Threads for BenjaminRi

  1. 1

    Well, the lengthy treatise can be summarized that C++ is a language which has quirks and with which you can do potentially dangerous things. This is also true for any kitchen knife or car. The way move semantics has been solved in C++11 may not seem very elegant to many. What is often overlooked (including in the article) is that it was possible to do something similar already with previous C++ versions. Rust has advantages in terms of performance, if one compares e.g. with shared and weak pointers. However, Rust also has various disadvantages or requires restrictions in terms of architecture, and certain things are very difficult to do or not feasible. “There is no silver bullet”.

    1. 1

      The way move semantics has been solved in C++11 may not seem very elegant to many.

      It is elegant, given the constraint of backwards compatibility to C++98. It’s not elegant compared to what modern languages can do.

      What is often overlooked (including in the article) is that it was possible to do something similar already with previous C++ versions.

      This is not entirely true. Move semantics brought things to the table that could not be done in C++98. Especially std::unique_ptr is literally impossible to implement in C++98. Despite all its shortcomings, C++11 was a huge improvement.

      1. 1

        It is elegant, given the constraint of backwards compatibility to C++98. It’s not elegant compared to what modern languages can do.

        Maintaining backwards compatibility is a challenge indeed. I’m glad they’re doing it; it’s an essential feature to protect investments made. Regarding modern languages: C++20 is obviously “modern”, but certainly not an example of beauty.

        Move semantics brought things to the table that could not be done in C++98

        I can’t explain why this rumor is so persistent; someone has apparently invested a lot of money in marketing. It is well possible to implement move semantics and even unique pointers with pre-2011 C++, and there is even a Boost library for it.

        1. 3

          I can’t explain why this rumor is so persistent

          This rumour is so persistent because it is true. The std::auto_ptr in C++98 has entirely different semantics. You cannot implement a std::unique_ptr in C++98. And the smart pointer collection that boost provided back then was also just a band-aid at best. Trust me, I develop C++ software in my spare time and professionally for many years and I maintain codebases that are locked into C++98. This is my daily life, I feel the pain every day.

          C++20 is obviously “modern”, but certainly not an example of beauty.

          I don’t think C++20 is modern. You still have all the legacy burden, unsafe memory management, insane integer promotion rules, strings without encoding, crazy locale library, the list goes on. C++20 is as modern as a cassette player with a Bluetooth 5.2 module soldered on.

          1. 2

            This rumour is so persistent because it is true.

            No. I’m not talking about auto_ptr. Have e.g. a look at https://www.boost.org/doc/libs/1_63_0/doc/html/move.html. Every C++ programmer likely uses or at least knows Boost.

            I don’t think C++20 is modern

            It’s modern by definition; there are a lot of very important people in the commitee who are pushing for the latest craze with every release; even C++98 was officially called “modern C++”; the term is arbitrarily stretchable; personally I don’t care if it’s modern; most features we have in today’s languages were invented 40 to 60 years ago.

            1. 1

              Have e.g. a look at https://www.boost.org/doc/libs/1_63_0/doc/html/move.html.

              Just like the boost pointers, this is a band-aid at best. First of all, you now have to put macros everywhere into your code (also, have fun debugging and stepping through that). And then you still don’t have support for e.g. move-appending a std::vector element and things like that. As I said, many aspects of move semantics are impossible without actually using C++11. At best, you’re emulating C++11 behaviour with macros and elaborate C++98 incantations, while fighting tooth and nail against both the standard library and the language itself. Did you have good experiences with Boost.Move?

              1. 2

                We had many libraries in the nineties, and there still are some today, where a lot of macros are used all over the code, some even with pre-processor or code generators. That’s absolutely no problem; on the contrary it makes the code clearer. The so-called new features of C++11 are primarily syntax sugar. Only in C++14 or 17 there started to appear a few things you couldn’t do already with C++98.

                I remember well the time when trees were wasted on programming journals, and where there were regular puzzle columns on C++ that demonstrated its surprising capabilities. This was before Alexandrescu’s famous book and anticipated much of what we later had in Boost. Yes, Boost is an amazing and qualitatively impressive library in every respect.

    1. 4

      This is a good post. The C++ question of what remains in the “moved from” object is a big, nasty can of worms. Sometimes it’s well-defined, like e.g. std::unique_ptr are nulled when they are moved from (at the cost of performance). Other classes are less clear on the specifics, so you have to consider it on a case-by-case basis. Ideally, of course, you never use “moved from” objects, and that is how Rust does it, enforced by the compiler. This is faster and safer. In C++, the entire thing makes my head spin, so I usually just never use “moved from” objects again, unless I know the guaranteed behaviour off the top of my head.

      1. 2

        It’s a difficult problem in general once you start to have structure fields. The example of the string in Rust is fine for a local variable, but presumably this means that you can’t move a string out of a field in an object in Rust, because doing so would require the field to become invalid. C++ works around this by effectively making it a sum type of string and invalid string (which, as the author points out, is deeply unsatisfying and error prone). Pony does this a lot better by effectively making = a swap operator, so you have syntax for cheaply replacing the string with an empty string or other canonical marker.

        The other problem with C++ that the author hints at is that move isn’t really part of the type system. R-value references are part of the type system, move is a standard library idiom. This means that you can’t special case this in useful places. For example, it would be nice to allow destructive moves out of fields when implementing the destructive move of an object. A language with move in the type system could implement a consume and destructure operation that took a unique reference to an object and returned its fields in a single operation. This would let you safely move things out of all fields, as long as you could statically prove that the object was not aliased.

        1. 3

          The example of the string in Rust is fine for a local variable, but presumably this means that you can’t move a string out of a field in an object in Rust, because doing so would require the field to become invalid. C++ works around this by effectively making it a sum type of string and invalid string (which, as the author points out, is deeply unsatisfying and error prone).

          I’m not a rust expert by any means, but I think in rust you could achieve this pretty easily (and safely and explicitly) by having the struct field be an Option<T> and using Option::take().

          1. 2

            The problem then is that it’s now a union type and you need an explicit check for validity on every single field access. This is safer than C++ where you need the check but the type system doesn’t enforce it, it’s just undefined behaviour if it’s omitted, but it’s incredibly clunky for the programmer.

            1. 2

              Well sure, but it sounds like the alternative is “deeply unsatisfying and error prone”? If you want the Pony approach (by my understanding of your description; I’m not familiar with the language) of using some special sentinel value instead of an Option<T>, you could also use std::mem::replace(), or more concisely std::mem::take() if the type has a meaningful default value like "" for String.

        2. 1

          Yep a good post, bad title :-).

          It has a good observation that Types must have specific, clearly expressed ‘capabilities’ (or traits) that make them usable or non-usable for a specific algorithmic or technical operation.

          In a way, C++ templates system is a mechanism to express if a given type is ‘fitting’ to a specific ‘operation’ or algorithm. And if it is not – there was (often difficult to read), compilation error. But still there was a compilation error.

          C++ allowed to expressed fitment of user types to algorithms, but did not allow to express the ‘fitment’ to the technical operations (like Move, parallel access, allocation model, exception model, etc).

          And there is a impedance mismatch between built-in types and user-defined types, in the area of how these capabilities are expressed.

          Now as the number and complexity of these technical operations grows, the inconsistency in expression of the capabilities through type system, is causing higher and higher cognitive load on developers (and I am sure compiler designers).

          The problem with language now, is that it cannot evolve in a way where the complexity is constrained, but downward compatibility is maintained. It seems that we have to start choosing one over the other. As our cognitive faculties cannot just keep up with the complexity caused by the desire to maintain the previously-written-code compatibility of the language.

        1. 3

          This might be borderline off-topic but with all the interest and hopes around the Fediverse as a total replacement for mainstream social media, these kinds of hands-on stories might serve as a reality check.

          1. 1

            Excellent communities are niche by definition, for if they weren’t, they would be average.

          1. 23

            If you give an advertisement company the keys to your kingdom, you should not be surprised to find it defiled by its henchmen.

