Eric S. Raymond's Blog, page 22

I’ve been learning more about tinkering with electronics lately, soldering and casemodding an that sort of thing. The major reason fot this is NTPsec-related and will be discussed in a near-future post, but here is an early consequence iunrelated to that project:

Converting a PS/2 TrackMan Marble to USB

While most of the NTPsec team was off at Penguicon, the NTP Classic people shipped a release patched for eleven security vulnerabilities in their code. Which might have been pretty embarrassing, if those vulnerabilities were in our code, too. People would be right to wonder, given NTPsec’s security focus, why we didn’t catch all these sooner.

In fact, we actually did pre-empt most of them. The attack surface that eight of these eleven security bugs penetrate isn’t present at all in NTPsec. The vulnerabilities were in bloat and obsolete features we’ve long since removed, like the Mode 7 control channel.

I’m making a big deal about this because it illustrates a general point. One of the most effective ways to harden your code against attack – perhaps the most effective – is to reduce its attack surface.

Thus, NTPsec’s strategy all along has centered on aggressive cruft removal. This strategy has been working extremely well. Back in January our 0.1 release dodged two CVEs because of code we had already removed. This time it was eight foreclosed – and I’m pretty sure it won’t be the last time, either. If only because I ripped out Autokey on Sunday, a notorious nest of bugs.

Simplify, cut, discard. It’s often better hardening than anything else you can do. The percentage of NTP Classic code removed from NTPsec is up to 58% now, and could easily hit 2/3rds before we’re done,

I had a great time at Penguicon 2016, including face time with a lot of the people who help out on my various projects. There are a couple of thoughts that kept coming back to me during these conversations. One is “It is good, having so many impressively competent friends.”

The other is that without me consciously working at it, an amazing support network has sort of materialized around me – people who believe in the various things I’m trying to do and encourage them by throwing hardware and money and the occasional supportive cheer at me.

Because I didn’t consciously try to recruit these people, it’s easy for me to miss how collectively remarkable they are and how much they contribute until several of them concentrate in one place as happened at Penguicon.

Where I thought: “I’ve been taking these people a bit for granted. I should do better.”

So here, in no particular order, is a (partial) list of people who are really helping. It focuses on those who were at Penguicon and are A&D regulars, so I may have left off some people that would belong on a more complete list.

John D. Bell: I hate having to do system administration and am not very good at it. John is the competent sysadmin I run to for help; he gives generously of his time and friendship. He’s also the person who accidentally started the cascade of events that resulted in the building of the Great Beast of Malvern.

Jay Maynard: My DNS zone secondary and the person I go to specifically for DNS help, because I touch it so seldom that I invariably forget all the fiddly details.

Mark Atwood: My project manager on NTPsec, he who makes my paychecks flow. He wouldn’t make this list if he were just some random corporate functionary set by CII to watch how their money is being spent; he volunteered to PM at least in part because he respects me, likes the work I do and thinks it good to help. Thus, not only does he do as comprehensive a job as I judge is possible of shielding me from the politics around my work and my funding, he smiles benignly when I wander off to work on things like reposurgeon or the Practical Python Porting HOWTO for a while. He even warns me against the dangers of overwork. I’m not sure what more one could ask of a manager, but I’m sure I’ve never had a better one.

Dave Taht: Dave…starts things. Like tossing a Raspberry Pi 3 dev kit at me, confident that though he might not be able to predict exactly what I’d do with it, I’d do something interesting. (He wasn’t wrong.) Dave is constantly pushing me, gently and constructively, to learn and think a bit outside my comfort zone. He’s one of the very best friends I have.

Phil Salkie: He who taught me how to solder (he’s a top-flight industrial troubleshooter of the hands-on kind by day) and is gradually inculcating in me the hardware-integration skills required for me to work with things like SBCs. Takes a lively, intelligent observer’s interest in many of my projects, and often has useful things to say about them.

Jason Azze: It took me longer to notice Jason than I should have, because he doesn’t draw attention to himself. His style is to lurk around the edges of my projects quietly doing useful things, often involving buildbots.

Sanjeev Gupta: Another frequent lurker, with a particularly good hand for criticizing and improving documentation.

