[HN Gopher] Ken Thompson really did launch his "trusting trust" ...
___________________________________________________________________
Ken Thompson really did launch his "trusting trust" trojan attack
in real life
Author : obi1kenobi
Score : 472 points
Date : 2022-09-28 14:40 UTC (8 hours ago)
(HTM) web link (niconiconi.neocities.org)
(TXT) w3m dump (niconiconi.neocities.org)
| mosburger wrote:
| I know this probably falls into the category of red-baiting
| hysteria, but sometimes I've wondered (not seriously, in more of
| a spy-vs-spy, campy, tinfoil hat way) if the Kotlin programming
| language is a secret plot by the Russian government to embed
| backdoors in everything compiled with it. How many people have
| done a deep inspection of the compiled product?
|
| (Insert balloon boy meme of the conspiracy theory guy at his
| bulletin board)
|
| Of course, the Russians would probably be justified in wondering
| the same thing about a programming language created in the United
| States.
| Vizdun wrote:
| is the only reason for this wondering the fact Kotlin was made
| by czech developers?
| kingforaday wrote:
| The technical ingenuity is remarkable for the time period but I
| love how it still required social engineering to execute:
| ) we enticed the "unix support group" ) (precursor to usl)
| to pick it up ) from us by advertising some ) non-
| backward compatible feature."
| nwsm wrote:
| > Keywords: horse, mouth
|
| These message keywords cracked me up.
| [deleted]
| lisper wrote:
| To me, the historical reconstruction aspect of this is at least
| as interesting as the attack. One of my more obscure hobbies is
| studying the history of ancient texts, and it is fascinating to
| watch the process of losing primary historical sources play out
| in front of my eyes:
|
| > However, in 1995, Usenet poster Jay Ashworth, citing personal
| communications with Ken Thompson, provided strong evidence of the
| existence of a real-world experiment of this attack.
| Unfortunately, the full Usenet message is missing on the web.
| There are only quoted snippets of this Usenet post circulated
| around various blogs, reducing its authenticity.
|
| > In 2021, I've rediscovered the full Usenet message after a
| search effort in multiple Usenet archives. My success was partial
| - it was still a repost by someone else, and I was unable to find
| the original message. However, this repost contains the full
| Usenet message, including complete headers and message body, with
| the poster name and its Message-ID, establishing the authenticity
| of the post beyond reasonable doubts.
| tambourine_man wrote:
| I think about this a lot as well. The folks at
| https://archive.org are the unsung heroes of our time.
| joshmarlow wrote:
| I think about this a lot in humor contexts. Many jokes rely on
| passing cultural contexts that isn't documented and isn't made
| explicit.
|
| Example: In my experience "The chad was good" and various jokes
| around "hanging chads" and "pregnant chads" still sometimes
| land with people who remember the 2000 election and Charlie's
| Angles, but anyone a little younger misses it.
|
| Now I'm curious how many jokes in an episode of "John Oliver"
| or Southpark land even a year or two after the episode airs.
| autoexec wrote:
| A lot of the jokes in last week tonight don't exactly land
| when they originally air either, but that has more to do with
| the writers than available context.
|
| I run into this problem not just when watching old shows, but
| also when watching contemporary TV developed in other
| countries. Usually it's references to proper nouns I've never
| heard of, and I do often look those up, but even once you
| know what or who something was sometimes you'd have to be
| willing to go deep into various rabbit holes to really
| understand it.
| WaitWaitWha wrote:
| > studying the history of ancient texts, and it is fascinating
| to watch the process of losing primary historical sources play
| out in front of my eyes
|
| I just want to further call attention to this. We have the
| unspoken notion, an assumption that digital materials, once
| 'written' will remain forever.
|
| And, for a short-term 'forever' this is true. Not so for longer
| 'forever', as the loss of the original Usenet post, despite
| replicated across many systems, demonstrates.
| smartmic wrote:
| Indeed, software archeology already is and will become a very
| exciting discipline. And the stakes are quite high, at least
| for science. Here is a great example of how NASA almost lost
| precious data from Viking missions back in the 1970s (the
| article is from 1990, so history in history format):
|
| https://web.archive.org/web/20220121041452/https://www.nytim.
| ..
| trap_goes_hot wrote:
| This replication that was possible earlier, will also not
| happen in the future thanks to closed proprietary systems.
| YouTube is wonderful library of knowledge that we are legally
| prevented from making a copy of.
|
| There needs to be bottom-up and top-down pressure for open
| data standards and also a re-thinking of digital ownership
| rather than digital licensing. We think people don't care,
| but the engineers who build these systems are a tiny
| minority, we only need to convince them to refuse to build
| walled gardens.
| selfhoster11 wrote:
| Nobody needs legal permission to grab all the YouTube
| content they want to keep. Just dedication, youtube-dlp,
| and a ginormous RAID array full of empty drives. This is
| surprisingly affordable as a hobby.
| registeredcorn wrote:
| Note: I would encourage switching over from youtube-dlp
| to yt-dlp (https://github.com/yt-dlp/yt-dlp)
|
| As I understand it, yt-dlp is considerably faster.
| eastof wrote:
| Just curious, why either of these over vanilla youtube-
| dl? Wondering if I should update my playlist downloader
| script
| selfhoster11 wrote:
| It's far easier to grab an "archival" grade copy of a
| YouTube video (includes thumbnail, subtitles, metadata,
| etc) and ask the program to embed all the data within the
| video file itself. It can even remux all videos into a
| selected container format, which is really nice.
| selfhoster11 wrote:
| My bad, I meant yt-dlp
| autoexec wrote:
| Are you aware of a single person anywhere who has
| mirrored the entirety of youtube? There is obvious value
| in having a mirror like that, so why hasn't it been done?
|
| Downloading a handful of videos you personally care about
| is surprisingly affordable as a hobby. Mirroring and
| archiving the entirety of youtube is not.
|
| Personally, although I couldn't say it was a hobby, I
| don't watch youtube on youtube anymore. Every youtube
| video I watch is downloaded first and viewed locally. I
| can't recommend it enough. Zero youtube comments, zero
| recommendations, VLC is a far better video player, Google
| has no idea how many times I've watched a video (or parts
| of it) or how I felt about it, and I never have to worry
| about videos I find valuable being removed. As long as I
| keep backing them up, I'll have them for as long as I
| care to.
| dotancohen wrote:
| > VLC is a far better video player
|
| Not for my use case, but maybe someone here has a
| solution. I watch lectures and lessons, as I watch I will
| change the playback speed constantly. I use a Firefox
| add-on for keyboard control of the YouTube video stream
| speed.
|
| VLC also has keyboard control of the playback speed.
| However, when changing the speed VLC will skip a split
| second of audio. This drawback negates all the benefits
| of playing faster over the non-essential parts, because
| when we get to an essential part I'll lose some if it.
| This is on Kubuntu, across many versions over the years.
| autoexec wrote:
| I haven't run into that myself, but I think I'd just hit
| shift+left arrow (or just left arrow depending on what
| you've got the jump set to) before hitting + to speed the
| video back up. I'll take a minor inconvenience like
| pressing an extra key for all the other features I get.
|
| You can probably also create a single macro to do both
| actions with a single keypress although not with VLC
| alone which is fair enough since you're using an addon
| for the functionality you can't get with youtube's player
| already.
| MacsHeadroom wrote:
| MPV is the gold standard video player on Linux. { and }
| halve and double playback speed, respectively.
| selfhoster11 wrote:
| I don't think that there is any value in grabbing all of
| YouTube, and neither did I suggest doing that. I meant
| content that specifically interests you, or is likely to
| interest you (or is otherwise valuable as a historical
| record). "All videos" means including videos that have
| next to zero views, sensational clickbait, Elsagate/baby
| content, and a whole host of other unpleasant things.
| Most YT archives/hoarders are selective for that reason
| (and because space, while cheap, is not infinite).
|
| I quite enjoy using NewPipe on Android. Once you build up
| a list of subscriptions, it's by far the most peaceful
| way to consume YouTube on a smartphone.
| bayindirh wrote:
| r/datahoarders will kindly and rightly disagree with you
| on that regard.
|
| For an enthusiast, a 720TB array is pretty reachable. A
| dedicated enthusiast can get a 1PB flash array in 2U.
| TremendousJudge wrote:
| I don't think anybody on /r/datahoarders believes it's
| possible for a private individual to archive the entirety
| of Youtube. More than 200,000 hours of video are uploaded
| every day. Generously assuming something like 1 GB/hour
| for 1080p, that's 200TB per day that you have to add. No
| home array can handle that.
