[HN Gopher] Ken Thompson really did launch his "trusting trust" ... ___________________________________________________________________ Ken Thompson really did launch his "trusting trust" trojan attack in real life Author : obi1kenobi Score : 472 points Date : 2022-09-28 14:40 UTC (8 hours ago) (HTM) web link (niconiconi.neocities.org) (TXT) w3m dump (niconiconi.neocities.org) | mosburger wrote: | I know this probably falls into the category of red-baiting | hysteria, but sometimes I've wondered (not seriously, in more of | a spy-vs-spy, campy, tinfoil hat way) if the Kotlin programming | language is a secret plot by the Russian government to embed | backdoors in everything compiled with it. How many people have | done a deep inspection of the compiled product? | | (Insert balloon boy meme of the conspiracy theory guy at his | bulletin board) | | Of course, the Russians would probably be justified in wondering | the same thing about a programming language created in the United | States. | Vizdun wrote: | is the only reason for this wondering the fact Kotlin was made | by czech developers? | kingforaday wrote: | The technical ingenuity is remarkable for the time period but I | love how it still required social engineering to execute: | ) we enticed the "unix support group" ) (precursor to usl) | to pick it up ) from us by advertising some ) non- | backward compatible feature." | nwsm wrote: | > Keywords: horse, mouth | | These message keywords cracked me up. | [deleted] | lisper wrote: | To me, the historical reconstruction aspect of this is at least | as interesting as the attack. One of my more obscure hobbies is | studying the history of ancient texts, and it is fascinating to | watch the process of losing primary historical sources play out | in front of my eyes: | | > However, in 1995, Usenet poster Jay Ashworth, citing personal | communications with Ken Thompson, provided strong evidence of the | existence of a real-world experiment of this attack. | Unfortunately, the full Usenet message is missing on the web. | There are only quoted snippets of this Usenet post circulated | around various blogs, reducing its authenticity. | | > In 2021, I've rediscovered the full Usenet message after a | search effort in multiple Usenet archives. My success was partial | - it was still a repost by someone else, and I was unable to find | the original message. However, this repost contains the full | Usenet message, including complete headers and message body, with | the poster name and its Message-ID, establishing the authenticity | of the post beyond reasonable doubts. | tambourine_man wrote: | I think about this a lot as well. The folks at | https://archive.org are the unsung heroes of our time. | joshmarlow wrote: | I think about this a lot in humor contexts. Many jokes rely on | passing cultural contexts that isn't documented and isn't made | explicit. | | Example: In my experience "The chad was good" and various jokes | around "hanging chads" and "pregnant chads" still sometimes | land with people who remember the 2000 election and Charlie's | Angles, but anyone a little younger misses it. | | Now I'm curious how many jokes in an episode of "John Oliver" | or Southpark land even a year or two after the episode airs. | autoexec wrote: | A lot of the jokes in last week tonight don't exactly land | when they originally air either, but that has more to do with | the writers than available context. | | I run into this problem not just when watching old shows, but | also when watching contemporary TV developed in other | countries. Usually it's references to proper nouns I've never | heard of, and I do often look those up, but even once you | know what or who something was sometimes you'd have to be | willing to go deep into various rabbit holes to really | understand it. | WaitWaitWha wrote: | > studying the history of ancient texts, and it is fascinating | to watch the process of losing primary historical sources play | out in front of my eyes | | I just want to further call attention to this. We have the | unspoken notion, an assumption that digital materials, once | 'written' will remain forever. | | And, for a short-term 'forever' this is true. Not so for longer | 'forever', as the loss of the original Usenet post, despite | replicated across many systems, demonstrates. | smartmic wrote: | Indeed, software archeology already is and will become a very | exciting discipline. And the stakes are quite high, at least | for science. Here is a great example of how NASA almost lost | precious data from Viking missions back in the 1970s (the | article is from 1990, so history in history format): | | https://web.archive.org/web/20220121041452/https://www.nytim. | .. | trap_goes_hot wrote: | This replication that was possible earlier, will also not | happen in the future thanks to closed proprietary systems. | YouTube is wonderful library of knowledge that we are legally | prevented from making a copy of. | | There needs to be bottom-up and top-down pressure for open | data standards and also a re-thinking of digital ownership | rather than digital licensing. We think people don't care, | but the engineers who build these systems are a tiny | minority, we only need to convince them to refuse to build | walled gardens. | selfhoster11 wrote: | Nobody needs legal permission to grab all the YouTube | content they want to keep. Just dedication, youtube-dlp, | and a ginormous RAID array full of empty drives. This is | surprisingly affordable as a hobby. | registeredcorn wrote: | Note: I would encourage switching over from youtube-dlp | to yt-dlp (https://github.com/yt-dlp/yt-dlp) | | As I understand it, yt-dlp is considerably faster. | eastof wrote: | Just curious, why either of these over vanilla youtube- | dl? Wondering if I should update my playlist downloader | script | selfhoster11 wrote: | It's far easier to grab an "archival" grade copy of a | YouTube video (includes thumbnail, subtitles, metadata, | etc) and ask the program to embed all the data within the | video file itself. It can even remux all videos into a | selected container format, which is really nice. | selfhoster11 wrote: | My bad, I meant yt-dlp | autoexec wrote: | Are you aware of a single person anywhere who has | mirrored the entirety of youtube? There is obvious value | in having a mirror like that, so why hasn't it been done? | | Downloading a handful of videos you personally care about | is surprisingly affordable as a hobby. Mirroring and | archiving the entirety of youtube is not. | | Personally, although I couldn't say it was a hobby, I | don't watch youtube on youtube anymore. Every youtube | video I watch is downloaded first and viewed locally. I | can't recommend it enough. Zero youtube comments, zero | recommendations, VLC is a far better video player, Google | has no idea how many times I've watched a video (or parts | of it) or how I felt about it, and I never have to worry | about videos I find valuable being removed. As long as I | keep backing them up, I'll have them for as long as I | care to. | dotancohen wrote: | > VLC is a far better video player | | Not for my use case, but maybe someone here has a | solution. I watch lectures and lessons, as I watch I will | change the playback speed constantly. I use a Firefox | add-on for keyboard control of the YouTube video stream | speed. | | VLC also has keyboard control of the playback speed. | However, when changing the speed VLC will skip a split | second of audio. This drawback negates all the benefits | of playing faster over the non-essential parts, because | when we get to an essential part I'll lose some if it. | This is on Kubuntu, across many versions over the years. | autoexec wrote: | I haven't run into that myself, but I think I'd just hit | shift+left arrow (or just left arrow depending on what | you've got the jump set to) before hitting + to speed the | video back up. I'll take a minor inconvenience like | pressing an extra key for all the other features I get. | | You can probably also create a single macro to do both | actions with a single keypress although not with VLC | alone which is fair enough since you're using an addon | for the functionality you can't get with youtube's player | already. | MacsHeadroom wrote: | MPV is the gold standard video player on Linux. { and } | halve and double playback speed, respectively. | selfhoster11 wrote: | I don't think that there is any value in grabbing all of | YouTube, and neither did I suggest doing that. I meant | content that specifically interests you, or is likely to | interest you (or is otherwise valuable as a historical | record). "All videos" means including videos that have | next to zero views, sensational clickbait, Elsagate/baby | content, and a whole host of other unpleasant things. | Most YT archives/hoarders are selective for that reason | (and because space, while cheap, is not infinite). | | I quite enjoy using NewPipe on Android. Once you build up | a list of subscriptions, it's by far the most peaceful | way to consume YouTube on a smartphone. | bayindirh wrote: | r/datahoarders will kindly and rightly disagree with you | on that regard. | | For an enthusiast, a 720TB array is pretty reachable. A | dedicated enthusiast can get a 1PB flash array in 2U. | TremendousJudge wrote: | I don't think anybody on /r/datahoarders believes it's | possible for a private