            1. 5

              Good point, some of our tech giants are actually mega (or “meta”) advertising companies. Ads should be fine, but when advertising starts to mingle with maths, neuro marketing, and technology everything gets dystopian.

            1. 3

              Didn’t you reinvent docker with your solution? Docker also uses pivot_root and essentially solves the exact same problem with very similar methods. A simple Dockerfile with FROM ubuntu:focal would probably give you the same thing you outlined here, unless I missed some crucial requirement that cannot be satisfied with docker.

              1. 8

                The similarities to Docker end at the systemd-nspawn step. After the systemd pivot-root step, the host userland is shut down entirely and the Ubuntu userland takes over, including privileged hardware access such as the graphics system.

                1. 7

                  Yeah, as hufman says this isn’t running both OSes in parallel, it’s having them installed in parallel – but mimicking a “normal” installation much more closely than one could ever achieve with docker. None of the namespace or cgroup stuff – real direct access to everything the kernel can provide.

                1. 6

                  Sounds like it’s because of COVID-19 infection risk for attendees though they don’t say it explicitly.

                  1. 6

                    It’s fascinating that this is still such a concern after everyone who wanted (and even more) got their shots.

                    1. 7

                      It’s not surprising – the Congressseuche was a kind of flu that was common during previous congresses, and while being out sick for a week was already not great, with Covid and the risk of long-term damage, the tradeoff has changed quite a bit. With vaccines, the morbidity risk of Covid is mostly solved and long-term damage has been reduced, but it’s still not entirely gone.

                      1. 1

                        I guess the bigger issue is COVID is never going away, so the tradeoff at this point is do you want to do something now with reasonable precautions like wearing masks in crowded halls or just never ever do it in person again. The never do it in person option makes sense for lots of things. There are tons of conferences that could just be webinars. But if you think doing it in person is good, the risks from COVID are going to be more or less identical in 2023, 2024, etc. Like I hope they do come out with that vaccine that’s nasal and addresses all variants, but uh, even after that it’s not realistically going to get 100% uptake.

                    2. 5

                      DEF CON (similar size) in August had close to 700 of 25,000 people report positive cases, but within that group over 12% of volunteer “goons” that had a better reporting rate.

                      The main Congress event isn’t held in a wildly different space (big convention center), and while it does have fewer cramped, hot, and sweaty hotel room parties than DC (I’m pretty sure I got COVID at one this year), instead it has more mixing of attendees with the general public in public transport.

                      By contrast, Camp is entirely outdoors (to the point that during a thunderstorm there’s nowhere really safe to go), with lots of fresh air and space for everyone.

                      1. 3

                        Yeah, after Oktoberfest in Munich the numbers were spiking. Hospitals are full and they assume it will only be worse later this year. I think it is the right move, but still I am infinitely sad about it being cancelled

                      1. 3

                        Windows builds of the Rust compiler now use profile-guided optimization, providing performance improvements of 10-20% for compiling Rust code on Windows.

                        Indeed, I do see about 10% faster builds on Windows. Nice.

                        1. 19

                          Nothing?

                          Widely deploying remote attestation as described in the doomsday scenario here is probably not possible, even if Microsoft wanted it. The blogpost largely just pose questions about potential danger without really describing how any of this would be achiveable. It’s lazy, really.

                          It’s simply too brittle outside of tightly controlled environments and would break far too often to actually give any consumer value.

                          Can a school run some WPA2 endpoint and restrict access based off on some Chromebook the school issues and validate it with an attestation protocol? Sure. It’s tightly controlled.

                          Is this going to be achiveable with everything from my self-built desktop running Windows and my random consumer-grade laptops? It would be an engineering marvel. Microsoft would need to be supplying tightly controlled hardware configurations to all consumers and uh….I don’t see how that would happen. The infrastructure needed to even begin validating this would be an interesting problem on it’s own.

                          I still think Matthews take on this is the better one. Pluton is not (currently) a threat to software freedom

                          If you also care about the opinion of the FSF/Richard Stallman: They went back on their stance about TPMs in 2015. https://www.gnu.org/philosophy/can-you-trust.en.html

                          The TPM has proved a total failure for the goal of providing a platform for remote attestation to verify Digital Restrictions Management. […] The only current uses of the “Trusted Platform Modules” are the innocent secondary uses—for instance, to verify that no one has surreptitiously changed the system in a computer. […] Therefore, we conclude that the “Trusted Platform Modules” available for PCs are not dangerous, and there is no reason not to include one in a computer or support it in system software.

                          1. 25

                            Widely deploying remote attestation as described in the doomsday scenario here is probably not possible

                            It already happened on Android with many apps. There are no modern Android phones that aren’t shipped with Google certified keys inside the TPM. The claim that a large-scale deployment of such systems is not possible is quite foolish, given that it already happened to various ecosystems and such trends are only accelerating. The threat is real and serious. May I ask, do you have a smartphone? Android, iPhone? Do you have a banking app? Did you try to assert your ownership of the device by installing an operating system of your choice? How many apps were you unable to use afterwards?

                            1. 12

                              Do you have a banking app? Did you try to assert your ownership of the device by installing an operating system of your choice? How many apps were you unable to use afterwards?

                              What you are demanding here is not “ownership of the device”, but ownership or ownership-like rights to third-party services and hardware. The bank will, I am certain, still serve you via their web site, via phone call, probably these days via SMS, and certainly if you just show up in-person at a branch. They are free to set out the terms on which you get access to their systems, and for some banks and some apps, one of the terms is “app, but only if we can verify you haven’t messed with it or with crucial system libraries it depends on”.

                              You’re free to dislike that. But you don’t have an inherent moral right to access their systems without their consent. They have the same ownership rights to their systems and networks and devices that you have to yours, and your unfettered right to tinker with your stuff ends where their stuff begins.

                              Also, in my experience most people have completely wrong ideas about the incentives that lead to things like this – it’s not that the bank hates your freedom, or that Google hates your freedom, or that either of them wants to take your freedom or your “ownership of the device” from you. That’s the mustache-twirling hyperbolic strawman I’ve already pointed out in my other comment.

                              Instead, it’s that large corporate environments have weird incentive systems to begin with, and for large corporate environments in heavily-regulated industries that weirdness is generally at least squared if not cubed. So, say, the website might get declared a low-trust environment and they check some boxes to say they’re properly securing it, while the app gets declared a high-trust environment and they just forbid access from a modified version or from a version where they can’t reliably detect if modification has occurred, and that checks the required corporate and regulatory boxes to ship the app, which is less effort than they had to put in for the site. Even if the app literally just embeds a web view. Even if it makes no sense right now, it’s often the cumulative result of a bunch of seemed-reasonable-at-the-time decisions that most people go through life unaware of.

                              (my personal favorite example of this, from healthcare – the highly-regulated industry with which I’m most familiar – is that in the US many entities clung to faxes well past the time when it made any technical sense, largely because of a weird quirk where US health-care regulations treated fax systems differently than basically all other electronic transmission methods, for reasons that make no sense whatsoever today but presumably did multiple decades ago when the decision was made)

                              Meanwhile, the nightmare dystopian scenario that, for years, people have been asserting would be the endgame for the deployment of all this stuff… has still not materialized. If it had, you wouldn’t have been able to “assert ownership of the device” in the first place, remember.

                              1. 20

                                You’re free to dislike that.

                                Although I don’t disagree with the main argument, saying things like “you are free not to use an iPhone or Android” is like saying “you are free to become a monk or live secluded in a jungle”. It is unrealistic and perpetrates the poor argument that most “people have a choice”, when it comes to social median, online services, identity etc. They don’t. Not even geeks. Try creating an eshop without integrating with Google (ads, analytics), Facebook, Twitter, Stripe, PayPal, Amazon… if you are Walmart you MIGHT pull it off, but otherwise good luck.

                                1. 2

                                  All of the things you mention in your example of setting up an online shop are pushed on you by social forces, not by technological handcuffs.

                                  There is no technological solution to the social forces.

                                  1. 6

                                    This is why it’s important to keep the door open to compatible third party implementations. Because without that, social forces become technological handcuffs.