| bee_rider wrote:
| This is a weird hackernews phenomenon where two sides of
| a discussion present the technical aspect of the thing
| they want to do, and are correct in their description of
| the technical aspects, without addressing the fact that
| they are talking about accomplishing totally unrelated
| objectives.
|
| It is probably possible to horde more Youtube videos than
| you could ever watch, probably including most of the ones
| that you might ever be interested in. And it is almost
| certainly impossible for any individual to capture every
| video which goes through Youtube.
|
| Neither of these seem to address the issue of whether
| there exist videos which will retrospectively have
| archival value which are not captured.
| MikePlacid wrote:
| > probably including most of the ones that you might ever
| be interested in.
|
| That's a really interesting question: how to determine
| videos that I might ever be interested in.
|
| > whether there exist videos which will retrospectively
| have archival value which are not captured.
|
| And that's not really a question: there definitely exist
| videos that have a certain historical value which were
| deleted from YouTube, and most of them before I archived
| them cause I am lazy.
|
| I would gladly pay for a personal archive.org - a
| solution that automatically archives each page I visited
| and video I watched. I guess the required storage amount
| will be pretty affordable.
| bee_rider wrote:
| > > whether there exist videos which will retrospectively
| have archival value which are not captured.
|
| > And that's not really a question: there definitely
| exist videos that have a certain historical value which
| were deleted from YouTube, and most of them before I
| archived them cause I am lazy.
|
| Sure, but you aren't the only one backing up YouTube
| videos. It seems at least plausible that the aggregate
| storage capacity of the entire data horder community and
| their propensity for backing up whatever they come across
| could result in a situation where if something is
| interesting, _somebody_ ends up capturing it, right?
| selfhoster11 wrote:
| There are some communities with a collaborative video
| index of who has what backed up.
| autoexec wrote:
| > Neither of these seem to address the issue of whether
| there exist videos which will retrospectively have
| archival value which are not captured.
|
| Unless the entirety of youtube can be archived it's safe
| to assume that there will be something of value which
| isn't being preserved. It's an unsolved problem and not
| one Google wants to see solved.
| orangepurple wrote:
| Don't worry, only a very small subset is worth keeping
| jasonladuke0311 wrote:
| That's what you think now.
| WalterBright wrote:
| So true. I look at photos I've taken in the past, and
| discovered that I took pictures of all the wrong things.
| autoexec wrote:
| Even now, the most garbage youtube video out there is
| still probably useful as training data for some AI (maybe
| even to generate horrible youtube videos)
| saagarjha wrote:
| The size of YouTube is likely measured in exabytes. I
| think it would be hard for any entity that was not
| organized and well-funded to mirror all of it, let alone
| make it available in a reasonable fashion.
| munificent wrote:
| According to this article [1], 500 hours of video are
| uploaded to YouTube every minute. Depending on the video
| size and framerate, YouTube recommends up to 240 Mbps for
| 8k@60FPS [2]. Of course most video isn't that high res.
| Let's take a conservative guess that it averages
| somewhere between 2K and 4K and pick a middle bitrate of
| 24 Mbps. That's: 24 Mbps / 8 bit/byte
| * 60 seconds/minute * 60 minute/hour = 10800
| megabytes per hour of footage = 10.8 gigabytes
| per hour of footage
|
| At 500 hours of footage per minute, that means 5.4
| terabytes are uploaded every minute. Your 720 TB array
| would be completely full a little over two hours' worth
| of content that is uploaded to YouTube every single day,
| day after day.
|
| At the current upload rate, 2,838.24 petabytes are
| uploaded every year.
|
| I don't think you'll see hobbyist archives of YouTube any
| time soon.
|
| [1]: https://www.tubefilter.com/2019/05/07/number-hours-
| video-upl...
|
| [2]: https://support.google.com/youtube/answer/1722171?hl
| =en#zipp...
| zacmps wrote:
| For archival 24Mbps is an insane bitrate, you could get
| away with 1/3th to 1/6th of that.
|
| You're also going to limit to public videos (unlisted and
| private will make up some share of those uploads) and
| probably to those with non-zero views.
|
| I suspect archiving only videos with >100 views would
| probably cut the amount you archive to 1/10th.
| simongr3dal wrote:
| 1080p webm is around 450kbps and audio is 65kbps, so the
| estimate is of by 50x for the purposes of a hobbyist
| archive.
| selfhoster11 wrote:
| YouTube offers a number of codecs and nitrates. IIRC Opus
| goes up to 160kbps and m4a goes up to 128kbps, with lower
| bitrates also available. I imagine video is similar.
| yig wrote:
| I wonder how much of the uploaded content is public
| versus private or unlisted.
| chiph wrote:
| Some back-of-the-envelope math shows that YouTube would
| have to populate and rack a minimum of four 4U storage
| chassis (60 20TB drives each) per 8 hour shift to store
| that much. Roughly a little less than half a 42U rack.
| And that's before allowing for HDD drive parity,
| redundancy, and distribution across the globe.
| MacsHeadroom wrote:
| I have 4PB, but my understanding is that I would fill
| that mirroring a single day of YouTube at reduced
| quality. The Internet Archive could surely handle
| mirroring older YouTube content with a large grant. But
| the upload rate plus video quality in recent years is
| definitely cost prohibitive to replicate.
| [deleted]
| routerl wrote:
| The data archaeologists of the future are, right now, acquiring
| and developing what will become the skills of their profession.
|
| Very cool to watch, indeed.
| jll29 wrote:
| It will be hard for future (>700 years away from now)
| historians to discover a lot about what we thought today:
| writing personal and professional letters (e.g. "letters to
| the editor" in learned journals, letters to an uncle living
| in a different city) and diaries is happening less and less
| compared to the last 200-300 years.
|
| Perhaps we should go ahead and have a few hundred thousand
| emails printed with a special lasting ink on velum to pass it
| on to our successors ("Codex Electronicus"). On reflection,
| my own inbox is perhaps rather too nerdy - it would introduce
| a strong selection bias to posterity's view about us.
| tyingq wrote:
| Funny coincidence, Ken Thompson mentions this problem in his
| personal reprint of "Trusting Trust" on one of his old web
| pages.[1]
|
| _" I copied this page from the ACM, in fear that it would
| someday turn stale."_
|
| [1] https://web.archive.org/web/20080111144410/http://cm.bell-
| la...
| bcbrown wrote:
| Funny too, that you're posting an archive of that site, not
| the site itself.
| DebtDeflation wrote:
| I'm finding myself using archive.org (and also archive.is,
| but for different reasons) almost as much as Google for
| finding stuff these days.
| dolmen wrote:
| But can we trust this post?
|
| How can we be sure that Ken (working for Google) didn't infect
| the toolchain used for Chrome to propagate that legend?
| mseepgood wrote:
| I think he wrote the original Go compiler.
| biomcgary wrote:
| The Go compiler used to be written in C, but transitioned to
| being written in Go around version 1.4 (IIRC). I believe that
| the Go compiler toolchain is rooted on that version (i.e.,
| you can eventually compile the current Go compiler if you
| start with the compiler binary produced using Go 1.4). I
| don't remember the reference describing the situation in
| detail.
| intelVISA wrote:
| 30mb hello world binary that dials 8.8.8.8 suddenly makes
| sense now..
| anthk wrote:
| And AWK, and C. And Unix.
| selectnull wrote:
| That's easy: try it with Firefox.
| wyldfire wrote:
| Pretty sure Firefox uses Chrome as its toolchain these days.
| Nice try son, but it's turtles all the way down.
|
| EDIT: just kidding - no "chrome-headless-c++ -c firefox.o
| firefox.cpp" (yet).
| guhidalg wrote:
| I did check this to make sure I was still living in a sane
| universe, Firefox doesn't use Blink
| https://en.wikipedia.org/wiki/Comparison_of_browser_engines
| tristor wrote:
| > Pretty sure Firefox uses Chrome as its toolchain these
| days.
|
| It does not.
|
| There is no shared code between Firefox and Chrome. They
| use completely different rendering engines with independent
| histories (Chrome uses Blink originated from WebKit
| originated from KHTML, Firefox uses Gecko originated from
| Netscape originated from Mosaic).
|
| The only shared component is that Firefox utilizes public
| APIs for Google SafeBrowsing.
|
| Disclaimer: ex-Mozillian
| wyldfire wrote:
| Oh sorry. Chrome is not a toolchain in mostly any sense.
