1. 35

    TL;DR: They stopped sending reverse deltas for rollback and now generate them on-the-fly during installation.

    1. 16

      They gotta be kidding, right?

      We discovered that these transforms and patches can be “observed” by the delta apply step

      “DISCOVERED”. No shit Sherlock! Also, easy to miss icing on the cake at the end of the article:

      [1] The approach described above was filed on 03/12/2021 as U.S. Provisional Patent Application No. 63/160,284 “REVERSE UPDATE DATA GENERATION”

      1. 7

        You clearly haven’t worked at a BigCorp or you’d know they force you to patent anything no matter how trivial. I have several such patents to my name, which I would be embarrassed to link to (the patent plaques I got went straight into the trash). All the nontrivial ideas I’ve had (some of which have shown up in research papers) have never been patented, to the best of my knowledge.

        1. 3

          There is no pressure to patent things at Microsoft.

          1. 2

            Can you just put references to the prior art in the patent application and save the examiner some time?

            1. 2

              Yep. An old colleague of mine has a patent for “generating a receipt after a transaction, but not showing the receipt to anyone at the time just storing it somewhere where it’ll get aggregated into a big receipt database” or something to that effect.

            2. 6

              That reminds me of those patch notes when after more than two decades, the Internet Explorer engineers discovered that the DOM can be stored in memory as a tree instead of a long string that contains all the elements [1]. Kind of a “car mechanic discovers the concept of a wheel” moment. The fact that this was a noteworthy thing a few years ago blew my mind. No wonder Internet Explorer was left in the dust by its competitors.

              [1] https://blogs.windows.com/msedgedev/2017/04/19/modernizing-dom-tree-microsoft-edge/

              1. 7

                Using a string data structure (a highly optimized one mind you) for the DOM wasn’t a stupid decision at all back when the DOM really was “just text” and programmatic DOM manipulation wasn’t really a thing.

                1. 1

                  Very true, though IE sucked at it even then. :-P

            3. 3

              That’s surprisingly sensible! You can probably generate the rollback delta as you apply the forward patch.

            1. 1

              A skilled programmer is a skilled linguist. Period.

              1. 3

                I believe that the thing called “computer science” does have its place and has the correct name. Language theory like the Chomsky grammars [1], research about computational complexity [2] and algorithm design are actually quite pure sciences that have more to do with mathematics than with programming or engineering in general. You can make significant contributions in these fields with pen and paper, no computer needed. Of course, few people actually work at this level. Your local coding bootcamp has little to do with computer science because it focuses on applied contemporary technology. Either way, science and engineering are married together, one example of that is troubleshooting a difficult bug which is a process that requires the application of the scientific method and is conceptually identical to figuring out complex processes in nature.

                [1] https://en.wikipedia.org/wiki/Chomsky_hierarchy

                [2] https://en.wikipedia.org/wiki/Computational_complexity

                1. 3

                  “Computer science” is a melange of disciplines with little in common, which fall under the same rubric for purely historical reasons. Complexity theory or formal algorithms logically belongs in the mathematics department, while systems or software engineering research logically belongs in…well, engineering.

                  1. 2

                    Agreed – I’ve long felt that the field called “Computer Science” largely consists of the weird leftover odds and ends that fell off the trucks of other fields. Much of it is engineering and math, but there are also bits of psychology (HCI), biology (bioinformatics), statistics (ML/AI), etc.

                1. 8

                  Does anyone else have the problem that Matrix is incredibly slow? I have a top of the line desktop PC and it takes 20-60 seconds from double clicking the icon until the Element client finishes with all the spinners and freezing and becomes usable. Also, how can I extract conversations in a usable format (e.g. SQLite)? These are my two biggest pain points with Matrix and the reason why I don’t use it.

                  1. 9

                    You’re describing problems with Element, which is fair. It’s an electron app, and it’s memory hungry. So is Signal.

                    The difference is that you can use Matrix without using Element; there are 3rd-party clients out there that work great with much better performance footprints. If you don’t want to use the Signal electron app, or if Signal decides your platform isn’t worth supporting (like arm64) then your only option is to not use Signal.

                    1. 8

                      If Element is showing spinners for tens of seconds, that’s all time spent waiting for the server to respond.

                      Synapse is (at least was) slow. Back when I’ve tried running it, there even was a postgres query you had to run occasionally to clean up things that brought it to a complete halt. Thankfully it seems that Conduit is a server project that will actually be good.

                      1. 2

                        The server stack isn’t much better performance wise, sadly.

                        1. 1

                          It’s an electron app, and it’s memory hungry. So is Signal.

                          Signal Desktop on my laptop has been running for a couple of days. It is using 23.1 MB of RAM (between 3 processes, two using about 1 MB) and is responsive. Restarting it takes a few seconds and it’s usable as soon as it presents the UI.

                          1. 3

                            That experience is completely different from mine, but arguing about it is academic since I don’t even have the option of running it on my machine any more even if I wanted to.

                        2. 2

                          It seems fine as a Weechat plugin for me

                          1. 1

                            Which server do you use? I run my own with (usually nearly) the latest versions of Synapse, and I don’t see any such problem. Starting up the client on my iPhone just now took 4 seconds, on my Linux laptop it took 12 seconds (but normally it’s always running and available as a panel icon).

                            1. 3

                              Same here. A friend of mine chats with me over the Matrix “default” home server and I’ve seen his client freeze like that too, while for me it’s always been fast (I’m using a self-hosted home server). I think there need to be more alternative servers and awareness of how to use such alternatives.