Gary E. Miller: If I were an evil overlord, Gary would be my trusty henchman. He’s been my chief lieutenant on GPSD for years, and told me that he likes having me in the #1 spot so he doesn’t have to do it. Tends to follow me around to other projects; a once and probably future NTPsec dev. His excellent low-level troubleshooting skills complement my systems-architect view of things perfectly.

Susan Sons: Susan is an InfoSec specialist who worries, very constructively, about my security. She’s good at it. She was also the person originally responsible for pulling me into NTP development.

Wendell Wilson: Builder of the Great Beast, and another guy who tends to drop hardware on me to see what I’ll do with it. Takes time out of a very busy life as an engineer/entrepreneur to make sure I have sharp tools and the blades stay properly whetted.

All you fanboys out there: These people give me a gift I value much more than adulation. They engage me as equals to a fallible human being, think about what might make me less hassled and/or more productive, and then do it. This is good, because it means I get to solve more and harder problems for everybody’s benefit.

Last I cannot fail to mention my wife Catherine Raymond. It’s certainly what would be expected for a wife to support her husband, but Cathy goes well beyond “That’s nice, dear” by being actively engaged with my life among the geeks. She befriends my peers and followers and shares their jokes, not merely tolerating but often enjoying their eccentricities. The people in my support network like her, too, and that actually matters in pulling it together.

When I think of it, it’s like I have a small but remarkably capable army around me. I’m making a resolution to be more appreciative of people who sign up for that. Yes, they all have good reasons of their own; people who believe that teaching me things and helping me can have far-reaching consequences that they will enjoy are, on past evidence, quite right to bet that way in their own interests. Still doesn’t mean I should take them for granted.

Because people do in fact drop money in my PayPal and Patreon accounts, I think a a decent respect to the opinions of mankind requires that I occasionally update everyone on where the money goes. First in an occasional series,

Recently I’ve been buying Raspberry Pi GPS HATs (daughterboards with a GPS and real-time clock) to go with the Raspberry PI 3 Dave Taht dropped on me. Yesterday morning a thing called an Uputronics GPS Extension Board arrived from England. A few hours ago I ordered a cheap Chinese thing obviously intended to compete with the Adafruit GPS HAT I bought last week.

The reason is that I’m working up a very comprehensive HOWTO on how to build a Stratum 1 timeserver in a box. Not content to merely build one, I’m writing a sheaf of recipes that includes all three HATs I’ve found and (at least) two revisions of the Pi.

What makes this HOWTO different from various build pages on this topic scattered around the Web? In general, the ones I’ve found are well-intended but poorly written. They make too many assumptions, they’re tied to very specific hardware types, they skip “obvious” steps, they leave out diagnostic details about how to tell things are going right and what to do when things go wrong.

My goal is to write a HOWTO that can be used by people who are not Linux and NTP experts – basically, my audience is anyone who could walk into a hackerspace and not feel utterly lost.

Also, my hope is that by not being tightly tied to one parts list this HOWTO will help people develop more of a generative understanding of how you compose a build recipe, and develop their own variations.

I cover everything, clear down to how to buy a case that will fit a HAT. And this work has already had some functional improvements to GPSD as a side effect.

I expect it might produce some improvements in NTPsec as well – our program manager, A&D regular Mark Atwood, has been smiling benignly on this project. Mark’s plan is to broadcast this thing to a hundred hackerspaces and recruit the next generation of time-service experts that way.

Three drafts have already circulated to topic experts. Progress will be interrupted for a bit while I’m off at Penguicon, but 1.0 is likely to ship within two weeks or so.

And it will ship with the recipe variations tested. Because that’s what I do with your donations. If this post stimulates a few more, I’ll add an Odroid C2 (Raspberry Pi workalike with beefier hardware) to the coverage; call it a stretch goal.

This is an entirely silly post about the way I name the machines in my house, shared for the amusement of my regulars.

The house naming theme is “comic mythical beasts”.

My personal desktop machine is always named “snark”, after Louis Carroll’s “Hunting of the”. This has been so since long before adj. “snarky” and vi. “to snark” entered popular English around the turn of the millennium. I do not find the new layer of meaning inappropriate.

Currently snark is perhaps better known as the Great Beast of Malvern, but whereas “snark” describes its role, “Beast” refers to the exceptional capabilities of this particular machine.

One former snark had two Ethernet ports. Its alias through the second IP address was, of course, “boojum”.

My laptop is always “golux”, from James Thurber’s The Big O.