individual to archive the entirety | of Youtube. More than 200,000 hours of video are uploaded | every day. Generously assuming something like 1 GB/hour | for 1080p, that's 200TB per day that you have to add. No | home array can handle that. | bee_rider wrote: | This is a weird hackernews phenomenon where two sides of | a discussion present the technical aspect of the thing | they want to do, and are correct in their description of | the technical aspects, without addressing the fact that | they are talking about accomplishing totally unrelated | objectives. | | It is probably possible to horde more Youtube videos than | you could ever watch, probably including most of the ones | that you might ever be interested in. And it is almost | certainly impossible for any individual to capture every | video which goes through Youtube. | | Neither of these seem to address the issue of whether | there exist videos which will retrospectively have | archival value which are not captured. | MikePlacid wrote: | > probably including most of the ones that you might ever | be interested in. | | That's a really interesting question: how to determine | videos that I might ever be interested in. | | > whether there exist videos which will retrospectively | have archival value which are not captured. | | And that's not really a question: there definitely exist | videos that have a certain historical value which were | deleted from YouTube, and most of them before I archived | them cause I am lazy. | | I would gladly pay for a personal archive.org - a | solution that automatically archives each page I visited | and video I watched. I guess the required storage amount | will be pretty affordable. | bee_rider wrote: | > > whether there exist videos which will retrospectively | have archival value which are not captured. | | > And that's not really a question: there definitely | exist videos that have a certain historical value which | were deleted from YouTube, and most of them before I | archived them cause I am lazy. | | Sure, but you aren't the only one backing up YouTube | videos. It seems at least plausible that the aggregate | storage capacity of the entire data horder community and | their propensity for backing up whatever they come across | could result in a situation where if something is | interesting, _somebody_ ends up capturing it, right? | selfhoster11 wrote: | There are some communities with a collaborative video | index of who has what backed up. | autoexec wrote: | > Neither of these seem to address the issue of whether | there exist videos which will retrospectively have | archival value which are not captured. | | Unless the entirety of youtube can be archived it's safe | to assume that there will be something of value which | isn't being preserved. It's an unsolved problem and not | one Google wants to see solved. | orangepurple wrote: | Don't worry, only a very small subset is worth keeping | jasonladuke0311 wrote: | That's what you think now. | WalterBright wrote: | So true. I look at photos I've taken in the past, and | discovered that I took pictures of all the wrong things. | autoexec wrote: | Even now, the most garbage youtube video out there is | still probably useful as training data for some AI (maybe | even to generate horrible youtube videos) | saagarjha wrote: | The size of YouTube is likely measured in exabytes. I | think it would be hard for any entity that was not | organized and well-funded to mirror all of it, let alone | make it available in a reasonable fashion. | munificent wrote: | According to this article [1], 500 hours of video are | uploaded to YouTube every minute. Depending on the video | size and framerate, YouTube recommends up to 240 Mbps for | 8k@60FPS [2]. Of course most video isn't that high res. | Let's take a conservative guess that it averages | somewhere between 2K and 4K and pick a middle bitrate of | 24 Mbps. That's: 24 Mbps / 8 bit/byte | * 60 seconds/minute * 60 minute/hour = 10800 | megabytes per hour of footage = 10.8 gigabytes | per hour of footage | | At 500 hours of footage per minute, that means 5.4 | terabytes are uploaded every minute. Your 720 TB array | would be completely full a little over two hours' worth | of content that is uploaded to YouTube every single day, | day after day. | | At the current upload rate, 2,838.24 petabytes are | uploaded every year. | | I don't think you'll see hobbyist archives of YouTube any | time soon. | | [1]: https://www.tubefilter.com/2019/05/07/number-hours- | video-upl... | | [2]: https://support.google.com/youtube/answer/1722171?hl | =en#zipp... | zacmps wrote: | For archival 24Mbps is an insane bitrate, you could get | away with 1/3th to 1/6th of that. | | You're also going to limit to public videos (unlisted and | private will make up some share of those uploads) and | probably to those with non-zero views. | | I suspect archiving only videos with >100 views would | probably cut the amount you archive to 1/10th. | simongr3dal wrote: | 1080p webm is around 450kbps and audio is 65kbps, so the | estimate is of by 50x for the purposes of a hobbyist | archive. | selfhoster11 wrote: | YouTube offers a number of codecs and nitrates. IIRC Opus | goes up to 160kbps and m4a goes up to 128kbps, with lower | bitrates also available. I imagine video is similar. | yig wrote: | I wonder how much of the uploaded content is public | versus private or unlisted. | chiph wrote: | Some back-of-the-envelope math shows that YouTube would | have to populate and rack a minimum of four 4U storage | chassis (60 20TB drives each) per 8 hour shift to store | that much. Roughly a little less than half a 42U rack. | And that's before allowing for HDD drive parity, | redundancy, and distribution across the globe. | MacsHeadroom wrote: | I have 4PB, but my understanding is that I would fill | that mirroring a single day of YouTube at reduced | quality. The Internet Archive could surely handle | mirroring older YouTube content with a large grant. But | the upload rate plus video quality in recent years is | definitely cost prohibitive to replicate. | [deleted] | routerl wrote: | The data archaeologists of the future are, right now, acquiring | and developing what will become the skills of their profession. | | Very cool to watch, indeed. | jll29 wrote: | It will be hard for future (>700 years away from now) | historians to discover a lot about what we thought today: | writing personal and professional letters (e.g. "letters to | the editor" in learned journals, letters to an uncle living | in a different city) and diaries is happening less and less | compared to the last 200-300 years. | | Perhaps we should go ahead and have a few hundred thousand | emails printed with a special lasting ink on velum to pass it | on to our successors ("Codex Electronicus"). On reflection, | my own inbox is perhaps rather too nerdy - it would introduce | a strong selection bias to posterity's view about us. | tyingq wrote: | Funny coincidence, Ken Thompson mentions this problem in his | personal reprint of "Trusting Trust" on one of his old web | pages.[1] | | _" I copied this page from the ACM, in fear that it would | someday turn stale."_ | | [1] https://web.archive.org/web/20080111144410/http://cm.bell- | la... | bcbrown wrote: | Funny too, that you're posting an archive of that site, not | the site itself. | DebtDeflation wrote: | I'm finding myself using archive.org (and also archive.is, | but for different reasons) almost as much as Google for | finding stuff these days. | dolmen wrote: | But can we trust this post? | | How can we be sure that Ken (working for Google) didn't infect | the toolchain used for Chrome to propagate that legend? | mseepgood wrote: | I think he wrote the original Go compiler. | biomcgary wrote: | The Go compiler used to be written in C, but transitioned to | being written in Go around version 1.4 (IIRC). I believe that | the Go compiler toolchain is rooted on that version (i.e., | you can eventually compile the current Go compiler if you | start with the compiler binary produced using Go 1.4). I | don't remember the reference describing the situation in | detail. | intelVISA wrote: | 30mb hello world binary that dials 8.8.8.8 suddenly makes | sense now.. | anthk wrote: | And AWK, and C. And Unix. | selectnull wrote: | That's easy: try it with Firefox. | wyldfire wrote: | Pretty sure Firefox uses Chrome as its toolchain these days. | Nice try son, but it's turtles all the way down. | | EDIT: just kidding - no "chrome-headless-c++ -c firefox.o | firefox.cpp" (yet). | guhidalg wrote: | I did check this to make sure I was still living in a sane | universe, Firefox doesn't use Blink | https://en.wikipedia.org/wiki/Comparison_of_browser_engines | tristor wrote: | > Pretty sure Firefox uses Chrome as its toolchain these | days. | | It does not. | | There is no shared code between Firefox and Chrome. They | use completely different rendering engines with independent | histories (Chrome uses Blink originated from WebKit | originated from KHTML, Firefox uses Gecko originated from | Netscape originated from Mosaic). | | The only shared component is that Firefox utilizes public | APIs for Google SafeBrowsing. | | Disclaimer: ex-Mozillian | wyldfire wrote: | Oh sorry. Chrome is not a toolchain in mostly any sense. | Except for its extraordinary flexibility as browsers are | in general able to execute