1.  

    It was then that I remembered that Lawrence Livermore Laboratory, a Laboratory owned by the Department of Energy and run by the University of California at Berkeley. The Livermore Lab is a located in Livermore, Califonria — just 20 miles from San Francisco, out Interstate 580. I had been at the lab in 1989 for an article I was writing for the Christian Science Monitor. Back then, the people in the press office had been very helpful. I was sure that a national weapons laboratory would have the facilities for burning a few kilograms of magneisum. They would probably have the necessary permits as well.

    I’m a bay area local and this jumped out at me as being quite an underestimate of how far away Livermore is from SF. It’s more like 45 mile drive, the most direct route is crossing the Bay Bridge, getting onto 580 going east then south through Oakland and the east bay (which is itself about 20 miles of driving) before 580 turns east in Hayward and goes another 20 miles or so to Livermore.

    Getting to see Lawrence Livermore’s facilities was probably cool, but I probably would’ve tried to find somewhere closer to SF to burn the thing.

    Also “Freemont” is spelled with just one e, it’s “Fremont”.

    1.  

      Very neat project. I’ve been using Inconsolata as my terminal font for a long time, and it was ranked pretty highly when I went through the site. But actually Noto Sans was the overall winner for me, and I discovered that also rather liked Fira Sans or Fira Mono (those two look basically identical to me, even comparing them side-by-side). Oxygen Mono is also not bad-looking. I just got a new computer, so since I’m setting up my dev environment there anyway I might try out one of these fonts as a default for a bit and see how it compares to Inconsolata long-term.

      I also discovered some fonts that I definitely don’t like, at least not as a terminal font. Major Mono seems to deliberately use glyphs that look like upper-case letters for lower case ones, and in general looks like a dystopian sci-fi font, which is not at all what I want when I’m coding. And Nova Mono is way too cursive-looking for an ostensibly monospace coding font.

      1. 22

        This wastes a lot of time denigrating other peoples’ free donated labour.

        Fine, your requirements are that you don’t want to install anything and that you don’t like boilerplate, got it. Is “oh god my eyes” and “what the goddamn hell is this supposed to be” necessary? What is it helping? Generally when a library author settles on a solution it’s because they have some constraints. Maybe the boilerplate is because they expect you to customise that bit, or because their approach is generic enough that you need to fill in the gaps to glue it to your particular problem. Maybe those constraints don’t match yours and it’s not a good fit for you but it’s probably not because they’re trying to assault you personally and everyone except you is stupid.

        You’re fully in your rights to just not use it, nothing wrong with that. You’re finding yourself in a wealth of choice, given this opportunity to be choosy, because of the generosity of these people whose work you’re shitting on instead.

        1. 8

          Qt has accessibility. The author states that installing it is more work than they want to do. I’ve installed Qt on various platforms and it’s not been difficult.

          I don’t feel like this is an honest evaluation, but rather a lazy stab at ticking an ‘accessibility’ box without having to put even a small amount of effort into understanding the very basics of some well regarded frameworks.

          1.  

            Yeah installing QT is fairly simple, even more for the amount of stuff it can do. Using QT with anything but C++ isn’t something on my wish list, as far as my little experience with that goes. Oh and if the author is already afraid of installing QT, a “binding generator” will be far too much for them.

          2. 8

            It wasn’t at all a waste of time for the OP to write this. I’m actively interested in writing a GUI program in Rust, and I myself have looked into a few of the libraries mentioned here and come to some of the same conclusions about their immaturity for my use case. It was directly helpful for me to see this analysis of some of the GUI libraries I didn’t try myself.

            I agree that it’s in poor taste to denigrate the work of people releasing an open source library to the world; but it’s not any meaningful kind of denigration to look at open source libraries critically, evaluate whether they meet your needs, and say so honestly and publicly if the answer is “no” or “not yet”. Which is what the OP was doing.

            1.  

              Sorry, doing the survey and documenting it wasn’t a waste. A reader has to read it through the lens of the writers’ requirements of course but that’s always the case (which again, include not installing anything, a lack of boilerplate, and accessibility features; all legitimate requirements). The unnecessary negativity to other peoples’ work in the middle of it is what I’m railing against

            2.  

              Is “oh god my eyes” and “what the goddamn hell is this supposed to be” necessary? What is it helping?

              Well, at least it’s good to know that people in the Rust community are just as nice to each other as they are to those who aren’t using Rust…

            1. 13

              This is a stream of consciousness/wall of text that’s mostly a political polemic that feels like it was written 25 years ago, but addressing specific points (there is a LOT to address, but a subset regardless):

              • A mention of Xbill, but no M$Micro$oft. It could be getting off on a worse start, I suppose.

              • Secure boot is required to allow you to enroll your own keys, and remove Microsoft’s. And of course, boot your own OS. If it doesn’t, the vendor fucked up, end of story. Having other OSes be signed with those keys is convenience. You’re missing out on a lot of security features otherwise, and it pisses me off when people fail to understand it.

              • I no longer like ThinkPads. but for very different reasons (comment thread) from the author. His specific complaints feel so small potatoes (i.e. the LEDs), to be honest.

