1. 24
  1.  

  2. 17

    I’m one of the maintainers of Conjure, happy to answer questions about this project!

    1. 12
      1. How does this compare to gRPC and friends (e.g. Thrift), especially now that gRPC-Web is in GA? When would I pick Conjure over them?
      2. Are there plans for additional language support? I’m interested in Go in particular.
      1. 9
        1. We’re big fans of gRPC! One downside is that it does require HTTP/2 trailers, which means if you want to make requests from browsers or curl, you’d need to deploy a proxy like envoy to rewrite the traffic. I think Conjure makes sense if you’re already relying on HTTP/JSON in production or care about browsers. It’s very much designed with simplicity in mind, and doesn’t actually prescribe any particular client or server, so allows you to get the upside of strong types for your JSON, without requiring big changes to your existing stack or API.

        2. Definitely! Internally, we use go extensively so I think conjure-go is next in the open-sourcing pipeline. One interesting feature of Conjure is that since the IR is a stable format, you can develop new language-generators independently without needing any involvement from the core maintainers!

        1. 4

          I have the same question as 1. but with OpenAPI.

          1. 6

            They’re conceptually pretty similar, but we found the Java code that Swagger generates pretty hard to read. While Swagger has to add many annotations (https://github.com/swagger-api/swagger-samples/blob/master/java/java-jersey-jaxrs/src/main/java/io/swagger/sample/resource/PetResource.java#L43) to deal with any conceivable API you might define, Conjure is intentionally more restrictive in terms of what you can define and tries to focus on doing a small number of things very well.

            This results in code that is as readable as a human would write (https://github.com/palantir/conjure-java/blob/1.3.0/conjure-java-core/src/integrationInput/java/com/palantir/product/EteService.java), with all the benefits of modern best practices like immutability, NonNull everywhere etc.

        2. 59

          How do you feel about your work being used to enable human rights violations?

          1. 14

            This is actually an interesting question.

            1. 6

              Probably terrible but also aware of the unlikelihood of escaping it. Sometimes you have an action and it has good and bad consequences and the good consequences are avoidable, but the bad aren’t. In that specific scenario it’s not wise to give up the good consequences just so you aren’t “getting your hands dirty”. Sure if you can find some way to escape the evils then you should try all available options but sometimes things are bad.

              Oh I’m realizing this is specifically Palantir’s stack lmao. Nevermind yeah don’t work on that on your free time y’all, no hard feelings intended towards @iamdanfox .

              1. 2

                As it seems I’m living under a rock, could you paste some link to provide the context for your question?

                Edit: never mind, found it; “Palantir provides the engine for Donald Trump’s deportation machine”

                1. 1

                  Which is the same machine as previously used, right?

              2. 3

                How does it compare to Twirp? (https://github.com/twitchtv/twirp)

                Update after a quick search: Conjure uses JSON whereas Twirp uses ProtocolBuffer.

                1. 2

                  I think Twirp has a lot of similar motivations to Conjure - the blog post even mentions an emphasis on simplicity and it works over HTTP1.1 (unlike gRPC).

                  One key difference I see is that many API definition tools are essentially monoliths, pretty much completely controlled by the originating company. We’ve gone for a different approach with Conjure and tried to decouple things so that significant additions (e.g. adding a new language) happen without blocking on the core maintainers at all.

                  For example, if you wanted to add Swift support, you’d make a brand new conjure-swift repo and write a CLI that turns the stable IR format into Swift source code. We have a standardised test harness (written in Rust) that you can use to prove that your new conjure-swift code will be compatible with other Conjure clients/servers. Once your CLI works, you can package it up in a standard way and it should slot nicely into existing build tools.

                2. 3

                  How is unionization in Palantir? Is there a reason why you’re still working there? Do you need support? I’m not from USA but I can point you to people willing to support workers like yourself.

                  1. 2

                    Hey I am really interested in the project, but I’m getting errors when going through the tutorial on the GitHub repo, specfically ./gradlew tasks was giving me an error fetching the com.palantir repos. I copy pasted the exact instructions and I’m unsure where to ask for help on this. I figured I’d at least let you know to see if you experience the same issues.