code. So I thought it was | obviously a joke that one would use a browser to compiler | another browser. | | The "on trusting trust" attack regards using your | compiler as a mechanism to infect compiled executables -- | including compilers themselves, and their generated code. | | I didn't mean to suggest that the two browsers shared any | code. | mintplant wrote: | There is actually some code sharing these days, mainly | libraries. Mojo for IPC is the one I remember off the top | of my head. I think also WebRTC stuff? | tristor wrote: | Yes, in the strictest sense both browsers may rely on | public open source libraries, which means they have some | shared code, but they do not share any code directly with | each other (e.g. Chrome is not a dependency of Firefox, | Firefox is not a dependency of Chrome). I see this as not | equating to "code sharing" because they both happen to | use a library. Ironically for other apps that'd usually | be something like OpenSSL, but in the case of Firefox and | Chrome they actually have entirely separate TLS codebases | as well (NSS for Firefox and BoringSSL for Chrome). | | For some of these shared open source libraries, either | Mozilla or Google is the primary contributor/maintainer, | and both organizations usually make contributions. This | is true across many things, even libraries in the open | source space that are not involved in the browsers | themselves but may be in the toolchain (Mozilla has | produced robust open source CI/CD tooling, bug trackers, | etc over its history). | [deleted] | fomine3 wrote: | Similarly ANGLE is made by Google (perhaps Chrome team) | and now also used by Firefox | ZeWaka wrote: | What, no? Firefox isn't based on Chromium at all. | 323 wrote: | I'm not sure why you are being downvoted, because you are | technically correct - a lot of Firefox developers use VS | Code, which is based on Chrome and it is part of the | toolchain. | | ELI5: are you really sure that when you work on Firefox | source code from VS Code, that what ends up in the saved | file and what gets committed to Git is what you actually | see on screen? | wyldfire wrote: | I think I was just a bit too subtle with my joke. | | VSCode doesn't seem like a "on trusting trust" attack | vector since we can easily observe the git outputs of the | C/C++ source and these parts often reviewed by peers. | Unlike object code -- we can always take a look at the | disassembly but in practice it's not scrutinized. | | It's probably frustrating to those who work on Firefox to | suggest that it somehow depends on Chrome. I get that. | But it wasn't where I was going. | | There is some kinda-out-there reality though -- with | something like WASM or v8 you can theoretically run real | toolchains like gcc and clang "in the browser". ;) | 323 wrote: | There are 100% VS Code workflows - you edit in VS Code, | commit from VS Code, and do code reviews from VS Code and | review GitHub issues from VS Code. | | > _frustrating to those who work on Firefox to suggest | that it somehow depends on Chrome._ | | Maybe those developers should not look too closely at who | ultimately pays their salaries :) | no_identd wrote: | You'll wanna check out https://bootstrappable.org/ for making | sure | | Then again, perhaps he also infected all those fancy PCB & IC | supply toolchains... | noobermin wrote: | Trusting trust is so old that this probably has been discussed | before, but isn't it possible to "break it" by either disassembly | or just looking at the elf with a hex editor? I know you can | theoretically hack the disassembler too if you'd like, but after | some point it becomes onerous. | Veserv wrote: | Indeed. This is actually required practice in certain standards | such as DO-178 Level A certifications, though that is intended | to prevent compiler bugs that result in miscompilation rather | than malicious miscompilation, but the problem is solved in any | event. | vikingerik wrote: | Yes. What really happens is that the trojan self-propagates in | the compiler binary, copied from each iteration as it compiles | the next one, always within the binary without existing in the | source. And so it could be revealed by examining that binary. | | ... if, of course, you also knew you could trust your examining | tools, including the firmware and hardware. You can't provably | do that unless you assembled the entire thing from transistor | gates (and even then, you're still accepting somebody else's | assertions about electron behavior in that material.) So at | some point you have to just decide that there's some level of | operations that you do trust. | enriquto wrote: | There is this 2009 PhD thesis, and associated articles, where | they explain how to "counter" trusting trust by using a set of | independent compilers (even assuming that each compiler may be | infected): | | https://dwheeler.com/trusting-trust/ | | This is an automatic process: you compile each compiler with | the others a few times and compare the outputs. At the end it | gives a criterion to decide which compilers contain trojan | horses. | selfhoster11 wrote: | I always had issues with this particular counter, because it | assumes that you cannot create a sufficiently good back door- | creating AI/heuristic machine that can also fit in the unused | spaces in our systems and binaries without being noticed. | That's a big 'if', looking ahead into the deep future | especially that our knowledge of autonomous agents and | storage keeps growing. | dwheeler wrote: | > I always had issues with this particular counter, because | it assumes that you cannot create a sufficiently good back | door-creating AI/heuristic machine that can also fit in the | unused spaces in our systems and binaries without being | noticed. That's a big 'if', looking ahead into the deep | future especially that our knowledge of autonomous agents | and storage keeps growing. | | I'm the author of the DDC dissertation at | https://dwheeler.com/trusting-trust/ | | If I understand you correctly, that doesn't counter DDC, as | long as the system being generated is being covered by DDC. | | If you're worrying about inserting code into "unused | spaces" in the file that people typically call the | "compiler", the solution is to check the compiler with DDC | - that guarantees (given certain assumptions) that all of | the executable can be explained by the source code. The | source code could have malicious code, but developers know | how to review source code. | | If you're worrying about inserting code into "unused | spaces" in other files of the larger system, the paper | explains how to counter that too. Basically, treat the | entire system as the "compiler" & regenerate it. More work, | but now you've squeezed that out. | | There's even a counter-example in the DDC paper. The tcc | compiler had a subtle bug where 2 bytes were "free" (not | controlled by the compilation process). That's because it | was storing a 10-byte floating point value into a 12-byte | memory area, leaving 2 bytes uncontrolled. DDC immediately | detected a problem. DDC can detect 1 _bit_ of difference. | There 's no "uncontrolled free space" for whatever is being | verified by the DDC process. | | Unlike most computer stuff, there's a mathematical proof in | the DDC paper. _If_ the assumptions hold, the conclusions | _necessarily_ follow. Attackers must take steps to | invalidate at least one of the assumptions for the | conclusion to fail. Of course, nothing is perfect - if an | attacker subverts an assumption, then the defender can 't | rely on the conclusion. But the defender can take steps to | make the assumptions true. | Sebb767 wrote: | > but after some point it becomes onerous. | | That's exactly the point - a sufficiently deep supply chain | attack can avoid detection just because no one bothers to look | that deep. | naniwaduni wrote: | On the other hand, it is generally considered pretty hard to | predict arbitrary changes in the future. | golemotron wrote: | Funny how the article says Ken Thompson popularized the attack. | There's good reason to say he invented it. | ProjectMoonShot wrote: | Karger and Schell in 1974 conceptualised the idea of trap doors | built into compilers in their Multics Security Review. | | Although Ken Thompson is responsible for popularising the idea | through his Turing award speech in 1984. | | Edit: Ken Thompson mentions the paper in the acknowledgements | of his Turing award speech. | | """ Acknowledgment. I first read of the possibility of such a | Trojan horse in an Air Force critique [4] of the security of an | early implementation of Multics. I cannot find a more specific | reference to this document. I would appreciate it if anyone who | can supply this reference would let me know. """ | Thoreandan wrote: | Thanks for the reference! Found the 1974 paper https://web.ar | chive.org/web/20030410020522/https://www.acsac... and the | "Thirty Years Later: Lessons from the Multics Security | Evaluation" followup https://web.archive.org/web/200304100950 | 57/https://www.acsac... | | Always neat to have lost sources show up eventually. | Librarians rule. | golemotron wrote: | Thanks. | GuB-42 wrote: | The attack was successfully performed in the wild by the virus | "Win32/Induc.A" | | The virus looks for a Delphi installation, modifies the | SysConst.pas file, which is the source code of a part