2x09: Visible Private Network


#1

Stuart Langridge, Jono Bacon, and Jeremy Garcia present Bad Voltage, in which we are secure, we wear the juice, we get to the choppa, and:

  • [00:02:15] The news this week, including going to prison in Portland for calling yourself an engineer without permission, more fast-food incredulity at the KFC Double Down, robbing banks while invisible, and Intel's chips are all vulnerable to a security exploit and you should check and get it fixed if it needs fixing
  • [00:12:38] In a world where Intel and ARM are massively dominant, is there space for some more open architecture? OpenPOWER and SuperH could be candidates technologically, but what's standing in the way of this from a business point of view? Would anyone make hardware on these less-popular architecture? Should we even want them to?
  • [00:28:21] VPNs are the hot topic right now, for all sorts of reasons. Protecting your privacy from governments or your work from your client's network, connecting to your employer's systems from elsewhere, getting around geoblocking... there are all sorts of reasons you might want to use a VPN, but which ones out there are actually good, and how do you make a decision? A good place to start may be thatoneprivacysite.net, and we're currently using some combination of Opera Browser's built-in VPN, Lantern, PrivateInternetAccess, ExpressVPN, and Nord VPN; we certainly also want to hear recommendations for other providers and why you're using those in particular; there are lots of different reasons why people want a VPN, and lots more why people should
  • [00:44:23] We were asked by a listener to talk about working for oneself: all three presenters either work for themselves right now or have done so for over a decade, so we've got quite a few thoughts and war-stories about all this. Herewith, some ideas on why working for oneself is good (or why it isn't), and what we've learned (sometimes pleasantly, sometimes less so) along the way...

Download the show now!


2x24: They Weren't That Shiny Anyway
#2

There appeared to be some history missing from your CPU debate which is quite important. The reason x86 based platforms won in the early days was backwards compatibility. Developers didn’t have to port their code every time a new CPU was released, the binaries just worked. With regards to the Intel inside adverts, that wasn’t a war against other platforms but against other x86 manufacturers such as AMD.

I am the lead developer of a product called MariaDB ColumnStore which is a GPL columnar analytics database engine. At the moment it will only work in x86_64 based Linux machines. It won’t work on FreeBSD or MacOS, it won’t work on PPC and probably won’t work on ARM. Why? Because we develop for the hardware our users use. Our users haven’t yet shown any interest in these platforms. Supporting more platforms takes many more resources in both man hours and hardware. ARM is probably closest to penetrating the market but the thing missing is something Linux can do as a hack (FatELF) and Mac can do easily which is the concept of “universal binaries”. This helps a user base migrate from one platform to another.

Of course different platforms are optimised for different use cases which is why servers typically have more than one CPU type in them now. A CPU, a GPU which is used for complex maths and usually some kind of ASIC such as QuickAssist which can be used for encryption/decryption acceleration. I believe AMD is looking into CPUs that have both x86_64 and ARM on the same chip.

In summary you have a catch 22 where you need to get users to want to develop for the platform, users won’t want to develop for the platform if no users have it and users won’t want the platform if there is no software for it. This is a similar reason why penetrating the mobile phone market with a new OS or CPU type is almost impossible. Intel lost this market early and couldn’t really recover it no matter how much they poured into it for this reason.

For the VPN I don’t use one at home. I mostly use a home VPN server when working away from home. This lets me access my home servers, protect my traffic and lets my use iPlayer. In the times where this won’t work (UDP port blockage on public WiFi) I use PrivateInternetAccess.


#3

Sure, there’s a catch-22 there. But my point about the Debian archive was not made lightly. Most packages in Ubuntu universe are also available on, say, armhf, and that’s not because the upstream developers spend a lot of time and effort individually tweaking things for that architecture. Supporting other arches does take work – Ubuntu dropped powerpc for a reason – but it’s not like choosing a different arch means you have literally no programs. Debian supports mips and s390 and powerpc as well as x86 and arm. Certainly some programs – if they go down to the hardware for performance, or if they’re doing hardware-specific things perhaps unintentionally – may have specific “we support x86 and that’s it” restrictions, but if you’re happy with a standard Debian install then a new architecture isn’t a huge barrier, and a reasonable proportion of existing software will come up on a new arch with not a lot of tweaking. So it’s not a deal-breaker; it’s certainly a problem, but I think we noted that.


#4

I mostly agree with you. The platforms are optimised for different use cases at the hardware level so for a lot of people chucking out a 3 year old Xeon and replacing it with PPC may actually make things worse (I’ve seen that actual scenario happen a few years ago). ARM is definitely not a generic platform by any stretch of the imagination (I really like ARM, I just don’t like the bajillion different incompatible instruction sets and platforms ARM is) and I don’t see money going into the others any more beyond embedded or niche server. For an OS and certain major applications that is fine, there will be a dedicated user base.

For a majority of projects those platforms aren’t on their radar and many aren’t even taking upstream patches for those platforms because it means having to support those patches/platforms (I’ve seen this happen with a major Open Source project that you and I have used a lot). This makes Debian’s job harder. As a side note my particular project would take upstream patches because we have access to pretty much every platform, but we would need man hours to do the initial porting work and it isn’t yet a high priority.

Of course I’m looking at it from a server point of view rather than a desktop.


#5

I really enjoyed the discussion on self-employment. I find myself still struggling to determine which uses of my time generate the most income and how that compares to what I enjoy doing. In general I’m self-employed because I tend to bounce off the walls if forced into too much routine. That and having a broad but difficult to monetise skillset (so finding employment that gives a decent return on my abilities is basically impossible).

I don’t generally mind the paperwork but find it very difficult to advertise what I’m working on through social media - it feels like intruding on people’s private lives. I’m also struggling with the transition from hobbyist to professional. So far I’m not sure whether people don’t like my work any more or just consider it my job and therefore not something in need of admiration.

For context I make, cast, and distribute wargaming models. When I was just making models for hobby purposes people would encourage me to sell copies. Now I wonder whether I’ve just got worse or whether people think “Of course he’s good at it - it’s his job!”

As I’m self-employed I don’t have colleagues that can give me feedback and encouragement. The lack of support structure can be a real problem at times and it’s not a problem I’ve yet figured out how to solve.

You guys also pointed out something that we all know but seems to be lost on people that haven’t experienced it - there’s a lot of overhead to deal with. If muggins here doesn’t do the paperwork really bad things happen. The website doesn’t admin itself, products don’t pop into existence with product descriptions and photographs ready to go, etc. etc… It’s a lot of work and whilst I don’t resent any of it (well, making mould boxes can be pretty dull!) I also don’t feel like I get any “social credit” for working my arse off.

Right, I’m off to drink champagne out of something impractical.


#6

So I have owned a chromebook for nearly 3 years and went with google-ChromeOS until recently.
I had just about had had enough og google and after 3 hours on the #galliumos IRC channnel - I switched my touch-screen laptop and looked around for a VPN service after hearing your podcast.

Now lets be clear - over years I have accumulated several VPN LIFETIME offers from deals.slashdot.org including AnonVPN and TigerVPN and probably have spent £200 on vanity VPN deals that seemed too good to be true.

Now, everytime you go onto #ubuntu-community-team, there’s always someone on to give you advice, and consistently, I have heard that you should never skimp on your VPN service.
The admins there always suggest VYPR vpn by goldenfrog which costs slightly more a month, but there’s no outages and customer service is top-notch.

With all the users clambering for cheap VPN, it’s no wonder that people end up experiencing poor service and reviews.

So here’s the tweet for 25% off and it’s either 1,3 or 5 computers depending on your package.


#7

Good points all. I work as a small cog in a very large and complex wheel as my day job, but I have dabbled with some entrepreneurial ventures (mostly web and bitcoin stuff), and the lack of outside – positive – feedback is something I noticed as well. In addition, it seems people by nature are less likely to give just an attaboy for good measure, but rather stay neutral until something needs correcting, and they’ll voice the critique. In those cases you just look at the order book: if you have returning clients, you are doing most things right I guess.

As my day job forces me to a minute-by-minute schedule, random work hours and rigid work rules, I long after a be-your-own-boss life; the sleep-ins on a Tuesday and a liquid lunch for Thursday.

Or, is this the real life? Is this just fantasy?


#8

@sil I’d like some clarification regarding the guy who was prosecuted for being an engineer.

Was he claiming to be an engineer? In which case as an engineer my self I would have some sympathy with Portland because I feel the term “engineer” should be protected because it implies a level of knowledge which few possess. For example as an engineer I apply my judgement to say that this product is safe and will function to an agreed minimum standard over its expected life. Only those with the relevant training and experience should be allowed to do that.

Or was he just applying basic science and logical thought to a situation? If this is the case then clearly Portland were being dicks of the highest order we want to encourage critical thought and scientific analysis at all levels not just from those of us with an engineering or science degree.


#9

According to the article at https://www.theregister.co.uk/2017/04/29/engineer_fined_for_talking_about_math/ he just noticed a problem and mailed the relevant local government about it. Exactly how true that article is, I’m not sure.


#10

Yes, I think expectations shift when you become a pro. We sometimes bake our own bread at home and we mostly think it’s great. But tbh, if if I bought the average of those breads at a real baker, I’m not sure that i would go there again.
(Btw, no one ever sugested to me to become a baker, so probably your cast figures are better than my bread :slight_smile: )

Yes I think that’s very true. I think one needs to compensate for the indifference of other people by a lot of own entusiasm. And then slowly, bit by bit, as you continues to work your arse off and somehow retain your enthusiam, others gradually become less indifferent.

Nah, I was just kidding…

this is exactly how the real life of self-employed people looks like :laughing:
(edit: Otherwise, perceivably, no one would be stupid enough to do it, am I right ;-)?)


#11

In terms of VPNs becoming consumer services, Google hosts a VPN for Nexus and Pixel device owners as part of their WiFi Assistant. I wouldn’t call it secure from a Googel perspective (like they’re going to have to opportunity to see all of your browsing and not use it for ad targeting) but it automatically enables itself when it sees an open wifi connection to protect from on-the-network threats.

I use a VPN for all of my traffic, which I personally see as a necesity given the god-awful (read: non-existent) security of the uni accommodation that I’m in (All wifi traffic goes through an open network).


#12

According to the article he’s a Swedish electronics engineer so technically he’s an engineer. But if their engineers are anything like their chefs then that designation would be dubious!

I haven’t read his emails, but I guess if he portrayed himself as an Oregonian Engineer when really he was a Swedish Engineer in Oregon there could be cause for legitimate complaint by the Oregon licensing board.


#13

In Britain the concept of engineer is also vague: I have just had my washing machine service by an “engineer”, I doubt I would have called him a technician if he worked for me.


#14

I found the part about different architectures interesting, even though there are meant to be benefits of non-AMD64 architectures, besides power consumption there seems to be very little motivation to use anything else.

Even if you want to, getting a system to develop/maintain software for other architectures is a real hassle. Its either cheap-under-powered ARM systems (from perspective of a dev workstation). Or expensive IBM/Oracle server systems.
Also, the platform support is very spesific. You can’t just grab a Linux distro for ARM/PPC… (or others…).

Having worked on software that supports 32/64bit, big/little endian - I thaught it would be nice to keep support working, so I used QEMU for a PPC debian install. While incredibly slow (for X11/OpenGL) it did work… some months after debian dropped support … sigh.

Fingers crossed open-power gets some traction.


#15

I also listened to the part about self-employment with a lot of interest.
I have been thinking about starting something for myself as well. I already have done a few
side projects over the years.

As a bioinformatician/data scientist there is quite a bit of opportunity these days. But I have found it difficult to attract the first client that would make it possible for me to make the jump.
So how did you guys go about getting your first client?


#16

I would like to warn people off the web site https://www.privateinternetaccess.com/. It just allowed me to Pay without even asking me for a username. The payment went through in Paypal yet it did not go back to the web site. So i have just paid for something without even being asked for a username. Not a great design for a web site. Opened a dispute


#17

Aaaaaaaaaaaaaaaand this is why VPNs (in this context) will be slow to take off.


#18

To be fair they did refund my money so I don’t think they are a scam and also it does say on their web site that their site has problems accepting paypal payments with two factor authenication which obviously is the least that I would use.

I ended out using Cyberghost, you pay per machine so its cheaper than the others listed, recommended by Wired (so its kindof legit). So far for me it works but I noticed it seems to make the machine lose connection if I leave it on for a few days. Its not a problem though as I can switch on the vpn connection when I need it otherwise when i want it running as my web server i switch it back.


Please respect our code of conduct which is simple: don't be a dick.