                    1. 2

                      Hey! Glad to hear you’re interested in the project and sorry about the issue with the getting started guide. i’ve gone ahead and updated the guide to fix the problem you encountered. Thanks for pointing out the issue. Hope you enjoy using the project and feel free to reach out with any questions, comments or concerns

                  2. 97

                    I’m sorry to bring this up, and it’s probably considered off-topic here on Lobsters, so feel free to flag this.

                    I know that OpenBSD and SQLite and lots of great pieces of software have been funded by the US military, and computing and military have a long and complicated relationship, but where do we as developers draw the line as to whom we are willing to accept contributions from?

                    This is from Palantir, the company providing the technology for Trump’s deportation machine. I don’t think that this is a black/white issue, and I guess it may be possible to work at a seedy company and still do good stuff. But the docs include a FlightSearch example; is that really appropriate given the context?

                    Regardless, thanks for releasing this as free software.

                    1. 37

                      Thank you very much for saying it. I think making sure these ethical topics aren’t ignored is the very least we all have a responsibility to do. It’s also entirely possible that there are people here who didn’t know about it, so it’s always worth saying.

                      1. 37

                        Thank you for saying this. I’m troubled by the cavalier attitude of techies toward ethics lately, and it’s nice to know I’m not alone.

                        1. 24

                          I don’t think a forum where this response is off-topic is worth participating in. The tech industry spends too little time thinking about the ethical implications of it’s products.

                          1. 25

                            Even today, we debate the ethics of using the data gathered from unethical experiments in WW2.

                            I agree that there is a massive ethical issue working for Palatir - and I am not sure it’s ethical to use the work they have produced. Particularly if it’s a Swagger-like clone not yielding substantive value to humanity.

                            1. 10

                              While we’re at it, you probably typed that on a machine made by highly-exploited workers in a corrupt country that does far worse, added to the lake in the process, probably paid a surveillance-enabling company in a police state to send it over the network, and possibly wearing clothes made by kids in a sweatshop. And you did all this to get online suggesting moral folks maybe shouldn’t contribute to a HTTP/JSON thing that’s open source since a bad company might misuse [more] open source. Seems hypocritical to me.

                              Where to we draw the line on how our consumption and contribution harms or helps others? And do you regularly do that for every product and service you buy? Most of them? Have you been active in government on laws, treaties, court cases, etc? The stuff that stops things like you describe. Or just some quick, social signaling on Lobsters getting feel-good points? If you care, I encourage you to put time into legal reform or bootstrapping alternatives to each of the things I mentioned. Maybe make for better opportunities for immigrants in whatever your country is, too. Maybe host some coding bootcamps or something for those in the slums. What you’re doing here is adding to the noise but not helping Trump’s victims or your country’s immigrants in any way.

                              1. 71

                                I feel like this is a great example of whataboutism.

                                I think that if this approach was applied to tech, we’d never fix a bug because “what about the other bugs that could crash the app, this is just virtue signaling because physical compromise means game over”. Why fix a bug when you can say “What about the terrible state of security education in general, why fix a security bug when developers are just adding more?”

                                It’s ok to make a judgement call and improve one thing in this messy world. It’s ok to try and reduce your footprint/total harm while hypocritically still participating in the system that feeds you. In fact that’s sort of core to improving those systems in a democracy.

                                Sorry if I misinterpreted your statement, I greatly enjoy your comments across the internet.

                                1. 11

                                  Whataboutism is a common reply on HN or Lobsters when a popular group decries their outgroup’s activities, third party points out their actions are contrary to their own beliefs, adds that the biases indicate they’re scoring political points rather than really care, and someone pops in to say third party is whataboutism to silence those views. Thing is, whatever 3rd party brings up is almost never on these forums, getting crowd support, or whatever. Always absent. Rather than likely-intended purpose, the whataboutism claim just reinforces specific types of people supporting/rejecting specific activities by silencing dissenters. I mean, if commenter really cares about Trump’s horrors or not contributing to evil organizations, why the hell are they funding evil, slaving companies to buy toys to spend so much time on the programming projects? So, they probably don’t care or are acting like it now. Then, I do to them as they do to others.