of the | standard library and compiles it. After that, every program | compiled by that Delphi installation will contain the virus. | | The virus does nothing else, it is therefore harmless if you | don't have Delphi installed. | | It resulted in many software vendors releasing infected | executables without realizing it, sometimes claiming false | positives. After all, the executable was not tampered with, the | compiler was. | Joker_vD wrote: | I personally was infected by it when I was studying at | university! It came in when QIP updated... and I did have | Delphi 5.0 installed at that time. | | Quick googling tells me this happened in August, 2009... which | was 13 years ago. Quomodo fugit tempus! | segfaultbuserr wrote: | In 2015, a malicious copy of Xcode, _XcodeGhost_ , also | performed a similar attack and infected iOS apps from a dozen | of software companies in China. Globally, 4000 apps were found | to be affected. It was not a true Thompson Trojan, as it | doesn't infect development tools themselves, but it did show | toolchain poisoning can indeed cause substantial damages. | | https://en.wikipedia.org/wiki/XcodeGhost | cduzz wrote: | Ah, but was a version of Xcode compiled with this version, | and did that child version of Xcode _also_ have the trojan | code? | segfaultbuserr wrote: | Very unlikely, and I don't know any Xcode that runs on iOS | on mobile devices, so I said it was not a true Thompson | Trojan. | Nextgrid wrote: | Does it actually do anything else, beyond just replicating | itself? | [deleted] | aliqot wrote: | Off-topic but, I'm noticing a lot of anime waifu and furry-type | illustrations on tech blogs lately on HN. | | Can someone cooler/younger tell me: Is this the hand-off to the | new generation, or is there a meta-meme I missed? | jrussino wrote: | Not sure about the trend in general, but this particular image | (Anime girl holding a programming book) made me think it was a | reference to these manga guides on various | math/science/engineering topics: | https://en.wikipedia.org/wiki/The_Manga_Guides | dawnbreez wrote: | It's really funny hearing someone ask if this is the hand-off | to the new generation, when the fact is that furries were | working on the internet well before anybody else cared. | Furcadia came out in 1996! | | [edit] Oh, right, I should explain what Furcadia is. It's | apparently based on Multi-User Dungeon type technology, but has | a graphical frontend and was driven by user-generated content. | Essentially, it was Habbo Hotel for furries, four years before | Habbo Hotel even existed. | Izkata wrote: | Supposedly a furry who called himself Ogg worked on ARPANET. | noobermin wrote: | In the spirit of upsetting things about this article, the | "retrocomputing" tag is probably the worst part. | LanternLight83 wrote: | I get totally different vibes from the chat-esque furry | avatars, which I see as both an extension of the increasing | fluidity of identity on the internet/AFK/remotely and a push | for representation and "positive shamelessness" (am I just | trying to say "self-acceptence"?). Waifus still come across | more ironically, clearly memes in casual settings, and without | those aspects of identity and representation. Stuff like | VRChat/Vtubers blurs that line and brings identity fluidity | back into the picture, but that doesn't feel like what's | happening here, nor does it's appearance on literally every | page carry the tone of irony needed to combat cringe, but... I | kinda like it, and kinda wish it was just totally cool to have | a waifu on my site too without having to lean into irony or | identity to "justify" it against this cringe instinct. Maybe | that instinct comes from a specific subculture on a younger | internet which, although still present, need not color the | spread of these aesthetics forever. Like rage memes, which come | from eg. SA/4c but have been widely adopted to the point of | belonging more to "the internet" than specifically to their | roots. | | ...I think I like it | paulmd wrote: | > "positive shamelessness" (am I just trying to say "self- | acceptence"?). | | > I kinda like it, and kinda wish it was just totally cool to | have a waifu on my site too without having to lean into irony | or identity to "justify" it against this cringe instinct. | | it's only once you accept that you are cringe, that you are | are free to become truly based. | | "anime is trash... and so am I" | klik99 wrote: | "and thats ok"???? | Shared404 wrote: | "My brain is trash and I live on the internet" | klik99 wrote: | The nature of communication on the internet makes for some | very weird signifiers - I remember getting into fountain pens | and finding out that a pretty undesirable group was into them | as well and it was on the cusp of being a signifier for | politics I don't agree with. Luckily it never got to that | threshold, but basically something can become a signifier for | something else just by virtue of volume - Pepe is probably | the best, clearest cut example, with different groups | literally mass posting pepes as much as possible in a battle | to "own" that signifier. | | I was originally going to say "Hey, just do you" but then I | totally get that feeling of "I'm into X just because I like | it but for some stupid reason X signifies Y which I really | don't care for" and it sucks. | ByThyGrace wrote: | Would you expand a bit on the fountain pens as a symbol of | subculture/political stance? An otherwise well-adjusted | friend of mine has been into fountain pens for a while and | I would like to know more. | daptaq wrote: | I find that there is something inherently suspicious in | having a parallel online identity. I respect anonymity, but | for some reason people constructing a parallel world and | personality online always irritates me. | 2OEH8eoCRo0 wrote: | My first thought is always: Who are you and why do you | obscure your identity? What are you hiding? | | Yet here I am with a random username. I do also have a | public professional website though. | daptaq wrote: | I think the difference is that I usually don't notice | usernames, unless I want to check if the same person | wrote two comments. In this sense, they are just opaque | identifiers, or a trivial identity that doesn't express | anything in itself. An online identity is something more, | because it usually comes with a personality, an image, a | history. To me it isn't even that something is being | hidden, rather that a lesser version of oneself (merely | virtual) is being overvalued. This argument could be | extended to people who might base their online | Instagram/TikTok/etc. persona on that of their real life, | but glorify it beyond recognition, while at the same time | reducing its being to digital communication. | formerly_proven wrote: | https://www.youtube.com/watch?v=5v_Dl7i4Bcw | Morgawr wrote: | It's been a thing for quite a while now, probably a good 10-15 | years already. I don't think it's a new generation thing. | dqpb wrote: | coldpie wrote: | Choose your nerd-generation document aesthetic: | Too old for this shxt: 80-col formatted plaintext | Greybeards: LaTeX-generated PostScript Modern | professionals: HTML doc with default browser stylesheet | Kids These Days: Anime girl sidebar | dustfinger wrote: | > Too old for this shxt: 80-col formatted plaintext | | Definitely my preference, but too old? They will have to pry | my keyboard from my dead hands. | hdjjhhvvhga wrote: | > Modern professionals: HTML doc with default browser | stylesheet | | I don't think so. This was the default GNU style in the 90s, | but even they started using CSS at some point. | eequah9L wrote: | Because the "kids these days" took over :) | staticassertion wrote: | Pretty sure one of the main tex editors is in fact a furry | munk-a wrote: | It must be specified that the LaTeX-generated PostScript | _MUST_ use the default LaTeX styling - no adjustment to font | size or face allowed. | hwbehrens wrote: | The readability of CMU Serif for high-density text cannot | be denied. | Taylor_OD wrote: | > Modern professionals: HTML doc with default browser | stylesheet | | damn. Got me. | tait wrote: | TIL: I'm old. | ninefathom wrote: | Yep... I too was hoping that something besides the first | option would fit. | | Did not happen. | aliqot wrote: | cuts deep :( Serif fonts did nothing wrong. Black and white | text is timeless. | an1sotropy wrote: | and blue and purple hyperlinks are the best | EGreg wrote: | I prefer my resume in Comic Sans ( _ducks_ ) | | Because I'm tacky... | | https://m.youtube.com/watch?v=zq7Eki5EZ8o | praptak wrote: | People, who always wear jeans and a loose t-shirt: Markdown | on Github. | dclowd9901 wrote: | I feel attacked | B1FF_PSUVM wrote: | By the random comma after the first word. Must be the | "acte gratuit". | b0afc375b5 wrote: | Huh, I always wear jeans and a loose t-shirt, but prefer | org-mode instead. | SamPatt wrote: | Hey now ... don't forget the hoodie | saint_fiasco wrote: | The relevant meta-meme is the "programming sock". A humorous | screenshot of an Amazon recommendation that said one of those | knee-high socks with pink stripes was often bought together | with a nerdy book like "The C Programming Language". People | started referring to those kinds of socks ironically as | "programming socks". | | I don't know if the screenshot was doctored, or if the Amazon | recommendation engine found a real cluster of customers who are | interested in both programming books and programming socks. In | any case, I suppose it doesn't really matter because when | people spread funny memes ironically it's only a matter of time | before people join in sincerely without the irony. | | In short the answer to your question is "both". | Quikinterp wrote: | Perhaps it's a self-fulfilling meme at this point, but | searching "programming socks" on Amazon right now still only | recommends socks like that. Definitely not doctored | hu3 wrote: | Thanks for clarifying it! Here's a NSFW link about the meme: | | https://knowyourmeme.com/memes/programming-socks (NSFW) | daptaq wrote: | I don't think so, "programming socks" is a LGBT-adjacent meme | to my knowledge, while this is related to | https://github.com/cat-milk/Anime-Girls-Holding- | Programming-... and image board culture. | saint_fiasco wrote: | That repo and the programming sock screenshot are both from | 2017. They might have a common ancestor, or refer to the | same subculture. | | Notice that an anime girl holding a programming book is in | itself a (mild) subversion of gender roles. The | stereotypical programmer is male, and the stereotypical | programmer is not cute. | daptaq wrote: | > Notice that an anime girl holding a programming book is | in itself a (mild) subversion of gender roles. The | stereotypical programmer is male, and the stereotypical | programmer is not cute. | | I don't think that is going on here, you have to consider | that the anime girl is holding the book towards the | viewer, my guess is that the implication is supposed to | be "Will you explain it to me". | Morgawr wrote: | > that the implication is supposed to be "Will you | explain it to me". | | This is not correct. It's hard to explain if you've never | seen them in context but rather than "will you explain it | to me" they are actually saying "won't you read this?" or | "will you learn this language for me?" kinda note. They | used to be commonly posted as OP image in programming | threads on /g/ with lines like "have you read sicp today | /g/?" or similar. There's also another very common | variation of this meme for gamedev communities on 4chan | with the girl from the anime New Game (see this[0] clip, | I couldn't find the meme itself) with a similar vibe. | | [0] https://www.youtube.com/watch?v=oyZDulr8msg | daptaq wrote: | I have seen it, but I think that "won't you read this?" | or "will you learn this language for me?" is just a front | for "explain this to me", especially when considering the | body language. | Morgawr wrote: | > is just a front for "explain this to me", especially | when considering the body language. | | ? Why? There's nothing that indicates this, the history | behind these images shows the clear opposite. This to me | sounds more like your (unconscious?) biases are showing | more than it actually being a thing. Trust me, it's not | really how this meme works. If you actually look at most | images in that repo the girls are either reading the | book, explaining the book, or clearly pushing it (often | aggressively) towards the viewer to make them read it. | | EDIT: Are you familiar with Serial Experiments Lain? I | think that was one of the first ones to pop up with | these. | daptaq wrote: | I browsed /g/ as a teen, watched lain and everything, but | have since decided to consciously distance myself from | this culture, to a certain degree because there is a sort | of implicit "sexism" (in some broader sense) that I don't | feel comfortable with anymore. The longer I stay away, | the more obvious things like the way they draw faces and | bodies, the often infantilizing postures combined with a | kind of sexualization is. Keep in mind that drawn images | can easily exaggerate human features that are not healthy | or even anatomically possible, but that still serve | symbolically as sexual indicators. This has become worse | and worse over time, because fan service is good | advertisement for publishing houses. Take a look at | https://en.wikipedia.org/wiki/List_of_slice_of_life_anime | and compare how the style has changed since the late 90's | up until today. I think it is a lot more homogeneous and | the appearance is more formulaic. Part of this might be | that computer animation is more common place, but the | other one is that a sense of beauty has been reduced to a | mathematical problem of relating various proportions. It | is also because I was part of this culture, that I know | there is an explicit and intentional sexual aspect to all | of this. | | Reflecting upon my own impressions and how these changed, | I am more conscious of these points and find it hard to | ignore them. Assuming that I am not totally mistaken, | which of course might be the case, knowing that others | don't see these things pains me. More so when someone | like the author of the link publically stands by it. | | But you are right though that not every image is like | this. | Morgawr wrote: | > That repo and the programming sock screenshot are both | from 2017. | | (I'm kinda repeating myself in this thread a bit, sorry | but...) I can guarantee you that the anime girls holding | programming books has been a thing for at least a decade, | so the 2017 creation of that repository doesn't really | mean much. Not sure about the programming sock meme but I | think it's a bit more recent. However I do think it | generates from certain "battlestation threads" on /g/ | where people used to post photos of themselves sitting at | their PC with those knee-high socks on and the meme kinda | spread from there. Way before that screenshot itself. | saint_fiasco wrote: | Thank you. I suspected a common ancestor, but I didn't | know what it was. | | Makes perfect sense that a meme combining anime and | programming would come from 4chan's technology board. | | I suppose what made the meme interesting enough to spread | is the subversion of the traditional hacker aesthetic. | Having a beard voluminous enough to carry The C | Programming Language inside everywhere you went was a | sign of great experience and wisdom. As a bonus, it also | horrified "the suits", who were hackers' natural | outgroup. | | In the 21st century you just can't annoy the suits the | same way because even large corporations don't demand | people wear literal suits anymore. Baffling the HN crowd | is what passes for iconoclasm these days. | edgyquant wrote: | Nah the screenshot started it. Someone posted a similar | one to /g and the responses said that it was an esoteric | secret that womens socks and underwear made you a better | programmer. | | Memes ensued | Aaronstotle wrote: | I'd say its a shamelessness type thing rather than a new | generation thing. People can like what they like, however it | definitely reduces the message when its plastered on a blog | filled with risque anime girls or furry art. | Morgawr wrote: | > risque anime girls | | What's risque in OP's picture? | Aaronstotle wrote: | I wasn't referring to the OP, however I've seen other blogs | that have it and I feel that it takes away from the actual | content. | fxtentacle wrote: | 20 years ago, programming skills and access to Anime in Europe | were highly correlated. | | Back then, me and friends spent an insane amount of time on | reverse engineering a Japanese file sharing app so that we | could build our own server version (like Deluge nowadays) and | then we built our own IRC server and our own XDCC download bots | so that we could get Anime raws onto a university server and | then recode them to make download over ISDN (64kb/s) feasible. | | Also, a lot of the Animes featured socially awkward nerd guys | who by accident stumbled into their own harem... | | With that context, posters of Anime girls together with nerd | stuff sold extremely well at Connichi (a big Anime convention | in Germany). A friend of mine (who's now CTO of a C++ dev shop) | even bought a wax printer so that we could make really high | quality A3 posters. | | So I guess it's an in-joke for Europeans born in the 80s. | secondcoming wrote: | staticassertion wrote: | The furries have always been here, younger generations are just | more accepting of it and so you get more people willing to | openly identify | collegeburner wrote: | even for us youngsters thats still considered pretty weird and | nobody normal is involved with it. unfortunately, it seems like | it has a tendency to pollute technical circles since when i run | across it it's usually there. | Taylor_OD wrote: | I mean I know two pretty normal programmer current/past | coworkers who use anima girls as their main avatar at work. | Is it weird? Kind of. Are they otherwise pretty normal | people? Yeah. | | I'm friends with the both on steam and they are both very | very very into gaming (like 4-5 hours a day at least) so I | always thought it was related to that somehow. | daptaq wrote: | It is the classical phenomenon of when most people of a | distant group are normal, but a minority is peculiar, that | you don't notice the normal ones because they are | overshadowed by the minority. E.g. when in school, I always | remember not wanting to get into trouble with older | generations, but then wondering why the younger ones did so | when I was older. It is probably the number of trouble-makers | didn't change, just that while