[doty]

I am reminded of JWZ's "On Toolkits" (https://www.jwz.org/xscreensaver/toolkits.html):

"Let's suppose that down in the bowels of some particular version of some particular toolkit library, there lurks a bug. Let's suppose that the nature of this bug is something relatively obscure: say that it's something like, if you hold down 5 keys on the keyboard for 10 seconds then drag the middle mouse button, the text entry widget gets a SEGV. (In fact, I'm not making this up: I saw this very bug once, years ago.)

Now, that's the sort of bug that is not likely to be noticed or fixed, because it's the sort of thing that people "never" do. If that bug was reported against, say, a web browser, nobody would much care: User: "I can crash my web browser by doing this crazy thing!" Developer: "Uh, don't do that then." And that's not a totally unreasonable response.

However, in the context of security software, it matters, because then it's not merely a cute trick that crashes the program: now it's a backdoor password that unlocks the screen."

[userbinator]

Also from that article is a good advice in general:

Bugs like that will exist in GUI libraries; it's inevitable. The libraries are big, and do many different things. So one way to protect against that problem is to keep the number of libraries used by the xscreensaver daemon to an absolute minimum.

If you want to make less buggy software, you should aim to reduce complexity as much as possible, and not just hide that complexity with a library. The coordination of multiple processes as exampled therein is a good demonstration of how splitting functionality into multiple pieces may mean adding complexity overall because of the need to coordinate how the pieces interact.

[oconnore]

This sounds like a job for Erlang, not JWZ staring at C code until he's convinced it won't segfault. A small monitor process could do something reasonable when the big GUI codebase fails, and then everyone wins.

[tedunangst]

The design of X screen lockers makes that kind of difficult. Exclusive keyboard control is exclusive, meaning the secure locking process and the pretty crashing process aren't going to share very well.

[nfm]

That link is redirecting to an unexpected image for me.

Edit: it works if I copy-paste the URL.

[pronoiac]

From a personal email, jwz said I could quote: "Every time [Hacker News drops by] someone launches a DDoS. This time it's a SYN flood. Pretty much like clockwork." This looks like a response to that.

[mappu]

Wrapper link: http://nullrefer.com/?https://www.jwz.org/xscreensaver/toolk...

[simoncion]

Is it some item of human genitalia? If so, you've triggered JWZ's anti-image-hotlinking system.

There must be something somewhat unusual about your browser or maybe something is mangling HTTP requests on their way to his server.

[nfm]

Yes, yes it is.

Does the link work as expected for you?

The strange thing is that it does work for me if I copy-paste the link (as opposed to ctrl-clicking it). There really shouldn't be much that's different between those two requests except for the referrer header.

[simoncion]

It does work as expected for me, no matter how I visit the URL. (The first time I viewed the page, I ctrl-clicked the URL.)

> There really shouldn't be much that's different between those two requests except for the referrer header.

I don't know the details, but I gather that that's a big component of the anti-hotlinking system.

[Analemma_]

jwz just confirmed on Twitter that he blocks requests with HN in the referrer: https://twitter.com/jwz/status/665658171415859200

[simoncion]

Odd. Clicking on the link in the HN conversation works just fine for me.

Wait. Does running Firefox in Incognito Mode not send along a referrer?

[nitrogen]

Huh. I guess we don't have time for jwz, either.

[PhasmaFelis]

Appears to be one of those bizarre people who gets offended when people link to them. They were more common back when bandwidth was as precious as diamonds, and I see this article dates from that era. On the modern Web, I've never been sure if they don't quite understand what the internet is for, or what.

[honestcoyote]

You're going to accuse jwz of not understanding the internet? I'm going to assume you have no idea who jwz is.

[PhasmaFelis]

Anyone who actually gets angry when they're linked to (that image seems calculated to offend, not merely deflect bandwidth usage) has some kind of fundamental disconnect with how the internet is used on a day-to-day basis. It may be a social/emotional disconnect rather than a technical one, but it's still a disconnect.

I suppose I should acknowledge the possibility that he's just kind of a dick and likes trolling people for lulz. That's not really better, though.

[tedunangst]

It's his server. He gets to decide how it responds when people send it requests. If there's a disconnect, I think it's the people telling jwz how he needs to configure his server.

[PhasmaFelis]

> It's his server. He gets to decide how it responds when people send it requests.

I don't understand why you think this contradicts anything I said.

[scintill76]

Sending drastically different content based on where your URL was clicked from, should indeed count as one definition of "not understanding how the hypertext web works." It's also something you're free to do, and the rest of the web is free to stop linking to you in response.

[userbinator]

I suppose I should acknowledge the possibility that he's just kind of a dick and likes trolling people for lulz.

Or perhaps that he's just kind of a troll and likes dicking people.