| Except for its extraordinary flexibility as browsers are
| in general able to execute code. So I thought it was
| obviously a joke that one would use a browser to compiler
| another browser.
|
| The "on trusting trust" attack regards using your
| compiler as a mechanism to infect compiled executables --
| including compilers themselves, and their generated code.
|
| I didn't mean to suggest that the two browsers shared any
| code.
| mintplant wrote:
| There is actually some code sharing these days, mainly
| libraries. Mojo for IPC is the one I remember off the top
| of my head. I think also WebRTC stuff?
| tristor wrote:
| Yes, in the strictest sense both browsers may rely on
| public open source libraries, which means they have some
| shared code, but they do not share any code directly with
| each other (e.g. Chrome is not a dependency of Firefox,
| Firefox is not a dependency of Chrome). I see this as not
| equating to "code sharing" because they both happen to
| use a library. Ironically for other apps that'd usually
| be something like OpenSSL, but in the case of Firefox and
| Chrome they actually have entirely separate TLS codebases
| as well (NSS for Firefox and BoringSSL for Chrome).
|
| For some of these shared open source libraries, either
| Mozilla or Google is the primary contributor/maintainer,
| and both organizations usually make contributions. This
| is true across many things, even libraries in the open
| source space that are not involved in the browsers
| themselves but may be in the toolchain (Mozilla has
| produced robust open source CI/CD tooling, bug trackers,
| etc over its history).
| [deleted]
| fomine3 wrote:
| Similarly ANGLE is made by Google (perhaps Chrome team)
| and now also used by Firefox
| ZeWaka wrote:
| What, no? Firefox isn't based on Chromium at all.
| 323 wrote:
| I'm not sure why you are being downvoted, because you are
| technically correct - a lot of Firefox developers use VS
| Code, which is based on Chrome and it is part of the
| toolchain.
|
| ELI5: are you really sure that when you work on Firefox
| source code from VS Code, that what ends up in the saved
| file and what gets committed to Git is what you actually
| see on screen?
| wyldfire wrote:
| I think I was just a bit too subtle with my joke.
|
| VSCode doesn't seem like a "on trusting trust" attack
| vector since we can easily observe the git outputs of the
| C/C++ source and these parts often reviewed by peers.
| Unlike object code -- we can always take a look at the
| disassembly but in practice it's not scrutinized.
|
| It's probably frustrating to those who work on Firefox to
| suggest that it somehow depends on Chrome. I get that.
| But it wasn't where I was going.
|
| There is some kinda-out-there reality though -- with
| something like WASM or v8 you can theoretically run real
| toolchains like gcc and clang "in the browser". ;)
| 323 wrote:
| There are 100% VS Code workflows - you edit in VS Code,
| commit from VS Code, and do code reviews from VS Code and
| review GitHub issues from VS Code.
|
| > _frustrating to those who work on Firefox to suggest
| that it somehow depends on Chrome._
|
| Maybe those developers should not look too closely at who
| ultimately pays their salaries :)
| no_identd wrote:
| You'll wanna check out https://bootstrappable.org/ for making
| sure
|
| Then again, perhaps he also infected all those fancy PCB & IC
| supply toolchains...
| noobermin wrote:
| Trusting trust is so old that this probably has been discussed
| before, but isn't it possible to "break it" by either disassembly
| or just looking at the elf with a hex editor? I know you can
| theoretically hack the disassembler too if you'd like, but after
| some point it becomes onerous.
| Veserv wrote:
| Indeed. This is actually required practice in certain standards
| such as DO-178 Level A certifications, though that is intended
| to prevent compiler bugs that result in miscompilation rather
| than malicious miscompilation, but the problem is solved in any
| event.
| vikingerik wrote:
| Yes. What really happens is that the trojan self-propagates in
| the compiler binary, copied from each iteration as it compiles
| the next one, always within the binary without existing in the
| source. And so it could be revealed by examining that binary.
|
| ... if, of course, you also knew you could trust your examining
| tools, including the firmware and hardware. You can't provably
| do that unless you assembled the entire thing from transistor
| gates (and even then, you're still accepting somebody else's
| assertions about electron behavior in that material.) So at
| some point you have to just decide that there's some level of
| operations that you do trust.
| enriquto wrote:
| There is this 2009 PhD thesis, and associated articles, where
| they explain how to "counter" trusting trust by using a set of
| independent compilers (even assuming that each compiler may be
| infected):
|
| https://dwheeler.com/trusting-trust/
|
| This is an automatic process: you compile each compiler with
| the others a few times and compare the outputs. At the end it
| gives a criterion to decide which compilers contain trojan
| horses.
| selfhoster11 wrote:
| I always had issues with this particular counter, because it
| assumes that you cannot create a sufficiently good back door-
| creating AI/heuristic machine that can also fit in the unused
| spaces in our systems and binaries without being noticed.
| That's a big 'if', looking ahead into the deep future
| especially that our knowledge of autonomous agents and
| storage keeps growing.
| dwheeler wrote:
| > I always had issues with this particular counter, because
| it assumes that you cannot create a sufficiently good back
| door-creating AI/heuristic machine that can also fit in the
| unused spaces in our systems and binaries without being
| noticed. That's a big 'if', looking ahead into the deep
| future especially that our knowledge of autonomous agents
| and storage keeps growing.
|
| I'm the author of the DDC dissertation at
| https://dwheeler.com/trusting-trust/
|
| If I understand you correctly, that doesn't counter DDC, as
| long as the system being generated is being covered by DDC.
|
| If you're worrying about inserting code into "unused
| spaces" in the file that people typically call the
| "compiler", the solution is to check the compiler with DDC
| - that guarantees (given certain assumptions) that all of
| the executable can be explained by the source code. The
| source code could have malicious code, but developers know
| how to review source code.
|
| If you're worrying about inserting code into "unused
| spaces" in other files of the larger system, the paper
| explains how to counter that too. Basically, treat the
| entire system as the "compiler" & regenerate it. More work,
| but now you've squeezed that out.
|
| There's even a counter-example in the DDC paper. The tcc
| compiler had a subtle bug where 2 bytes were "free" (not
| controlled by the compilation process). That's because it
| was storing a 10-byte floating point value into a 12-byte
| memory area, leaving 2 bytes uncontrolled. DDC immediately
| detected a problem. DDC can detect 1 _bit_ of difference.
| There 's no "uncontrolled free space" for whatever is being
| verified by the DDC process.
|
| Unlike most computer stuff, there's a mathematical proof in
| the DDC paper. _If_ the assumptions hold, the conclusions
| _necessarily_ follow. Attackers must take steps to
| invalidate at least one of the assumptions for the
| conclusion to fail. Of course, nothing is perfect - if an
| attacker subverts an assumption, then the defender can 't
| rely on the conclusion. But the defender can take steps to
| make the assumptions true.
| Sebb767 wrote:
| > but after some point it becomes onerous.
|
| That's exactly the point - a sufficiently deep supply chain
| attack can avoid detection just because no one bothers to look
| that deep.
| naniwaduni wrote:
| On the other hand, it is generally considered pretty hard to
| predict arbitrary changes in the future.
| golemotron wrote:
| Funny how the article says Ken Thompson popularized the attack.
| There's good reason to say he invented it.
| ProjectMoonShot wrote:
| Karger and Schell in 1974 conceptualised the idea of trap doors
| built into compilers in their Multics Security Review.
|
| Although Ken Thompson is responsible for popularising the idea
| through his Turing award speech in 1984.
|
| Edit: Ken Thompson mentions the paper in the acknowledgements
| of his Turing award speech.
|
| """ Acknowledgment. I first read of the possibility of such a
| Trojan horse in an Air Force critique [4] of the security of an
| early implementation of Multics. I cannot find a more specific
| reference to this document. I would appreciate it if anyone who
| can supply this reference would let me know. """
| Thoreandan wrote:
| Thanks for the reference! Found the 1974 paper https://web.ar
| chive.org/web/20030410020522/https://www.acsac... and the
| "Thirty Years Later: Lessons from the Multics Security
| Evaluation" followup https://web.archive.org/web/200304100950
| 57/https://www.acsac...
|
| Always neat to have lost sources show up eventually.
| Librarians rule.
| golemotron wrote:
| Thanks.
| GuB-42 wrote:
| The attack was successfully performed in the wild by the virus
| "Win32/Induc.A"
|
| The virus looks for a Delphi installation, modifies the
| SysConst.pas file, which is the source code of a part of the
| standard library and compiles it. After that, every program
| compiled by that Delphi installation will contain the virus.