                              1. 1

                                Yeah, I think Matrix.org is slow, because they haven’t been able to scale in proportion to their users. Synapse is overly resource-hungry, but it’s not actually slow unless it’s starved of resources. Small homeservers are pretty much always faster than Matrix.org.

                          1. 7

                            I wish they wrote more about ways to return values and report errors:

                            • return errors (bool? error code? error object?)
                            • out parameters
                            • exceptions
                            • return std::variant (or std::optional)
                            • errno

                            Bonus points if all these things clash in a single code base. Error design is super hard in C++. It’s much easier in Rust thanks to Result, but it’s still hard to get right in Rust!

                            For example, one of our C++ guidelines is to only allow a single ‪return statement to exist in a function. A danger with having multiple ‪return statements is that adding new ‪return statements to an existing function can potentially miss a required piece of logic that was setup further down in the function.

                            I believe that this rule is misguided. I much prefer the opposite: All resources are managed by RAII. Cleanup jobs are managed in the destructor of local objects on the stack (you can also create your own defer call with a few lines of C++). Write your code such that you can return or throw exceptions whenever you like and everything is cleaned up automatically, as it should be. The reliability of code written like this is amazing and it’s very easy to read, much easier than if every function is always traversed all the way to the end. This reduces cognitive load. My functions are riddled with return statements and have a huge cyclomatic complexity, but they are very easy to understand and modify. You can add a throw or return statement wherever you like and nothing breaks.

                            1. 2

                              Resources in C++ are usually managed by RAII, they’re probably referring to other state changes, such as message broadcasts, etc. which often occur conditionally in game code. I’m amazed they don’t allow an exception for guard clauses.

                              1. 1

                                It doesn’t matter if it’s a resource or a necessary state change that has to happen before returning. You wrap it in the destructor of a local object on the stack (defer it) to make sure it’s always executed no matter how you leave the function.

                              2. 1

                                Single return also was a standout for me, but I wasnt sure if it was a result of me not using C++. Thanks for making remarks about this!

                              1. 4

                                It hurts me to see how much C++ neglects the problem of compile time reflection, even though it’s absolutely crucial in:

                                • Entity component systems (ECS), e.g. for video games and 3D engines
                                • Marshalling/unmarshalling of data packets
                                • Serialization/deserialization of JSON, XML, etc.
                                • Storing and loading objects to and from databases
                                • Printing or dumping object contents, e.g. for debugging purposes

                                And every nontrivial application will grow to do at least one of these things. It’s just such a pain… I ended up writing a set of C++98 (I need to support ancient compilers) compliant macros that are minimally obscure and give me a powerful reflection API. You have to wrap the class/struct member declarations into a macro but it’s rather painless. Since then I haven’t used anything else. But since I’ve learned Rust, the ugly kludges that are required all day every day to implement ordinary C++ applications give me headaches and I started pivoting away from C++ wherever possible.

                                1. 3

                                  C++ hasn’t neglected compile-time reflection, it’s just really hard to get right and once you’ve defined the interfaces for it then you’re stuck with them basically forever. It’s likely to be part of C++23, the reflection TS has been gradually approaching convergence for the last few years.

                                  1. 1

                                    The first C++ standard was released in 1998. We now speculate that compile time reflection will be part of the standard in 2023. That’s a quarter century later than it should have been made part of the language. During this time, the C++ committee introduced a myriad of less useful language features. Yes, that is neglect. Do you know how long it will take for this feature to be supported on embedded devices whose compilers notoriously lag behind? Maybe in 2030 or 2040 I will be able to use compile time reflection in a real product.

                                    1. 1

                                      Looking forward to it. I love the kind of stuff you can do in Zig — like writing a “for” loop over the fields of a struct. So intuitive!

                                      Are there any articles that describe the C++ reflection proposals in layman’s terms?

                                      1. 1

                                        There is 4 year-old article with title: ‘Reflections on C++ reflection proposals

                                        I like the title quite a bit :-)

                                    2. 1

                                      You have to wrap the class/struct member declarations into a macro

                                      Yep, I have been doing the same. I am thinking to do ‘an upgrade’ (for my ’09 code) to, now, use const expressions (although, I also like the approach proposed in [1] with CMake).

                                      I would also add to your list of critical ‘capabilities’ of a modern programming language, where reflection is needed – is the support of declarative and reactive GUI.

                                      Without reflection feature, every GUI library developer – brings their own reflection feature.

                                      Mature languages, like C++ need something like –error-on-undefined-behavior-features compile time switch, such that when used the compiler will error out on usage of library calls, idioms, language features that do not have a well defined standard behavior.

                                      This switch should also affect if a given precompiled ‘module’ can be used or not.

                                      This way, may be we could the language standard and its implementation to evolve a little faster. And the community usage around new features will grow faster.

                                      [1] https://onqtam.com/programming/2017-09-02-simple-cpp-reflection-with-cmake/

                                    1. 11

                                      The meat of this article is pretty good, unfortunately it is halfway down after reading through what anyone outside the movement could only see at an anti-government borderline-covid-denying rant. I honestly feel that, your personal feelings on how the pandemic should be handled notwithstanding, the point would be clearer and more forceful if given the main spotlight of the article.

                                      1. 11

                                        The meat of this article is pretty good, unfortunately it is halfway down after reading through what anyone outside the movement could only see at an anti-government borderline-covid-denying rant.