I was younger I didn't blend | out all the normal ones who were my age, which I did when I | was older. | [deleted] | junon wrote: | The former. | aliqot wrote: | Thanks, take care. | some_furry wrote: | I mean, sorta. | | I'm in my mid 30's. I started blogging about cryptography | and security under my furry handle (and with blog posts | adorned with furry art) at the start of the pandemic. | | It gave me something to do that was both productive and | _fun_. | LanternLight83 wrote: | Just wanted to say that I love your blog!!! | some_furry wrote: | Thanks <3 | meibo wrote: | Individualism is big for those generations, and identifying | yourself with your favorite anime girl/pop culture element or | the character you designed with the elements you like is a way | to differentiate yourself from others. The furry/anime | communities also tend to be pretty technically inclined, so I | imagine there's just some natural overlap. | bombcar wrote: | Individualism is big ... so be like everyone else and have an | anime avatar. | | The loop continues. | noSyncCloud wrote: | "Everything I'm not interested in is identical and entirely | meaningless" | fortran77 wrote: | Prove your individualism by all liking the same anime stuff? | bbno4 wrote: | A lot of these sites do it deliberately to annoy people on | hackernews, it is so funny :) | aliqot wrote: | JWZ did it better. | | Proof: https://www.jwz.org/blog/2021/01/i-told-you- | so-2021-edition/ | daptaq wrote: | Why would that be funny? I just wonder how these people have | no sense of embarrassment. I suspect part of the reason is | that isolated communities encourage this kind of behaviour. | OkayPhysicist wrote: | Or perhaps they simply see no reason for it to be | embarrassing, because they have a different set of values, | coming from a different culture which we, as old people, | simply are not part of. | bakugo wrote: | > I just wonder how these people have no sense of | embarrassment. | | A lot of these people tend to be quite isolated from | society in general, so they end up losing their sense of | embarrassment entirely. Doing things that other people find | weird or that make other people uncomfortable ends up | becoming a sort of hobby for them (and often becomes their | personality entirely) since they effectively have nothing | to lose over it. | daptaq wrote: | That is a good point. If you don't need to deal with | everyday people to socialize, you don't have to adapt | your behaviour to the mean expectation of what is proper | and not. I remember reading an interesting socialist | argument once, that this is historically unique because | capitalism allows people to reduce social relations to | that of monetary exchange. As long as you can pay your | bills and buy what you need, nobody can complain. It is | this perspective that people who retort with "Why do you | even care?" implicitly hold, that I am not a fan of. | fshbbdssbbgdd wrote: | Just to let you know, this comment was flagged. | | I'm in this picture and I don't like it, but I vouched | anyway. It's an interesting perspective I hadn't | considered before, and broadened by horizons a bit. | daptaq wrote: | What does this mean? | fshbbdssbbgdd wrote: | See the entries about "flag" and "dead" in the FAQ: | https://news.ycombinator.com/newsfaq.html | | The comment I responded to was dead. I don't feel it | really violates the site guidelines. Although some people | might take it personally, which could make it sort of | flame-bait-y and result in flags. | JumpCrisscross wrote: | > _wonder how these people have no sense of embarrassment_ | | Suppose it's challenging why having an anime character next | to a blurb of text is embarrassing. | ryan-c wrote: | > I just wonder how these people have no sense of | embarrassment. | | In at least one case I know of, by being so outrageously | competent that they know it won't hurt their ability to get | a job. | paulmd wrote: | honestly that's probably a great filter for "interesting" | clients, if you want to keep the fortune 500 bureaucracy | away and just work instead of push papers all day | Shared404 wrote: | Reminds me of that one commit to the bluetooth stack on | Linux. Will try to find it in a minute. | marginalia_nu wrote: | Not sure if this is what's going on here, but I've noticed | sometimes isolated communities don't want too much | attention and front load these types of things as | scarecrows to keep the general public away. | Shared404 wrote: | See Also: 9front | marginalia_nu wrote: | Parts of the alt right does the same with its meme | sociolect. You'll see frogs and wojaks and hear of soy | and cuck and various pills very quickly. | Shared404 wrote: | This is true. | | As much as I hate "both sides" discourse[0], it's | interesting that I see the same memes in both right and | left contexts - I wonder of a creation of a "second | language" to discuss divisive politics is enough of a | force to spread it, or of it is intentional coopting of | another sides language to dilute it. | | E: [0] HN is not the place for the rest of my feelings on | this. Both sides aren't the same is enough to suffice | here. | daptaq wrote: | Then the question is why bring it up in the first place. | If you don't want attention, you avoid these signifiers | in public, I'd think? | marginalia_nu wrote: | You might also want to find likeminded people. | ArchOversight wrote: | > I just wonder how these people have no sense of | embarrassment. | | What exactly is embarrassing about this? | jhbadger wrote: | I think in some parts of US culture not that familiar | with Japanese culture there is the misconception that | anime is all tentacle porn or something and so you should | be embarrassed for liking anime. | SoftAnnaLee wrote: | While that stereotype still exists in some corners; I've | actually found that there is more mainstream | understanding and acceptance of anime these days. I work | in an office that terminally online folks would call | "full of normies"; but I have found people here are at | least aware of anime, if not active consumers. These | days, it's not "cringe" to enjoy anime itself, and I'm | guessing that the majority of commenters in this | particular thread are over-analyzing the presence of an | anime girl on a website. | | The author probably likes seeing an anime girl, and feels | that displaying one on their page expresses an interest | in anime, tech, and a casual tone for their writing. | jcims wrote: | It's basically 'book babes'. Booth babes went out of | fashion a while back for good reason. This kind of thing | is relatively harmless in the instance but in aggregate | puts out a vibe. | Morgawr wrote: | I'm curious why you think that's something to be | embarrassed about. I feel like it's a cultural thing but | for example here in Japan it's very common to see this | style everywhere (on TV, on billboards, on the train, on | random websites, etc) and several of my coworkers also have | these kinds of backgrounds or posters at work (in an open | office). | WastingMyTime89 wrote: | It was frankly weird and bit disturbing to see some of | the neckbeards in engineering school obsessing about cute | depiction of young girls. To this day, it definitely | colours how I see random use of anime girls on CS related | topics. | | I have no issue with it in its original Japanese setting | and I wasn't aware of its use by the LGBT community but | it seems far less depressing in this case. | blarghhi wrote: | There are a surprising number of pedophiles (who will | immediately 'correct' people to use the term | "ephebophile" instead) amongst the techbeard community. I | agree it becomes uncomfortably apparent after spending a | bit of time with these types. | daptaq wrote: | I don't know, this is mostly instinctual, but my guess is | that this is subconsciously associated with the kind of | cultural image of an anime enthusiast or furry as | socially inept, meagre or generally nerdish. | paulmd wrote: | isn't this just... itasha culture for websites? ;) | | https://en.wikipedia.org/wiki/Itasha | | https://www.youtube.com/watch?v=vH0q3xForho | | https://web-japan.org/trends/11_culture/pop201901.html | soulofmischief wrote: | It's likely the reason they don't feel embarrassment is | because they couldn't care less about your unwarranted | judgement, and delight knowing that some people actually | take the time to be upset about it. | daptaq wrote: | This always comes up in these discussions, my impression | is that there is some kind of a split when it comes to | understanding the concept of embarrassment. It is not | about the individual judgement of people and being upset | is the wrong word, but it is difficult to find the right | words to explain it. When thinking to myself why I'd | never do these kinds of things, setting aside the lack of | interest, I wouldn't want a kind of general perception | that people have of me to be associated with these | cultural symbols. It is an interesting question, | especially because it appears obvious until I reflect on | it. I guess I am not the only one who feels like this, | and some people get upset because it is difficult to | articulate these "unwritten rules of behaviour in polite | society". | nalllar wrote: | To me it's sad that you took that lesson away from that. | :( | | Watching someone be genuinely enthusiastic about | something is