|
| The virus does nothing else, it is therefore harmless if you
| don't have Delphi installed.
|
| It resulted in many software vendors releasing infected
| executables without realizing it, sometimes claiming false
| positives. After all, the executable was not tampered with, the
| compiler was.
| Joker_vD wrote:
| I personally was infected by it when I was studying at
| university! It came in when QIP updated... and I did have
| Delphi 5.0 installed at that time.
|
| Quick googling tells me this happened in August, 2009... which
| was 13 years ago. Quomodo fugit tempus!
| segfaultbuserr wrote:
| In 2015, a malicious copy of Xcode, _XcodeGhost_ , also
| performed a similar attack and infected iOS apps from a dozen
| of software companies in China. Globally, 4000 apps were found
| to be affected. It was not a true Thompson Trojan, as it
| doesn't infect development tools themselves, but it did show
| toolchain poisoning can indeed cause substantial damages.
|
| https://en.wikipedia.org/wiki/XcodeGhost
| cduzz wrote:
| Ah, but was a version of Xcode compiled with this version,
| and did that child version of Xcode _also_ have the trojan
| code?
| segfaultbuserr wrote:
| Very unlikely, and I don't know any Xcode that runs on iOS
| on mobile devices, so I said it was not a true Thompson
| Trojan.
| Nextgrid wrote:
| Does it actually do anything else, beyond just replicating
| itself?
| [deleted]
| aliqot wrote:
| Off-topic but, I'm noticing a lot of anime waifu and furry-type
| illustrations on tech blogs lately on HN.
|
| Can someone cooler/younger tell me: Is this the hand-off to the
| new generation, or is there a meta-meme I missed?
| jrussino wrote:
| Not sure about the trend in general, but this particular image
| (Anime girl holding a programming book) made me think it was a
| reference to these manga guides on various
| math/science/engineering topics:
| https://en.wikipedia.org/wiki/The_Manga_Guides
| dawnbreez wrote:
| It's really funny hearing someone ask if this is the hand-off
| to the new generation, when the fact is that furries were
| working on the internet well before anybody else cared.
| Furcadia came out in 1996!
|
| [edit] Oh, right, I should explain what Furcadia is. It's
| apparently based on Multi-User Dungeon type technology, but has
| a graphical frontend and was driven by user-generated content.
| Essentially, it was Habbo Hotel for furries, four years before
| Habbo Hotel even existed.
| Izkata wrote:
| Supposedly a furry who called himself Ogg worked on ARPANET.
| noobermin wrote:
| In the spirit of upsetting things about this article, the
| "retrocomputing" tag is probably the worst part.
| LanternLight83 wrote:
| I get totally different vibes from the chat-esque furry
| avatars, which I see as both an extension of the increasing
| fluidity of identity on the internet/AFK/remotely and a push
| for representation and "positive shamelessness" (am I just
| trying to say "self-acceptence"?). Waifus still come across
| more ironically, clearly memes in casual settings, and without
| those aspects of identity and representation. Stuff like
| VRChat/Vtubers blurs that line and brings identity fluidity
| back into the picture, but that doesn't feel like what's
| happening here, nor does it's appearance on literally every
| page carry the tone of irony needed to combat cringe, but... I
| kinda like it, and kinda wish it was just totally cool to have
| a waifu on my site too without having to lean into irony or
| identity to "justify" it against this cringe instinct. Maybe
| that instinct comes from a specific subculture on a younger
| internet which, although still present, need not color the
| spread of these aesthetics forever. Like rage memes, which come
| from eg. SA/4c but have been widely adopted to the point of
| belonging more to "the internet" than specifically to their
| roots.
|
| ...I think I like it
| paulmd wrote:
| > "positive shamelessness" (am I just trying to say "self-
| acceptence"?).
|
| > I kinda like it, and kinda wish it was just totally cool to
| have a waifu on my site too without having to lean into irony
| or identity to "justify" it against this cringe instinct.
|
| it's only once you accept that you are cringe, that you are
| are free to become truly based.
|
| "anime is trash... and so am I"
| klik99 wrote:
| "and thats ok"????
| Shared404 wrote:
| "My brain is trash and I live on the internet"
| klik99 wrote:
| The nature of communication on the internet makes for some
| very weird signifiers - I remember getting into fountain pens
| and finding out that a pretty undesirable group was into them
| as well and it was on the cusp of being a signifier for
| politics I don't agree with. Luckily it never got to that
| threshold, but basically something can become a signifier for
| something else just by virtue of volume - Pepe is probably
| the best, clearest cut example, with different groups
| literally mass posting pepes as much as possible in a battle
| to "own" that signifier.
|
| I was originally going to say "Hey, just do you" but then I
| totally get that feeling of "I'm into X just because I like
| it but for some stupid reason X signifies Y which I really
| don't care for" and it sucks.
| ByThyGrace wrote:
| Would you expand a bit on the fountain pens as a symbol of
| subculture/political stance? An otherwise well-adjusted
| friend of mine has been into fountain pens for a while and
| I would like to know more.
| daptaq wrote:
| I find that there is something inherently suspicious in
| having a parallel online identity. I respect anonymity, but
| for some reason people constructing a parallel world and
| personality online always irritates me.
| 2OEH8eoCRo0 wrote:
| My first thought is always: Who are you and why do you
| obscure your identity? What are you hiding?
|
| Yet here I am with a random username. I do also have a
| public professional website though.
| daptaq wrote:
| I think the difference is that I usually don't notice
| usernames, unless I want to check if the same person
| wrote two comments. In this sense, they are just opaque
| identifiers, or a trivial identity that doesn't express
| anything in itself. An online identity is something more,
| because it usually comes with a personality, an image, a
| history. To me it isn't even that something is being
| hidden, rather that a lesser version of oneself (merely
| virtual) is being overvalued. This argument could be
| extended to people who might base their online
| Instagram/TikTok/etc. persona on that of their real life,
| but glorify it beyond recognition, while at the same time
| reducing its being to digital communication.
| formerly_proven wrote:
| https://www.youtube.com/watch?v=5v_Dl7i4Bcw
| Morgawr wrote:
| It's been a thing for quite a while now, probably a good 10-15
| years already. I don't think it's a new generation thing.
| dqpb wrote:
| coldpie wrote:
| Choose your nerd-generation document aesthetic:
| Too old for this shxt: 80-col formatted plaintext
| Greybeards: LaTeX-generated PostScript Modern
| professionals: HTML doc with default browser stylesheet
| Kids These Days: Anime girl sidebar
| dustfinger wrote:
| > Too old for this shxt: 80-col formatted plaintext
|
| Definitely my preference, but too old? They will have to pry
| my keyboard from my dead hands.
| hdjjhhvvhga wrote:
| > Modern professionals: HTML doc with default browser
| stylesheet
|
| I don't think so. This was the default GNU style in the 90s,
| but even they started using CSS at some point.
| eequah9L wrote:
| Because the "kids these days" took over :)
| staticassertion wrote:
| Pretty sure one of the main tex editors is in fact a furry
| munk-a wrote:
| It must be specified that the LaTeX-generated PostScript
| _MUST_ use the default LaTeX styling - no adjustment to font
| size or face allowed.
| hwbehrens wrote:
| The readability of CMU Serif for high-density text cannot
| be denied.
| Taylor_OD wrote:
| > Modern professionals: HTML doc with default browser
| stylesheet
|
| damn. Got me.
| tait wrote:
| TIL: I'm old.
| ninefathom wrote:
| Yep... I too was hoping that something besides the first
| option would fit.
|
| Did not happen.
| aliqot wrote:
| cuts deep :( Serif fonts did nothing wrong. Black and white
| text is timeless.
| an1sotropy wrote:
| and blue and purple hyperlinks are the best
| EGreg wrote:
| I prefer my resume in Comic Sans ( _ducks_ )
|
| Because I'm tacky...
|
| https://m.youtube.com/watch?v=zq7Eki5EZ8o
| praptak wrote:
| People, who always wear jeans and a loose t-shirt: Markdown
| on Github.
| dclowd9901 wrote:
| I feel attacked
| B1FF_PSUVM wrote:
| By the random comma after the first word. Must be the
| "acte gratuit".
| b0afc375b5 wrote:
| Huh, I always wear jeans and a loose t-shirt, but prefer
| org-mode instead.