              • I have a dim view of “repairability” - just because it can be fixed, doesn’t make it worth it, nor does the fact its repairable make up for other sins (i.e. defective design that requires repair). Of course, the decisions for repairability also enact failure points (i.e. sockets and slots, which have mechanical failure), and the long march of VLSI has overall made things more reliable and integrated at the cost of modularity. I’d rather use my nearly 8 year old MBA which has required no maintenance and has a good battery (overall far outliving the typical lifecycle) still over my ThinkPads which have required it and aged like milk left out in the sun. (Most of the time when opening a ThinkPad, it’s to clean out the fans… which before the supposedly reviled Haswell area models, was much more annoying to do.)

              • Since we’re off-topic in the first place, a business prediction: Framework is either going out of business or committing a cardinal sin that pisses their fanbase off within 5 years.

              edit:

              • “That’s really the least of my concern, but since I paid more than 1k€ for this and it was sold for 2.5k€ new, I believe I have the right to be picky.” Wait, when did you pay 1k for this? You got scammed hard if you’re paying over a thousand for a a ThinkPad from ~2014.

              • “Ok, 3k was a bad idea, I hate not seeing individual pixels and my eyes are getting older so I had to force it to FullHD resolution.” But that’s the point of high-DPI?

              1. 7

                I have a dim view of “repairability” - just because it can be fixed, doesn’t make it worth it, nor does the fact its repairable make up for other sins (i.e. defective design that requires repair). Of course, the decisions for repairability also enact failure points (i.e. sockets and slots, which have mechanical failure), and the long march of VLSI has overall made things more reliable and integrated at the cost of modularity. I’d rather use my nearly 8 year old MBA which has required no maintenance and has a good battery (overall far outliving the typical lifecycle) still over my ThinkPads which have required it and aged like milk left out in the sun. (Most of the time when opening a ThinkPad, it’s to clean out the fans… which before the supposedly reviled Haswell area models, was much more annoying to do.)

                I care strongly about the repairability of the battery - which is really the replaceability, since lithium ion batteries are a perishable item. I really hate having any kind of electronic device where its effective lifespan is limited by how long the battery can keep being recharged, and I prefer to buy electronics with user-replaceable batteries over ones with non-user-replaceable batteries at any opportunity. Repairability of other items on the laptop is a secondary concern, although not an unimportant one in my view.

                1. 1

                  No such thing as non-user-replaceable for a user with enough determination :)

                  Though something like the Microsoft Surface line where e.g. even the Surface Book is actually a tablet rather than a laptop so you do have to unglue the screen to replace the battery is quite horrible.

                  1. 1

                    When you hit a point where you need to replace cells, it gets awfully close to that. Here’s a decent description:

                    So checking the PCB again I found a curious small circuit which burns a non resettable fuse when problems are detected, trashing the battery.

                    That’s a different kind of fuckery than the glued-in-behind-the-screen thing.

                    1. 2

                      Lithium cell replacements is a massive annoyance that I’ve seen few. (It’s one of the biggest misses with Framework - either standardize a prismatic form factor, or make it easy to pop up raw cylindrical cells.)

                      Regarding in existing laptops: I don’t really care if it’s done with a screwdriver. The cells should last for years (cough unlike a ThinkPad) so it shouldn’t be a common operation.

                2. 4

                  I started writing a response to this article, but the more I read the more I realized it was pointless. It has all the tired old tropes ranging from “firstly, it’s GNU/Linux” to “Microsoft wants to establish a fascist dictatorship with secure boot!”

                  I will say this; if this is intended to communicate something in the direction of Lenovo – as hinted by at the title – then he certainly succeeded in that goal, although I’m pretty sure what it communicated to Lenovo is quite different from what he intended to communicate, assuming someone from Lenovo even reads this (probably not – I hope not anyway).

                  I really hate this kind of stuff because it’s a bad look on the entire community.

                  “That’s really the least of my concern, but since I paid more than 1k€ for this and it was sold for 2.5k€ new, I believe I have the right to be picky.” Wait, when did you pay 1k for this? You got scammed hard if you’re paying over a thousand for a a ThinkPad from ~2014.

                  That does seem a bit much, although ~€1k does seem to be the going rate if I search W541 on NewEgg. The W range are usually pretty darn expensive; comes with nVidia Quadro cards and fancy stuff like that.

                  1. 2

                    He really, really needed an editor here if he wanted to get his point across. It felt like I was reading three articles with their pages spliced into each other. It might have been the same rant, but more direct to the point.

                    price

                    Hmmm, here W541s seem to be going from 350-700 loonies (former a bit high but reasonable, latter seems nuts tto me), around 250-480€. Not including shipping or tax, FWIW. Electronics are fairly expensive here, so I think he absolutely overpaid.

                    1. 1

                      That does seem a bit much, although ~€1k does seem to be the going rate if I search W541 on NewEgg. The W range are usually pretty darn expensive; comes with nVidia Quadro cards and fancy stuff like that.

                      Yikes. The going rate on eBay US seems to be around $385 for W541s with Core i7-4600, 16GB, 512GB with Quadro K1100M/intel hybrid graphics. The €1k range feels like more than double what you’d spend for one of those + shipping from US + an appropriate power brick. I’d go so far as to call it “scammed hard”. Particularly since OP’s description reads more like an individual sale than a shop like NewEgg.

