1. 14

    i’m not sure if this should be recognized by commenting here, as it feels outright like a troll attempt.

    assuming this is a reaction to https://lobste.rs/s/ktvzwl/use_plaintext_email : asking users and giving directions to use plaintext isn’t “gatekeeping”. by using this word you apply a negative spin on the plaintext email site, maybe even on the author. i don’t want to see this kind of conversation here.

    edit (after the archived version was linked here):

    Request for Guillotine: 1

    really? that low?

    Upon the dismantling of the original mailing lists due to the power vacuum caused by several high-profile Alpine Linux core contributors leaving the project due to burnout or personal reasons, the individual behind SourceHut, aka sr.ht, stepped up to provide new mailing list software in order to make themselves an instrumental part of the Alpine Linux ecosystem and deeply embedded in the core development team. This is commonly described as a “position of power”.

    Scientists have not yet discovered whether this “position of power” in the Alpine Linux community has yielded any benefits that are typically borne of “positions of power” in enterprises that matter, such as fame, wealth, or high-altitude sexual escapades. While it is too early to make a total judgement call, there is no indication that any of these facets of being in a “position of power” are to become true.

    yes, that low. throw more dirt.

    1. 10

      As far as I’m aware, according to the Fediverse feed of the author of “useplaintext.email”[1], the site sprang up as a response to people asking why - all of a sudden - they couldn’t contribute to the mailing list[2] in the IRC channel. This happened without any warning to any user or developer, and was solely at the whims of the individual who was now in charge of the mailing list software (and made the useplaintext.email website).

      The individual who wrote that site locking people out from contributing to a Linux distribution because they came into control of the mailing lists does, however, probably qualify.

      The submitter of this link actually orphaned all of their packages because going through the hassle of having a different email client just to contact the mailing list was not worth the hassle for what is ultimately a volunteer effort.

      1. https://cmpwn.com/@sir/102492883435461992
      2. https://lists.alpinelinux.org/~alpine/devel/%3CBVGP7GB8D8FN.2Z691JGTQHQ7L%40homura%3E
      1. 3

        thats all well, but it doesn’t warrant “Request for Guillotine” and smear campaigns. dropping the packages is unfortunate, but if it feels that it is the right thing to do it’s a personal decision.

        good alternatives are:

        • try to discuss it reasonably, preferably not via a microblogging service which are a shitty medium to to that.
        • write a patch for the mailing list software so that only the html part is dropped, and ask for inclusion of this patch.
        • ask if you can host the mailinglist instead, with the settings you want. this bears the risk that other people are fine with blocking html mails and your offer is politely declined.
        • fork the distribution.
        1. 10

          write a patch for the mailing list software so that only the html part is dropped, and ask for inclusion of this patch.

          I personally did just that, and it was rejected. I also tried to offer a self-reply patch, and that was also denied:

          21:47:53 <awilfox> I didn't see any question about this on the discuss archives: is there a way to have self-replies copied to your email?  on virtually all mailing lists I'm subscribed to, when I email the list I receive a copy back (which is reassuring that the ML software did not eat it and there were no MX issues).  I'm not getting self replies on sr.ht MLs.
          21:48:18 <ddevault> no, this is not possible
          21:48:39 <awilfox> would a patch adding this option be considered?
          21:48:47 <ddevault> probably not
          
          1. 3

            try to discuss it reasonably, preferably not via a microblogging service which are a shitty medium to to that.

            Yeah, microblogging services are certainly not ideal. It’s been discussed at length in the IRC channels (which are the official communication medium for the project). I’ve seen discussions about lack of action after said discussions in places elsewhere. Namely, the person in control doubling down on leaving it disabled.

            write a patch for the mailing list software so that only the html part is dropped, and ask for inclusion of this patch.

            The mailing list software is developed by the same person who runs it. I believe this was raised and was responded to with a firm “no”.

            ask if you can host the mailinglist instead, with the settings you want. this bears the risk that other people are fine with blocking html mails and your offer is politely declined.

            No idea where anyone is at with that. I will point out this part from the site:

            This was described by the Alpine Linux project lead as:

            a surprise and unintentional (except from a single person)
            super annoying to get locked out of participation like this
            imho, unacceptable

            So I’m not sure there’s a consensus even there.

            fork the distribution.

            I don’t know if you can get more fringe than a fork of something like Alpine Linux. Perhaps forking Void Linux? Forking over issues that are surmountable with encouragement and a correct understanding (e.g., it’s inconvenient for developers who use mobile devices, it breaks screen readers (and consequently affects those with low or no vision), and provides no feedback to users if their emails are dropped) is, in my view, pointless. I personally feel forking a project is kind of a “last resort” sort of thing.