                                    1. 3

                                      Technology forms part of the social fabric, and therefore can interact with social forces. The classic example of this is copyleft and the free software movement. I’m not saying that FOSS was a great success, but it’s certainly true that it influenced the direction of software for 20 years or more.

                                      As technologists, we should remember more often that technology does not exist outside of society and morality.

                                  2. 8

                                    What you are demanding here is not “ownership of the device”, but ownership or ownership-like rights to third-party services and hardware

                                    I wasn’t aware that my phone was a third party service or hardware.

                                    1. 8

                                      I already explained this in a way that makes it hard to take your reply as being in good faith, but I’ll explain it again: you’re free to modify the things you own. You’re not free to demand unlimited/unrestricted access to the things other people own.

                                      So the bank is free to set hours when their branch is open and say they won’t provide in-person service at the branch outside of those hours, no matter how much some people might insist this infringes their freedom to come in when they want to. They’re free to set a “shirt and shoes required” policy for receiving service at the branch, no matter how much some people might insist this infringes their freedom to come in dressed as they please.

                                      And they’re free to set rules for accessing their systems via network connection.

                                      Sometimes those rules include “mobile app, but only if we can verify it hasn’t been tampered with”, and it’s their right to do that no matter how much some people might insist this infringes their freedom to tinker with their devices.

                                      As I said already, that freedom to tinker ends where someone else’s systems and devices begin. You don’t own the bank’s systems. Therefore you don’t get to dictate to them how and on what terms you’ll access those systems, no matter how much you might like to, because they have the same ownership rights to their systems and devices that you have to yours.

                                      1. 5

                                        So the bank is free to set hours when their branch is open and say they won’t provide in-person service at the branch outside of those hours

                                        But it isn’t free to demand complete control of the contents of cars on nearby roads. No matter how much the ability to inspect them may reduce bank robberies.

                                        The bank may want the ability to inspect your car, but society doesn’t need to say yes to every misguided request.

                                        1. 5

                                          But it isn’t free to demand complete control of the contents of cars on nearby roads.

                                          That analogy doesn’t work, because “nearby roads” aren’t the bank’s property.

                                          So if you want to go with that analogy and make it work: the bank branch may have drive-through facilities, and they may not accommodate all vehicle types. Say, due to lane width, a huge pickup truck or SUV might not fit, or due to the height of the covering over the lane, a very tall vehicle might not fit.

                                          You still have the freedom to buy and drive a vehicle that doesn’t fit in the drive-through lane. But you don’t have the right to demand the bank rebuild the drive-through lane to accommodate you. They’re free to tell you to park and come inside, or use the ATM, or bank online, or any of the other methods they offer.

                                          And, again, there is no situation in which “ownership of your device” creates a moral right to demand access to systems owned by others on terms you dictate. If the bank doesn’t want to grant you access on your preferred terms, they don’t have to; they can set their own terms for access to their systems and (subject to local laws about accessibility, etc.) enforce those terms.

                                          (also, in some jurisdictions the bank absolutely could regulate the “contents of cars” on the bank’s property – for example, the bank could post a sign saying no firearms are permitted on the bank’s property, and that would apply equally to one stored in a car as it would to one brought inside the branch)

                                          1. 4

                                            That analogy doesn’t work, because “nearby roads” aren’t the bank’s property.

                                            And my phone is?

                                            My phone is an access method, and I have neither sold nor rented it to the bank.

                                            1. 4

                                              Your car is your property. But when you want to use your car on someone else’s property they can make rules about it. For example, where you can park, how fast you can drive, which direction you can drive, and so on.

                                              Your networked device is your property. But when you want to use your networked device to access someone else’s devices/systems, which are their property and not yours, they can make rules about it.

                                              I’ve explained this now multiple times, and I don’t see how any legitimate difficulty could still exist in understanding the point I’m making.

                                              1. 3

                                                Yes, I understand that it is technically legal for them to do this. Technically legal is not the same as desirable. It’s a horrifyingly dystopian future being described here, and painted as desirable because it is possible.

                                                I want a way off this ride, and I don’t see one.

                                                No, “stop keeping your money in banks” is not a serious option.

                                                No, I do not use Linux, Windows, or OSX.

                                                Yes, I already refuse to install apps for this on my phone – I use my phone exclusively for tethering, maps, and getting paged when I am on call for work. I do not trust it to act in my best interests, and I do not want enforced software that I dislike spread to the rest of my computing devices.

                                                Your networked device is your property. But when you want to use your networked device to access someone else’s devices/systems, which are their property and not yours, they can make rules about it.

                                                It would probably be legal for a bank to require you to install a GPS tracker on your car to gain access to the bank. It would be safer for the bank if they could track the location of possible getaway cars. It would be safer for the bank to ensure that you didn’t go into sketchy neighborhoods where you could get mugged and have your bank cards stolen.

                                                But I don’t think a future where banks remotely enforcing what you do with your car is a good one. It’s not worth the safety.

                                                1. 4

                                                  Every time I point out that the analogy falls apart when you try to extend control past the bank’s property line, you propose another analogy which extends control past the bank’s property line.

                                                  I cannot engage further with this.

                                                  1. 2

                                                    What do you mean, “extend control past the bank’s property line?”.

                                                    In this analogy, the bank allows you to drive cars without GPS trackers; They just require you to have one installed to engage with them. They’re not controlling your property –you’re voluntarily complying with their business requirements. It’s just them choosing how you engage with their business. You can avoid getting a GPS tracker so long as you don’t set foot on a bank’s property.

                                                    This is less hypothetical than it sounds. While I’m not aware of banks pushing for GPS information, insurance companies already want this information in order to dynamically adjust rates based on driving habits, and to attribute blame more accurately in collisions.

                                                    I’ve interviewed for an offshoot of State Farm that was established to explore exactly this. The interviewer was very excited about the increased safety you’d get because drivers would know they’re being watched. This was a few years ago – today, of course, you’d need to do some remote attestation to ensure that the system wasn’t tampered with and the data was transmitted with full integrity.

                                                    Once this pool of data is established for analysis, it becomes very tempting for law enforcement, less pleasant regimes, and three letter agencies to access it.

                                      2. 2

                                        For a bank or hospital? It absolutely is.

                                      3. 7

                                        Also, in my experience most people have completely wrong ideas about the incentives that lead to things like this – it’s not that the bank hates your freedom, or that Google hates your freedom, or that either of them wants to take your freedom or your “ownership of the device” from you.

                                        Let’s ignore the fact that large corporations have a long and well-documented history of nefarious behavior. I mean, one of the first corporations in the west was the British East India Company. Calling it nefarious is a huge understatement. But that’s all not quite relevant to the point I’m making.

                                        Instead, it’s that large corporate environments have weird incentive systems to begin with, and for large corporate environments in heavily-regulated industries that weirdness is generally at least squared if not cubed.

                                        Fine. Does it truly matter if the reason is maliciousness or ignorant apathy combined with perverse incentives, if the end result is still the same? A difference which makes no difference is no difference at all. What I’m seeing is gradual disempowerment of people, not some quick power grab. And I don’t care what the reasons are, if the results are still the same.

                                        Every time this discussion comes up on Lobsters, you trot out the comic-book villain trope as a way to belittle the people you disagree with. A box-ticking technocrat can be just as harmful as a villain.

                                        1. 10

                                          Does it truly matter if the reason is maliciousness or ignorant apathy combined with perverse incentives, if the end result is still the same?

                                          Except the end result is not the same. The freedom-hating cartoon villain would not give you a way out. Yet out here in the real world you do get a way out. And as I pointed out, it’s been getting finer-grained over time so that you actually have even more control over which security features you want on and which ones you want off.

                                          This is not how an actual “war on general-purpose computing” would be waged!

                                          Every time this discussion comes up on Lobsters, you trot out the comic-book villain trope as a way to belittle the people you disagree with. A box-ticking technocrat can be just as harmful as a villain.

                                          My central assertion is that the Free Software movement and its adherents are actively hostile to security measures that are A) reasonable, B) desired by and C) accepted by much of the market, and that this hostility goes all the way back to the early days with Stallman writing purple prose about how he was standing up for “the masses” by having GNU su refuse to support a “wheel” or equivalent group. Today that manifests itself as reflexive hyperbolic opposition to fairly banal system security enhancements, which inspire yet more reams of purple prose.

                                          I further note that this opposition relies on appeals to emotion, especially fear (they’re coming for your freedom!), and on erecting straw-man opponents to knock down, neither of which is a particularly honest rhetorical tactic.

                                          And finally, this opposition also doesn’t stand up to even the slightest bit of actual scrutiny or comparison to what’s occurring in the real world, and on that theme I note you yourself largely refused to actually engage with any of the points I made, and instead went meta and tried to tone-police how I made the points, or the fact that I was making them at all.

                                      4. 4

                                        Android is an example of tightly controlled devices where this is completely feasible though.

                                        1. 2

                                          Yes, and the industry trend is to slowly extend that to more computing devices, including PCs. And, in this very thread, we have someone who is arguing that not only is it a company’s right, it’s effectively their duty, to ensure users aren’t tampering with their computing devices so that bad actors can’t compromise them.

                                      5. 9

                                        Yup.

                                        The hyperbole around this stuff runs into the inconvenient fact that all the horrible things have been technically possible for a very long time, using only features that already exist on consumer hardware and consumer operating systems, and yet the predicted dystopia… has not arrived.

                                        Microsoft has been theoretically able to fully lock down laptops and desktops for years. Apple has been theoretically able to fully lock down laptops and desktops for years. The reason they haven’t is not that they lack the one final piece of the freedom-destroying superweapon that will finally let them power it on, and it is not that scrappy freedom-warriors on the internet have pushed back too hard. The reason they haven’t is that destroying freedom is not, and never has been, their goal.

                                        So, so much of the argumentation around this stuff relies on building up strawmen and knocking them down. In the real world, there are no mustache-twirling executives cackling about how this time, finally, they will succeed at destroying freedom forever and bringing an end to general-purpose computing. There are just ordinary, usually really tired, people doing things for honestly pretty ordinary and banal reasons, and we generally will do best by taking their statements at face value: that they’re doing it for security, which is something both corporate and consumer users are loudly demanding.

                                        A lot of people are tired of living in constant fear. Fear that looking at, or in some cases just being a recipient of, the wrong email or the wrong text message or the wrong PDF or the wrong link will silently and completely compromise their systems. Fear of malicious actors, both remote and intimate. Fear of being fired if they slip up and make even the tiniest mistake instead of being a perfect “human firewall”. Fear of all manner of things that we can prevent by default if we just choose to.

                                        So we get more and more systems that have those protections by default. That let you just use it without being afraid. And if you want to live dangerously, you still can. The “I know what I’m doing” escape hatches are there! They’re even getting finer-grained over time, so that you can choose just how dangerously you want to live. You can turn off bits and pieces, or go all-in and replace the OS entirely. This is not the progression we would see in a world where the vendors were waging a “war on general-purpose computing”, and the actual observed state of the world is the strongest possible counterargument against the existence of such a “war”.

                                        And yet we still get hyperbole like this article. I’m so, so tired of it at this point.

                                        1. 3

                                          I don’t think it is not possible. Obviously game publishers already want this solution, windows 11 requires the chip (or will require the new one too, doesn’t make a difference), and if you ever owned an android device, you’ll know how many apps break when you install your own android copy.

                                          I can definitely imagine banks and other services rolling this out as a requirement. Developing a new browser is already hard enough, but if only 10% of the services under cloudflare require this in the future, you’re basically locked out of using linux/owned android/new browsers. We have a regular inspection requirement in germany for all vehicles on the street, for the safety of others. Maybe this will come one day for the internet, simply because that could reduce the amount of spammers and bots.

                                          Let’s spin this idea further: There is a law in germany that you’re responsible for your network connection. What if because of that you’ll not be allowed on public wifi anymore, without such an attestation ? No more headaches due to compromised devices.

                                        1. 31

                                          Remove the entire thing from snap and install it via apt. Problem solved.

                                          sudo snap remove --purge firefox
                                          sudo add-apt-repository ppa:mozillateam/ppa # Press [ENTER] when it prompts for confirmation
                                          echo '
                                          Package: *
                                          Pin: release o=LP-PPA-mozillateam
                                          Pin-Priority: 1001
                                          ' | sudo tee /etc/apt/preferences.d/mozilla-firefox
                                          sudo apt install firefox
                                          
                                          1. 19

                                            Followed by this to remove snap and not run into such issues again:

                                            sudo apt autoremove --purge snapd gnome-software-plugin-snap
                                            rm -fr ~/snap
                                            sudo apt-mark hold snapd
                                            
                                            1. 8

                                              Be careful with that. Firefox is not the only thing that is installed by snap. Here’s the list for Ubuntu 22.04 LTS:

                                              testuser@testvm:~$ snap list
                                              Name               Version          Rev    Tracking         Publisher   Notes
                                              bare               1.0              5      latest/stable    canonical✓  base
                                              core20             20220318         1405   latest/stable    canonical✓  base
                                              firefox            99.0.1-1         1232   latest/stable/…  mozilla✓    -
                                              gnome-3-38-2004    0+git.1f9014a    99     latest/stable/…  canonical✓  -
                                              gtk-common-themes  0.1-79-ga83e90c  1534   latest/stable/…  canonical✓  -
                                              snapd              2.54.4           15177  latest/stable    canonical✓  snapd
                                              

                                              I keep snapd around because I haven’t yet looked into what happens when you remove it entirely.

                                              1. 9

                                                I’m pretty sure everything but Firefox in that list is just a runtime, and if you aren’t using any other snaps, you can do without it

                                          1. 11

                                            I once helped a good friend of mine with some intro-to-programming homework she was stuck on — building a simple dynamic web page with some JS. It reminded me a little bit of TA-ing CS 10 in college … only the concepts were a hell of a lot more complicated. It was eye-opening.

                                            I had thought before that in-browser JS was a nice platform to learn on: interactive, visual, high-level. And yeah, it’s nice that learners don’t have to deal with the concept of pointers and the resulting crashes or data corruption. And the results are more rewarding than seeing “HELLO WORLD” printed in a terminal.

                                            But even a simple script to update a web page when you press a button is sitting on top of a mountain of CS concepts like trees, objects, parsing (i.e. the relation between the HTML markup and the Element objects), events and event handlers… I vividly remember trying to help her understand how the text ”<div>” related to the name HTMLDivElement and how one thing mapped onto another.

                                            Then a few years later I watched my kid take to programming like a duck to water, by writing simple CLI tools (games mostly) in C. A much grungier language and less sexy results, but on thinking about it I could see why it was a shallower learning curve. Heck, it’s the exact same domain I learned in back in the 1970s, only I was using BASIC.

                                            1. 2

                                              It took me years to figure out that the Document Object Model (DOM) is just a tree of objects, and that this tree has document as the root and is built by the page’s HTML and can be manipulated by JavaScript. After that, everything clicked. However, CSS and aligning elements precisely in relation to each other, with support for different screen sizes and browsers, that’s an art I will never master. On a difficulty level, I would place it on par with reverse engineering compiled binaries.

                                              1. 3

                                                Assuming you have basic knowledge of CSS (syntax, how selectors and properties work) but don’t know how to do layouts and such, here are a few tips:

                                                Don’t use a text editor to write your CSS, use your browser’s developer tools. It’s a much better experience. You get live feedback as you change things, some things like colors and (in Chrome) box-shadows and animations have little graphical editors, it’s much easier than trying to write CSS elsewhere. CSS-Tricks and MDN are your friends.

                                                Flexbox is usually what you want for layouts. CSS-Tricks has a good reference for it, for a long time I needed to check that page every time I was doing CSS. I’ve also heard good things about Flexbox Froggy. CSS grid is nice too, but it’s much more complicated.