                    2. 2

                      I have a dim view of “repairability” - just because it can be fixed, doesn’t make it worth it, nor does the fact its repairable make up for other sins (i.e. defective design that requires repair).

                      This is a fairly nuanced viewpoint, and I’ll try to respond in similar vein. It doesn’t have to be either-or.

                      I think the strongest defense of the repairability movement is that it is leveling up our society by raising consumer sophistication. We want consumers to make purchasing decisions based not just on short-sighted feature lists but secondary effects like the holistic UX, total cost of ownership (durability) and commons effects.

                      In this context, repairability adds a new component to a product’s “fitness vector” without replacing any existing concerns. If the design is defective in obvious ways we already have ways companies compete on that.

                      1. 4

                        I mean, I bought my phone from the “I do not want to buy another phone for >5 years” angle. Repairability is a useful metric, but I think it’s as you say, nuanced.

                        To be more clear, I feel the right-to-repair movement is picking the wrong battles, because engineering and economics are about trade-offs. Soldering things down actually can increase reliability and reduce the need for repair, and is usually a natural consequence of integration, and things like slots are mechanical points of failure. When was the last time you had defective L2 cache since it all went on-die? Likewise, waterproofing makes it harder to service but reduces the likelihood of needing a repair. (Per friends who work in the e-waste world: Macs after they started soldering things down tended to be far more reliable and almost never broken when they hit recycling than their predecessors or contemporaries. Unfortunately ancedata, would love harder statistics)

                        Another example: who cares if I need a screwdriver to replace the battery, if replacing the battery isn’t needed because proper power management increases its lifespan to 5-10 years? The interval between replacements is long enough that opening the thing up wouldn’t be a bad idea, and it may have exceeded its expected lifecycle after some replacements anyways. (that is, it’s moved beyond daily driver capacity, because the platform has aged too much and isn’t up to the task anymore/electrically incompatible with upgrades, parts no longer made, or the system has physically worn out and is no longer economical to service)

                      2. 1

                        When I was in college, I recall being adjacent to a community of ThinkPad enthusiasts. One of the tropes of this community was an emphasis on reusability and swappable components. The ThinkPads were not just beloved like stuffed animals, but also hackable like stuffed animals.

                      1. 18

                        This resembles my experience in adding types to existing projects: you almost always find a few a couple of real bugs. The other thing is that typechecking speeds up development: mypy is usually quicker to run than the testsuite so you waste less time before finding out you’ve made a silly mistake.

                        1. 4

                          I wholeheartedly agree, however, the type errors can be dizzying for programmers who aren’t software engineers. I work with data scientists & product managers who contribute Python code, and adding mypy types had some negative effects to their ability to contribute. Overall, I think we came out ahead; I’m thankful for mypy. I’d love to see better error messages.

                          1. 5

                            Yeah, this is somewhere where I think most type checkers/compilers leave a ton of value on the table – tracking down a bug caught by a type error is usually much easier than than one caught by a test suite (or in prod…), because it points you to the source of the error rather than the eventual consequences of not catching it. But then many type checkers do a poor job of explaining the error, which undermines this. Elm deserves mention for doing a particularly good job here.

                            1. 3

                              I would rather teach data scientists who use Python about how to use type annotations than forego using them in Python programs just in case a data scientist needs to touch that code.

                              1. 2

                                I work on pytype, and we do try to improve the error messages where we can (e.g. here’s a recent commit improving “primitive types ‘str’ and ‘int’ aren’t comparable” to “primitive types ‘x: str’ and ‘10: int’ aren’t comparable”), however when you’re down in the weeds of developing a type checker it can often be hard to notice an error message is not readily comprehensible or helpful. I would encourage you to file a bug with mypy whenever you find an error message hard to read.

                            1. 1

                              This kind of feels like it should be an OpenSCAP tool. Is this really different in some way I’m missing, or is it distinct mainly in an attempt to sell the enterprise version?

                              1. 2

                                Maybe it should be? I just learned about the existence of this tool myself recently, and I’m not familiar at all with OpenSCAP. I care about this class of tool because I run some personal linux servers and I’d like to be able to run a simple command line utility that tells me if I’m making any obvious security mistakes it knows about, which is what lynis looks like it does. If there are other better tools that do similar things, I’d love to hear about them.

                                1. 1

                                  You might want to check out the tools from OpenSCAP then. The nice thing about them is that they process a standard scanning and configuration format, and many developers/vendors publish “policies” that tell any tool that can consume that format how to scan and often how to fix configurations.

                                  It sounds like there’s a lot of overlap. There also may be no harm in running both for better coverage since neither needs a long-running agent on your system from the looks of it.

                              1. 0

                                Apologies for being so direct but what exactly is someone’s model of change in the world, in systems with incentives, to spend so many words on a „pretty please“ that is doomed to be ignored?

                                1. 11

                                  This message is aimed at android developers who care about privacy and not being dependent on Google services, which is a pretty wide range of people. They are not inherently incentived against using an alternative to google services, and indeed might genuinely be unaware of the existence of UnifiedPush (like I was until now) until they read a blog post advocating it.