| SamPatt wrote:
| Hey now ... don't forget the hoodie
| saint_fiasco wrote:
| The relevant meta-meme is the "programming sock". A humorous
| screenshot of an Amazon recommendation that said one of those
| knee-high socks with pink stripes was often bought together
| with a nerdy book like "The C Programming Language". People
| started referring to those kinds of socks ironically as
| "programming socks".
|
| I don't know if the screenshot was doctored, or if the Amazon
| recommendation engine found a real cluster of customers who are
| interested in both programming books and programming socks. In
| any case, I suppose it doesn't really matter because when
| people spread funny memes ironically it's only a matter of time
| before people join in sincerely without the irony.
|
| In short the answer to your question is "both".
| Quikinterp wrote:
| Perhaps it's a self-fulfilling meme at this point, but
| searching "programming socks" on Amazon right now still only
| recommends socks like that. Definitely not doctored
| hu3 wrote:
| Thanks for clarifying it! Here's a NSFW link about the meme:
|
| https://knowyourmeme.com/memes/programming-socks (NSFW)
| daptaq wrote:
| I don't think so, "programming socks" is a LGBT-adjacent meme
| to my knowledge, while this is related to
| https://github.com/cat-milk/Anime-Girls-Holding-
| Programming-... and image board culture.
| saint_fiasco wrote:
| That repo and the programming sock screenshot are both from
| 2017. They might have a common ancestor, or refer to the
| same subculture.
|
| Notice that an anime girl holding a programming book is in
| itself a (mild) subversion of gender roles. The
| stereotypical programmer is male, and the stereotypical
| programmer is not cute.
| daptaq wrote:
| > Notice that an anime girl holding a programming book is
| in itself a (mild) subversion of gender roles. The
| stereotypical programmer is male, and the stereotypical
| programmer is not cute.
|
| I don't think that is going on here, you have to consider
| that the anime girl is holding the book towards the
| viewer, my guess is that the implication is supposed to
| be "Will you explain it to me".
| Morgawr wrote:
| > that the implication is supposed to be "Will you
| explain it to me".
|
| This is not correct. It's hard to explain if you've never
| seen them in context but rather than "will you explain it
| to me" they are actually saying "won't you read this?" or
| "will you learn this language for me?" kinda note. They
| used to be commonly posted as OP image in programming
| threads on /g/ with lines like "have you read sicp today
| /g/?" or similar. There's also another very common
| variation of this meme for gamedev communities on 4chan
| with the girl from the anime New Game (see this[0] clip,
| I couldn't find the meme itself) with a similar vibe.
|
| [0] https://www.youtube.com/watch?v=oyZDulr8msg
| daptaq wrote:
| I have seen it, but I think that "won't you read this?"
| or "will you learn this language for me?" is just a front
| for "explain this to me", especially when considering the
| body language.
| Morgawr wrote:
| > is just a front for "explain this to me", especially
| when considering the body language.
|
| ? Why? There's nothing that indicates this, the history
| behind these images shows the clear opposite. This to me
| sounds more like your (unconscious?) biases are showing
| more than it actually being a thing. Trust me, it's not
| really how this meme works. If you actually look at most
| images in that repo the girls are either reading the
| book, explaining the book, or clearly pushing it (often
| aggressively) towards the viewer to make them read it.
|
| EDIT: Are you familiar with Serial Experiments Lain? I
| think that was one of the first ones to pop up with
| these.
| daptaq wrote:
| I browsed /g/ as a teen, watched lain and everything, but
| have since decided to consciously distance myself from
| this culture, to a certain degree because there is a sort
| of implicit "sexism" (in some broader sense) that I don't
| feel comfortable with anymore. The longer I stay away,
| the more obvious things like the way they draw faces and
| bodies, the often infantilizing postures combined with a
| kind of sexualization is. Keep in mind that drawn images
| can easily exaggerate human features that are not healthy
| or even anatomically possible, but that still serve
| symbolically as sexual indicators. This has become worse
| and worse over time, because fan service is good
| advertisement for publishing houses. Take a look at
| https://en.wikipedia.org/wiki/List_of_slice_of_life_anime
| and compare how the style has changed since the late 90's
| up until today. I think it is a lot more homogeneous and
| the appearance is more formulaic. Part of this might be
| that computer animation is more common place, but the
| other one is that a sense of beauty has been reduced to a
| mathematical problem of relating various proportions. It
| is also because I was part of this culture, that I know
| there is an explicit and intentional sexual aspect to all
| of this.
|
| Reflecting upon my own impressions and how these changed,
| I am more conscious of these points and find it hard to
| ignore them. Assuming that I am not totally mistaken,
| which of course might be the case, knowing that others
| don't see these things pains me. More so when someone
| like the author of the link publically stands by it.
|
| But you are right though that not every image is like
| this.
| Morgawr wrote:
| > That repo and the programming sock screenshot are both
| from 2017.
|
| (I'm kinda repeating myself in this thread a bit, sorry
| but...) I can guarantee you that the anime girls holding
| programming books has been a thing for at least a decade,
| so the 2017 creation of that repository doesn't really
| mean much. Not sure about the programming sock meme but I
| think it's a bit more recent. However I do think it
| generates from certain "battlestation threads" on /g/
| where people used to post photos of themselves sitting at
| their PC with those knee-high socks on and the meme kinda
| spread from there. Way before that screenshot itself.
| saint_fiasco wrote:
| Thank you. I suspected a common ancestor, but I didn't
| know what it was.
|
| Makes perfect sense that a meme combining anime and
| programming would come from 4chan's technology board.
|
| I suppose what made the meme interesting enough to spread
| is the subversion of the traditional hacker aesthetic.
| Having a beard voluminous enough to carry The C
| Programming Language inside everywhere you went was a
| sign of great experience and wisdom. As a bonus, it also
| horrified "the suits", who were hackers' natural
| outgroup.
|
| In the 21st century you just can't annoy the suits the
| same way because even large corporations don't demand
| people wear literal suits anymore. Baffling the HN crowd
| is what passes for iconoclasm these days.
| edgyquant wrote:
| Nah the screenshot started it. Someone posted a similar
| one to /g and the responses said that it was an esoteric
| secret that womens socks and underwear made you a better
| programmer.
|
| Memes ensued
| Aaronstotle wrote:
| I'd say its a shamelessness type thing rather than a new
| generation thing. People can like what they like, however it
| definitely reduces the message when its plastered on a blog
| filled with risque anime girls or furry art.
| Morgawr wrote:
| > risque anime girls
|
| What's risque in OP's picture?
| Aaronstotle wrote:
| I wasn't referring to the OP, however I've seen other blogs
| that have it and I feel that it takes away from the actual
| content.
| fxtentacle wrote:
| 20 years ago, programming skills and access to Anime in Europe
| were highly correlated.
|
| Back then, me and friends spent an insane amount of time on
| reverse engineering a Japanese file sharing app so that we
| could build our own server version (like Deluge nowadays) and
| then we built our own IRC server and our own XDCC download bots
| so that we could get Anime raws onto a university server and
| then recode them to make download over ISDN (64kb/s) feasible.
|
| Also, a lot of the Animes featured socially awkward nerd guys
| who by accident stumbled into their own harem...
|
| With that context, posters of Anime girls together with nerd
| stuff sold extremely well at Connichi (a big Anime convention
| in Germany). A friend of mine (who's now CTO of a C++ dev shop)
| even bought a wax printer so that we could make really high
| quality A3 posters.
|
| So I guess it's an in-joke for Europeans born in the 80s.
| secondcoming wrote:
| staticassertion wrote:
| The furries have always been here, younger generations are just
| more accepting of it and so you get more people willing to
| openly identify
| collegeburner wrote:
| even for us youngsters thats still considered pretty weird and
| nobody normal is involved with it. unfortunately, it seems like
| it has a tendency to pollute technical circles since when i run
| across it it's usually there.
| Taylor_OD wrote:
| I mean I know two pretty normal programmer current/past
| coworkers who use anima girls as their main avatar at work.
| Is it weird? Kind of. Are they otherwise pretty normal
| people? Yeah.
|
| I'm friends with the both on steam and they are both very
| very very into gaming (like 4-5 hours a day at least) so I
| always thought it was related to that somehow.
| daptaq wrote:
| It is the classical phenomenon of when most people of a
| distant group are normal, but a minority is peculiar, that
| you don't notice the normal ones because they are
| overshadowed by the minority. E.g. when in school, I always
| remember not wanting to get into trouble with older
| generations, but then wondering why the younger ones did so
| when I was older. It is probably the number of trouble-makers
| didn't change, just that while I was younger I didn't blend
| out all the normal ones who were my age, which I did when I
| was older.
