is it perfect or a catch all? No of course not but it's another layer of security that helps the situation overall.

The point of rootless is that doing privilege escalation attacks will be much more difficult

Looks like it's coming to Chrome: https://groups.google.com/a/chromium.org/forum/#!topic/blink...

But agree iOS Safari would be a great addition for this.

-----


Something not mentioned here is the historically low interest rates. The Bank of England base rate is only 0.5%, with mortgages available for only 2.0%.

I think if mortgage rates went back to 6% - 8% a lot of people would be screwed.

-----


Wouldn't the whole economy be screwed if interest rates are back up that much? It seems the low interest rates are the new normal, unless for some reason inflation becomes very high. With commodity prices falling hard due to increase productivity, that threat seems to be quite far now.

-----


With time-dilation, from the point of view of those on board, it's actually possible to travel as far as Andromeda with constant 1g acceleration (decelerating at 1g half way), within a few decades. Of course, time back on earth would have gone by a few million years...

-----


Huh, but if light takes 2.5 million years to get to Andromeda, how does it take us a few decades? You're saying that from the point of view of the photon, it takes much less time?

-----


Yes photons do not experience time, it's all the same instant for them

-----


So a photon can get anywhere it wants instantly to them?

-----


This is a great article (for laypeople, it's not supposed to be too technical) that explains it and makes it easy to understand: http://zidbits.com/2011/04/why-cant-anything-go-faster-than-...

I'll quote the relevant bit, "Imagine for a moment that you are a happy little photon created by a star in another galaxy some 4 billion light years away. From my perspective here on Earth, it took you exactly 4 billion years to travel from that star till you reached my retina. From your perspective, one instant you were created and then the next, you are are bouncing off or being absorbed by my eyeball. You experienced no passage of time. Your birth and death happened instantaneously.

This is because time slows for you as your get closer to light speed, and at it, it completely stops. This is also another reason why nothing can go faster than light. It would be like slowing down a car to a stop, and then trying to go slower than completely stopped."

-----


Not only this, but due to space compression to the photon the star and your eye are also exactly the same place!

-----


It's super interesting that the speed of light is exactly 282,xyz (can't remember) miles per second. What're the chances? I'm just unable to comprehend the idea that a fundamental universal constant could be an exact whole number amount of an arbitrary measurement unit like that. You'd think there'd be a few decimal points or something.

-----


You're misremembering. The speed of light in miles per second is ~186,282.396. The speed of light in meters per second is 299,792,458, but the meter is defined using the speed of light:

https://en.wikipedia.org/wiki/Speed_of_light

-----


From the reference fram of the photon, yes

-----


Yes, that's how relativity works.

-----


Plus, as in Egan's Diaspora, virtual entities can hibernate, or live at far lower clock frequency.

-----


I've not read Diaspora (yet!), but this sounds more like Permutation City

-----


I haven't read Permutation City yet, but virtualization in Diaspora is far more advanced. The default, as I recall, is ~800 times meatspace. I recommend reading Stephenson's Anathem first, however.

Edit: The Planck Dive is a follow-on.[0]

[0] http://gregegan.customer.netspace.net.au/PLANCK/Complete/Pla...

-----


Reminds me of the 'Stone Soup' proverb.

https://en.m.wikipedia.org/wiki/Stone_Soup

-----


I live next to Clapham Common [0], where there are still mounds anti-aircraft guns were mounted on [1].

It's very common to see modern buildings amongst beautiful period homes, in the gaps left by bombs [2].

[0] http://bombsight.org/#15/51.4548/-0.1443

[1] http://www.loveclapham.com/what-are-the-clapham-common-tarma...

[2] https://www.google.co.uk/maps/@51.455268,-0.142137,3a,75y,18...

-----


>What's impressive is the raw math performance of asm.js

I continue to be staggered at how well asm.js performs, and really glad Chrome has taken on optimising for it as well as Firefox.

-----


Running the instancing demo on an iPhone6+ I can get to 150k particles before dropping below 60fps. There's an obvious speed up about three seconds in where I guess the JITter decides to get serious.

So, even though there's no official support for asm.js on mobile safari. It still works surprisingly well!

-----


I lived and worked in Sydney for a year or so, and used iiNet while I was there. They had a mirror of free software, and also zero-rated most iTunes content. With most ISPs there having caps (mine was just 100GB), it was difficult to not see this as a benefit, but overall of course it's far from ideal.

The other problem was just terrible speeds; best I could get in a central district was ADSL2+, with about 16/0.8 mbit d/u, and that's not including the terrible latency issue you had to deal with for a whole host of US and EU based websites and services.

Then again, I'm back in London now with a 150/15 mbit d/u connection for under £30, no caps in sight.

-----

More

Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: