A few days ago, a vulnerability in xz-utils named CVE-2024-3094 was discovered, and since then the open source community as well as security pundits fall over themselves and each other to provide the best analysis of this incident. Don’t worry, this post isn’t another one of those. Because while all the speculation about what motivates such a long-term attack is fun, the underlying issue is way, way simpler. In a tweet1, Heather Adkins of Google posted an “unpopular opinion: if your hobby is now responsible for running the modern world, it’s no longer a hobby ..read more

Yesterday, we explored the differences between a Merkle DAG and vessel’s DAG. Today’s topic revolves around how combining wyrd’s conflict-free, replicated data type (CRDT) with vessel makes a specific kind of CRDT, namely a DAG-based one. Figure: “Fractal Structures” by SolomonVipe is licensed under CC BY-SA 2.0 Conflict-Free, Replicated Data Types A quick recap on CRDTs first. They’re data types, largely fairly simple ones, such as counters or sets. And they’re conflict-free, meaning that multiple parties can modify them concurrently, and when their respective modifications get synchroni ..read more

One of the recurring conversations I’m having is on whether vessel is a Merkle DAG or Merkle Tree/Trie, and every time I have to start over with explaining that it is not. And this is a deliberate choice. In this post, I’d like to explore the differences – and this post will also kick off a mini series on how vessel and it’s sibling project wyrd together form a DAG-based conflict-free, replicated data type (CRDT) akin to a Merkle CRDT ..read more

With 2023 over, and some time between now and the last update, it’s perhaps a good moment to reflect on what happened in 2023 and where the project is right now. Achievements Last year saw the closing of our grant from Internet Society Foundation, who have been excellent partners for the past two years! I don’t think I can overstate how important this grant has been for our work. In particular, a longer-running grant meant the focus could be more on actual research – trying things out and writing up the results – and less on implementation ..read more

I was thrilled to be on stage with the Tor Project for the 2023 edition of EmpoderaLIVE. Giorgio and I followed a strong segment from Joyce Dogniez of the Internet Society Foundation, which delved into the intersection of human rights issues and the Internet already. After Giorgio explained how the Tor project saves lives right now, my part was relatively simple – I mostly said that I want to make Tor project obsolete ..read more

The recent issues with Google’s WEI proposal have provided for a few more views of this blog and website, which makes it worth diving into our work a little again. The previous post on resource access is quite old at this stage, after all. Quick Recap Under different grants, we’ve been working on a bunch of loosely related technologies. The highlights are: Channeler – a protocol that has can switch between UDP-like lossy and TCP-like lossless modes of connection, as well as novel modes suitable for live broadcast ..read more

Previously, I wrote about how to use Valgrind for debugging memory issues – and today, I’d like to go into how to use the tool for profiling. As I wrote before, Valgrind is an instrumentation framework that provides a collection of tools. For profiling, we’ll look at the Callgrind tool together a GUI application called KCachegrind. As a quick historical note, the predecessor to Callgrind is called Cachegrind, and was mostly for examining CPU cache usage – but Callgrind was developed out of that ..read more

A few days ago, I made a social media post about Google vs. the Open Web. It received some responses, so I’ll reproduce it below with some additional comments. “Open Web - Gnomedex 2008” by Randy Stewart is licensed under CC BY-SA 2.0 Google is trying to kill the Open Web. Using the proposed “Web Environment Integrity” means websites can select on which devices (browsers) they wish to be displayed, and can refuse service to other devices ..read more

A recent thread on social media reminded me that some of the development tools I take for granted are not widely known. Veteran game developer Martin Linklater (@Fizzychicken@mastodon.gamedev.place) asked about profiling on Linux, which prompted me to mention my favourite Valgrind, which prompted a question about its use. I offered to write up a quick tutorial on it. But thinking about it a little more, quick, introductory tutorials to the tools we use makes for a useful addition to this section of the blog ..read more

“Bucket & spade” by Dale Gillard is licensed under CC BY 2.0 The other day, I was asked by a friend what it is I’m doing with this project. He’s very much into following technological trends, but not a deeply technical person himself. That drove home yet again how hard it is to provide an “elevator pitch” summary of our work. When I speak about a “human centric” internet, what I mean is a digital place where human rights are protected, and human needs are met ..read more