| [deleted]
| junon wrote:
| The former.
| aliqot wrote:
| Thanks, take care.
| some_furry wrote:
| I mean, sorta.
|
| I'm in my mid 30's. I started blogging about cryptography
| and security under my furry handle (and with blog posts
| adorned with furry art) at the start of the pandemic.
|
| It gave me something to do that was both productive and
| _fun_.
| LanternLight83 wrote:
| Just wanted to say that I love your blog!!!
| some_furry wrote:
| Thanks <3
| meibo wrote:
| Individualism is big for those generations, and identifying
| yourself with your favorite anime girl/pop culture element or
| the character you designed with the elements you like is a way
| to differentiate yourself from others. The furry/anime
| communities also tend to be pretty technically inclined, so I
| imagine there's just some natural overlap.
| bombcar wrote:
| Individualism is big ... so be like everyone else and have an
| anime avatar.
|
| The loop continues.
| noSyncCloud wrote:
| "Everything I'm not interested in is identical and entirely
| meaningless"
| fortran77 wrote:
| Prove your individualism by all liking the same anime stuff?
| bbno4 wrote:
| A lot of these sites do it deliberately to annoy people on
| hackernews, it is so funny :)
| aliqot wrote:
| JWZ did it better.
|
| Proof: https://www.jwz.org/blog/2021/01/i-told-you-
| so-2021-edition/
| daptaq wrote:
| Why would that be funny? I just wonder how these people have
| no sense of embarrassment. I suspect part of the reason is
| that isolated communities encourage this kind of behaviour.
| OkayPhysicist wrote:
| Or perhaps they simply see no reason for it to be
| embarrassing, because they have a different set of values,
| coming from a different culture which we, as old people,
| simply are not part of.
| bakugo wrote:
| > I just wonder how these people have no sense of
| embarrassment.
|
| A lot of these people tend to be quite isolated from
| society in general, so they end up losing their sense of
| embarrassment entirely. Doing things that other people find
| weird or that make other people uncomfortable ends up
| becoming a sort of hobby for them (and often becomes their
| personality entirely) since they effectively have nothing
| to lose over it.
| daptaq wrote:
| That is a good point. If you don't need to deal with
| everyday people to socialize, you don't have to adapt
| your behaviour to the mean expectation of what is proper
| and not. I remember reading an interesting socialist
| argument once, that this is historically unique because
| capitalism allows people to reduce social relations to
| that of monetary exchange. As long as you can pay your
| bills and buy what you need, nobody can complain. It is
| this perspective that people who retort with "Why do you
| even care?" implicitly hold, that I am not a fan of.
| fshbbdssbbgdd wrote:
| Just to let you know, this comment was flagged.
|
| I'm in this picture and I don't like it, but I vouched
| anyway. It's an interesting perspective I hadn't
| considered before, and broadened by horizons a bit.
| daptaq wrote:
| What does this mean?
| fshbbdssbbgdd wrote:
| See the entries about "flag" and "dead" in the FAQ:
| https://news.ycombinator.com/newsfaq.html
|
| The comment I responded to was dead. I don't feel it
| really violates the site guidelines. Although some people
| might take it personally, which could make it sort of
| flame-bait-y and result in flags.
| JumpCrisscross wrote:
| > _wonder how these people have no sense of embarrassment_
|
| Suppose it's challenging why having an anime character next
| to a blurb of text is embarrassing.
| ryan-c wrote:
| > I just wonder how these people have no sense of
| embarrassment.
|
| In at least one case I know of, by being so outrageously
| competent that they know it won't hurt their ability to get
| a job.
| paulmd wrote:
| honestly that's probably a great filter for "interesting"
| clients, if you want to keep the fortune 500 bureaucracy
| away and just work instead of push papers all day
| Shared404 wrote:
| Reminds me of that one commit to the bluetooth stack on
| Linux. Will try to find it in a minute.
| marginalia_nu wrote:
| Not sure if this is what's going on here, but I've noticed
| sometimes isolated communities don't want too much
| attention and front load these types of things as
| scarecrows to keep the general public away.
| Shared404 wrote:
| See Also: 9front
| marginalia_nu wrote:
| Parts of the alt right does the same with its meme
| sociolect. You'll see frogs and wojaks and hear of soy
| and cuck and various pills very quickly.
| Shared404 wrote:
| This is true.
|
| As much as I hate "both sides" discourse[0], it's
| interesting that I see the same memes in both right and
| left contexts - I wonder of a creation of a "second
| language" to discuss divisive politics is enough of a
| force to spread it, or of it is intentional coopting of
| another sides language to dilute it.
|
| E: [0] HN is not the place for the rest of my feelings on
| this. Both sides aren't the same is enough to suffice
| here.
| daptaq wrote:
| Then the question is why bring it up in the first place.
| If you don't want attention, you avoid these signifiers
| in public, I'd think?
| marginalia_nu wrote:
| You might also want to find likeminded people.
| ArchOversight wrote:
| > I just wonder how these people have no sense of
| embarrassment.
|
| What exactly is embarrassing about this?
| jhbadger wrote:
| I think in some parts of US culture not that familiar
| with Japanese culture there is the misconception that
| anime is all tentacle porn or something and so you should
| be embarrassed for liking anime.
| SoftAnnaLee wrote:
| While that stereotype still exists in some corners; I've
| actually found that there is more mainstream
| understanding and acceptance of anime these days. I work
| in an office that terminally online folks would call
| "full of normies"; but I have found people here are at
| least aware of anime, if not active consumers. These
| days, it's not "cringe" to enjoy anime itself, and I'm
| guessing that the majority of commenters in this
| particular thread are over-analyzing the presence of an
| anime girl on a website.
|
| The author probably likes seeing an anime girl, and feels
| that displaying one on their page expresses an interest
| in anime, tech, and a casual tone for their writing.
| jcims wrote:
| It's basically 'book babes'. Booth babes went out of
| fashion a while back for good reason. This kind of thing
| is relatively harmless in the instance but in aggregate
| puts out a vibe.
| Morgawr wrote:
| I'm curious why you think that's something to be
| embarrassed about. I feel like it's a cultural thing but
| for example here in Japan it's very common to see this
| style everywhere (on TV, on billboards, on the train, on
| random websites, etc) and several of my coworkers also have
| these kinds of backgrounds or posters at work (in an open
| office).
| WastingMyTime89 wrote:
| It was frankly weird and bit disturbing to see some of
| the neckbeards in engineering school obsessing about cute
| depiction of young girls. To this day, it definitely
| colours how I see random use of anime girls on CS related
| topics.
|
| I have no issue with it in its original Japanese setting
| and I wasn't aware of its use by the LGBT community but
| it seems far less depressing in this case.
| blarghhi wrote:
| There are a surprising number of pedophiles (who will
| immediately 'correct' people to use the term
| "ephebophile" instead) amongst the techbeard community. I
| agree it becomes uncomfortably apparent after spending a
| bit of time with these types.
| daptaq wrote:
| I don't know, this is mostly instinctual, but my guess is
| that this is subconsciously associated with the kind of
| cultural image of an anime enthusiast or furry as
| socially inept, meagre or generally nerdish.
| paulmd wrote:
| isn't this just... itasha culture for websites? ;)
|
| https://en.wikipedia.org/wiki/Itasha
|
| https://www.youtube.com/watch?v=vH0q3xForho
|
| https://web-japan.org/trends/11_culture/pop201901.html
| soulofmischief wrote:
| It's likely the reason they don't feel embarrassment is
| because they couldn't care less about your unwarranted
| judgement, and delight knowing that some people actually
| take the time to be upset about it.
| daptaq wrote:
| This always comes up in these discussions, my impression
| is that there is some kind of a split when it comes to
| understanding the concept of embarrassment. It is not
| about the individual judgement of people and being upset
| is the wrong word, but it is difficult to find the right
| words to explain it. When thinking to myself why I'd
| never do these kinds of things, setting aside the lack of
| interest, I wouldn't want a kind of general perception
| that people have of me to be associated with these
| cultural symbols. It is an interesting question,
| especially because it appears obvious until I reflect on
| it. I guess I am not the only one who feels like this,
| and some people get upset because it is difficult to
| articulate these "unwritten rules of behaviour in polite
| society".
| nalllar wrote:
| To me it's sad that you took that lesson away from that.
| :(
|
| Watching someone be genuinely enthusiastic about
| something is wonderful. Society has far too much
| cynicism, and watching it beat that into children as they
| grow up is no fun. I see a lot of adults who treat things
| that way.
|
| Maybe it's a generational thing, maybe it's my circles,
| but I've seen plenty people appreciating and gushing
| about people sharing their interests. It's even in the
| memes, here's an example:
|
| > Everyone wants an autistic gf who infodumps abt video
| games and linguistics and whatever up until day 43 of the
| relationship when you get a paper cut and she starts
| trying to drink your blood
| daptaq wrote:
| > Watching someone be genuinely enthusiastic about
| something is wonderful.
|
| But isn't the question what they are being enthusiastic
| about? I would certiainly agree that there are some
| things that considered noble and respectable (helping the
| sick, science, the right kind of activism for the right
| kind of people, ...) that most admire. At the same time I
| think most recognize that there are destructive or non-
| productive things one can be enthusiastic about to the
| point of obsession. While having an anime girl on your
| website or being a furry is usually not destructive and
| ignore the cultural popular images of people like these,
| then they are at least non-productive in the sense that
| neither society nor the individual themselves grows from
| engaging with the topic. You can study engineering and
| improve human technology or write and learn how to better
| express yourself, but I don't see how anyone can progress
| as an anime weeaboo beyond a self-contained culture that
| might value if you know the names and details of all
| characters by heart. As soon as you step out of this
| bubble, the value disappears.
|
| > Maybe it's a generational thing, maybe it's my circles,
| but I've seen plenty people appreciating and gushing
| about people sharing their interests.
|
| I don't know what generation you are referring too. I'm
| Gen Z and obviously have different feelings about this.
| Sure, I enjoy talking to people who share my interests,
| but I know when and where the right place is. I don't go
| out with friends and insist on talking about e.g. Emacs,
| and I certainly don't want to be perceived as someone who
| superficially is only interested in my own topics, not
| caring to engage with topics that others care about.
|
| (Btw. thank for your respectful tone, I appreciate that).
| dawnbreez wrote:
| I'm...not sure why it would be embarrassing? People have
| things they're interested in that aren't related to work,
| and besides, the suit-and-tie image of the workplace is
| deeply rooted in a load of nonsense (nonsense which ought
| to be _recognized_ as nonsense, but which is often confused
| for professionalism).
| daptaq wrote:
| If you check my other replies in this thread, I've tried
| to describe why I feel the way I do. But if I may, I'd be
| curious to hear what you'd consider to be "embarrassing",
| not as an act but as a personality trait.
|
| As an example, I believe to recall the first time I felt
| this way as a child, perhaps age 4 or 5. There was some
| sort of a meeting and somehow a kid felt prompted to go
| up to the whiteboard and start explaining everyone the
| Bionicle alphabet
| (https://bionicle.fandom.com/wiki/Matoran_Alphabet) with
| unreasonable enthusiasm. I was into Bionicles myself, but
| remember thinking to myself, "Don't you know how you look
| like? Don't you know that nobody cares? Have you no sense
| of how others perceive you? If I hadn't seen how this
| looks like, would I have done something like this
| eventually?". I don't know how others brush these
| impressions away with a "Good for him".
| fortran77 wrote:
| kps wrote:
| Typo? If so, please don't fix it.
| [deleted]
| rejectfinite wrote:
| As old as /g/
| eating555 wrote:
| Here's a repo for all kinds of anime girls holding programming
| books: https://github.com/cat-milk/Anime-Girls-Holding-
| Programming-...
| wyldfire wrote:
| Please tell me you used Stable Diffusion to generate this
| repo after seeing this post on HN, and not that this is some
| kind of odd almost-rule-34 fandom domain.
| daptaq wrote:
| These images have been shared around on image boards for
| probably over a decade, what you see here is just a group
| of people who sat down and categorized them:
| https://github.com/cat-milk/Anime-Girls-Holding-
| Programming-...
| Morgawr wrote:
| There's no porn in that repo. Anime girls holding
| programming books is a common meme/trend/style that's been
| around for over a decade by now.
| nostrebored wrote:
| > common
|
| absolutely not
| bskan wrote:
| You need to spend more time in /g/
| aliqot wrote:
| There's 3 inches of dust on those deep fried bad boys,
| welcome.
| mgdlbp wrote:
| See also: OS-tans from the turn of the century
| belfalas wrote:
| Fascinating - Idris and Haskell are represented but no
| Clojure.
| chillpenguin wrote:
| Honestly that doesn't surprise me haha
| 0xCMP wrote:
| My favorite for several reasons: https://github.com/cat-
| milk/Anime-Girls-Holding-Programming-...
| falcolas wrote:
| My take: People have used animals, drawings, and random photos
| as avatars since avatars were a thing. Anime has been growing
| in popularity and reach over the past decades, and the new (and
| broadly available) "Holo-live" style animated YouTube and
| Twitch avatars have created its own boom.
|
| Combine with a greater acceptance of non-traditional personal
| identities, and you get professionals using anime and furry
| avatars and decorations. Practically speaking, it's not really
| any more or less professional than O'Reilly using animals to
| create an identity for its programming book covers (so long as
| you're not wearing a fursuit or sailor moon leotard to work).
| jstanley wrote:
| I was curious what you were talking about, because I don't see
| any illustration.
|
| If you are browsing in dark mode, there is no background image.
| You have to switch to light mode to see it.
| Shared404 wrote:
| I can see it in dark mode on mobile firefox.
| Groxx wrote:
| Aaah. I was wondering too, and noticed that it was `width=0`
| and not visible, and had a few rounds of ????.
|
| So I guess we now know the heathens who drive in light mode
| tth_tth
| badsectoracula wrote:
| I don't think it is related to a new generation or something
| like that since i remember people using anime wallpaper
| backgrounds and avatars (in MSN Messenger, etc) since the early
| 2000s. It is just that in recent years anime became more
| popular _in general_ than it used to be even 10 years ago, so
| you are more likely to see anime stylized characters nowadays.
| [deleted]
| jchw wrote:
| The funny thing is that while I don't doubt in my mind that a
| lot of the folks with anime/furry illustrations in their blogs
| are generally younger, I suspect many of them are still
| knocking on 30 at least.
|
| What happened? Anime and furry fandom became more socially
| acceptable across contexts. Why? Probably because of the
| ridiculous degree to which we are connected online and the way
| this has eroded our ability to segregate identities. A lot of
| people you have seen online have always been huge losers, but
| many of them are more open to flagrantly displaying it now.
|
| Is this good? Dunno. I think making some of these subcultures
| more mainstream can suck for the subcultures themselves. I've
| never found it all that off-putting personally, but that could
| just be a reflection of my own biases as a long-time online
| loser.
| diputsmonro wrote:
| Generally agree, but I do have to bristle with the "huge
| losers" sentiment. The fact that furries/weebs have a strong
| visibility in the professional software/IT space should be a
| signal that those people _aren 't_ losers, and are in fact
| doing quite well for themselves. And if you're in the
| industry, then you need to do yourself a favor and remove
| that label from yourself.
|
| What you call a "flagrantly display", I call a typical,
| progressive break from meaningless social conventions. People
| like cute drawings and post them on their websites, so what?
| And I think it provides good visibility to those communities
| to demonstrate the skilled and creative people that inhabit
| it.
| jchw wrote:
| I mean, the truth is, it's obviously not that weird. It's a
| reflection of culture, at least in America, that I regard
| such things in this light. Still, I mean it with affection.
| The fact that it was somewhat outcast culture also freed it
| from the bounds of giving a damn about social
| acceptability, which led to some very free creativity. I
| always embraced this.
|
| I realize _now_ this attitude may seem unnecessarily self-
| deprecating, though. Oh well.
| andyjansson wrote:
| Also see David A. Wheeler's work on countering trojan horse
| attacks: https://dwheeler.com/trusting-trust/
| segfaultbuserr wrote:
| To me, the most interesting part of Wheeler's work is formal
| verification. As an extra argument, he converted his verbal
| arguments into a set of logical statements, and then used a
| theorem prover to show the DDC argument is flawless (within its
| assumptions).
| aaaaaaaaaaab wrote:
| What if the theorem prover was compiled with an infected
| compiler?
| segfaultbuserr wrote:
| I remember seeing a post on MathOverflow, the OP asked
| about the consequences of using malicious code to fool a
| theorem prover to certify lies and falsehoods.