                                  Far as what I’m doing, I’ll tell you straight up. There’s been an increase over time of political comments that are about shaming people into behaving certain ways for a perceived, social good. Almost all of them are coming from hypocrits and/or slactivists. I mean, they’re talking on a forum no politician reads with low views. It’s not going to change Palantir’s or Trump’s practices. They know they avoiding stuff that can get results to spend time on Internet forums. So, they’re just getting an emotional high off attacking their opponents, looking like they’re responsible, or getting meaningless votes from people that agree with them. They also tie up our threads with that shit. So, as a real activist doing real-world work, I just call out their selfish, hypocritical bullshit to (a) deter more comments like that here and/or (b) encourage them to actually work on the causes they claim to work on.

                                  Disclaimer: In fairness, people could (and do) call me out for not putting more time into actually building and deploying secure goods rather than high-level designs posted online. Although I defended my choice, I’m probably guilty of screwing up on a reasonable ratio between the two. Anything above zero code might be better. I plan to work on that more next year after I change circumstances.

                                  Disclaimer 2: I say “almost all” cuz a few people here are legit activists or doing things at a loss to address the causes they’re talking about. I respect them a lot.

                                  “It’s ok to make a judgement call and improve one thing in this messy world. It’s ok to try and reduce your footprint/total harm while hypocritically still participating in the system that feeds you. “

                                  I totally agree with you. That’s not what the person was doing, though. It won’t stop Palantir’s contracts, it won’t stop the government’s activities, and proliferation of HTTP/JSON libraries will continue. The latter will even be FOSS so anyone, including Palantir, can use them. Maybe person complaining should start an alternative to Palantir that’s more ethical, organize boycotts of their products, get in a HR office poaching all their smartest talent (or delivering idiots), make enough money to pay off politicians to change government policies, and so on. Stuff that actually affects Palantir or Trump’s agencies.

                                  “I greatly enjoy your comments across the internet.”

                                  Thanks and same to you. :)

                                  1. 25

                                    Maybe person complaining should start an alternative to Palantir that’s more ethical, organize boycotts of their products, get in a HR office poaching all their smartest talent (or delivering idiots), make enough money to pay off politicians to change government policies, and so on.

                                    This objection is absurd on its face. You can’t ethically compete in a market for unethical services. An ethical alternative to Palantir is an oxymoron, because Palantir’s ethical issues are fundamental to the things that Palantir sells. You also can’t “organize a boycott” of a defense contractor. Your final two points are literally “just have enough money to fix the problem”.

                                    How does starting a company which sells the same thing as Palantir to the same customers Palantir sells to, hires the same people as Palantir, has the same wealth as Palantir, and bribes politicians the way Palantir does, stop the problem of companies that behave like Palantir? You’re objecting to someone criticizing the status quo by telling them they should instead… further reinforce the status quo?

                                    1. 19

                                      I think you misapprehend what is going on here. This is a forum for highly technical people; by raising the serious ethical space Palantir exists in, it directly bears on creating difficulty in recruiting, along with decreasing retention.

                                      You, of all people, should understand the power of words on an internet screen to influence readers: you’ve been writing long & grammatically correct essays on security across multiple major internet fora for years. I’ve seen you on Schnier and HN, :) Communication, persuasion, and discussion are an essential activist activity. (And for my money, it is substantially more effective than picketing and marching 95% of the time…)

                                      1. 7

                                        (I suspect this was meant as a reply to the person I replied to.)

                                        1. 2

                                          “by raising the serious ethical space Palantir exists in, it directly bears on creating difficulty in recruiting, along with decreasing retention.”

                                          I agree with you. I actively do that in real life every day for customers and coworkers wanting something better in a lot of areas. I have plenty of results to show for it. That’s because I put the time in where it gets results and consistently do it rather than one-off’s we sometimes see here. Companies like Palantir use recruiting practices that cast a wide net. Anyone wanting to disrupt their recruiting should be posting such comments on sites with massive numbers of page views that are mostly developers. Big, social media sites like Twitter, Facebook, Reddit, and Hacker News. LinkedIn, too, if you can do it that way but I haven’t been on in long time. That’s why I encourage them to put political efforts in front of literally millions of developers instead of a hundred or less participating here if aiming for a big wave of change.