                                                Always add * { box-sizing: border-box; } to your css files, it makes width/height/padding behave more nicely.

                                            1. 11

                                              Just yesterday, I set up my new Android phone. Android is an incredibly hostile platform in every way. Immediately when I start the phone, I’m bombarded with EULAs and Terms and Conditions, some of which I have no choice but to accept to even use the phone. Google, the phone manufacturer and every other involved party want a piece of the pie of personal user data. The keyboard app - yes, the app that literally just displays a few buttons - transfered dozens of Megabytes to and from the internet, I have no clue for what purpose. Things that have no business running at all slurp up battery power like there’s no tomorrow. Okay, let’s install LineageOS. The process to unlock the bootloader is tiring and there wasn’t a single tutorial on the internet that got the process right, I had to figure it out on my own. Then you realize that if your bootloader is unlocked, your phone is now recognized as modified and no longer passes SafetyNet, a “helpful” API by Google that locks out anyone who has asserted ownership over their phone by modifying something. No more banking apps, Google Pay, Pokémon Go, even the McDonalds app checks SafetyNet. You can hide from SafetyNet, but we have now come to the point where they check hardware-backed attestation which cannot be circumvented. And all of this unlocking, flashing and SafetyNet circumvention stuff is incredibly tedious with pages-long tutorials on the internet, shady executables and the ever-present risk of turning your phone into a paperweight. A thriving Linux phone ecosystem isn’t just overdue, it was overdue 10 years ago. Purism Librem 5 and PinePhone push the envelope of Linux mobile, and even though the experience is still flaky, the basics work (I have a PinePhone) and are usable. Frankly, I don’t care what SoC they use as long as they at least push the software side away from this insanity. You can’t liberate everything and everyone at once. They have my full support.

                                              1. 7

                                                Then you realize that if your bootloader is unlocked, your phone is now recognized as modified and no longer passes SafetyNet, a “helpful” API by Google that locks out anyone who has asserted ownership over their phone by modifying something. No more banking apps, Google Pay, Pokémon Go, even the McDonalds app checks SafetyNet.

                                                I said this in a thread the other day, but it’s still true: this argument is based on an inconsistency.

                                                You feel it’s very important to “own” your devices and systems, and you seem not to want anyone else ever to dictate terms to you for how you can use your devices/systems, and you seem not to want anyone else ever to access your devices/systems except on terms you set.

                                                But you also are demanding access to others’ devices/systems, and demanding to dictate the terms on which you will receive that access.

                                                The only consistent position is to grant those other entities the same ownership rights to their devices/systems that you demand for yourself and your devices/systems. Which would mean they are perfectly within their rights to deny access to you or to set the terms on which they will allow access,

                                                And ultimately it really is just a matter of trust – your bank, for example, almost certainly has a website you could use, and that website is built for the low-trust client/environment of a web browser. They also offer a higher-trust client in the form of a mobile app, but require that it be used only in a higher-trust environment (i.e., one in which they can cryptographically verify that neither the app nor the key libraries/functions it depends on have been modified, since they have no way to tell whether a given modification is malicious or not). And again they are entirely within their rights to offer access on those terms. If you find neither option palatable, you can probably also call them, or walk into a physical branch office to transact your business (though in both cases they would demand that you go through a trust routine – verifying your identity as an account holder – before granting you access to do things).

                                                1. 3

                                                  And ultimately it really is just a matter of trust

                                                  A device I set up myself, with binaries from e.g. Arch, Debian or Ubuntu, is 10 times more secure and safe than any stock smartphone that ships with this ridiculous bloat that might even be compromised right out of the factory. The trust argument is such a laughable and obvious lie. Indeed, a lot of banks have a web client that has full access and runs on any device without such ridiculous constraints - precisely because they are not necessary, it’s security theater to disempower the user.

                                                  And again they are entirely within their rights to offer access on those terms.

                                                  Yes, the behavior is despicable but legal. Legality and morality are often orthogonal.

                                                  1. 2

                                                    The trust argument is such a laughable and obvious lie. Indeed, a lot of banks have a web client that has full access and runs on any device without such ridiculous constraints - precisely because they are not necessary, it’s security theater to disempower the user.

                                                    If the bank truly had as its goal to “disempower the user”, they have a much larger arsenal of techniques at their disposal, and it would be odd that they and so many other entities are, effectively, fighting with one hand tied behind their back. I argued this in a thread the other day about Apple: if they really were going to lock down all their laptops/desktops, why haven’t they done it already? The iPhone and iPad demonstrate the technical capability, and their marketing of those devices as being limited for security has generally succeeded with the populace as a whole, but they still won’t even offer a locked-down Macbook as an option if you ask them for it. This is strong empirical evidence that the “disempower the user” type claims made about banks, and Google, and Apple, and other entities, are wrong.

                                                    So perhaps their motivations are not what you hyperbolically attribute to them, and the decisions they make, and the motivations for those decisions, are downright banal when you really sit and think them through. The bank doesn’t need perfect security, for example – they just need “good enough to not get sued too hard” security. They often are dealing with maddeningly conflicting regulations which treat things as completely different when, to a technically-inclined person, they’re obviously similar or just the same. And on and on, all of which adds up to decisions like requiring attestation to trust the mobile app but not a web client.

                                                    Yes, the behavior is despicable but legal.

                                                    You seem to think that your right to control and dictate terms of access to your devices/systems is moral in nature. Is not their right to control and dictate terms of access to their devices/systems necessarily of the same nature?

                                                    1. 2

                                                      You seem to think that your right to control and dictate terms of access to your devices/systems is moral in nature. Is not their right to control and dictate terms of access to their devices/systems necessarily of the same nature?

                                                      Well, if they are corporations and the device owners are people, then I guess that hinges on if one believes corporations are people, or at least what correspondences they have in terms of rights. I wonder if the device users in this thread were using devices owned by corporations, might they feel differently? Would they even use those devices?

                                                      I think your point about locking things down could be informed by the other elephant in the room, anti-trust litigation. We see this coming from the EU on multiple fronts, and no matter how big Google and Apple may be, they probably don’t want to be prevented from selling things in the EU.

                                                      1. 1

                                                        Corporate personhood is pretty far to wander from the topic at hand, and is also a pretty settled question. It also tends to lead into absurdities when one considers extremely common cases like a sole proprietor, and asserting that people lose rights as an automatic consequence of, effectively, working for themselves.

                                                        As for anti-trust: I am deeply pessimistic about the Digital Markets Act and about the EU’s approach in general. But again that’s wandering very far from the topic at hand.

                                                        1. 1

                                                          I disagree with most of the assertions in your comment here, but I wish you well.

                                                          But again that’s wandering very far from the topic at hand.

                                                          I understand your desire to shutdown discussion, and am happy to comply.

                                                      2. 2

                                                        You seem to think that your right to control and dictate terms of access to your devices/systems is moral in nature. Is not their right to control and dictate terms of access to their devices/systems necessarily of the same nature?

                                                        The issue is symmetrical, and that’s precisely why there isn’t an “inconsistency” like you claim. The bank wants that my entire phone’s firmware is signed by a key of their choice (Google’s). Likewise, why can’t I insist that the bank signs all their binaries on all their servers with a key of my choice? Of course, the bank would laugh it off and tell me to get lost. And that is precisely how we, the users, should react to the request that our binaries be signed by Google.

                                                    2. 2

                                                      (though in both cases they would demand that you go through a trust routine – verifying your identity as an account holder – before granting you access to do things).

                                                      Well, the difference here is that the verification mechanism is now with the world’s largest ad company, who is undoutedly going to use your information + habits + everything they can get to market to you. Verifying your identity at a bank by showing your ID isn’t quite the same thing…

                                                      1. 4

                                                        The point of hardware attestation is that it’s, basically, cryptographic signature verification using keys that aren’t easily modifiable by the software whose signature is being verified. Thus trying to solve a thorny security problem where you can’t trust a signature because the set of valid keys might have been tampered with by the thing you were trying to verify.