                                        That “Unfortunately” represents an extremely politicized opinion. There are lots of good reasons to be opposed to (your particular) government, including actions that (your particular) government has undertaken in the name of managing the coronavirus pandemic. Similarly it is reasonable to be suspicious of people using “borderline-covid-denying” as a way of dismissing an argument - “borderline covid-denying” implies that the OP did not in fact deny the existence of the covid pandemic, and there are lots of statements that are semantically close to denying the existence of the covid pandemic - like “it’s bad if the government forces people to install closed-source software on their cell phones in the name of fighting pandemics” that constitute extremely reasonable political arguments.

                                        1. 4

                                          Again, I did not dismiss the argument or (necessarily) even disagree with the rant. This was meant as constructive criticism of the article to say that focussing on the point/meat would make the point punch harder with all audiences.

                                        2. 8

                                          The opening section is a bit of a waffle; I have trimmed it down. The “papers, please” section in particular was true but off-topic. The techno-authoritarianism remark remains true, but is hard to elaborate in an on-topic way, so it’s been removed too. (Aside: Population-level vaccine targets provide aligned incentives without compromising people’s medical privacy or bodily autonomy.)

                                          It is possible to build privacy-preserving check-in, and to legislate protections for the data; it is a travesty that Australia has pretty much done neither. (Small exceptions: Western Australia legislated protections after it was revealed that the police accessed contact tracing and border pass data, and the federal government’s failed COVIDSafe app has strong legal protections also.)

                                          I think you are being extremely rude and uncharitable to lump me in with some “movement” of nutters, and I’d like you to apologise. Like most Australians, I am waiting patiently for our vaccine rollout to crawl down the age brackets, increasingly frustrated that additional restrictions and surveillance are imposed on citizens because of the government’s failures.

                                          (Quote of the removed original text below, for reference):

                                          Over the past year, there have been incredible restrictions on people’s freedoms of movement, speech, and association, in the name of protecting public health. On a recent trip, I was required to carry travel papers for 14 days, and to show them on request to certain classes of authorised officers — something I never thought I’d be required to do in a first-world liberal democracy.

                                          In Australia, we are now required by law to pump our personal information into one or more “contact-tracing” platforms in order to visit the supermarket or have something like a normal social life. This all-but-forces people to own a smartphone, and to interact with an enormous pile of proprietary software just to participate in society. Despite earlier promises to only be used for contact tracing, these databases have been used by police. Because of course they have.

                                          Elsewhere, there are talks of “vaccine passports” on smartphones, which accelerates techno-authoritarianism and should therefore be resisted. (Search for “raise the more generalized version of this objection”.)

                                          1. 9

                                            I think you are being extremely rude and uncharitable to lump me in with some “movement” of nutters, and I’d like you to apologise. Like most Australians, I am waiting patiently for our vaccine rollout to crawl down the age brackets, increasingly frustrated that additional restrictions and surveillance are imposed on citizens because of the government’s failures.

                                            1. He meant the Free Software Movement, the one you’re advocating in the piece.
                                            2. That removed original text is pretty easily construed as an anti-government borderline-covid-denying rant.
                                            1. 5

                                              I disagree with your claim #1: as it’s embedded in the sentence “anyone outside the movement could only see at an anti-government borderline-covid-denying rant”, it reads pretty clearly to me like it applies to the various covid-is-a-conspiracy “movements”.

                                              I can back everything in #2 with links to mainstream (i.e. not Murdoch/fringe/conspiracy-tier) news articles or to the relevant health orders, but to do so would take us further off-topic. I still do not understand this reading that you and singpolyma seem to see in the original text. (The “borderline-covid-denying” part, in particular. Whatever; it’s off-topic and removed from the main post, anyway.)

                                              1. 5

                                                If you have been paying even a modicum of attention to news, you know that there are and for a long time have been people who, no matter what crisis or emergency occurs, immediately denounce it as either a complete fiction or at best having been blown out of proportion as a cover story for the “truth”, which always is that the (insert preferred evil conspiratorial one-world-government entity here) wants an excuse to finally confiscate all our guns, terminate our freedoms, and institute worldwide dictatorship, all of which is only held at bay by badly-formatted postings from lone heroes on the internet.

                                                What people are telling you is that the quoted section of your post sounds like one of those paranoid rants, in that it can be read to imply that contract tracing and vaccination status are sham reasons being used to impose the real agenda of “techno-authoritarianism”.

                                                1. 2

                                                  What people are telling you is that the quoted section of your post sounds like one of those paranoid rants, in that it can be read to imply that contract tracing and vaccination status are sham reasons being used to impose the real agenda of “techno-authoritarianism”.

                                                  They’re worse than sham reasons to impose the real agenda of techno-authoritarianism - they’re superficially good reasons to impose the real agenda of techno-authoritarianism. Techno-authoritarianism is advanced more by a broad social atmosphere where opposition to software authoritarianism is widely thought of as low-status and uncomfortably adjacent to people with heretical politics, than it is by genuine conspiracies.

                                                  1. 3

                                                    Your formulation appears to be a literally irrefutable claim, in that anything and everything could be described, via argumentative gymnastics, as advancing or supporting “techno-authoritarianism”.

                                                2. -2

                                                  Ignore them, they’re robots.

                                                3. 2

                                                  Thank you for reading me correctly and providing this good summary of my comment

                                                  I would like to further clarify that I in no way meant to assume the rant was in bad faith (as someone in the Free Software movement, I could see the intent) but only that it would be easy to read it that way and thus distract from the meat of the article.

                                                4. 3

                                                  I don’t think those three paragraphs make you out as a crank. I think it is fine and good to ask for serious privacy protections in contact-tracing, vaccine passport, and identity systems.