|
| It's a valid question and has deep philosophical
| implications. Unfortunately, mathematicians are not tech
| workers, so they were not impressed, and closed the
| question as off-topic. I personally think the main reason
| resposible for the lack of enthusiasm from mathematicians
| is that formal methods are rarely used in our society, and
| mathematicians in general (with the exception of logicians)
| also do not really value formal axiomatic systems as the
| something especially important for setting a standard of
| truth. If formal methods are used in decision and
| policymaking in the far future, the picture will be
| different. Nevertheless, right now, malicious proofs are
| just a hypothetical thought experiment.
|
| https://mathoverflow.net/questions/63816/consequences-of-
| tec...
| XorNot wrote:
| This is a good moment to note that http://bootstrappable.org/
| exists and is one of the low level defenses OSS can provide
| against this problem. Work the minimal set of binary blobs that
| can be audited we can reasonably reconstruct whole toolchains
| from scratch.
| foobarian wrote:
| Heh, as far back as then Ken T. already knew the score:
|
| ) writing to news just causes more
|
| ) misunderstandings in the future. there
|
| ) is no way to win.
|
| Pretty amazing insight!
| segfaultbuserr wrote:
| One can find precursors of nearly every aspect of the modern
| social media back in newsgroups from the Usenet era during the
| 1980s and 1990s, including cat memes. Unix developer Rob Pike
| even invented role-play trolling in the 1980s on Usenet (mostly
| manually, but an automated bot was also tried). Back then it
| was a harmless hoax, and today on the modern web it's now
| causing massive troubles. [0]
|
| Old-timers like Ken Thompson clearly have understood the nature
| of a social network since a long time ago.
|
| [0] https://en.wikipedia.org/wiki/Mark_V._Shaney#History
| xmprt wrote:
| I don't think it's some super novel insight by him. The news
| has existed for many centuries and at least to some extent, it
| has created misunderstandings as long as it has existed.
| foobarian wrote:
| See, exactly! He meant writing to newsgroups, which were
| relatively new at that time. Or did he? :-)
| denton-scratch wrote:
| Thanks for digging-up and posting that; an interesting historical
| artifact.
| Javipok wrote:
| k0stas wrote:
| I got obsessed with this paper recently, to the point where I
| have read most of the "Unknown Air Force Document" that Thompson
| references with giving him the idea of Trojan horse. The document
| was later identified and is declassified and publicly available
| [1].
|
| > If one reads the original paper, one only finds a description
| of this attack as a thought experiment, leading one to conclude
| that any claim of a real-world attack by Thompson was an urban
| myth due to exaggeration.
|
| This is true although Thompson gives some tantalizing hints in
| the paper.
|
| In the introduction, he writes " I would like to present to you
| the cutest program I ever wrote." So he definitely wrote it and
| at least played around with it.
|
| Later on in the "Moral" section, he writes "The moral is obvious.
| You can't trust code that you did not totally create yourself.
| (Especially code from companies that employ people like me.)"
|
| This appears to be an admission but not quite strong or direct
| enough to validate he implemented and used the Trojan horse so it
| is great to read this post.
|
| [1] https://csrc.nist.gov/csrc/media/publications/conference-
| pap...
| an1sotropy wrote:
| Thanks so much for sharing the older MULTICS report; this is
| fascinating stuff.
| whatthem wrote:
| avgcorrection wrote:
| I agree with this sentiment. This is very inappropriate
| considering how children can consume C as a gateway language to
| memory unsafety.
| dang wrote:
| " _Please don 't pick the most provocative thing in an article
| or post to complain about in the thread. Find something
| interesting to respond to instead._"
|
| " _Please don 't complain about tangential annoyances--things
| like article or website formats, name collisions, or back-
| button breakage. They're too common to be interesting._"
|
| https://news.ycombinator.com/newsguidelines.html
| PoignardAzur wrote:
| > _" Please don't complain about tangential annoyances--
| things like article or website formats, name collisions, or
| back-button breakage. They're too common to be interesting."_
|
| That one happens a lot on HN. I'm not sure I'd want it to
| happen less.
| bombcar wrote:
| This goes to show the importance of multiple independent
| toolchains, and multiple variations on debuggers.
|
| The more there are, the harder it would be to successfully
| execute this attack for any length of time.
|
| However, it could and certainly has been done in specific
| targeted cases I bet.
| noobermin wrote:
| Please tell this to all those people who want gcc to vaporize
| and have all of us use clang. Competition is good.
| tristor wrote:
| This page is getting flagged as malware by OpenDNS, but here's an
| archive link: https://archive.ph/UjaMd
| Izkata wrote:
| Short story about an AI keeping itself hidden through this
| attack: https://www.teamten.com/lawrence/writings/coding-
| machines/
| Jabrov wrote:
| Damn this story was soo good!
| an1sotropy wrote:
| It is great to see this from the source (or close to it). Some
| searches on the text of Thompson's message also led to these pre-
| existing sources (not linked from niconiconi's blog) of a post by
| Jonathan Thornburg:
|
| https://www.mail-archive.com/cryptography-digest@senator-bed...
|
| https://groups.google.com/g/sci.crypt/c/PybcCHi9u6s/m/b-7U1y...
|
| btw is there any public archive of ~old usenet (say, through
| 1999)? I was trying to remember things I learned from on alt.2600
| but groups.google.com says it's "banned".
| chris_st wrote:
| Someone (Uunet, maybe?) put out a bunch of usenet CDs back in
| the 90's... don't know how far they went back (or which groups
| they had. IIRC, it was pretty much everything except binary
| groups). It'd be challenging to find them.
| obi1kenobi wrote:
| When you say "searches" are you referring to regular web search
| (e.g. Google) or something more specialized?
|
| Just wondering if there's a good way to programmatically search
| "old" records like these.
| an1sotropy wrote:
| sorry didn't meant to be obscure - it was just google
| searches, but I found that if I used quotes google was less
| useful than if I searched for a longer string without quotes
| (I think others on HN have noted the quality of google
| searches seems to be decreasing). In my case I searched for
| fyi: the self reproducing cpp was installed on OUR machine
| and we enticed the unix support group
|
| but without quotes. I know it's quixotic but I kind of wish
| altavista was still working (now yahoo owns the domain name).
| [deleted]
| trustingtrust wrote:
| One of my favourite papers for sure. It's mind boggling the way
| it was presented.
| naillo wrote:
| That anime girl really makes it hard to hide that you're doing
| work unrelated things in the office.
| kps wrote:
| > anime girl
|
| S-Should we tell him?
|
| Nevxnjn Uvzr vf abg n tvey
| duxup wrote:
| This is strange, I don't see an anime girl.
| dmix wrote:
| The author must have removed it.
|
| Edit: apparently it's only on mobile size, near the footer.
| duxup wrote:
| Oh yes mobile, there it is.
| hbn wrote:
| If you squish the browser window enough it'll go into a mobile
| view where she jumps to the bottom
| bentcorner wrote:
| Ah - thank you. The comments here make a lot more sense now.
| Anyone care to explain why it doesn't show up anywhere for
| desktop users? Html has this: <footer
| id="footer"> <img id="footer-image"
| src="/img/niconiconi.png" width="0%" /> </footer>
| hbn wrote:
| On desktop you see the image as a background on the <body>
| @media (min-width: 770px) body { ...
| background-image: url(/img/niconiconi.png); ...
| }
|
| And on mobile you see that footer @media
| (min-width: 770px) #footer-image {
| width: 0%; }
| SllX wrote:
| It's okay. She's got a copy of "The C Programming Language".
| We're in the clear!
| davidchen wrote:
| For those not on mobile - resize your desktop window and scroll
| to the bottom
| cantSpellSober wrote:
| I hide all website footers by default, you wouldn't be
| surprised to know useless they usually are
| #footer, .footer { display: none !important; }
|
| Userstyle to remove the image from this site:
| @-moz-document domain("niconiconi.neocities.org") {
| body { background-image: none !important;
| } #footer { display: none
| !important; } }
| Groxx wrote:
| but.... if you do this, how will you know what year the
| copyright of the page is?!
| Attrecomet wrote:
| And whatever the site did disabled ublock's "block element".
| Luckily umatrix still works and I was able to block images from
| the site
| Groxx wrote:
| For those confused:
| https://news.ycombinator.com/item?id=33008860
|
| @jstanley discovered that it's only visible when browsing in
| light mode.
| Taylor_OD wrote:
| > That anime girl really makes it hard to hide that you're
| doing work unrelated things in the office.
|
| What do you mean?
___________________________________________________________________
(page generated 2022-09-28 23:00 UTC)