                                                        So I don’t see how Google’s business model is relevant here. If hypothetically a non-profit dedicated to Free Software ideals released a device with such functionality, my argument – it’s inconsistent to demand “ownership” of one’s own systems while denying “ownership” of their own systems to entities one interacts with – would still be just as sound, while your argument, which is based on the non sequitur of pointing to the business model of the manufacturer, would no longer hold up.

                                                        1. 5

                                                          There is nothing inconsistent about wanting to exert ownership over one’s device and communicate to other devices. I see that you repeated this point again, as if there was some logical inconsistency in the desire to control one’s own mobile. There is not. When a third party forces me to relinquish control of my mobile to communicate with it, then it is overstepping my boundaries. Of course it can do that, but then I will make sure to migrate away as soon as possible because that’s abusive behavior. I don’t ask my bank to only run binaries that I signed. Likewise, my bank has no business of asking the reverse of me. That’s the inconsistency. This is a relationship where the user is on the losing side, and it is about time we negotiate better for our side.

                                                          1. 2

                                                            I never said your argument was invalid, but the manufacturer is definitely relevant, since you have to trust them. Some people don’t trust an ad company to always do the right thing (now, but especially in the future…)

                                                            So the manufacturer’s business model is relevant, whether or not you want to believe it.

                                                      2. 7

                                                        I worked at a company that chose to implement a non-rooted phone requirement for its mobile apps. The choice wasn’t motivated by security snake oil or a desire for control, but a demonstrated large and significant empirical relationship between rooted phones and breached accounts. Given that this company might be liable for some of the losses incurred by a breached account, it was the rational choice to do this.

                                                        Now, I’m very sympathetic to the ideas of user control and openness in the abstract, but anyone making that case really has to acknowledge that these are choices in a complex tradeoff space involving security and user control. I’m not saying that all or eve locked-down devices were motivated by a sincere concern for user security, but in practice there’s a clear demonstrated relationship between these things and I think there are reasonable explanations for why this may be the case.

                                                        1. 3

                                                          If rooting wasn’t so hard and tedious and wouldn’t require you to download shady binaries and leaked tools from forums, the security aspect would look entirely different. If there was an easily installable Debian-style distro for phones, where you can get pretty much everything from the apt store, such things wouldn’t happen nearly as much. The security issues are engineered precisely by the people who then jump in to “solve” them, albeit unwittingly, perhaps.

                                                      1. 11

                                                        In all digital matters, we are heading straight for turnkey totalitarianism, if we aren’t already there. For those who don’t know what that means: Yes, your liberties aren’t yet removed, but all it takes to remove them is one little change, for example the removal of an option in a menu. Windows 11 requiring a TPM (essentially for no reason other than security theater) is another step in that direction. The end-game is obvious: The vast majority of people can only execute software that is approved by some authority. The computer, the most empowering tool in human history, is well on its way to become the most disempowering tool to ever exist.

                                                        1. 8

                                                          This sort of hot take is basically never useful, because it doesn’t hold together unless you assume literal cartoon-villain-level motivations and behavior on the part of all software and hardware vendors, and assume that they are all working together explicitly and in perfect unison toward the same cartoon-villain goal (“At last! Our long campaign to destroy freedom and happiness is coming to fruition!”).

                                                          If you insist on framing it in “freedom” terms, though, I’ll fire back with a way of putting it that I’ve used a few times, namely that what this is really about is a “freedom” that somehow got left out of the manifestos. Since Stallman went all the way down to Zero, we’ll call this one Freedom Negative One, and it is phrased as:

                                                          The freedom of anyone, anywhere, to run any software, for any purpose, at any time, on your hardware.

                                                          Now, Stallman himself has occasionally leaned toward perhaps wanting to grant this one — he certainly has a history stretching back to being against even differently-privileged accounts on multi-user systems — but most of the world is not interested in or willing to grant Freedom Negative One, and computer security is entirely about how to avoid granting it, and the tradeoffs that come as a result.

                                                          In other words: many people openly want to have a computer that runs only the things they themselves wanted to have running. Any method of achieving this, from TPMs to signed packages to even fundamental things like memory segmentation, involves some compromises in terms of making it more difficult for a program to do whatever the programmer wanted, and in some cases even what the user might have wanted, in order to prevent programs from doing things the user did not want. So blanket painting of this as a cartoon-villain plan to destroy freedom is fundamentally unhelpful and ignores the fact that compromises already have been and will continue to be made, long before TPMs existed. Unless you’re wiling to roll it all back, you do not get to have an absolutist moralistic position.

                                                          So please reframe your arguments accordingly.

                                                          1. 13

                                                            This sort of hot take is basically never useful, because it doesn’t hold together unless you assume literal cartoon-villain-level motivations and behavior on the part of all software and hardware vendors

                                                            That is simply untrue. The loss of freedom is in general not caused by conspiracy but by a lack of care by those who enjoyed it. The vendors make huge profits off closed ecosystems, it’s in their best interest to conjure up all kinds of arguments to lock platforms down, like security, a common design language, vetted applications, etc. We undeniably move more and more into the direction of locked down platforms, not due to a conspiracy but due to convergence of both economic and governmental interests.

                                                            and computer security is entirely about how to avoid granting it, and the tradeoffs that come as a result.

                                                            Again, not true at all. The freedom to run any software and security are orthogonal. That’s what containers and virtualization are for.

                                                            many people openly want to have a computer that runs only the things they themselves wanted to have running

                                                            Yes, but what they will get is a machine that runs only the things that someone in Redmond or Cupertino - or Washington for that matter - wants to have running. Which is something entirely different.

                                                            Any method of achieving this, from TPMs to signed packages to even fundamental things like memory segmentation, involves some compromises in terms of making it more difficult for a program to do whatever the programmer wanted

                                                            The end result is inevitable and we already saw it happening on the iPhone: The manufacturer has complete control over the ecosystem and can control what content apps allow. Apps that allow people to publish content that is not liked by the owners of the ecosystem are forced into censorship. This is not a conspiracy, this has been happening for years.

                                                            So please reframe your arguments accordingly.

                                                            It is you who has to catch up with the current millenium.

                                                            1. 4

                                                              The freedom to run any software and security are orthogonal. That’s what containers and virtualization are for.

                                                              In the interest of civility, I will only say that this statement betrays an enormous amount of naiveté.

                                                              1. 8

                                                                I am actually well-versed in security topics. The vast majority of modern hacks and exploits are done through methods like phishing, social engineering, leaked credentials and authentication tokens, databases and files that are public by accident, etc. Things like breaking out of the hypervisor, breaking the virtual machine, exploiting the runtime etc. are exceedingly rare. It is the human wetware that is exploited, not the copper & silicon.

                                                            2. 4

                                                              No, I assume “stay in business” motivations on the part of most software and hardware vendors.

                                                              I assume a combination of cartoonish evil and cartoonish short-sightedness out of all lawmakers (and for that matter nearly all the voters who elect them), only because events have never yet proven me wrong. Give them a capability like this, tell them that all they have to do is push a button to stop all computer crime, all identity theft, all child porn forever, and all it will hurt is criminals and a few neckbeard weirdos, and not only will they jump at the opportunity to walled-garden every device with more computing power than an abacus (to the benefit of a few companies who are first in line), they will actively destroy the lives of anyone who opposes it. It doesn’t matter that the promise is a lie. It only matters what you promise.

                                                          1. 2

                                                            Careful with GCC 11. They made a change in C++, they are more strict about #includes of headers [1]. Expect a lot of existing code to break. I actually had to downgrade to get very large projects to build again.

                                                            [1]: https://gcc.gnu.org/gcc-11/porting_to.html#header-dep-changes

                                                            1. 2

                                                              They made a change in C++, they are more strict about #includes of headers.

                                                              What they did is stop including headers they don’t need. Code that relied on such (non-portable, I must add) side-effects was always broken and now has to be fixed.

                                                              1. 1

                                                                Linus Torvalds would reply: “We do not break user space!” If a Linux API works one way for 20 years, and everyone relies on it, you don’t just break everyone’s code. Why is GCC/C++ different?