                                                  I would like to point out that many liberal democracies require their citizens to carry ID with them at all times. I believe this is the law in Germany and France, where I understand it is mostly used for harassing ethnic minorities.

                                                  FWIW, I think this history could be used to strengthen your argument: “liberal” democracies are very comfortable with authoritarianism for some of the population and these illiberal mechanisms are rarely dismantled, so they will accumulate if not resisted.

                                                  1. -2

                                                    a first-world liberal democracy.

                                                    In Australia

                                                    I think king Murdoch would disagree.

                                                  2. 5

                                                    Being anti-government is not immoral per se. It depends on the government. For example, you would probably agree that it’s moral to be anti-government in North Korea. You don’t have to deny Covid, the respiratory disease, to see that some governments have massively overstepped their boundaries. For example, there is mounting evidence that dusk-to-dawn curfews have no impact on the pandemic situation whatsoever, yet they were broadly imposed, often violating the constitution of the respective country. I would appreciate if people like you would stop with the moralistic shaming and inspect the subject matter with more care and thought. Not everyone who criticises the measures or aspects thereof is a science-denying anarcho-terrorist.

                                                  1. 14

                                                    This is actually a significant development for people who write GUI code in Rust. Finally we have a solid release of Rust bindings for GTK 4. In addition to that, the libhandy Rust bindings [1] allow for better development of Linux phone apps like for the PinePhone or the Librem 5, so an update to that crate is welcome too [2]. While GTK is not perfect, is is one of the few ways to write robust and usable GUI programs in Rust. Let us thank the developers for all the hard work that went into this release. The gtk-rs people work tirelessly and helped me out numerous times when I asked questions on IRC.

                                                    [1] https://gitlab.gnome.org/World/Rust/libhandy-rs

                                                    [2] https://crates.io/crates/libhandy

                                                    1. 2

                                                      Note that libhandy is for GTK3; the GTK4 equivalent is now libadwaita.

                                                      1. 1

                                                        Have you built (or even used) anything that targets Mac OS or Windows using GTK bindings? How does the end result feel on those platforms, and how hairy is it to build?

                                                        1. 10

                                                          Yes, I build for Windows but not Mac OS. You can actually cross-compile on Linux targeting Windows. That works well out of the box, I’ve tried it. You can also compile on Windows for Windows. That requires MSYS2 and a bit of configuration, but it’s not the end of the world (I avoid Visual Studio if possible and go with GNU tooling). The entire thing, along with build instructions, can be found here: https://github.com/BenjaminRi/Sherlog

                                                          As for the end result. My Windows users install the application with a Nullsoft installer which I generate with NSIS script. The installer puts all the files and dlls in the proper places. All the GUI elements behave as expected. It could look prettier. But it supports styles, so you can do a lot with styling to make it look good. Qt would probably look better, but the C++ bindings are an obstacle for Rust programmers. I don’t really care about looks, my application is a developer tool. For some elements, I had to implement my own manually rendered GUI elements on a plain canvas because I require insane performance that no GUI toolkit will deliver (not just GTK’s fault). You can get a lot out of GTK if you use it correctly, it can absolutely produce programs that are daily drivers. But it will never look exactly native. I use GTK because I want to support both Linux and Windows.

                                                          1. 1

                                                            That looks much better on Windows than I expected it to. Certainly very serviceable for dev/admin tools. I like that the cross compiling works well out of the box. I’ve avoided exploring a GUI kit in any depth so far for Rust, but this clearly needs to go on the list for when that time comes.

                                                          2. 4

                                                            (Note: not OP). I haven’t tried running Rust on Windows, but GTK itself is pretty easy to build and use on Windows, see e.g. https://www.collabora.com/news-and-blog/blog/2021/03/18/build-and-run-gtk-4-applications-with-visual-studio/ , https://www.collabora.com/news-and-blog/blog/2021/04/29/build-your-own-application-with-gtk4-as-a-meson-subproject/ (no affiliation, Collabora is just a big contributor on this side).

                                                            That being said, it’s very much the Gnome toolkit these days. It’s a pretty bad choice for cross-platform development.

                                                            1. 5

                                                              That being said, it’s very much the Gnome toolkit these days. It’s a pretty bad choice for cross-platform development.

                                                              In particular, note that GTK doesn’t implement accessibility (e.g. for blind people using screen readers) on Windows. Not sure about Mac.

                                                            2. 4

                                                              I have built an application using GTK via gtk-rs. gtk-rs is really nice for writing applications is you are targeting X11 or Wayland. I am not a big GTK fan (I strongly prefer Qt), but gtk-rs makes writing GTK applications quite pleasant.

                                                              I also built the application for macOS and the result was… horrific? Rendering was awfully slow and there was virtually no platform integration, making the application stick out like a sore thumb.

                                                              Since most of the application logic was not in the GUI and there is no good support for Qt in Rust, we ended up rewriting the application in PyQt and using the main logic through PyO3 (Rust <-> Python bridge). This worked like a charm and the application felt near-native on macOS.

                                                              1. 2

                                                                I’ve written a gtk3-rs app on macOS and it was “meh”. It is better integrated than an average Electron app or egui, but it’s still obviously not native. I’ve also run into some rendering performance problems on macOS that weren’t an issue on Elementary.

                                                            1. 2

                                                              isn’t this like with c/c++/java/javascript previously ?