            That said, I haven’t ever forked a project, so perhaps it isn’t. I’d appreciate your own view on that if you disagree.

            1. 5

              Note: I haven’t been able to find the source for the Alpine Linux project lead quote, so it might as well be fake

              1. 2

                Yeah, microblogging services are certainly not ideal. It’s been discussed at length in the IRC channels (which are the official communication medium for the project). I’ve seen discussions about lack of action after said discussions in places elsewhere. Namely, the person in control doubling down on leaving it disabled.

                i’m not involved in alpine linux, so i didn’t know about these discussions.

                The mailing list software is developed by the same person who runs it.

                i see it this way: the developer has the spare resources to host the list, providing it for free to the alpine linux community. i don’t think that the community is forced by anyone to use it. if the majority decides the list software is fine, then that’s the consensus. of the project lead thinks it’s unacceptable, it is maybe time to look for an other place to host the list at. blaming someone giving out free things is just plain wrong.

                I don’t know if you can get more fringe than a fork of something like Alpine Linux. Perhaps forking Void Linux? Forking over issues that are surmountable with encouragement and a correct understanding (e.g., it’s inconvenient for developers who use mobile devices, it breaks screen readers (and consequently affects those with low or no vision), and provides no feedback to users if their emails are dropped) is, in my view, pointless. I personally feel forking a project is kind of a “last resort” sort of thing.

                my list was in increasing “drama-steps”, yes. forking almost always isn’t the right solution.

                my point is that the reaction here (calling for beheading) isn’t a way to fix issues, it’s just flaming because something isn’t the way one wants it to. i know that it is hard today for many people if their points of view aren’t accepted as the only right one, but then it may be time for a fork instead of destructive behavior.

                That said, I haven’t ever forked a project, so perhaps it isn’t. I’d appreciate your own view on that if you disagree.

                i neither, but there are “forks” of slackware for example, which mostly are additional package sets and tools though. forking doesn’t has to mean that you go completely different paths.

                1. 5

                  I’m only going to quote short parts, not to take them out of context but simply to make this thread easier to read as it gets further indented left.

                  i’m not involved in alpine linux, so i didn’t know about these discussions.

                  Fair. Me neither, other than being in the IRC channels. I already have a bouncer on Freenode so I just idle in there. I use Alpine quite a bit for Docker so it’s nice to see what’s going on in there sometimes.

                  i see it this way …

                  You raise a good point, however I take one small issue with this: This particular “feature” was never raised by the person who offered the hosting until after the transition had taken place. I can’t immediately think of a real-world analogy, but I imagine you don’t need one.

                  To offer to host the mailing list then lock out a portion of the user base until they fit your world view is, in my (in the big picture, unqualified and irrelevant) opinion, in pretty bad taste. This should have been raised as a condition prior to the implementation.

                  As to who is at fault for this, I wouldn’t be able to say. I don’t know if it’s unreasonable to assume that a mailing list software would not drop emails given undisclosed criteria.

                  my point is that the reaction here …

                  Agreed, although based on context of the document one could infer that it was aimed at the practice of locking users out itself, given the first line being “Elitism-Free Working Group”. Thinking otherwise is uncomfortable in my opinion.

                  there are “forks” of slackware for example …

                  Very good point. Thank you.

                  1. 1

                    You raise a good point […]

                    i think that it just hasn’t occured to them that this would be a problem. i’d always assume plaintext on mailinglists, especially on lists of distributions etc. the lock-out was an unfortunate side effect of this. that the list shouldn’t just drop the mails but bounce them is a valid point though. “things just went wrong”, probably because of bad communication not bad intents.

                    Agreed, although based on context […]

                    i didn’t like this document because of linguistic tactics, it’s more-or-less authored anonymously, and full of ad hominem arguments. it’s bad taste and counterproductive.

                  2. 1

                    my point is that the reaction here (calling for beheading) isn’t a way to fix issues, it’s just flaming because something isn’t the way one wants it to.

                    Well beheadings rarely fix anything, but we can’t be sure until we try. What if the head grows back? I thought that website to be pretty funny anyway, but I guess YMMV. Maybe a satire tag would’ve helped. :)

                    i know that it is hard today for many people if their points of view aren’t accepted as the only right one, but then it may be time for a fork instead of destructive behavior.

                    If someone makes a website about how colonialism is cool, is it destructive to make the opposite website, or just discussion?