The bastion host (mail and DNS server) is always “grelber”, after the insult-spewing Grelber from the Broom Hilda comic strip. It’s named not for the insults but because Grelber is depicted as a lurking presence inside a hollow log with a mailbox on the top.

Cathy’s personal desktop machine is always “minx” after a pretty golden-furred creature from Infocom’s classic Zork games, known for its ability to sniff out buried chocolate truffles.

The router is “quintaped”, a five-legged creature supposed to live on a magically concealed island in the Potterverse. Because it has 5 ports, you see.

For years we had a toilet-seat Mac (iBook) I’d been given as a gift (it’s long dead now). We used it as a gaming machine (mainly “Civilization II” and “Spaceward Ho”). It was “billywig”, also from the Potterverse.

I have recently acquired 3 Raspberry Pis (more about this in a future post). The only one of them now in use is currently named “whoville”, but that is likely to change as I have just decided the sub-namespace for Pis will be Dr. Seuss creatures – lorax, sneetch, zax, grinch, etc.

That is all.

This year’s meatspace party for blog regulars and friends will be held at Penguicon 2016 On Friday, April 29 beginning at 9PM.

The venue is the Southfield Westin hotel in Southfield, Michigan. It’s booked solid already; we were only able to get a room there Friday night, and will be decamping to the Holiday In Express across the parking lot on Saturday. They still have rooms, but I suggest making reservations now.

The usual assortment of hackers, anarchists, mutants, mad scientists, and for all I know covert extraterrestrials will be attending the A&D party. The surrounding event is worth attending in itself and will be running Friday to Sunday.

Southfield is near the northwestern edge of the Detroit metro area and is served by the Detroit Metropolitan Airport (code DTW).

Penguicon is a crossover event: half science-fiction convention, half open-source technical conference. Terry Pratchett and I were the co-guests-of-honor at Penguicon I back in 2003 and I’ve been back evey year since.

If you’ve never been to an SF con, you have no idea how much fun this can be. A couple thousand unusually intelligent people well equipped with geek toys and costumes and an inclination to party can generate a lot of happy chaos, and Penguicon reliably does. If you leave Monday without having made new friends, you weren’t trying.

Things I have done at Penguicon: Singing. Shooting pistols. Tasting showcased exotic foods. Getting surprise-smooched by attractive persons. Swordfighting. Playing strategy games. Junkyard Wars. Participating in a Viking raid (OK, it turned into a dance-off). Punning contests. And trust me, you have never been to parties with better conversation than the ones we throw.

Fly in Thursday night (the 28th) if you can because Geeks With Guns (the annual pistol-shooting class founded by yours truly and now organized by John D. Bell) is early Friday afternoon and too much fun to miss.

About five years ago I reacted to a lot of hype about the impending death of the personal computer with an observation and a prediction. The observation was that some components of a computer have to be the size they are because they’re scaled to human dimensions – notably screens, keyboards, and pointing devices. Wander outside certain size extrema and you get things like smartphone keyboards that are only good for limited use.

However, what we normally think of as the heart of a computer – the processing and storage – isn’t like this. It can get arbitrarily small without impacting usability at all. Consequently, I predicted a future in which people would carry around powerful computing nodes descended from smartphones and walk them to docking stations bundling a screen, a pointing device, and a real keyboard when they need to get real work done.

We’ve now reached an interesting midway point on that road. The (stationary) computers I use are in the process of bifurcating into two classes: one quite large, one very small. I qualify that with “stationary” because laptops are an exception for reasons which, if not yet obvious, will be in a few paragraphs.

The “large” class is exemplified in my life by the Great Beast of Malvern: my “desktop” system, except that it’s really more like a baby supercomputer optimized for fast memory access to extremely large data sets (as in, surgery on large version-control repositories). This is more power than a typical desktop user would know what to do with, by a pretty large margin -absurd overkill for just running an office suite or video editing or gaming or whatever.

My other two stationary production machines are, as of yesterday, a fanless mini-ITX box about the size of a paperback book and a credit-card-sized Raspberry Pi 3. They arrived on my doorstep around the same time. The mini-ITX box was a planned replacement for the conventional tower PC I had been using as a mailserver/DNS/bastion host, because I hate moving parts and want to cut my power bills. The Pi was serendipitous, a surprise gift from Dave Taht who’s trying to nudge me into improving my hardware hacking.