                                1. 13

                                  I need to learn to read the actual article before freaking out over the title.

                                  EDIT: @hwayne would recommend editing the title slightly to prevent misunderstandings, as apparently I’m not the only one. Maybe something like “Design with Judaism in mind”.

                                  1. 13

                                    EDIT: @hwayne would recommend editing the title slightly to prevent misunderstandings, as apparently I’m not the only one. Maybe something like “Design with Judaism in mind”.

                                    I think it’s a great title exactly because of this. Far too many people comment without actually reading the damn article. I’ve been (re)watching Babylon 5 and I’m reminded by this scene. “I always leave a little room for someone to disappoint me”.

                                    1. 12

                                      Obvious trolling is obvious, and frankly a pleasant surprise in the current climate. I appreciate it. Not jewish myself, but Grandma’s name was Solomon and I’ve got some uncles who look like cartoon propaganda art.

                                      1. 5

                                        I think that’s a better title. “Jewmain” is a novel coinage, and while it’s easy enough to figure out that this article is about Jews, it took me a second reading to realize the pun on “domain-driven”, which is a bit of a stretch.

                                        1. 2

                                          Yes I was confused at first sight as well, but reading the article brought up some points I didn’t know about, like with the oven or how in Israel, Passover is 7 days as opposed to 8. I guess it’s a good thought exercise in how you add logic to your programming to support cases like these.

                                          1. 5

                                            The oven isn’t the only appliance with Sabbath mode. I believe there are also elevators that stop at every floor so you don’t have to operate the elevator.

                                            1. 1

                                              There’s a Sabbath elevator at Johns Hopkins. I would expect them in any major US city with a large Jewish population.

                                              1. 1

                                                I’ve only ever seen them at Johns Hopkins hospital and in New York City personally. I’m sure there are more of them, but I’ve never seen one in Chicago, for instance. Nor in Atlanta. Nor in DC, Nor in Miami. Nor in Los Angeles. Nor in San Francisco. Nor in Boston. Nor in Minneapolis. Those are just the specific major US where I’ve spent more than a few weeks without observing one. What other locations do you see them in?

                                                Also, is there any reason (other than familiarity) that you confined your expectation to US cities? I’ve never seen one in Paris or London, for instance, but I’d have had no specific reason to expect (or not expect) to.

                                                1. 7

                                                  The number of Jews living in the US is vastly higher than abroad, by orders of magnitude. Accommodations I’m used to here are literally unheard of in Europe, even in the big cities. I’d guess that where @carlmjohnson was coming from.

                                                  Edit: and it hits me that things like the French concept of laïcité actively work to discourage accommodations.

                                                  1. 6

                                                    To buttress this point with some data, over half of all living Jews today live in America. Another 30% live in Israel. The next highest country by population, France, accounts for a mere 3% of the world’s Jewish population — where they make up 0.7% of the country’s population; less than half of their prevalence in America, which is 1.5%, and so not explainable simply by virtue of France being a smaller country than America.

                                                    And it’s even more concentrated than that data might appear to show: 1.5 million of America’s 7.6 million Jews live in the NYC metro area, which is greater than the Jewish population of Chicago, Philadelphia, San Francisco, and D.C. combined. To put that in perspective, over 10% of all Jews alive today live specifically in the NYC metro area — and even in NYC they are nonetheless a small minority of city residents. There just aren’t that many Jews living in the world. Most places have almost none.

                                                    And not to put too fine a point on it, but that isn’t by accident. Europe, including France when it was under German occupation, genocided nearly all of its Jews: successfully murdering two out of every three European Jews, and most of the one-third remaining survivors fled to America, where they arrived at Ellis Island in the NYC area. The Middle East and North Africa unsuccessfully tried to do the same, albeit in a less organized fashion: those native Middle Eastern and North African Jews were largely saved by fleeing to Israel, where they make up 61% of the Israeli Jewish population, contrary to many Americans’ assumptions that Israeli Jews are mainly white descendants of Europeans.

                                                    1. 1

                                                      In my experience, synagogues in Europe always have guys with machine guns standing around out front. It is very different than the US.

                                                      I wouldn’t say though that the US as a whole has very high numbers of Jewish people. NYC specifically and then a few other Northeast cities do. Baltimore, for instance, has a large number of Orthodox Jews who caught measles pre-pandemic. I’m not as familiar with the rest of the country but I think there are a couple of enclaves in various cities throughout the midwest and whatnot.

                                                      An interesting comparison is the number of Native Americans, which IIRC is approximately same at a national level (around 1% of US population), but the distribution is completely different, so there are very few Native Americans in NYC, Baltimore, etc. and a lot in the West, Southwest, etc.

                                                    2. 1

                                                      Oh, there’s at least one in LA (Cedars-Sinai). Placards on the door too.

                                                      1. 1

                                                        Plenty of them in Toronto hospitals.

                                                        1. 2

                                                          It makes perfect sense that they’d be more common at hospitals. I was scratching my head at how I’d not noticed them most places, even ones I’d visited quite a lot. Especially since it’s the kind of thing I find interesting and would take notice of.

                                                          I (thankfully!) rarely visit the hospital.