                                          “You, of all people, should understand the power of words on an internet screen to influence readers: you’ve been writing long & grammatically correct essays on security across multiple major internet fora for years. I’ve seen you on Schnier and HN, :) “

                                          You said long and grammatically correct. You gotta be messing with me on second half lmao. I agree with the power of words and persuasion as stated above. Hell, you had to have seen me do it there, esp to “Skeptical” (troll or near-perfect DOD apologist) before I left. That’s why I tell them to use that power where it gets results instead of Lobsters. Then, we keep Lobsters focused on deep, technical stuff with low noise. Anyone wanting to achieve political action can ping Lobsters, via dedicated threads or private messages, to go where the action is to get actual, Palantir-scale results.

                                          ““It is what it is”, which is what your comment & Nick’s comment promote, simply promotes apathy; history provides many examples of change taking place. I encourage people to shake off the belief that things will always stay the same.”

                                          That’s not true at all. I’ve just followed something like several lifetimes worth of history on the U.S. military and government under both left- and right-leaning leaders finding the military-industrial-complex just got more powerful over time. The politicians of both sides support it. The right supports companies like Palantir overtly. The left’s politicians will support the defense contractors for both payouts and to bring jobs to their districts. So, to change the situation voronoipotato describes, you have to get millions of people to vote out scumbags that take money to improve chances of elections to combat defense industry or get an anti-war, pro-immigration President in office with Congress willing to roll-back legislation.

                                          The last election surprised most lefter-than-I liberals that were trying to make people say the correct things on forums, etc in ways we see in some threads here. I doubt they’re capable of achieving that 180 directly if keeping same practices that failed before so hard they didn’t even see what was coming. Fingers crossed that we just get lucky that Trump does so much damage and embarrassment that a reversal happens in swing states after the Democrats get on top of their shit this time. Or we centrists get a President. Fat chance on that one since few listen to moderates. ;)

                                        2. 5

                                          The person you’re talking to likely doesn’t even think that Defense Contracting is unethical. Being said palantir is going to keep existing, boycotting doesn’t mean anything here because we don’t even buy their products. Even under a proper organized effort if we got a different defense contractor absolutely nothing would be different. The only tactics I’m aware we can do are mitigation tactics of not giving our labor to defense contractors, but this drives up the wages to the point where someone would. You can if you work there do a labor slowdown, but your ability to act in that way is limited, and useless if it’s not a group effort.

                                          Palantir is a bad thing but our ability to affect it is extremely limited. Electoral politics is mostly useless here. Their lobbying power affects both parties pretty evenly. IMHO it’s better to put energy into mitigation tactics into problems where it’s easier to have traction. One group has been for example paying for bail bonds for refugees.

                                          Defense contractor spending isn’t a symptom of capitalism but rather attached to the heart, a swollen vestigial organ from mercantilism and much like the appendix may kill you if you remove it unskillfully.

                                          I think it’s natural to see the biggest problem and try and lock horns with it, but sometimes a smaller problem you can solve is genuinely better than a larger problem you can’t. Obviously don’t work for them, there’s plenty of other places that pay you well and you won’t even have to think about all the bodies when you go to sleep.

                                          1. 7

                                            The person you’re talking to likely doesn’t even think that Defense Contracting is unethical.

                                            Yes, but the person they’re suggesting this in response to does, which was the context of nickpsecurity’s original suggestion to compete with Palantir.

                                            The only tactics I’m aware we can do are mitigation tactics of not giving our labor to defense contractors, but this drives up the wages to the point where someone would.

                                            I don’t know what your point is. Driving up wage costs for unethical corporations is the point of organizing an effort to boycott employment at specific corporations. The goal is making things like human rights violations untenable to corporations by making them unprofitable. Yes, this is a half measure - but it’s not nothing, either.

                                            Defense contractor spending isn’t a symptom of capitalism but rather attached to the heart, a swollen vestigial organ from mercantilism and much like the appendix may kill you if you remove it unskillfully.

                                            So your point is, we should leave it alone?