(And so I shall; tomorrow I expect to solder a header onto an Adafruit GPS hat, plug it into the Pi, and turn the combination into a tiny Stratum 1 NTP test machine.)

And now I have three conventional tower PCs in my living room (an old mailserver and two old development workstations) that I’m trying to get rid of – free to good home, you must come to Malvern to get them. Because they just don’t make sense as service machines any more. Fanless small-form-factor systems are now good enough to replace almost any computer with functional requirements less than those of a Great-Beast-class monster.

My wife still has a tower PC, but maybe not for long. Hers could easily be replaced by something like an Intel NUC – Intel’s sexy flagship small-form-factor fanless system, now cheap enough on eBay to be price-competitive with a new tower PC. And no moving parts, and no noise, and less power draw.

I have one tower PC left – the recently decomissioned mailserver. But the only reason I’m keeping it is as a courtesy for basement guests – it’ll be powered down when we don’t have one. But I am seriously thinking of replacing it with another Raspberry Pi set up as a web kiosk.

I still have a Thinkpad for travel. When you have to carry your peripherals with you, it’s a compromise that makes sense. (Dunno what I’m going to do when it dies, either – the quality and design of recent Thinkpads has gone utterly to shit. The new keyboards are particularly atrocious.)

There’s a confluence of factors at work here. Probably the single most important is cheap solid-state drives. Without SSDs, small-form-factor systems were mostly cute technology demonstrations – it didn’t do a lot of practical good for the rest of the computing/storage core to be a tiny SBC when it had to drag around a big, noisy hunk of spinning rust. With SSDs everything, including power draw and noise and heat dissipation, scales down in better harmony.

What it adds up to for me is that midrange PCs are dead. For most uses, SFF (small-form-factor) hardware has reached a crossover point – their price per unit of computing is now better.

Next, these SFF systems get smaller and cooler and merge with smartphone technology. That’ll take another few years.

Once upon a time, free-trade agreements were about just that: free trade. You abolish your tariffs and import restrictions, I’ll abolish mine. Trade increases, countries specialize in what they’re best equipped to do, efficiency increases, price levels drop, everybody wins.

Then environmentalists began honking about exporting pollution and demanded what amounted to imposing First World regulation on Third World countries who – in general – wanted the jobs and the economic stimulus from trade more than they wanted to make environmentalists happy. But the priorities of poor brown people didn’t matter to rich white environmentalists who already had theirs, and the environmentalists had political clout in the First World, so they won. Free-trade agreements started to include “environmental safeguards”.

Next, the labor unions, frightened because foreign workers might compete down domestic wages, began honking about abusive Third World labor conditions about which they didn’t really give a damn. They won, and “free trade” agreements began to include yet more impositions of First World pet causes on Third World countries. The precedent firmed up: free trade agreements were no longer to be about “free” trade, but rather about managing trade in the interests of wealthy First Worlders.

Today there’s a great deal of angst going on in the tech community about the Trans-Pacific Partnership. Its detractors charge that a “free-trade” agreement has been hijacked by big-business interests that are using it to impose draconian intellectual-property rules on the entire world, criminalize fair use, obstruct open-source software, and rent-seek at the expense of developing countries.

These charges are, of course, entirely correct. So here’s my question: What the hell else did you expect to happen? Where were you idiots when the environmentalists and the unions were corrupting the process and the entire concept of “free trade”?

The TPP is a horrible agreement. It’s toxic. It’s a dog’s breakfast. But if you stood meekly by while the precedents were being set, or – worse – actually approved of imposing rich-world regulation on poor countries, you are partly to blame.

The thing about creating political machinery to fuck with free markets is this: you never get to be the last person to control it. No matter how worthy you think your cause is, part of the cost of your behavior is what will be done with it by the next pressure group. And the one after that. And after that.

The equilibrium is that political regulatory capability is hijacked by for the use of the pressure group with the strongest incentives to exploit it. Which generally means, in Theodore Roosevelt’s timeless phrase, “malefactors of great wealth”. The abuses in the TPP were on rails, completely foreseeable, from the first time “environmental standards” got written into a trade agreement.