                                                          1. 2

                                                            You’ll only find Shabbat elevators in places Jews would conceivably be on Shabbat. So, no office buildings or the like; just apartments and doctors’ offices. (And a few other things I’m glossing for expediency.)

                                                            You’d also have to know to look for them. In one of my NYC apartments, a freight elevator was a Shabbos elevator, but, since tenants wouldn’t normally be using the freight elevator, most didn’t know about it.

                                                            1. 1

                                                              Both my daughters were born at Mount Sinai, which, I guess it shouldn’t be remarkable lol

                                                      2. 1

                                                        Don’t forget the Sabbath light switch!

                                                    3. 2

                                                      I’m curious, what was your initial response?

                                                      1. 12

                                                        Mine was “Oh fsck me, how did antisemitism make it this high on Lobste.rs!”

                                                        1. 1

                                                          That was also my instant reaction, which lasted until I noticed the author’s name in the URL.

                                                    1. 10

                                                      Maybe I’m pretty much alone with this opinion, but I prefer my window theme/chrome dark but still read stuff in “light mode”, aka dark on light.

                                                      This was related to something I (erroneously?) brought up in the channel last night:

                                                      usually when the operating system’s UI is set to dark mode.

                                                      But it seems I’m simply using a wm/de (xfce) which doesn’t do this, so I guess it won’t magically switch when this goes live.

                                                      No real point to pro or con for this feature, but I found it surprisingly hard to just search for info if I could switch it off in the browser(s) I use. So much outdated info and “there should be a toggle in the settings” but it wasn’t. I guess that’s what you get for not caring about dark mode until now and just clicking that toggle manually on a few pages and apps.

                                                      1. 5

                                                        You’re not. I’m the same. And I absolutely hate it when websites force a dark theme on me without giving me an option to change it.

                                                        1. 1

                                                          I also use this pattern. I set mobile Firefox into dark mode to get the Firefox chrome to be dark, but often want websites to be light mode themed. I would very much like for the dark mode to be toggleable on the site (unless there’s a way to make Firefox still style its own chrome with a dark theme but send the prefers-light-mode header to websites?)

                                                        1. 6

                                                          In any normal project, this would have been seen as a cool feature, but in Gemini it is seen as a harbinger of the adtech apocalypse. The protocol is fixed in stone - for the stated reason that it should be easy for a normally talented developer to code a client over a weekend.

                                                          One of the biggest problems with the web as a platform is that it’s intractable for a single developer to build a full-featured novel client for it at all. Web browsers are among the most complicated pieces of software in common use, and this makes it very difficult to fork them even if the code for them is free software. So I am sympathetic to a project making developer friendliness an explicit goal.

                                                          But I am inclined to agree with @gerikson that if this emphasis on developer friendliness means that creating a text file for a gemini version of a favicon is controversial, then this principle has gone too far in the direction of denying useful features. I haven’t used gemini very much myself, and that’s in large part because I have the same impression from what I have learned about the protocol that @gerikson does: “ the ecosystem denies them room to grow, to identify the pain points that have been overlooked by the original designers, or to take the project in a new direction.”. The gemini documents linked in this blog post, I read in my web browser via some kind of translation layer.

                                                          Of course, in 1993 web browsers were probably simple enough that a developer of average skill could implement one in a short amount of time. The complexity of the modern web evolved in an organic way over more than two decades. I don’t know how to create founding principles for a software project that allows developers to reasonably fix pain points, while preventing something like the intractable complexity of the browser from happening again.

                                                          1. 12

                                                            One of the biggest problems with the web as a platform is that it’s intractable for a single developer to build a full-featured novel client for it at all. Web browsers are among the most complicated pieces of software in common use, and this makes it very difficult to fork them even if the code for them is free software. So I am sympathetic to a project making developer friendliness an explicit goal.

                                                            Here I think it’s important to decompose the idea of the “web”. The web went through many stages of growth, but initially the Web was a document-distribution platform which used HTTP, an L7 protocol for sending and receiving information, and HTML, markup code for documents on the web. CSS came in shortly after to add styling. Then Javascript was added by Mosaic for page-dynamic content. The early web really wanted to be a web of documents and supported linking to other documents, and the web was meant to be a World Wide Web of interconnected information. Tim Berners-Lee, the creator of the web, had wanted to make it easy to author documents on the web, but for various reasons, this went by the wayside. A lot of the complications of the modern web come from its eventual evolution into an application platform.

                                                            One of the benefits of this messy evolution and tall pile of resultant complexity is that older forms of the Web still work flawlessly on browsers today. Had Gemini just decided to distribute a less complex format atop HTTP, a wealth of libraries in millions of devices would have been able to at least fetch its pages. Had Gemini decided to go with a subset of JS, a subset of CSS, and just basic HTML (or more/less restrictive subsets thereof), even current web browsers would be able to display the output, while new browsers could be created to take advantage of Gemini norms. Gemini threw all of this away and implemented a new protocol and a new markup format. While in theory you can distribute anything over the Gemini protocol, most documents are Gemtext with a minority in plain text.