wonderful. Society has far too much | cynicism, and watching it beat that into children as they | grow up is no fun. I see a lot of adults who treat things | that way. | | Maybe it's a generational thing, maybe it's my circles, | but I've seen plenty people appreciating and gushing | about people sharing their interests. It's even in the | memes, here's an example: | | > Everyone wants an autistic gf who infodumps abt video | games and linguistics and whatever up until day 43 of the | relationship when you get a paper cut and she starts | trying to drink your blood | daptaq wrote: | > Watching someone be genuinely enthusiastic about | something is wonderful. | | But isn't the question what they are being enthusiastic | about? I would certiainly agree that there are some | things that considered noble and respectable (helping the | sick, science, the right kind of activism for the right | kind of people, ...) that most admire. At the same time I | think most recognize that there are destructive or non- | productive things one can be enthusiastic about to the | point of obsession. While having an anime girl on your | website or being a furry is usually not destructive and | ignore the cultural popular images of people like these, | then they are at least non-productive in the sense that | neither society nor the individual themselves grows from | engaging with the topic. You can study engineering and | improve human technology or write and learn how to better | express yourself, but I don't see how anyone can progress | as an anime weeaboo beyond a self-contained culture that | might value if you know the names and details of all | characters by heart. As soon as you step out of this | bubble, the value disappears. | | > Maybe it's a generational thing, maybe it's my circles, | but I've seen plenty people appreciating and gushing | about people sharing their interests. | | I don't know what generation you are referring too. I'm | Gen Z and obviously have different feelings about this. | Sure, I enjoy talking to people who share my interests, | but I know when and where the right place is. I don't go | out with friends and insist on talking about e.g. Emacs, | and I certainly don't want to be perceived as someone who | superficially is only interested in my own topics, not | caring to engage with topics that others care about. | | (Btw. thank for your respectful tone, I appreciate that). | dawnbreez wrote: | I'm...not sure why it would be embarrassing? People have | things they're interested in that aren't related to work, | and besides, the suit-and-tie image of the workplace is | deeply rooted in a load of nonsense (nonsense which ought | to be _recognized_ as nonsense, but which is often confused | for professionalism). | daptaq wrote: | If you check my other replies in this thread, I've tried | to describe why I feel the way I do. But if I may, I'd be | curious to hear what you'd consider to be "embarrassing", | not as an act but as a personality trait. | | As an example, I believe to recall the first time I felt | this way as a child, perhaps age 4 or 5. There was some | sort of a meeting and somehow a kid felt prompted to go | up to the whiteboard and start explaining everyone the | Bionicle alphabet | (https://bionicle.fandom.com/wiki/Matoran_Alphabet) with | unreasonable enthusiasm. I was into Bionicles myself, but | remember thinking to myself, "Don't you know how you look | like? Don't you know that nobody cares? Have you no sense | of how others perceive you? If I hadn't seen how this | looks like, would I have done something like this | eventually?". I don't know how others brush these | impressions away with a "Good for him". | fortran77 wrote: | kps wrote: | Typo? If so, please don't fix it. | [deleted] | rejectfinite wrote: | As old as /g/ | eating555 wrote: | Here's a repo for all kinds of anime girls holding programming | books: https://github.com/cat-milk/Anime-Girls-Holding- | Programming-... | wyldfire wrote: | Please tell me you used Stable Diffusion to generate this | repo after seeing this post on HN, and not that this is some | kind of odd almost-rule-34 fandom domain. | daptaq wrote: | These images have been shared around on image boards for | probably over a decade, what you see here is just a group | of people who sat down and categorized them: | https://github.com/cat-milk/Anime-Girls-Holding- | Programming-... | Morgawr wrote: | There's no porn in that repo. Anime girls holding | programming books is a common meme/trend/style that's been | around for over a decade by now. | nostrebored wrote: | > common | | absolutely not | bskan wrote: | You need to spend more time in /g/ | aliqot wrote: | There's 3 inches of dust on those deep fried bad boys, | welcome. | mgdlbp wrote: | See also: OS-tans from the turn of the century | belfalas wrote: | Fascinating - Idris and Haskell are represented but no | Clojure. | chillpenguin wrote: | Honestly that doesn't surprise me haha | 0xCMP wrote: | My favorite for several reasons: https://github.com/cat- | milk/Anime-Girls-Holding-Programming-... | falcolas wrote: | My take: People have used animals, drawings, and random photos | as avatars since avatars were a thing. Anime has been growing | in popularity and reach over the past decades, and the new (and | broadly available) "Holo-live" style animated YouTube and | Twitch avatars have created its own boom. | | Combine with a greater acceptance of non-traditional personal | identities, and you get professionals using anime and furry | avatars and decorations. Practically speaking, it's not really | any more or less professional than O'Reilly using animals to | create an identity for its programming book covers (so long as | you're not wearing a fursuit or sailor moon leotard to work). | jstanley wrote: | I was curious what you were talking about, because I don't see | any illustration. | | If you are browsing in dark mode, there is no background image. | You have to switch to light mode to see it. | Shared404 wrote: | I can see it in dark mode on mobile firefox. | Groxx wrote: | Aaah. I was wondering too, and noticed that it was `width=0` | and not visible, and had a few rounds of ????. | | So I guess we now know the heathens who drive in light mode | tth_tth | badsectoracula wrote: | I don't think it is related to a new generation or something | like that since i remember people using anime wallpaper | backgrounds and avatars (in MSN Messenger, etc) since the early | 2000s. It is just that in recent years anime became more | popular _in general_ than it used to be even 10 years ago, so | you are more likely to see anime stylized characters nowadays. | [deleted] | jchw wrote: | The funny thing is that while I don't doubt in my mind that a | lot of the folks with anime/furry illustrations in their blogs | are generally younger, I suspect many of them are still | knocking on 30 at least. | | What happened? Anime and furry fandom became more socially | acceptable across contexts. Why? Probably because of the | ridiculous degree to which we are connected online and the way | this has eroded our ability to segregate identities. A lot of | people you have seen online have always been huge losers, but | many of them are more open to flagrantly displaying it now. | | Is this good? Dunno. I think making some of these subcultures | more mainstream can suck for the subcultures themselves. I've | never found it all that off-putting personally, but that could | just be a reflection of my own biases as a long-time online | loser. | diputsmonro wrote: | Generally agree, but I do have to bristle with the "huge | losers" sentiment. The fact that furries/weebs have a strong | visibility in the professional software/IT space should be a | signal that those people _aren 't_ losers, and are in fact | doing quite well for themselves. And if you're in the | industry, then you need to do yourself a favor and remove | that label from yourself. | | What you call a "flagrantly display", I call a typical, | progressive break from meaningless social conventions. People | like cute drawings and post them on their websites, so what? | And I think it provides good visibility to those communities | to demonstrate the skilled and creative people that inhabit | it. | jchw wrote: | I mean, the truth is, it's obviously not that weird. It's a | reflection of culture, at least in America, that I regard | such things in this light. Still, I mean it with affection. | The fact that it was somewhat outcast culture also freed it | from the bounds of giving a damn about social | acceptability, which led to some very free creativity. I | always embraced this. | | I realize _now_ this attitude may seem unnecessarily self- | deprecating, though. Oh well. | andyjansson wrote: | Also see David A. Wheeler's work on countering trojan horse | attacks: https://dwheeler.com/trusting-trust/ | segfaultbuserr wrote: | To me, the most interesting part of Wheeler's work is formal | verification. As an extra argument, he converted his verbal | arguments into a set of logical statements, and then used a | theorem prover to show the DDC argument is flawless (within its | assumptions). | aaaaaaaaaaab wrote: | What if the theorem prover was compiled with an infected | compiler? | segfaultbuserr wrote: | I remember seeing a post on MathOverflow, the OP asked | about the consequences of using malicious code