That’s why it will get you nowhere to object to the specifics of the TPP unless you recognize that the entire context in which it evolved is corrupt. If you want trade agreements to stop being about regulatory carve-outs, you have to stop tolerating that corruption and get back to genuinely free trade. No exemptions, no exceptions, no sweeteners for favored constituencies, no sops to putatively noble causes.

It’s fine to care about exporting pollution and child labor and such things, but the right way to fix that is by market pressure – fair trade labeling, naming and shaming offenders, that sort of thing. If you let the politicians in they’ll do what they always do: go to the highest bidder and rig the market in its favor. And then you will get screwed.

Application of this principle to domestic policy is left as an easy exercise for the reader.

The British have a phrase “Too clever by half”, It needs to go global, especially among hackers. It can have any of several closely related meanings: the one I mean to focus on here has to do with overconfidence in one’s intelligence or skill, and the particular bad consequences that can have. It’s related to Nassim Taleb’s concept of a “fragilista”.

This came up recently when I posted about building a new mailserver out of a packaged fanless mini-ITX system. My stated goal was to reduce my mailserver’s power dissipation in order to (eventually) collect a net savings on my utility bill.

Certain of my commenters immediately crapped all over this idea, describing it as overkill and insisting that I ought to be using something with even lower power draw; the popular suggestion was a Raspberry Pi. It was when I objected to the absence of a battery-backed-up RTC (real-time clock) on the Pi that the real fun started.

The pro-Pi people airily dismissed this objection. One observed that you can get an RTC hat for the Pi. Some others waxed sarcastic about the maintainer of GPSD and the NTPsec tech lead not trusting his own software; a GPS to supply time, or NTP to take time corrections over the net, should (they claim) be a perfectly adequate substitute for an RTC.

And so they would be…under optimal conditions, with everything working perfectly, and a software bridge that hasn’t been written yet. Best case would be that your GPS hat has a solid satellite lock when you boot and sets the system clock within the first second. Only, oops, GPSD as it is doesn’t actually have the capability to set the stem clock directly. It has to go through ntpd or chrony.

So now you have to have a time service daemon installed, properly configured, and running for the timestamps on your system logs to look sane. Well, unless your GPS doesn’t have sat lock. Or you’re booting without a network connection for diagnostic or fault isolation reasons. Now your cleverness has gotten you nowhere; your machine could believe it’s near 0 in the Unix epoch (Midnight, January 1st 1970) for an arbitrary amount of time.

Why is this a problem? One very mundane reason is that logfile analyzers don’t necessarily deal well with large jumps in the system clock, like the one that will happen when the system time finally gets set; if you have to troubleshoot boot-time behavior later. Another is cron jobs firing inappropriately. Yet another is that the implementations for various network protocols can get confused by large time skew, even if they’re formally supposed to be able to handle it.

And I left out the fact that outright setting the system clock isn’t normal behavior for an NTP daemon, either. What it’s actually designed to do is collect small amounts of drift by speeding up or slowing down the clock until system time matches NTP time. And why is it designed to do this? If you guessed “because too many applications get upset by jumping time” you get a prize.

You can certainly tell an NTP daemon to set time rather than skewing the clock rate. But you do have to tell it to do that. This is a configuration knob that can be gotten wrong.

Are we perhaps beginning to see the problem here?

Engineering is tradeoffs. When you optimize for one figure of merit (like low cost) you are likely to end up pessimizing another, like proliferating possible failure modes. This is especially likely if an economy measure like leaving out an RTC requires interlocking compensations like having a GPS hat and configuring your time-service daemon exactly right.

The “too clever by half” mindset often wants to optimize demonstrating its own cleverness. This, of course, is something hackers are particularly prone to. It can be a virtue of sorts when you’re doing exploratory design, but not when you’re engineering a production system. I’m not the first person to point out that if you write code that’s as clever as you can manage, it’s probably too tricky for you to debug.

A particularly dangerous form of too clever by half is when you assume that you are smart enough for your design to head off all failure modes. This is the mindset Nassim Taleb calls “fragilista” – the overconfident planner who proliferates complexity and failure modes and gets blindsided when his fragile construct collides with messy reality.

Now I need to introduce the concept of an incident pit. This is a term invented by scuba divers. It describes a cascade that depends with a small thing going wrong. You try to fix the small thing, but the fix has an unexpected effect that lands you in more trouble. You try to fix that thing, don’t get it quite right, and are in bigger trouble. Now you’re under stress and maybe not thinking clearly. The next mistake is larger… A few iterations of this can kill a diver.