                                                            and that’s in large part because I have the same impression from what I have learned about the protocol that @gerikson does: “ the ecosystem denies them room to grow, to identify the pain points that have been overlooked by the original designers, or to take the project in a new direction.”.

                                                            I was very excited by Gemini in the beginning and wrote a bunch of stuff on it. But after the fun of writing 3 servers and 3 client libraries wore off, I realized… there wasn’t much to do. As a developer I was done. As a user… I rolled my own static blog site, which I could do trivially on the web. There were some experiments with games and guestbooks but a lot of it was frowned upon. The favicon.txt controversy that @gerikson talked about is another example of the community rejecting extensibility. In other words, the platform just ended up being a static blogging platform with a lot of ceremony around it. I could probably distribute epub files over FTP and get the same effect, and have to write an order of magnitude less code around it, with mature software to fetch files and display my content.

                                                            Of course, in 1993 web browsers were probably simple enough that a developer of average skill could implement one in a short amount of time. The complexity of the modern web evolved in an organic way over more than two decades. I don’t know how to create founding principles for a software project that allows developers to reasonably fix pain points, while preventing something like the intractable complexity of the browser from happening again.

                                                            If I had to choose, I would bootstrap it atop HTTP at the very least, and possibly over HTML. I think there’s a lot of room to explore here given the messy evolution of the web and I’d hate to have Gemini be the end of this experimentation of finding a sane, developable subset of the web that empowers developers and users.

                                                            1. 1

                                                              Had Gemini just decided to distribute a less complex format atop HTTP, a wealth of libraries in millions of devices would have been able to at least fetch its pages. Had Gemini decided to go with a subset of JS, a subset of CSS, and just basic HTML (or more/less restrictive subsets thereof), even current web browsers would be able to display the output, while new browsers could be created to take advantage of Gemini norms. Gemini threw all of this away and implemented a new protocol and a new markup format.

                                                              You might be interested to learn that Solderpunk, the founder of the Gemini project, had previously written “Shizaru”, an “opinionated HTTP server” that served a configurable subset of HTML, blacklisted or whitelisted MIME types, and several other configurable restrictions.

                                                              Gemini is a community and an experiment. It doesn’t close off the possibility of other experimentation.

                                                              1. 3

                                                                I was there in the beginning so I’m aware of “Shizaru” the opinionated server. I’m not completely satisfied with why Shizaru was rejected.

                                                                Gemini is a community and an experiment. It doesn’t close off the possibility of other experimentation.

                                                                The messaging of Gemini really frustrates me. The main Gemlog page (apologies for linking to the web here) cites Gemini as “a new internet protocol”. None of the founding documents say that Gemini is a community. Is FTP a community? Is SMTP a community? SCTP? There’s a mismatch between the messaging of the Gemini protocol itself and the thoughts of Gemini users as a whole. I don’t send emails over SMTP in order to join the “SMTP club”, so I think it’s a bit disingenuous for Gemini to be a community and a protocol. Protocols are about allowing disparate agents to communicate over the protocol; protocols are a common language between otherwise non-aligned agents. I can send and receive SMTP and use it for sending status reports about cron jobs, communicating with friends, or reaching out to a business I am buying something from. I can do the same with FTP or SCTP. Gemini users seem to be saying that Gemini isn’t like this, in which case Gemini isn’t really a protocol. Reddit and Lobsters don’t call themselves protocols either.

                                                                This is important because protocols are all about bringing disparate agents together. This can be machine agents, this can be human agents, this can be people who are using dramatically different platforms on dramatically different devices. Protocols bridge agents with very different outlooks on the world. Importantly, protocols encourage different ways to use them, as long as the specification of the protocol is adhered to, at times leading to evolution and experimentation. A community, like a subreddit, is a very different concept, and much more narrowly scoped. My D&D group is a community of sorts, but it certainly isn’t a protocol. Gemini advertises itself as a protocol, which makes it seem more inclusive and free-form than in practice it ends up being, and is a form of “slippery messaging” that I’m not a fan of.

                                                                1. 2

                                                                  I feel you are reading far too much into my offhand comment.

                                                                  1. 2

                                                                    You’re probably right and I should go back to other things. FWIW I don’t mean to direct these questions/criticisms to you as much as to explain my thought process, so apologies if I made it seem that way.

                                                          1. 2

                                                            At first glance, this seems impossible. But with global warming and the environment in mind, I do wonder if it wouldn’t solve many our problems. It wouldn’t be be economically sane to offer infinite software updates for a one-time purchase, but for a recurring fee? That seems a lot more viable. Just sell the updates instead of giving them away for free. It is not even unthinkable, considering the massive movement towards subscription services that has been going on in the software world.

                                                            1. 2

                                                              I don’t think this kind of law would solve any environmental problems. The environmental impact of a piece of consumer electronics like a PSP is that it took some amount of energy to build it in a factory (and build all of its inputs, transitively, until you get to the energy cost of mining them out of the ground), and took some amount of energy to ship it from the factory to the consumer. Exactly like every other physical good that people use - there’s nothing special about consumer electronics.