                                                              1. 25

                                                                No, it’s different. I know C++ for a long time and mainly write C++ in my full-time job for years, but with Rust, I’m about 5 times as productive as with C++. Since I learned Rust, I churned out various programs that I would’ve never been able to develop in C++, simply due to time and complexity. I can now write software that I previously couldn’t have developed as a single person. Say about the language what you will, to me personally, Rust is pure empowerment that manifests in real software that is used by real people daily and saves time, money and nerves. And trust me, in the years before I learned Rust, nothing annoyed me more than the Rust evangelists whose posts kept popping up in every forum.

                                                                1. 4

                                                                  Is there anything you could share that you feel is a particularly good example of something you’ve been able to develop in Rust on your own that you couldn’t have otherwise?

                                                                  I’m asking because I am learning Rust for fun right now, and I’m hitting the wall a little bit. (By that I mean “the wall” in the same sense that people who run endurance races use the term. You hit a certain point in the race where you suspect you won’t be able to continue. If you can push past that, you can have a good long race. But it’s a challenge.) I can get things done and there’s a lot that I like about it, but I don’t feel very productive yet.

                                                                  I’ve mainly written C++ and python over the past 20 years, so if it’s something you could show, seeing some of the things you’ve churned out with Rust that you couldn’t previously would be really interesting to me as I’m deciding whether I can afford the energy/aggravation to “push through”.

                                                                  1. 8

                                                                    Is there anything you could share that you feel is a particularly good example of something you’ve been able to develop in Rust on your own that you couldn’t have otherwise?

                                                                    Sure, these are some of my spare time projects:

                                                                    Of course all the things that can be done with Rust can also be done with C++… It might just take a decade longer to implement and fix until it’s stable ;)

                                                                    The projects above are of a size that pushes the boundaries of what I as a single individual can create and maintain in my spare time. I can confidently say that Sherlog would have never happened with C++.

                                                                    1. 3

                                                                      Thanks! That’s exactly the kind of thing I wanted to look at.

                                                                      I’ve learned new languages/libraries/frameworks enough over the years that this part isn’t surprising. I’m at that miserable point where every time I try to do something new, I spot a way to maybe do it, then spend a while looking at documentation to get it right, and in some cases spend time casting around search engines, forums, chat, etc. to find out what’s best/idiomatic.

                                                                      Some of this feels a little harder with rust than other things, but probably isn’t really. This is just the slow part of learning something.

                                                                      So it’s helpful to see those projects that you consider the “payoff”. Plus Sherlog looks neat. Thanks for sharing it.

                                                                      1. 1

                                                                        Focused, hard work is the real key to success. Keep your eyes on the goal, and just keep taking the next step towards completing it. If you aren’t sure which way to do something, do it both ways and see which works better.

                                                                        John Carmack

                                                                        Also, the Rust Discord is frequented by super nice and helpful people. They helped me more than once when I got stuck. Same thing with the gnome IRC, they also have a dedicated Rust channel.

                                                                    2. 4

                                                                      Personally its: If it compiles, it’s nearly done. I don’t have to think about += vs append - which in python might just change a lot of what is happening (rust won’t just nest two lists without me realizing, because types..). Or that I don’t have to worry about using c dependencies and their quirks that much (if at all with some very good bindings). Other than that: Yes it takes some time to get really productive. Till you acquired your base of crates and “framework” to re-use for most things (in which you can look up some of your specific solutions).

                                                                      1. 2

                                                                        100% agree here. Not a major rust user, but when I do it is both annoying and really nice how the compiler checks what I would usually catch in manual testing and debugging.

                                                                  2. 7

                                                                    Well, it’s a wave, they come and go :)

                                                                    1. 1

                                                                      Hahaha nice one, I’ll chill on a sandy beach of C/Fortran/Python and mine some coins =)

                                                                  1. 5

                                                                    I wanted to do the same thing, but then I realized it isn’t worth it. My internet is slower than 1 Gbit/s, and the disks in my NAS are about 1 Gbit/s, so my bottleneck isn’t really Ethernet at the moment. Also, these 10 Gbit/s switches require way more power, which means a higher electricity bill.

                                                                    1. 5

                                                                      Put a 1T NVMe SSD as L2ARC for your NAS and 10Gbps can have a meaningful difference. Especially for SMB which doesn’t seem to have any local caching supported in either macOS or Windows. Seek and play will be much faster than 1Gbps connection because the content will be cached better on NVMe and it can be comfortably served faster from NVMe cache.

                                                                      My current problem is pretty stupid. zbackup seems not work well with sshfs and it cannot remotely reach any meaningful speed when doing the backup, not even mention 10Gbps …

                                                                      1. 3

                                                                        Which is true for 99% of lobsters, 10G is still an overkill unless you d bulk transfer daily or having access to a better uplink.

                                                                      1. 3

                                                                        The ESPRESSObin: https://espressobin.net/

                                                                        We used this board at work to evaluate the platform, we then built our own hardware based on this SoC. Linux worked out of the box like a charm. Was a real pleasure to develop for this.

                                                                        1. 64

                                                                          Except that, as far as I can tell, Firefox isn’t produced by a malicious actor with a history of all sorts of shenanigans, including a blatantly illegal conspiracy with other tech companies to suppress tech wages.

                                                                          Sure, if your personal threat model includes nation states and police departments, it may be worthwhile switching to Chromium for that bit of extra hardening.

                                                                          But for the vast majority of people, Firefox is a better choice.

                                                                          1. 13

                                                                            I don’t think we can meaningfully say that there is a “better” choice, web browsers are a depressing technical situation, that every decision has significant downsides. Google is obviously nefarious, but they have an undeniable steering position. Mozilla is more interested in privacy, but depends on Google, nor can they decide to break the systems that are created to track and control their users, because most non-technical users perceive the lack of DRM to mean something is broken (“Why won’t Netflix load”). Apple and Microsoft are suspicious for other reasons. Everything else doesn’t have the manpower to keep up with Google and/or the security situation.