                                            I think it’s natural to see the biggest problem and try and lock horns with it, but sometimes a smaller problem you can solve is genuinely better than a larger problem you can’t.

                                            On the contrary - refusing to work for companies like Palantir and encouraging my fellow tech workers to do the same is one of my most fruitful opportunities to fight against systemic injustices at the moment. Each of us in the tech industry have far more influence on an our industry’s actions than on the actions of things like the federal government - there are less than four million programmers in the entire US, as opposed to the vastly higher number of voters. We should be adamant about using our privileged place as one of the few labor pools left with real negotiating power to prevent our industry from committing acts of evil, not conveniently defeatist whenever someone dares to suggest the small personal sacrifice of choosing not to directly build the tools of human misery.

                                            1. 7

                                              Fundamental changes are achieved by many people choosing to not accept what is, and coming together to push towards a major change in the status quo.

                                              “It is what it is”, which is what your comment & Nick’s comment promote, simply promotes apathy; history provides many examples of change taking place. I encourage people to shake off the belief that things will always stay the same.

                                              1. 1

                                                You said it even better than me.

                                            2. 20

                                              Whataboutism is a common reply on HN or Lobsters when a popular group decries their outgroup’s activities, third party points out their actions are contrary to their own beliefs, adds that the biases indicate they’re scoring political points rather than really care, and someone pops in to say third party is whataboutism to silence those views. Thing is, whatever 3rd party brings up is almost never on these forums, getting crowd support, or whatever.

                                              No it’s a common reply when you distract from the discussion at hand to go ‘oh but what about these other unrelated issues?’ Your response is literally at the level of ‘capitalism made your iPhone you’re using to have this conversation so checkmate’ in a discussion about economic systems.

                                              There is no ‘popular group’ here, there’s no ‘outgroup’, nobody is decrying anyone’s activities. You haven’t ‘pointed out’ any actions that are contrary to anyone’s beliefs or exposed any biases or virtue signalling. All you’ve done is responded to a post pointing out that Palantir might be an unethical company, accusing them of virtue signalling! They didn’t even say ‘Palantir is bad’. They suggested that it might be, and that it was worth thinking about and discussion. Did you then discuss it? Did you think about it? No, you just launched into an attack, said that their post was social signalling and accused them of hypocrisy.

                                              Imagine for a moment the discussion was oil companies, and the person you were responding to had said ‘I think oil companies often act unethically and I think we should consider whether we want to be working with them and contributing to their open source software’. Your response was the equivalent of ‘you don’t have an electric car so you’re not allowed to discuss this’. I hope you can see that that is nonsense.

                                              I totally agree with you. That’s not what the person was doing, though. It won’t stop Palantir’s contracts, it won’t stop the government’s activities, and proliferation of HTTP/JSON libraries will continue. The latter will even be FOSS so anyone, including Palantir, can use them. Maybe person complaining should start an alternative to Palantir that’s more ethical, organize boycotts of their products, get in a HR office poaching all their smartest talent (or delivering idiots), make enough money to pay off politicians to change government policies, and so on. Stuff that actually affects Palantir or Trump’s agencies.

                                              When someone says ‘where do we as developers draw the line as to whom we are willing to accept contributions from?’ they are opening up a discussion. Maybe the result of that discussion would have been ‘anyone actually’. Suggesting that the first thing you should do is start boycotting companies before the issue has even been discussed is ridiculous. Discussions are fine. Discussions are not slacktivism. Posting ‘#stoppalantir #metoo #stoptrump’ at the end of your tweets and doing nothing else in your life is virtue signalling. Discussing issues is not.

                                              1. 10

                                                There is no ‘popular group’ here, there’s no ‘outgroup’, nobody is decrying anyone’s activities.

                                                A person submitted a HTTP/JSON toolchain that they were open-sourcing. A versatile, general-purpose tool that can be used for good if someone wants to. The comment I replied to ignored the software submission entirely to tell them they’re unethical for working at Palantir since other parts of the company uses its tech to serve an unethical customer. That’s decrying activities. Such reasoning also applies to companies like Google (or other surveillance companies), Apple/Foxconn, VC-funded companies aiming for lock-in, and so on since buying their stuff or contributing to their FOSS might support all kinds of evil. Some people supporting the decrying comment even work at such companies despite other jobs being available for people with that kind of talent. Strange.