The term “incident pit” has been adopted by paramedics and others who have to make life-critical decisions. A classic XKCD cartoon, “Success”, captures how this applies to hardware and software engineering:

Too clever by half lands you in incident pits.

How do you avoid these? By designing to avoid failure modes. This why “KISS” – Keep It Simple, Stupid” is an engineering maxim. Buy the RTC to foreclose the failure modes of not having one. Choose a small-form-factor system your buddy Phil the expert hardware troubleshooter is already using rather than novel hardware neither of you knows the ins and outs of.

Don’t get cute. Well, not unless your actual objective is to get cute – if I didn’t know that playfulness and deliberately pushing the envelope has its place I’d be a piss-poor hacker. But if you’re trying to bring up a production mailserver, or a production anything, cute is not the goal and you shouldn’t let your ego suck you into trying for the cleverest possible maneuver. That way lie XKCD’s sharks.

This may be the week the SJWs lost it all…or, at least, their power to bully people in the hacker culture and the wider tech community.

May of you probably already know about the LambdaConf flap. In brief: LambdaConf, a technical conference on functional programming, accepted a presentation proposal about a language called Urbit, from a guy named Curtis Yarvin. I’ve looked at Urbit: it is very weird, but rather interesting, and certainly a worthy topic for a functional programming conference.

And then all hell broke loose. For Curtis Yarvin is better known as Mencius Moldbug, author of eccentric and erudite political rents and a focus of intense hatred by humorless leftists. Me, I’ve never been able to figure out how much of what Moldbug writes he actually believes; his writing seems designed to leave a reader guessing as to whether he’s really serious or executing the most brilliantly satirical long-term troll-job in the history of the Internet.

A mob of SJWs, spearheaded by a no-shit self-described Communist named Jon Sterling, descended on LambdaConf demanding that they cancel Yarvin’s talk, pretending that he (rather than, say, the Communist) posed a safety threat to other conference-goers. The conference’s principal organizers, headed up one John de Goes, quite properly refused to cancel the talk, observing that Yarvin was there to talk about his code and not his politics.

I think they conceded to much to the SJWs, actually, by asking Yarvin to issue a statement about his views on violence. Nobody asked Jon Sterling whether he was down with that whole liquidation of the kulaks thing, after all, and if a Communist who likes to tweet about sending capitalists to “hard labor in the North” gets a pass it is not easy to see why any apologia was required from a man with no history of advocating violence at all.

But, ultimately, they did make the right decision: to judge Yarvin’s talk proposal by its technical merit alone. This is the hacker way.

The SJWs then attempted to pressure LambdaConf’s sponsors into withdrawing their support so the conference would have to be canceled. Several sponsors withdrew (I don’t know details about who; my sources for this part are secondhand).

So far, so wearily familiar – Marxist thugs versus free expression, with free expression’s chances not looking so hot. But there’s where the story gets good. Meredith Patterson and her friends at the blog Status 451 organized a counterpunch. They launched an IndieGoGo campaign Save LambdaConf …and an open society.

I got wind of this a bit less than two days ago and posted to G+ asking all 20K of my followers to chip in, something I’ve never done before. Because, like Merry, I understand that this wasn’t actually about Mencius Moldbug at all – it was about opposing a power play by the political-correctness police. The IndieGoGo campaign was our chance to strike back for liberty.

A day later it was fully funded. ClarkHat’s victory lap makes great reading.

I replied to congratulate ClarkHat: “@ClarkHat I don’t often ask my 20K G+ followers to support a crowdfunder, but when I do it’s hoping for a victory like this one.” And today I have 21K followers.

The hacker community has spoken, and it put its money where its mouth is, too. Now we know how to stop the SJWs in their tracks – fund what they denounce, make their hatred an asset, repeatedly kerb-stomp them with proof that their hate campaigns will be countered by the overwhelming will of the people and communities they thought they had bullied into submission.

I’m proud of my community for stepping up. I hope Sir Tim Hunt and Brendan Eich and Matt Taylor and other past victims of PC lynch mobs are smiling tonight. The SJWs’ preference-falsification bubble has popped; with a little work and a few more rounds of demonstration we may be able to prevent future lynchings entirely.