              2. 2

                I wasn’t aware of that (I also wouldn’t be affected by it, being a TUI email user). That does seem like a harsh sudden requirement for continued participation/contribution in the project.

            1. 10

              Worth noting that the platform itself — Twitter — seems to lend itself rather well to perpetual outrage culture. The world is a less miserable place once you remove yourself from it.

              1. 3

                I try. Problem is, I have nowhere else that fills the positive aspects of Twitter.

                1. 3

                  I told myself the same for a long time before I went cold turkey.

                  After having an account for a decade, I had a decent following of about 6k, and many well-received tweets. I had some of the biggest names in the business (language inventors, notable business people) following me. It brought press, writing, and interview opportunities. Some of my jokes were even plagiarised (and the plagiarism subsequently denied!) by the iamdevloper account, which is when you know you’ve “made it” on Twitter.

                  It was still a net-negative for me. I’m not interested in the culture wars. I’m not interested in the emoji-fuelled circle-jerk. I’m not interested in the people endlessly debating what “Agile” is or isn’t. I’m not interested in the rage-du-jour. I’m not interested in identity politics or Marxism. I’m not interested in industry gossip.

                  What I was most afraid of losing out on was a connection with the more vocal/active Haskellers. These are people I learn a lot from, and that knowledge is invaluable to me intellectually and financially. And you know what? These people are in other places too.

                  1. 3

                    I’m not interested in the emoji-fuelled circle-jerk…I’m not interested in industry gossip.

                    This was the absolute worst thing for me about tech Twitter: it was less about insights, and more about saying the right thing so people give you likes and retweets. This biases the discussions to be about banal, surface level things (because they get higher engagement). The character limit also does serious damage to the ability to discuss with any sort of nuance. If you’re on the fence about Twitter, just leave, and start repairing your attention span.

                    I think Twitter can be used effectively, but mainly as a broadcast medium, where you use it to notify people that you’ve done something, such as written a blog post.

                2. 2

                  It reminds me of this section of 1984 by George Orwell:

                  Earlier that morning, a terrible noise from the big telescreen at the Ministry of Truth had called all the workers to the centre of the hall for the Two Minutes Hate. The face of Emmanuel Goldstein, Enemy of the People, filled the telescreen. It was a thin, clever face, with its white hair and small beard, but there was something unpleasant about it. Goldstein began to speak in his sheep-like voice: criticising the Party, making nasty attacks on Big Brother, demanding peace with Eurasia.

                  In the past (nobody knew exactly when) Goldstein had been almost as important in the Party as Big Brother himself, but then he had worked against the Party. Before he could be punished with death, he had escaped - nobody knew how, exactly. Somewhere he was still alive, and all crimes against the Party came from his teaching.

                  Behind Goldstein’s face on the telescreen were thousands of Eurasian soldiers. Oceania was always at war with either Eurasia or Eastasia. That changed, but the hate for Goldstein never did. The Thought Police found his spies every day. They were called ‘the Brotherhood’, people said, although Winston sometimes asked himself if the Brotherhood really existed. Goldstein had also written a book, a terrible book, a book against the Party. It had no title; it was just known as the book.

                  As Goldstein’s face filled the telescreen and Eurasian soldiers marched behind him, the Hate grew. People jumped up and down, shouting and screaming so they could not hear Goldstein’s voice. Winston was shouting too; it was impossible not to. A girl behind him, with thick, dark hair was screaming ‘Pig! Pig!’ at Goldstein, and suddenly she picked up a heavy Newspeak dictionary and threw it at the telescreen. It hit Goldstein on the nose and fell to the floor.

                  (pages 4-5 of my eBook)

                  1. 5

                    Comparisons to 1984 are so commonplace it’s become a cliché. Could you please be a little more specific about how Twitter outrage brush fires are similar to the centrally-orchestrated single-target anti-Goldstein propaganda? Other than the fact that they both involve self-righteous anger on a mass scale?

                    1. 7

                      People are conditioned to expect, even want, an outrage target. Wake up in the morning. What’s the first thing you do? Check twitter to see who we hate today. Hating the same target gets boring. Having a new target delivered daily keeps us engaged.

                      The form of the outrage encitement is about the same, though. Look at Goldstein. Look at what he’s saying! Isn’t it just so wrong? Why isn’t he using https?

                      1. 6

                        The form of the outrage encitement is about the same, though.