                                                              The chain of reasoning that someone might perform to conclude that a law requiring perpetual software support of consumer hardware devices would solve the environmental problem of global warming is something like: a law would force manufacturers to provide software support for a longer period of time -> consumers would use their devices for longer than they currently do in the absence of such a law -> consumers would be less prone to buying new devices -> this would reduce demand at electronics factories to build and sell new consumer electronic devices -> they would use less energy as a production input -> less energy implies less burning of fossil fuels for energy -> less CO2 emitted into the atmosphere.

                                                              I can see multiple problems with this chain of reasoning; to pick one in particular, I don’t think people actually do buy new electronic devices solely because their old ones no longer receive software updates. I think people buy new electronic devices because the state of the art of electronics devices is actually advancing, and people want to be able to do new things that new devices let them do and old devices can’t. A PSP that still received software updates doesn’t actually replace something like a Nintendo Switch - I can’t use a PSP to play Breath of the Wild or Metroid Prime 4, and if economic conditions compelled video game manufacturers to design modern games like these for the PSP’s hardware, because it was prohibitively expensive to sell new hardware, they would likely be inferior games.

                                                              Something that people who are concerned about the environmental impact of human economic activity don’t think about clearly is that the environmental benefit of avoiding energy/resource use in a particular economic production process only happens if it is prohibitively expensive to use that particular energy or resources. A world where everyone was still playing video games on a PSP because after 2008 it became prohibitively expensive for companies to build a new video game system, would be one where everyone’s material standard of living was lower because all sorts of electronics made with similar manufacturing techniques would also be prohibitively expensive. If the cheapest smartphones cost $50,000, there would be way fewer smartphones manufactured because way fewer people could afford them at that price, and a billion people in the 3rd would would just not be accessing the internet.

                                                              1. 2

                                                                I don’t think people actually do buy new electronic devices solely because their old ones no longer receive software updates. I think people buy new electronic devices because the state of the art of electronics devices is actually advancing

                                                                Well, the size of the set of people who upgrade because a device improved is not empty, but is the size of the set of people who upgrade due to needless obsolescence fully empty? Two things can both be upgrade reasons to different people. There’s an environmental win if anybody stops upgrading, not necessarily everybody.

                                                                I’m typing this from a 2013 era desktop that I could easily afford to replace. I don’t because it works, it’s updated, replacing it seems like effort, and I’m just too lazy. So I don’t think it’s true that I’d buy new electronics unless it’s prohibitively expensive - I just need moving to a new thing to be less convenient than using the old thing, which tends to favor the old thing unless the broader ecosystem actively rejects its ongoing use.

                                                                1. 4

                                                                  The other part of this if were specifically talking about environmental impact is spare parts. Not just in the right-to-repair sense, but how long should Sony be required to keep the manufacturing line for PSP replacement batteries running? LiPos have a bad shelf life in general; they can’t really just produce 15 years worth of spares and stuff them in a warehouse somewhere because 15 years later they won’t be any good.

                                                                  1. 2

                                                                    But your new desktop allows you to use all the things modern desktops do (which is also why Android 2.3 has endured such a long time). Imagine a world where most modern software were not available for your machine. Sure, you get software updates for your 2013era Firefox 18 but nothing new is coming out, since all machines have moved to, say, RISC-V since and support for x86 was dropped entirely. This is the situation with the PSP.

                                                                    Yes sure, I have an old MacPro 2010 that upgraded with a halfway decent graphics card makes it a power-hungry but feasible Steam machine for the kind of gaming I do, but this is because post-2010 software still runs on it. If I had been limited to software from that era it would be way less useful and its main use would be to be carted around to vintage computer festivals to show off how well it runs Hypercard or so.

                                                                    1. 1

                                                                      The fact that this is feasible for you reflects the fact that in many ways desktop PC technology has actually stopped getting better, at least meaningfully better, and the time where it topped out was very roughly around 2010. If the computer you had was of 2008-vintage rather than 2013 (just five years older), there’s a much better chance that you’d be interested in upgrading - you’d see that many things people can do with modern desktop computers, such as visiting modern websites, don’t work very well on that hardware, you’d be much less likely to have a SSD, which really did represent a noticeable performance improvement (and which uses resources and energy to make, just like a PSP or any other piece of electronics).

                                                                      PCs themselves don’t generally have software updates in and of themselves anyway; rather it’s the operating systems on them that do (and various specialized components like the CPU or SSD might have their own separate and less routine firmware update process).

                                                                      If you ran modern Windows on your PC, you would still get updates for as long as Microsoft supported it - so if you ran Windows XP on that machine you’d be out of luck, but if it was Windows 7 you might still be ok. Of course eventually Microsoft will stop supporting Windows 7, but will support some new version of Windows that you can buy (will such a law make it illegal for Microsoft to stop supporting a version of Windows? Force them to start supporting Windows XP again? Windows 95?). Perhaps Microsoft might want to stop supporting hardware configurations that don’t have any USB 3 ports, perhaps by only making it possible to actually install the OS over USB 3. USB 3.1 was released as a standard in 2013, so it’s unlikely that your computer has it (although you could still add it via a PCI card - another electronic component that uses energy and resources to manufature! - if necessary). Maybe the law would have to have a provision that made it illegal not to require OS manufacturers in the mid-2020s to assume that USB 3 exists…

                                                                      Of course if you ran Linux on that machine, it would be supported for longer. But even the Linux kernel dropped support for i386 machines as of kernel version 3.8 - with Linus Torvalds’ full blessing. Dropping software support for 25 year old hardware doesn’t sound like a forever software update to me - maybe the Linux foundation would need to be sued or criminally charged under this law?