                                                                Why is code that compiled and worked perfectly well for 20 years broken? Perhaps it is broken by some definition, but it begs the question if the standard is broken and the code is correct. About your comment that the code is non-portable, I already wrote a lengthy blog post about this subject: https://mental-reverb.com/blog.php?id=24

                                                              2. 1

                                                                Could they not have added a warning for a couple of versions before implementing this? It seems like one of those things that should be easy for a compiler to check for, and automatically fix or warn. Like “hey, you gotta add #include since you’re using it, and not depend on another standard library header to include it for you…”

                                                                1. 1

                                                                  Sounds like a nightmare of special cases tbh. It’s the same definition, so you have to keep track of the whole chain of includes. Actually multiple chains and their ordering, because you could first include the class through the side-effect and then explicitly. And then you have things created through defines. And you have to keep the list of the cases to warn about.. :scream:

                                                                  I think that’s one of those things that seems simple to do, but isn’t :-( gcc keeps only the first place something was defined if I remember correctly.

                                                                  1. 1

                                                                    It’s a simpler problem than that because it’s a standard library with a set of well-defined symbols and you need to handle the case where these identifiers are used but are not defined. You can maintain a list of function and type names and the headers that the standard says they come from and tell people what header they’re missing. Clang does this for a load of C standard functions.

                                                                2. 1

                                                                  To be explicit, this is not a change with GCC, it is a change with libstdc++ and will affect any compiler using the same implementation. Historically, libstdc++ has always had a policy of minimising header includes, which is why code written against libc++ (which doesn’t) often fails to compile. The fix is always trivial: add the headers that the standard says you need to include. With modules (any decade now), all of this will go away and I can just put import std; in my C++ source files if I want to use the stdlib.

                                                                  This is a far less annoying bug than the one in 20.04’s GCC 9.4, where the preprocessor evaluates __has_include(<sys/futex.h>) to false, in spite of the fact that #include <sys/futex.h> works fine. This has no simple work around and is why I’ve given up supporting GCC 9.4 on Ubuntu for some projects: GCC 10, 11, or any version fo clang is fine. Apparently the bug is something to do with the weird fixincludes thing that GCC does, meaning that the search paths for #include and __has_include diverge and so __has_include is not reliable.

                                                                1. 33

                                                                  A title describing the same problem from a different angle would be “The mess we’ve gotten ourselves into with single-page-applications

                                                                  1. 6

                                                                    How about “The proliferation of JavaScript and our failure to prevent servers from acquiring vast stockpiles of such code

                                                                    1. 4

                                                                      Can you elaborate? Classic SPAs don’t have this problem because all their functions are “client colored” (to borrow the terminology of the post).

                                                                      1. 7

                                                                        I guess the answer is that Classic SPAs are good until you need some SEO which is probably very common. Hence SSR. Although technically speaking SPA per se don’t need SSR (maybe for performance but shouldn’t be an issue if things were developped correctly by default I’d say).

                                                                        1. 15

                                                                          I was thinking the same thing. The title could easily be “The mess spawned by organizing the web economy around a search monopoly”.

                                                                          1. 9

                                                                            IMO, this is the wrong intuition. Categorically, pages that need to be SEO-opitimized are those that are informational. You don’t need SEO for a desktop app, nor would you need that a web app because a web app is the same thing but distributed through the browser (but sandboxed, not making users require a download executables, and on a highly portable platform available on almost every OS and architecture). These two concepts are not the same thing despite both being delivered through the browser; you shouldn’t use a SPAs tech stack for a basic page because information category pages don’t require the same shared state management and usage of device feature APIs that an application might. I can use Wikipedia from a TUI browser because it’s 95% information. It was the exact same issue in the Flash days of not using the right tech and society has permanently lost some content from its internet archive.

                                                                            So it’s not “when you need SEO”, but SEO should be a requirement from the get-go in helping you choose a static site or dynamic, multipage application where the server always did the rendering.

                                                                            The problem is the tooling. The NPM community instead of having an intuition about the right tool for the job and stating “do not use this tool for your static content”, we have tools that try to solve everything and hide the mountains of complexity that should have scared devs away from the complex solution into the simple one. It should be hard to make a complex pipeline like that of server-side rendering for a SPA. And that easy tooling is riddled with bugs, megabytes of node_modules, and might invite you to start involving more complexity with tech such as ‘cloud workers’, but people don’t find out until they are way too deep in the Kool-Aid. Many don’t seem to see this issue because influencers are pushing this stuff to get GitHub stars and have, ironically, gotten all of the top ranks when searching for a solution (or people were asking the wrong questions without knowing).

                                                                          2. 3

                                                                            Not the poster you’re responding to but it might be because SSR is a fairly natural leap from SPA-style apps. They might also be implying that it’s my fault, which would be nice, but unfortunately isn’t the case.

                                                                        1. 22

                                                                          I disagree with this take. I believe that the software freedom movement needs a diverse spectrum of proponents with differing determination to enforce freedoms. We need absolutists like Richard Stallman and we need convenient but somewhat compromised distros like Ubuntu. Ultimately, if everyone thinks that Richard Stallman goes too far and uses Ubuntu instead, then GNU/Linux has almost entirely taken over, so it’s a win for the software freedom movement after all. The GNU philosophy shifts the overton window radically into the direction of software freedom, and even though their viewpoint may be extreme to some, this makes the Ubuntu user a moderate, which is a good thing. Remember: You are all on the same side, it’s just the extent of the goal that differs. After all, you would use fully open hardware and software over the proprietary stuff if it was just as affordable, reliable and available. Your problem is not the GNU philosophy, your problem is that the proprietary stuff is simply too desirable, so you compromise on your morals to get the technology you need. There’s nothing wrong with that, but don’t blame GNU for it.

                                                                          1. 14

                                                                            I’d say the core problem is that the FSF (and by extension the GNU project) suck all the air out of the room while being solidly stuck in the past. They’ve completely ignored the reality of the modern age with companies like Amazon existing as they do. Sure it’s truly “free” to release something under the GPL then have Amazon take it, make some small changes, then host it. They’re allowed to under the GPL as they should be, but that seems like it goes against the principles of the FSF, GNU, and the GPL. The AGPL isn’t air tight, it’s sure as hell better than most other licenses and I personally use it, but we need better. We need a group focusing on the issues of the modern age.

                                                                            We need a group who are focusing on the current issues with hardware and software freedom. Proprietary SaaS services and modern hardware. It’s all fine and good making sure your shell, editor, and kernel are truly free. But if they can’t run on hardware most users can actually get or need what’s the point? Most users can’t or aren’t willing to use an almost 15 year old Thinkpad as their one and only machine. Most users can’t run Replicant, they need access to Google Play Services and proprietary apps to actually live their life.

                                                                            We need a group providing aid and resources to tackle these problems. Tools, training, equipment, and materials to help reverse engineer hardware and software. Very few people have the knowledge, ability, and free time to reverse engineer modern hardware, what if we had more? How many fewer binary blobs and proprietary drivers would we need if we actually focused on getting rid of the need for them rather than trying to pretend we don’t need them? Wouldn’t it be great if we had licenses for modern problems like cloud providers modifying, extending, and hosting services without providing the source.

                                                                            Absolutism has it’s place, that’s for sure, but how do we actually get to that absolutist’s position? It requires work that the FSF and GNU just aren’t focusing on. And they hold their position while trying to be seen as the one true group who can deliver us to that position. Maybe another group needs to come along and actually do the work, but it’s hard with the FSF/GNU in the room.

                                                                            1. 6

                                                                              Broadly agree, but a couple sticking points:

                                                                              They’ve completely ignored the reality of the modern age with companies like Amazon existing as they do.

                                                                              Would Amazon (and other _aaS providers) be the behemoths they are today if people had stuck with GNU/FSF principles? Would there be such a great demand for their services if new developers had been brought up in a culture where you were both expected to know and have access to the internal of your software and share your work?

                                                                              And they hold their position while trying to be seen as the one true group who can deliver us to that position.