                                                The fact that this accusation and suggestion to quit their job got 60 votes vs 7 about the submission… on Lobsters with lower numbers of votes to begin with… definitely says it’s popular. The marked difference between the people who support or question that tangent supports the existence of an outgroup relationship. I can’t say as much about what it means here since the outgroup receives more support on a lot of political divides. Lots of folks here hate companies like Palantir regardless of other beliefs. That’s what I’m leaning toward.

                                                It’s been an interesting thread to observe, though.

                                                1. 2

                                                  Wholeheartedly agree, there! I suspect I drew different conclusions than you, though.

                                              2. 3

                                                People can disagree with you without being part of a conspiracy to silence or shame you. Maybe a less emotional response would be more informative.

                                              3. 0

                                                One of nick’s pastimes seems to be railing against liberal “hypocrisy” on this website, mostly by deflecting into muddy tangential arguments just like so.

                                                1. 13

                                                  Please don’t post ad-hominem attacks here. If you disagree with the argument, pick it apart politely.

                                                  Lord knows you should have enough practice by now to do so.

                                                  1. 5

                                                    If you disagree with the argument, pick it apart politely.

                                                    That only works if both sides are arguing in good faith though which definitely doesn’t appear to be the case with some commenters on here.

                                                    1. 4

                                                      If that’s the case, then arguing further with somebody in bad faith is just going to create noise and antagonize other lobsters. Best just to ignore the posts then.

                                                      1. 3

                                                        I do but it ruins the lobsters experience for me to see people arguing in bad faith without any censure. Some of them even seem to be encouraged as a kind of clickbait/outrage generator. It’s disheartening.

                                                    2. 4

                                                      Lord knows you should have enough practice by now to do so.

                                                      This is an ad-hominem, friendly.

                                                2. 19

                                                  Leaving whataboutism aside, I think you cannot conflate the (delusional) idea of ethical consumption with active usage and contribution of open source software.

                                                  Ethical consumption doesn’t work for the structure of the market, where the contribution of the individual gives no perceivable feedback to the system.

                                                  The Open Source world and software engineering are a much smaller world. It is a realistic goal to radicalize enough software engineers inside and outside of Palantir in order to halt their production. Your target audience has contract leverage, money and is highly connected and easily reachable.

                                                  This is a much easier and realistic goal than convince the management of some big corporation to reduce their exploitation just because a small minority of consumers is unhappy. When they realize this, instead of reducing exploitation, they invest in more marketing to wash their brand, or they simply start a new one. Much cheaper.

                                                  Don’t conflate your power as a consumer with your power as a producer, because they very different.

                                                  1. 11

                                                    I used to work for Nokia. They did everything in their power to ethically source all their materials. It was the only phone company that did that. Other companies don’t do that because nobody demands it from them. While there is no ethical consumption under capitalism, there is slightly less terrible consumption. So where do we draw the line? As deep into their pocket books as it can go.

                                                    1. 1

                                                      I didn’t know that about Nokia. That’s awesome! Thanks for the tip.

                                                      1. 1

                                                        Now, keep in mind the new Nokia phones are made by a different company that just licenses the brand. I’m not sure if care as much.

                                                    2. 10

                                                      […] the lake […]

                                                      That is horrible.

                                                      Seems hypocritical to me.

                                                      Ok.

                                                      Where would you draw the line personally? Do I understand your opinion correctly as suggesting that if you use a computer, then you shouldn’t be discussing unethical behaviour, e.g. racism? It is not my intention to judge here; just genuinely curious.

                                                      Maybe make for better opportunities for immigrants in whatever your country is, too.

                                                      I agree with this very much, and this is something that I aspire to do. Additionally I do have friends that have been deported, and worry a bit about my own not so distant post-Brexit situation in the UK.

                                                      1. 2

                                                        Im glad you’re doing real work on this issue. I commend that.