                        Of course it is; self-righteous outrage has always existed, and it was already being stoked by newspapers and television back in the 40’s. George Orwell didn’t get the idea for The Two Minute Hate in a vision from God. The Two Minute Hate takes a dirty tactic that the media imperfectly uses to turn a short-term profit, and that wartime propaganda used to justify war, and had the state use it as a perfect, long-term way to control the populace. They gave them someone to hate other than themselves (fighting among each other would destablize the state) and their leaders (which also would have destablized the state).

                        Twitter is doing the exact opposite: they’re even more short-term than the press, and rather than unifying the population with one target to hate, Twitter largely turns its users against each other. The Two Minute Hate makes the people subservient to the state. A Twitter firestorm is more likely to cause a revolt than to avert one. While I wouldn’t necessarily describe these things as “out of control” (the goal is engagement, and that goal is being achieved), Twitter isn’t really “in control” the same way a guy reading a script on a TV is “in control”.

                        I realize I’m going off on a tangential pet peeve. Obviously, while making everyone hate each other is somewhat different from making everyone hate Goldstein, it isn’t better. For one thing, while attacking a man who probably doesn’t even exist is relatively safe, people can actually find and shoot at their “Twitter Goldsteins.”

                        1. 2

                          5 minutes hate on tabs versus spaces?

                          1. 4

                            We have always been at war with Clojurians.

                            1. 1

                              “Goldstein refuses to implement it in Rust”

                        2. 4

                          The oddest thing about 1984 is that Orwell never imagined people would pay to be spied on. Did he, Alexa?

                          1. 1

                            Following previous discussions, social media websites often optimize for “engagement” (which brings in ad views), rather than show you exactly what all your friends say. I don’t know what the exact logic it uses is, but I’d hypothesize it’s something like:

                            Boring tweet: show it to 20% of followers. Nobody reacts, so don’t show to the rest.

                            Drama tweet: show it to 20% of followers. They all reply/like/retweet, so it’s a good tweet. Show it to the rest. More engagement! boost this really far: to the followers of followers.

                            You can get a much wider audience by pouring gasoline over a fire.

                            1. 1

                              It’s not really single target, but for those two minutes you hate the heck out of the target. Then you move on and nobody cares. It’s a more crowdsourced version of it, but the thing people hate is “insecure” things, where “insecure” is an exercise for the reader; but nobody really does research into what they are doing and why. It’s easier to like and retweet.

                          2. 2

                            Quitting Twitter was one of the best single changes I’ve made in terms of mental health and usefulness as a person. For me it amplified the aspects of my personality that I least like, and diminished the aspects I’d prefer to amplify.

                            1. 2

                              Twitter is a video game.

                              There’s nothing wrong with video games, but if you’re playing video games 8 hours a day day in/day out then you’re probably addicted. And that addiction might be to escape something else, which is the real problem.

                              1. 1

                                I think you’re partially right, but Twitter is more insidious than that. I’ve played video games at lot at certain times in my life, but they didn’t particularly change how I viewed the world or interacted with people IRL. Twitter certainly did, and not for the better.

                          1. 11

                            I work in information security, Pale Moon kind of worries me. When I worked on a community image board serving some million of hits per month there were a few high-profile users that, for one reason or another, opted to use Pale Moon instead of a more mainstream browser. The most commonly-cited reason effectively boiled down to not liking the user interface change, which I can respect. I have a hard time breaking away from my favourite tools as well.

                            However, what was once effectively a fork of Firefox with XUL re-added and the old user-interface restored has turned into a one-person standalone project. Now, this one person - according to their bio - is capable of everything and anything at 10x, but I have my reservations on how far that capability extends. There are only four, perhaps five people that actually contribute to the project on the regular, and I would venture that none of them do it full-time, because the software doesn’t appear to pull in enough to possibly sustain a even one full-time developer salary. Given the fact that they claim this has been an eight+ year project, I would venture that some other form of income has to be required at some point. Even if it’s a part-time gig, that’s a part-time commitment to something else that takes brainpower.

                            Out of curiosity, I went back and obtained a sanitised user agent statistic set from the image board I worked on. The staff were gracious enough to allow me to get a percentage figure for Pale Moon users:

                            Out of 3656091 hits to the site over a course of roughly 24 hours:

                            • 1642179 were from Chrome-based user agents;
                            • 387233 were from Safari-based user agents (including iOS devices);
                            • 464940 were from Firefox without the Pale Moon user agents;
                            • 1156931 were from non-mainstream browsers or bots who were not Pale moon; and
                            • 4808 were from a browser using Pale Moon’s user agents.

                            This results in 0.13% of the total hits to the site’s front-end being from a Pale Moon browser.