                                                                            When I’m cynical, I like to imagine that Google will lead us into a web “middle age”, that might clean the web up. When I’m optimistic, I like to imagine that a web “renaissance” would manage to break off Google’s part in this redesign and result in a better web.

                                                                            1. 19

                                                                              Mozilla also has a history of doing shady things and deliberately designed a compromised sync system because it is more convenient for the user.

                                                                              Not to mention, a few years ago I clicked on a Google search result link and immediately had a malicious EXE running on my PC. At first I thought it was a popup, but no, it was a drive-by attack with me doing nothing other than opening a website. My computer was owned, only a clean wipe and reinstallation helped.

                                                                              I’m still a Firefox fan for freedom reasons but unfortunately, the post has a point.

                                                                              1. 12

                                                                                a few years ago I clicked on a […] link and immediately had a malicious EXE

                                                                                I find this comment disingenuous due to the fact that every browser on every OS had or still has issues with a similar blast radius. Some prominent examples include hacking game consoles or closed operating systems via the browser all of which ship some version of the Webkit engine. Sure, the hack was used to “open up” the system but it could have been (and usually is) abused in exactly the same way you described here.

                                                                                Also, I’m personally frustrated by people holding Mozilla to a higher standard than Google when it really should be the absolute opposite due to how much Google knows about each individual compared to Mozilla. Yes, it would be best if some of the linked issues could be resolved such that Mozilla can’t intercept your bookmark sync but I gotta ask: really, is that a service people should really be worried about? Meanwhile, Google boasts left, right and center how your data is secure with them and we all know what that means. Priorities people! The parent comment is absolutely right: Firefox is a better choice for the vast majority of people because Mozilla as a company is much more concerned about all of our privacy than Google. Google’s goal always was and always will be to turn you into data points and make a buck of that.

                                                                                1. 1

                                                                                  your bookmark sync

                                                                                  It’s not just bookmark sync. Firefox sync synchronizes:

                                                                                  • Bookmarks
                                                                                  • Browsing history
                                                                                  • Open tabs
                                                                                  • Logins and passwords
                                                                                  • Addresses
                                                                                  • Add-ons
                                                                                  • Firefox options

                                                                                  If you are using these features and your account is compromised, that’s a big deal. If we just look at information security, I trust Google more than Mozilla with keeping this data safe. Of course Google has access to the data and harvests it, but the likelihood that my Google data leaks to hackers is probably lower than the likelihood that my Firefox data leaks to hackers. If I have to choose between leaking my data to the government or to hackers, I’d still choose the government.

                                                                                  1. 1

                                                                                    If I have to choose between leaking my data to the government or to hackers, I’d still choose the government.

                                                                                    That narrows down where you live, a lot.

                                                                                    Secondly, I’d assume that any data leaked to hackers is also available to Governments. I mean, if I had spooks with black budgets, I’d be encouraging them to buy black market datasets on target populations.

                                                                                    1. 1

                                                                                      I’d assume that any data leaked to hackers is also available to Governments.

                                                                                      Exactly. My point is that governments occasionally make an effort not to be malicious actors, whereas hackers who exploit systems usually don’t.

                                                                                2. 6

                                                                                  I clicked on a Google search result link

                                                                                  Yeah, FF is to blame for that, but also lol’d at the fact that Google presented that crap to you as a result.

                                                                                  1. 3

                                                                                    Which nicely sums up the qualitative difference between Firefox and Google. One has design issues and bugs; the other invades your privacy to sell the channel to serve up .EXEs to your children.

                                                                                    Whose browser would you rather use?

                                                                                  2. 3

                                                                                    Mozilla also has a history of doing shady things and deliberately designed a compromised sync system because it is more convenient for the user.

                                                                                    Sure, but I’d argue that’s a very different thing, qualitatively, from what Google has done and is doing.

                                                                                    I’d sum it up as “a few shady things” versus “a business model founded upon privacy violation, a track record of illegal industry-wide collusion, and outright hostility towards open standards”.

                                                                                    There is no perfect web browser vendor. But the perfect is the enemy of the good; Mozilla is a lot closer to perfect than Google, and deserves our support on that basis.

                                                                                  3. 8

                                                                                    These mitigations are not aimed at nation-state attackers, they are aimed at people buying ads that contain malicious data that can compromise your system. The lack of site isolation in FireFox means that, for example, someone who buys and ad on a random site that you happen to have open in one tab while another is looking at your Internet banking page can use spectre attacks from JavaScript in the ad to extract all of the information (account numbers, addresses, last transaction) that are displayed in the other tab. This is typically all that’s needed for telephone banking to do a password reset if you phone that bank and say you’ve lost your credentials. These attacks are not possible in any other mainstream browser (and are prevented by WebKit2 for any obscure ones that use that, because Apple implemented the sandboxing at the WebKit layer, whereas Google hacked it into Chrome).

                                                                                    1. 2

                                                                                      Hmmmm. Perhaps I’m missing something, but I thought Spectre was well mitigated these days. Or is it that the next Spectre, whatever it is, is the concern here?

                                                                                      1. 11

                                                                                        There are no good Spectre mitigations. There’s speculative load hardening, but that comes with around a 50% performance drop so no one uses it in production. There are mitigations on array access in JavaScript that are fairly fast (Chakra deployed these first, but I believe everyone else has caught up), but that’s just closing one exploit technique, not fixing the bug and there are a bunch of confused deputy operations you can do via DOM invocations to do the same thing. The Chrome team has basically given up and said that it is not possible to keep anything in a process secret from other parts of a process on current hardware and so have pushed more process-based isolation.