                                                                              That is rather the advantage of taking an uncompromising absolutist stance…by stubborn refusal to compromise it is much easier to make the claim that they are the one true group and that their approach optimizes for their ideology and minimizes change of corruption. The last…six?…years have shown that the slippery slope fallacy seldom is.

                                                                              1. 3

                                                                                We need a group who are focusing on the current issues with hardware and software freedom. Proprietary SaaS …

                                                                                We need a group providing aid and resources to tackle these problems. Tools, training, equipment, and materials to help reverse engineer hardware and software. Very few people have the knowledge, ability, and free time to reverse engineer modern hardware, what if we had more?

                                                                                This analysis is a bit wishful in that it totally ignores economics (the root problem). Let’s say we had a group such as you describe, where are the incentives? where is the funding? why won’t this “pure” group immediately get outpaced by the group that forms around it to exploit the contradiction between the current economic system and the fiction you propose. The latter group would likely become relatively big quickly (size depending on the competence of the former group).

                                                                                I think we need a new economic system. We measure the wrong things and as a result we compete to make the wrong numbers go up. Who cares about the exact score of a passing grade? or how many jurors were unsure in a “not guilty” verdict? consider the phrase “fuck you money”, what does it mean? … From what I can tell; we would not have a (a priori) global (reserve) currency in a truly decentralized system, there cannot be a central coordinator, so we cannot have a (postulated) global currency. At best it’ll be emergent from the reputation system we end up with.

                                                                                What I worry about is that the software that gets built is the software that gets used. All the FOSS world lending a helping hand with better contact tracing software (instead of communication software, which is just as needed in a pandemic that may go on for an indeterminate amound of time) is a symptom of this problem. We need to be smarter about our priorities or we will end up running our governments and “citizen points” (a.k.a. “how to wealth distribute” from pov of gov) on some chinese system “because it exists” … please let’s not have that happen.

                                                                            1. 7

                                                                              In the same vein, the Linux kernel is not written in C. It immediately becomes apparent when you read and write kernel code. This has many reasons, for example that Linus Torvalds thinks that the ISO C Standard is a “piece of garbage” that imposes “braindamage” which needs to be undone [1] and also because the kernel uses non-standard GNU C extensions [2]. Think of that what you will, I guess it works well enough to power most devices on the planet. Makes you wonder if the Linux way of writing C should be the actual C standard.

                                                                              [1] https://lkml.org/lkml/2018/6/5/769

                                                                              [2] https://www.kernel.org/doc/htmldocs/kernel-hacking/conventions-gnu-extns.html

                                                                              1. 11

                                                                                I think that’s somewhat different. Rails is using Ruby to implement an embedded DSL that is quite Ruby-like. Linus is using a language that is mostly the same as C, ignoring what the standard says, and then complaining that security vulnerabilities in his kernel are someone else’s fault when they arise from the compiler implementing the standard.

                                                                              1. 9

                                                                                This is totally a nitpick, but “Rust has a really solid base of users now, in terms of number of users, diversity of domains, committent of users, size of users, etc” made me wonder if they’re happy about having more large people writing rust. Tall people? Heavy people? Maybe I’m getting the direction wrong, maybe small people? What size of user do we have now, and why is this size better than last year’s?

                                                                                🤡😆

                                                                                1. 3

                                                                                  It took me a moment, but they probably mean e.g. large organisations vs small ones.

                                                                                  1. 2

                                                                                    Maybe we should be more gluttonous to put more weight behind the Rust ecosystem ;-)

                                                                                    1. 1

                                                                                      I’m always ready to be more gluttonous.

                                                                                  1. 9

                                                                                    He raises the dynamic allocation problem of exceptions, but I have another problem with exceptions that I don’t really see treated a lot: Complete interface obfuscation. Suppose you include a library header. Suppose that library allows you to call void foo();. Can that function fail? If so, what exceptions does it fail with, under what circumstances? If you’re lucky, the documentation is good. Often, the documentation doesn’t even exhaustively list possible exceptions. Often, I have to look through the code and search for throw statements. As far as I know, there isn’t even good tooling to run over a code base to find out what exceptions a function may throw (please tell me if you know one). How is that ever acceptable? I want to know how and why my API calls can fail.

                                                                                    Contrast this with the Rust approach. We immediately see: fn foo() cannot return any errors* and fn foo() -> Result<T, E> will either give me a T on success, or an error description E on failure. If that mechanism makes error handling harder, that’s just because with exceptions, you didn’t even really handle them. I’ve actually worked on numerous C++ projects where the exception madness caused very real problems. Ever since, I completely stopped using them and started wrapping libraries that use them such that exceptions are turned into error codes. This also forces me to find out how the API calls can fail.

                                                                                    * Okay, there’s still the panic mechanism, but this is only for rare and very severe errors. Avoid it whenever possible.

                                                                                    1. 10

                                                                                      there’s still the panic mechanism, but this is only for rare and very severe errors

                                                                                      Panic in Rust is for signaling that a bug in the program has been detected. It is not appropriate for expected failure modes in a correct program. For rare or very severe, abort would be better.

                                                                                      1. 6

                                                                                        This is the checked vs unchecked exception choice. C++ tried to support both for a while, for example:

                                                                                        void doesNotThrow() throw();
                                                                                        void throwsForOrBar() throw(Foo, Bar);
                                                                                        void mightThrowAnything();
                                                                                        

                                                                                        There are a few problems with this approach. The first is that adding a new error result changes the signature of a function. This is not specific to C++ but it generally means that you rely on subtype relationships to extend the set of things a function can return. In the worst case in Java you get things that can throw Exception - great, it will throw some subclass of a generic exception class and I’m expected to down-cast it to the right thing once I get it and figure out what to do with it. Thanks. Oh, and this was worse in C++ because exception specifiers were not part of the type system so you could store all of the above in a void(*)() variable and have absolutely no idea what exceptions would be thrown.

                                                                                        The second problem is that C++ decided to dynamically enforce these things. This meant that your unwind logic had to check exception specs on the way up the stack and a function with throw() would get unwind tables generated to guarantee that exceptions didn’t propagate through it (and would call std::unexpected in these cases). This was very painful for the unwinder and for binary size.

                                                                                        C++17 removed exception specifiers and made noexcept part of the type system. This means at least that you know whether exceptions can or can’t be thrown but you still rely on documentation to know which exceptions might be thrown.

                                                                                        1. 1

                                                                                          Suppose that library allows you to call void foo();. Can that function fail?

                                                                                          The noexcept keyword helps with that, but the library implementor has to add it. And there’s no static checking that I know of to verify that a noexcept function’s implementation doesn’t fail to catch any exceptions (in which case the program will abort rather than allow the exception to propagate.)

                                                                                          My opinion is that in C++, exceptions are deeply problematic, but better than current alternatives. Error codes are toxic for good API design and don’t work with constructors or operators. There are some decent library implementations of Rust/Swift/etc. Result types, but I haven’t tried using them in any serious codebase yet.

                                                                                          I’ve seen a C++ WG proposal for overhauled exception handling that works very much like Swift under the hood, and it looks great, but I don’t know if that’s going into C++23.

                                                                                        1. 4

                                                                                          Does your blog have an RSS feed? Quite the fun read!

                                                                                          1. 5

                                                                                            Thanks! Unfortunately, it does not. It’s just a pile of simple PHP I wrote some time ago. I should implement it, I got that question a few times already.

                                                                                            1. 4

                                                                                              Also the “statistics” at the bottom, and the theme switcher! ❤️

                                                                                            1. 3

                                                                                              This is nice advice for a novice programmer. However, as a seasoned programmer, you start finding these bugs all over the place. Bugs in libraries, in the compiler, in distro binaries, in the operating system, even in the CPU. Of course, stay honest and humble. Debug your own code first. Extraordinary claims require extraordinary evidence. But never assume that the foundation upon which you build is perfect.

                                                                                              This year, I found a bug in the ps binary distributed by BlackBerry QNX. That took a while to find and understand. You can read my write-up here, hopefully you are entertained: https://mental-reverb.com/blog.php?id=29