                                                        Writing it here likely isn’t is the thrust of my point. Instead, it’s just adding noise to the forum plus sending a jab at one of only folks we know in Palantir doing something possibly beneficial (eg open-sourcing software for data analysis). The people here that would agree with your position already dont work for Palantir, use their services, or vote for folks that support horrible policies on immigration.

                                                        Those that do these thing are (a) mostly not on Lobsters where your comments bave about lowest ROI you can get and (b) usually disagree with you with no intent to change their mind based on your comment that states the obvious. So, you’re not reaching them. Goes for similar comments aiming for political impact on government-level stuff in non-political, Lobsters threads. So, I push for people not to introduce them.

                                                        Im at work now so responses might be delayed.

                                                        1. 5

                                                          mostly not on Lobsters where your comments bave about lowest ROI you can get

                                                          Yes, you are probably correct in that observation.

                                                          I wasn’t really sharing my thoughts here expecting any impact, but rather because I’m interested in hearing what other people think. And you are right that I’m being hypocritical here, because I doubt I’d react the same to an IBM project even though they have a shameful past; and even worse, I used to work on this phone app promoting some agrochem from DOW. At first I just kept my eyes on the code, but I couldn’t justify it to myself after reading about their role in the Vietnam War and the Bhopal Disaster and all that.

                                                          So, it was intended more of an open question about where people here draw the line.

                                                          1. 2

                                                            Well, you seem to be speaking out of the heart on things you’ve been close to personally. I respect that. I still say low-ROI with better results elsewhere. You were bringing it up for good reasons, though. The community response also strongly favored your comment in a way consistent with prior threads on politics showing a shift in what Lobsters wants as a community. I’ll write on that in the future.

                                                            And it’s still cool you’re another person reusing older computers with the LiveCD tests and such. Off-topic a bit, but I was wondering if the hardware vulnerabilities they probably won’t patch on 5-10 year old machines have you considering new stuff? I always knew they were there. Now, they’re coming quickly with many eyeballs on them. Might be best reason I ever heard to get the latest and greatest from Purism, Raptor, or whoever. And then most have backdoors for (insert group) but fewer hardware 0-days for (more groups). Wait, I thought this tangent-tangent could lighten things up with easier choices… Looks just as hard… ;)

                                                            1. 1

                                                              Off-topic a bit, but I was wondering if the hardware vulnerabilities they probably won’t patch on 5-10 year old machines have you considering new stuff?

                                                              I don’t know enough about this; what hardware vulns are we talking about here, and how easy are they to exploit? Although it’s not really about hardware, there’s that whole Intel Management Engine issue that is avoided by using somewhat old WinXP-era 32-bit laptops, so newer is not always more secure.

                                                              And it’s still cool you’re another person reusing older computers with the LiveCD tests and such.

                                                              Oh yes that thread! At least it’s a bit less harmful if we can use computers for longer. A friend of mine has a Mac that can’t get more OS X updates now, so she’s stuck with insecure versions of Firefox and all that. Gonna put Debian on it later this week, hopefully!

                                                              Do you know of any somewhat more ethical laptop producers?

                                                              1. 2

                                                                re hardware attacks.

                                                                Essentially, the hardware has always been secure with only elite pro’s focusing on it. Now, due to Meltdown/Spectre, hardware attacks have gone really mainstream with all kinds of university research, private research, folks describing stuff on blogs, and so on. All the CPU’s that were highly optimized (esp Intel/AMD) are vulnerable to them needing patches. They’re doing the attacks over the network now. Older systems used to be safer but now they’re not since attacks will get more numerous and effective over time.

                                                                About the only things that are immune were simpler, embedded CPU’s. They’re not designed for security, though, with far less attention by defenders. So, that could reduce the hardware risk adding to the software risk. Simpler boards that can run modern, security-updated OS’s might help. I’m not sure. At lot of stuff is piling in.

                                                                re put Debian on it.

                                                                Ok, you’re already using that strategy. Good thinking and being helpful! :)

                                                                re ethical producers

                                                                I can’t remember since I was buying used ones like you. The one I see in media most with good things going for it is Purism. They try to disable the ME with software changes, too. Some folks pushing high freedom were using MiniFree to get ME-less, FOSS-firmware laptops. It had downsides. My own Core Duo 2 still handles stuff nicely outside games, highest-def content, and worst of web apps. Here’s a Guardian article I just found with some recommendations. Another said iFixit can help keep things going.