                                                                                  1. 6

                                                                                    Let us appreciate the dedication of the developer behind this repository, John Hodge. The first commit happened in November 2014. The repository now has 4287 commits, most of which are his. And now, this compiler fully bootstraps rustc on x86-64 Linux. I think that is really impressive and it’s also motivational for myself, to keep going with my (much smaller and less significant) projects.

                                                                                    1. 8

                                                                                      I’ve had the experience that whenever I created such a file where the name “doesn’t matter”, I ended up stumbling across it some time later and I had no clue what it did and why it was there. I then had to open it and think about why it was there. And don’t get in the habit of deleting files with weird names, next thing you know is you’ve got some data loss or outages on your hand. Give your files names, even if it’s just ThisFileCanSafelyBeDeleted.txt. You won’t regret the additional 2 seconds you spent, it will pay for itself even if you just prevent confusing yourself once in your entire life.

                                                                                      1. 3

                                                                                        This might speak to the hostility of the architecture I inherited more than anything, but if I saw a file named ‘ThisFileCanSafelyBeDeleted.txt’, the last thing I would do is delete the file.

                                                                                        That said, I do tend to name vmware snapshots something similar – usually something like ‘delete after DD-MON-YYYY - jgf’ so people know who made it, how long I needed it for, and whether it’s safe to delete. Your idea is similar and quite good, maybe if I can break through the gaslighting from my arch I’ll adopt it.

                                                                                        1. 1

                                                                                          I usually make tmp/ in my working directory if I need it, then name files in there whatever I want.

                                                                                          Unfortunately in college I thought it was funny to name my scratch files loldongs and the habit has stuck. I’m not proud.

                                                                                        1. 2

                                                                                          My strategy against this BS at the moment is to use temporary containers for every tab.

                                                                                          You open your tab, do your thing, when it closes everything gets wiped.

                                                                                          If you click on a link to another domain, it opens in a new container.

                                                                                          Then I just have an extension that auto-clicks ‘accept all cookies’ because they all disappear when I close the tab anyway.

                                                                                          Some of those dialogs where you choose what cookies you want are painful to use!

                                                                                          1. 2

                                                                                            Keeping the cookies at bay is easy. What measures do you take against more advanced tracking techniques like canvas render fingerprints? There are many such techniques that go far beyond just cookies. Do you use straight NoScript? The internet is woefully broken without JavaScript.

                                                                                            1. 2

                                                                                              Nothing more than what ublock origin provides, plus some router level ad/tracker blocking. Blocking 3rd party trackers is an easy measure I can take that doesn’t break the internet, and this includes a lot of companies known to use fingerprinting. It’s not perfect, but then nothing is.

                                                                                              Aside from that I don’t really want to go down the canvas blocking, noscript rabbit hole. I used to do it and found I was just spending too much time disabling noscript for sites I was never going to revisit. Places I frequent tend to have RSS so I just use that anyway.

                                                                                            2. 1

                                                                                              This isn’t about cookies. The laws talk about personally identifiable information. Cookies are one way of collecting this, but they’re not the only way. With your approach, if the site uses some other mechanism (tied to IP address, for example), then it is completely legal. If you don’t permit it and the site is found to be violating the law then the information commissioner can impose huge fines.

                                                                                              1. 1

                                                                                                I do the same on my laptop. On my iPhone I’ve started strictly using private browsing mode. No problems accepting all cookies when I kill the tab in 3 minutes anyways.

                                                                                              1. 30

                                                                                                Not really a blog, but https://lwn.net/ by far. Some of the best reporting on current events regarding Linux. Also the only site where I pay to read articles, well worth it.

                                                                                                1. 4

                                                                                                  only site where I pay to read articles

                                                                                                  ++

                                                                                                  1. 8

                                                                                                    It’s a really well written response to a rant, full of technical details, and it sums up nicely to: NetworkExtensions framework is a total mess, AppleStore model doesn’t help, and developing on Mac on a low level is not fun (last one is my interpretation).

                                                                                                    1. 2

                                                                                                      Apple doesn’t give us a lot of control over anything

                                                                                                      This is the point where every self-respecting hacker would uninstall this operating system and install something that gives them control, like Linux. It is a mystery to me how so many brilliant people let their machines be dominated by these bullies day in day out.

                                                                                                      1. 12

                                                                                                        This is the point where every self-respecting hacker would uninstall this operating system and install something that gives them control, like Linux.

                                                                                                        Are you suggesting that I uninstall Linux in order to install Linux?

                                                                                                        In order for WireGuard to be useful, people need to be able to use it. And that means porting it to other operating systems, even the ones that you find icky and make me tear my hair out. Perhaps you’re a man of principle and figure, “don’t stoop to Apple! Boycott the OS! Don’t spend your time on it! Don’t help that world!” But this still misses the point that I want to make things that are useful to people, even to people who haven’t made the same choices as you and me to use Linux. And on a more personal level, I’d like to be able to use WireGuard with friends and family who run other operating systems like macOS or Windows. “Convince them instead to drop their computers in the sink and get a Thinkpad W701ds to run Linux instead!” Please…

                                                                                                        1. 1

                                                                                                          Are you suggesting that I uninstall Linux in order to install Linux?

                                                                                                          Everyone knows that True Hackers™ install a new distro at least once every 127 days. They also have a cron job to recompile the kernel every night.