                            If we take a look a total unique IP addresses:

                            • 80,295 total unique IP addresses in 24 hours; and
                            • 99 of those IP addresses were using Pale Moon

                            This results in 0.12% of the total unique visitors to the site’s front-end being from a Pale Moon browser.

                            This is in a community that has an awareness of it, as - like I said - several high profile users in the community use it.

                            Additionally, the individual behind Pale Moon has forked Gecko and created Goanna. In a lot of cases for a lot of types of software, this would be fine. However, there are many, many people who work on Gecko; it’s a highly complex system with a lot of room for error. As the rendering engine, it’s also the foremost part of the browser being exposed to the wilds. Despite the team size issues still occur, and some of them are genuinely concerning issues.

                            Furthermore, I can (but I won’t) write a lot of words about XUL. I understand why users want it returned, but I also strongly identify with the justification behind removing it in the first place. While the replacement wasn’t as flexible, it absolutely is considerably more secure on all fronts and, now that the vast majority of extensions have been converted to the WebExtensions API, I don’t think I’ve run into an issue for a long time. Addons that genuinely required the XUL APIs and cannot operate purely on WebExtensions APIs - in my opinion - should not have merely been a Firefox addon.

                            As an aside, the justifications behind the non-addition of multiprocessing are, in my opinion, simply a collection of empty talking points. They seem to attempt to justify the entire reason Pale Moon exists: To do things the owner’s way. That in a vaccuum is fine, but other (potentially uninformed) people being encouraged to use an opinionated browser like this without being aware of the consequences, is not.

                            I don’t worry about the project though, I worry about its (admittedly small) user base. There is only so much mental bandwidth an individual can expend before they become stretched too thin. Being a systems administrator, rendering engine developer, browser maintainer, plus whatever their full-time job is, cannot possibly be performed with 100% of acuity allocated to each component of their life.

                            This isn’t the first time, and it won’t be the last time, that a fork of a mainstream browser is dressed down because the team (or individual) is stretched too thinly. I treat every fork of a mainstream browser with the same scepticism be it Brave (Chrome), Vivaldi (Chrome), Waterfox (Firefox) or Pale Moon (Firefox). At best, on a security front, they are the mainstream browser + n lag time for security patches. At worst, they forego them entirely because they alter the vision of the creator. All of them have a vastly smaller team than the browser from which they forked, and generally they are only forking because of one or two issues with the parent product that they see as insurmountable, so more personpower to their cause is unlikely.

                            1. 1

                              Thanks for confirming what I’ve been thinking since some time. I too was once on the edge of using pale moon, back in the days before the XUL switch & rust? (so probably 2015). Because there was this rumour that there’s a better, threaded browser experience. As a user I couldn’t really see how many people really worked on this. All you saw was a huge userbase compared to many projects and some nice claims.

                              I’ve never made the switch due to various reasons[1], but I left with exactly this impression: If mozilla and google obviously can’t make their browser 100% secure, how will this fork:

                              a) keep up with the security patches while b) maintaining their own features (introducing their own security holes) and c) keeping on-par with the features the original projects keep offering.

                              [1] One of them was completely switching over to linux.

                            1. 18
                              1. Bellard is as impressive as always.

                              2. Someone found a use-after-free.

                              1. 8

                                A bit of context on the ‘someone’ for those interested: qwertyoruiop is the individual who created (half of) the Yalu jailbreak for iOS 10, and has contributed to many other big jailbreaking releases for both iOS and other platforms (e.g., PS4).

                                1. 2

                                  I don’t understand that use after free. Isn´t that a legit use of js? That is: isn’t the interpreter doing what it is supposed to do? Or not?

                                  1. 1

                                    use after free is using the content of a pointer after the memory of it was released, allowing writing at any part of the process running the javascript interpreter. It means, that it allow going outside of the javascript sandbox and as such allow for a webpage taking full control of your computer. As any important security bug, it is a way for any virus or malware to install itself on a computer.So definitely it is not a legit use of js.

                                    1. 1

                                      i was asking if the use after free bug is JS or in the interpreter.

                                      1. 2

                                        The bug is in the interpreter here. The JS in the link is a proof-of-concept exploit for the bug.

                                2. 1

                                  This is a quick reminder that script VMs are hard to develop, especially for complexe PLT such as JavaScript. Never ever run arbitrary code in those kind of interpreter, even if you believed you hardened it by removing privileged functions or I/Os. FWIW, don’t even try to run to run arbitrary code in widely used engine such as spidermonkey or V8 if they are not sandboxed. RCE still get found every now and then.