                                                                So, not a lot of options for new hardware minimizing harm to self and others. There are options in both reuse and new categories that help us reduce harm. We can at least do that. I stay dedicating slices of my research to solving this problem. Tracking whatever can help for whoever can do it. Maybe something will shake out eventually.

                                                        2. 0

                                                          Additionally I do have friends that have been deported

                                                          Sorry but are we now living in a world where the ‘standard’ left-wing political view in the Anglosphere is that any kind of deportation is bad? Because that’s how I’m reading this comment.

                                                          Immigration policy exists for very good reasons. The American political dichotomy that either there should be zero immigration or completely unchecked immigration is, for lack of a better word, moronic.

                                                          1. 3

                                                            I think it’s fair to assume that the poster could be criticising the particular immigration policy that led to these deportations, instead of all immigration policy.

                                                            1. 1

                                                              It could be fair, if the poster denounced similar and almost identical policies under the previous President. As it stands, the poster is mostly just criticizing immigration policies that seemed totally reasonable and main stream just eight short years ago.

                                                        3. 5

                                                          You can’t make perfect the enemy of good. Your argument essentially seems to be that if you can’t live perfectly you shouldn’t try living better at all.

                                                          It’s virtually impossible to operate in the modern world without using the internet, without having and using a computer. If it were possible to, for a reasonable price that I can afford but knowing I’d have to pay somewhat of a premium, buy a computer that I knew wasn’t made using exploitation of those in the third world, then of course I would buy one. But I don’t know that it is. And there are other competing priorities too, like getting a computer that is free of binary blobs and proprietary software.

                                                          I certainly don’t pay a ‘surveillance-enabling company in a police state’ to send anything over the internet. I pay an ISP for internet access, but I don’t live in a police state and as far as I know my ISP doesn’t enable surveillance.

                                                          In the same way that I think it’s perfectly reasonable for someone to say ‘I can’t afford to be vegan’ even though being vegan is morally important, I think it’s perfectly acceptable to say ‘I can’t afford to buy ethically produced clothes’. Plus there’s significant evidence that manufacturing things in third world countries has improving their living standards and wages considerably.

                                                          Where to we draw the line on how our consumption and contribution harms or helps others? And do you regularly do that for every product and service you buy? Most of them?

                                                          I like to have an idea, at least, of what goes into the things I buy, yes. It’s hard to do it with absolutely everything though, because there’s just so much different stuff.

                                                          Have you been active in government on laws, treaties, court cases, etc? The stuff that stops things like you describe.

                                                          That’s absolutely ridiculous. You do not have to be a member of government to have a political view. You do not have to negotiate an international treaty to have a political view. You do not have to sue someone to have a political view. Your standards are ridiculous.

                                                          Or just some quick, social signaling on Lobsters getting feel-good points?

                                                          Discussing important issues is not ‘virtue signalling’.

                                                          If you care, I encourage you to put time into legal reform or bootstrapping alternatives to each of the things I mentioned. Maybe make for better opportunities for immigrants in whatever your country is, too. Maybe host some coding bootcamps or something for those in the slums. What you’re doing here is adding to the noise but not helping Trump’s victims or your country’s immigrants in any way.

                                                          This has nothing to do with immigrants and everything to do with Palantir being a company that operates in an unethical manner. It’s a surveillance company. There’s absolutely nothing problematic about a company producing software on contract for a government that has immigration policies. The issue is that Trump’s policies are violating human rights in how they’re enforcing those laws.

                                                          You don’t solve this problem by creating ‘coding bootcamps’ for immigrants LOL.

                                                        4. 4

                                                          I guess it may be possible to work at a seedy company and still do good stuff.

                                                          Regardless, thanks for releasing this as free software.

                                                          Every field of endeavor is welcome here. Every field of endeavor is welcome here for technical discussion, free of (without expectation of) moralizing, guilt, or shame.

                                                          1. 2

                                                            I personally already draw the line at technology coming from uber for ethical reasons, so I will not touch palantir things at all. Thanks for bringing that up!