                                                                                                          At any rate, for me, personally, life is just too short to have to deal with this kind of stuff. I’m all for pragmatism and I can deal with less-than-idea (“broken”) APIs and all of that, but the whole “we approved your app yesterday but we’re rejecting today’s update to fix a critical error because of some obscure small donation link to a non-profit” is just … yeah nah, I can’t deal with that kind of dystopian insanity completely devoid of any reason. So kudos for putting up with that.

                                                                                                        2. 2

                                                                                                          Are you considering every laptop owner, a self-respecting hacker?!

                                                                                                          You certainly don’t need to be a “hacker” to use a VPN, if you target specifically the authors of the posts, then they probably have their reasons and it would be interesting to know about them.

                                                                                                          1. 2

                                                                                                            Are you considering every laptop owner, a self-respecting hacker?!

                                                                                                            Of course not.

                                                                                                            if you target specifically the authors of the posts, then they probably have their reasons and it would be interesting to know about them.

                                                                                                            Yes, I’m specifically talking about them. In addition, there are a lot of programmers who use macOS, some of which I know personally and hold in high esteem. The most common reasons I hear are the quality and software integration of the touchpad, music & media applications and the form factor & hardware of the laptops. I can respect the music & media argument (just like you would use Windows for games), the other points are a rather low price for your hacker soul.

                                                                                                            1. 2

                                                                                                              I rarely “hack” my Linux system though; most of the times I want things to Just Work™.

                                                                                                              My definition of “just works” is rather different than the average macOS user – to quote an ex-girlfriend: “why don’t you use your computer like a normal person?” – but that’s just a matter of taste.

                                                                                                      1. 10

                                                                                                        Fun fact, the Rust compiler does not have to arrange struct fields in the order they are defined, therefore it can pack for you without you having to do anything. If you want a stable ABI, you write #[repr(C)] on the line before the struct keyword, this gives you C-style control over the field order (https://doc.rust-lang.org/reference/type-layout.html#the-c-representation).

                                                                                                        1. 4

                                                                                                          What the user wanted here, when adding the last prop, was to set a top level property.

                                                                                                          But what really happens is that the property is added to the second item of the "chars" array.

                                                                                                          I have a hard time believing that anyone who has ever written or modified an INI file would be confused about this. Considering that this is the only illustrated criticism of TOML in this entire post, I’m puzzled as to why this person switched away from TOML.

                                                                                                          Now, I understand what they mean when they call the language alien and confusing. But so are YAML, XML, etc. when you first encounter them, it’s just that people are accustomed to these decades old languages. Is it possible to create a configuration language that is intuitive to inexperienced newcomers and covers all the use-cases of TOML? Time will tell.

                                                                                                          1. 5

                                                                                                            The problem isn’t with the software author. Being the author of broot, I wouldn’t have to change the format if I was the sole user. The problem is when people stop trying to configure your software because the changes they do have no effect.

                                                                                                            Adding a line to a configuration file is something that linux users do all the time.

                                                                                                            People who’ve been told that to achieve an effect they would have to add this line in their config.toml file won’t read the whole file to scan whether there’s a better location, they’re used to add it at the end as they do for example in their .bashrc file. Of course, coming back later they would probably try to organize everything but they won’t because their first reaction is that there’s a bug in the application since the added line did nothing.

                                                                                                            I don’t pretend that TOML is bad for everything but that such confusion makes it unsuitable for many programs as it has proven to be for broot.

                                                                                                            1. 4

                                                                                                              I see. I wish you went into more detail about this in the blog post because it’s a good point.

                                                                                                              I think the solution here is not to use the global scope at all in an INI/TOML file, such that it’s always clear what section an attribute belongs to. In addition, your application could throw warnings or even errors if unknown keys are detected (careful with backwards compatibility, though), or it could print the configuration back to the user so that they can check if everything is configured properly. It could also offer a dry run of configuration parsing.

                                                                                                              Interestingly, I noticed that many Linux utilities have this configuration problem, and many just “swallow” any nonsensical configuration and exhibit default behaviour, something that has often cost me a lot of time. It’s even worse if they use their own configuration language that is often fraught with parser ambiguities and problems. It’s good to see developers like you caring about how users interact with the configuration file.

                                                                                                              1. 2

                                                                                                                Thanks, I’m editing my blog post to take this into account, and try to make it clearer.

                                                                                                                1. 1

                                                                                                                  I think the solution here is not to use the global scope at all in an INI/TOML file

                                                                                                                  That seems the obvious solution to me as well, if this single confusion that users have is the only issue with the format. Generally speaking, I also think this is better than this proliferation of almost-but-not-quite JSON formats, each with their own “conveniences” added that might cause more confusion. Especially the unquoted string values and possibly the implicit comma on newline seem like footguns in disguise.

                                                                                                                  Comments, optional trailing commas and unquoted string keys seem like much more obvious advantages to me. Especially considering unquoted keys don’t have the ambiguity of “should the key be evaluated?” (which JS actually never does, but for example Python does) and “is this key a reserved JavaScript keyword?” like in JavaScript. But then, if you drop that it’s technically not eval() able anymore in a JS interpreter, which was arguably JSON’s biggest “advantage” (with all the security problems that entailed).

                                                                                                            1. 2

                                                                                                              I don’t. I just use Notepad++. As long as the project is below 100k LoC and I wrote everything myself, I don’t need it. For larger projects at work, I use Eclipse CDT (for C/C++). I’ve also been looking into Visual Studio Code combined with Rust Language Server (RLS), that looks pretty promising and has helped me out a couple of times.