to fool a | theorem prover to certify lies and falsehoods. | | It's a valid question and has deep philosophical | implications. Unfortunately, mathematicians are not tech | workers, so they were not impressed, and closed the | question as off-topic. I personally think the main reason | resposible for the lack of enthusiasm from mathematicians | is that formal methods are rarely used in our society, and | mathematicians in general (with the exception of logicians) | also do not really value formal axiomatic systems as the | something especially important for setting a standard of | truth. If formal methods are used in decision and | policymaking in the far future, the picture will be | different. Nevertheless, right now, malicious proofs are | just a hypothetical thought experiment. | | https://mathoverflow.net/questions/63816/consequences-of- | tec... | XorNot wrote: | This is a good moment to note that http://bootstrappable.org/ | exists and is one of the low level defenses OSS can provide | against this problem. Work the minimal set of binary blobs that | can be audited we can reasonably reconstruct whole toolchains | from scratch. | foobarian wrote: | Heh, as far back as then Ken T. already knew the score: | | ) writing to news just causes more | | ) misunderstandings in the future. there | | ) is no way to win. | | Pretty amazing insight! | segfaultbuserr wrote: | One can find precursors of nearly every aspect of the modern | social media back in newsgroups from the Usenet era during the | 1980s and 1990s, including cat memes. Unix developer Rob Pike | even invented role-play trolling in the 1980s on Usenet (mostly | manually, but an automated bot was also tried). Back then it | was a harmless hoax, and today on the modern web it's now | causing massive troubles. [0] | | Old-timers like Ken Thompson clearly have understood the nature | of a social network since a long time ago. | | [0] https://en.wikipedia.org/wiki/Mark_V._Shaney#History | xmprt wrote: | I don't think it's some super novel insight by him. The news | has existed for many centuries and at least to some extent, it | has created misunderstandings as long as it has existed. | foobarian wrote: | See, exactly! He meant writing to newsgroups, which were | relatively new at that time. Or did he? :-) | denton-scratch wrote: | Thanks for digging-up and posting that; an interesting historical | artifact. | Javipok wrote: | k0stas wrote: | I got obsessed with this paper recently, to the point where I | have read most of the "Unknown Air Force Document" that Thompson | references with giving him the idea of Trojan horse. The document | was later identified and is declassified and publicly available | [1]. | | > If one reads the original paper, one only finds a description | of this attack as a thought experiment, leading one to conclude | that any claim of a real-world attack by Thompson was an urban | myth due to exaggeration. | | This is true although Thompson gives some tantalizing hints in | the paper. | | In the introduction, he writes " I would like to present to you | the cutest program I ever wrote." So he definitely wrote it and | at least played around with it. | | Later on in the "Moral" section, he writes "The moral is obvious. | You can't trust code that you did not totally create yourself. | (Especially code from companies that employ people like me.)" | | This appears to be an admission but not quite strong or direct | enough to validate he implemented and used the Trojan horse so it | is great to read this post. | | [1] https://csrc.nist.gov/csrc/media/publications/conference- | pap... | an1sotropy wrote: | Thanks so much for sharing the older MULTICS report; this is | fascinating stuff. | whatthem wrote: | avgcorrection wrote: | I agree with this sentiment. This is very inappropriate | considering how children can consume C as a gateway language to | memory unsafety. | dang wrote: | " _Please don 't pick the most provocative thing in an article | or post to complain about in the thread. Find something | interesting to respond to instead._" | | " _Please don 't complain about tangential annoyances--things | like article or website formats, name collisions, or back- | button breakage. They're too common to be interesting._" | | https://news.ycombinator.com/newsguidelines.html | PoignardAzur wrote: | > _" Please don't complain about tangential annoyances-- | things like article or website formats, name collisions, or | back-button breakage. They're too common to be interesting."_ | | That one happens a lot on HN. I'm not sure I'd want it to | happen less. | bombcar wrote: | This goes to show the importance of multiple independent | toolchains, and multiple variations on debuggers. | | The more there are, the harder it would be to successfully | execute this attack for any length of time. | | However, it could and certainly has been done in specific | targeted cases I bet. | noobermin wrote: | Please tell this to all those people who want gcc to vaporize | and have all of us use clang. Competition is good. | tristor wrote: | This page is getting flagged as malware by OpenDNS, but here's an | archive link: https://archive.ph/UjaMd | Izkata wrote: | Short story about an AI keeping itself hidden through this | attack: https://www.teamten.com/lawrence/writings/coding- | machines/ | Jabrov wrote: | Damn this story was soo good! | an1sotropy wrote: | It is great to see this from the source (or close to it). Some | searches on the text of Thompson's message also led to these pre- | existing sources (not linked from niconiconi's blog) of a post by | Jonathan Thornburg: | | https://www.mail-archive.com/cryptography-digest@senator-bed... | | https://groups.google.com/g/sci.crypt/c/PybcCHi9u6s/m/b-7U1y... | | btw is there any public archive of ~old usenet (say, through | 1999)? I was trying to remember things I learned from on alt.2600 | but groups.google.com says it's "banned". | chris_st wrote: | Someone (Uunet, maybe?) put out a bunch of usenet CDs back in | the 90's... don't know how far they went back (or which groups | they had. IIRC, it was pretty much everything except binary | groups). It'd be challenging to find them. | obi1kenobi wrote: | When you say "searches" are you referring to regular web search | (e.g. Google) or something more specialized? | | Just wondering if there's a good way to programmatically search | "old" records like these. | an1sotropy wrote: | sorry didn't meant to be obscure - it was just google | searches, but I found that if I used quotes google was less | useful than if I searched for a longer string without quotes | (I think others on HN have noted the quality of google | searches seems to be decreasing). In my case I searched for | fyi: the self reproducing cpp was installed on OUR machine | and we enticed the unix support group | | but without quotes. I know it's quixotic but I kind of wish | altavista was still working (now yahoo owns the domain name). | [deleted] | trustingtrust wrote: | One of my favourite papers for sure. It's mind boggling the way | it was presented. | naillo wrote: | That anime girl really makes it hard to hide that you're doing | work unrelated things in the office. | kps wrote: | > anime girl | | S-Should we tell him? | | Nevxnjn Uvzr vf abg n tvey | duxup wrote: | This is strange, I don't see an anime girl. | dmix wrote: | The author must have removed it. | | Edit: apparently it's only on mobile size, near the footer. | duxup wrote: | Oh yes mobile, there it is. | hbn wrote: | If you squish the browser window enough it'll go into a mobile | view where she jumps to the bottom | bentcorner wrote: | Ah - thank you. The comments here make a lot more sense now. | Anyone care to explain why it doesn't show up anywhere for | desktop users? Html has this: <footer | id="footer"> <img id="footer-image" | src="/img/niconiconi.png" width="0%" /> </footer> | hbn wrote: | On desktop you see the image as a background on the <body> | @media (min-width: 770px) body { ... | background-image: url(/img/niconiconi.png); ... | } | | And on mobile you see that footer @media | (min-width: 770px) #footer-image { | width: 0%; } | SllX wrote: | It's okay. She's got a copy of "The C Programming Language". | We're in the clear! | davidchen wrote: | For those not on mobile - resize your desktop window and scroll | to the bottom | cantSpellSober wrote: | I hide all website footers by default, you wouldn't be | surprised to know useless they usually are | #footer, .footer { display: none !important; } | | Userstyle to remove the image from this site: | @-moz-document domain("niconiconi.neocities.org") { | body { background-image: none !important; | } #footer { display: none | !important; } } | Groxx wrote: | but.... if you do this, how will you know what year the | copyright of the page is?! | Attrecomet wrote: | And whatever the site did disabled ublock's "block element". | Luckily umatrix still works and I was able to block images from | the site | Groxx wrote: | For those confused: | https://news.ycombinator.com/item?id=33008860 | | @jstanley discovered that it's only visible when browsing in | light mode. | Taylor_OD wrote: | > That anime girl really makes it hard to hide that you're | doing work unrelated things in the office. | | What do you mean? ___________________________________________________________________ (page generated 2022-09-28 23:00 UTC)