                                                                      1. 1

                                                                        If the computer you had was of 2008-vintage rather than 2013 (just five years older), there’s a much better chance that you’d be interested in upgrading

                                                                        As luck would have it, I read your comment from (and am replying from) a 2007 MacBook.

                                                                        you’d see that many things people can do with modern desktop computers, such as visiting modern websites,

                                                                        That’s true, but not because of hardware. This 2007 MacBook is a great example of the lack of software updates forcing unnecessary obsolescence - the newest OS X it supports is 10.7, meaning it can’t run a modern browser and can’t browse a lot of sites. The hardware is fine. It had a user serviceable disk, RAM, and battery, so it’s had an SSD for a long time and its third battery holds a charge fairly well. From an environmental point of view, upgrading to an SSD seems less damaging than replacing the entire device.

                                                                        But to be clear though, I was just taking issue with your comment that the only way to avoid rapid hardware upgrades is to dramatically raise cost. That logic sort of implies that the instant consumers get money we go buy electronics, so if they cost more it’d take longer to get that money and we’d buy less. Tech incomes though mean most of us on this site can afford to buy new hardware tomorrow, so there must be a reason we don’t that’s not about money.

                                                                        Updates “forever” seems unrealistic and I never meant to imply that it should happen. It’s still a valid question though whether it’s appropriate to end software updates when a majority of devices manufactured of a particular model are still in active use. When that occurs, it strongly suggests software updates are being used to drive hardware sales when users are otherwise happy with the hardware.

                                                                    2. 2

                                                                      Something that people who are concerned about the environmental impact of human economic activity don’t think about clearly is that the environmental benefit of avoiding energy/resource use in a particular economic production process only happens if it is prohibitively expensive to use that particular energy or resources.

                                                                      This is a bit of a misrepresentation. All of the climate activism I have been to recently has emphasised the importance of economic and climate justice taking place at the same time. The point is to redistribute resources and to globally reduce emissions. For some this will mean getting by with less. For many more this would mean greater access to resources.

                                                                      More accurate carbon pricing on products doesn’t have to mean that people who are currently poor have to do without, but for that to happen there will have to be massive redistribution through aid and increased wages for poorer people all over the world (which will mean increased product prices on many items that are currently cheap only because human time is valued so differently in the global south versus the north, though automation and efficiencies will also become more competitive as labour becomes reasonably priced and that can help here).

                                                                      1. 1

                                                                        This is a bit of a misrepresentation. All of the climate activism I have been to recently has emphasised the importance of economic and climate justice taking place at the same time. The point is to redistribute resources and to globally reduce emissions. For some this will mean getting by with less. For many more this would mean greater access to resources.

                                                                        Unless a specific anti-carbon-emission scheme entails literally every human being in the world getting by with less resources whose production entails emitting CO2, it won’t actually work for the purpose of reducing CO2 emissions. What activists claim in the course of performing activism bears little relationship to what would actually happen in a world where a given policy actually exists and people make economic decisions in response to it.

                                                                        More accurate carbon pricing on products doesn’t have to mean that people who are currently poor have to do without, but for that to happen there will have to be massive redistribution through aid and increased wages for poorer people all over the world (which will mean increased product prices on many items that are currently cheap only because human time is valued so differently in the global south versus the north, though automation and efficiencies will also become more competitive as labour becomes reasonably priced and that can help here).

                                                                        It does mean that people who are currently poor (along with everyone else) has to do without, because “doing without” is the actual mechanism by which CO2 is prevented from being emitted into the atmosphere.

                                                                        1. 1

                                                                          Less CO2 can be emitted at the same time as the carbon budget for most people increasing because of the massive inequality in global carbon emissions. See e.g. https://ourworldindata.org/grapher/consumption-co2-per-capita

                                                                          1. 1

                                                                            This might be true; there’s a lot of economic processes producing goods and services that involve emitting CO2 besides consumer electronics manufacturing. Maybe flying planes turns out to dominate CO2 emission linked to economic activity and making it illegal to run an airline would reduce aggregate CO2 emissions more than everyone on earth being able to afford a cell phone. The point remains that if the specific thing you’re trying to reduce is resource consumption associated with inputs to making consumer electronics, the only way to do this is to make consumer electronics more expensive, so fewer people can afford to buy one, so fewer get physically made (making something illegal is one way of making it expensive - you could imagine a law saying that a person could only legally own one of a cell phone or a game console, and that would engender a black market in unregulated cell phones/game consoles, which would cost more money because of the illegality).

                                                                  1. 9

                                                                    I don’t see how a law mandating software updates would solve the problem that an un-updated PSP can no longer connect to commonly-used WiFi networks in order to perform the network because the protocol itself has changed.In any case, eventually communications protocols will change so much that old hardware is no longer physically capable of connecting over them. Is it reasonable to expect that, say, Apple should still support a circa 1998 iMac? Is it Apple’s problem that the original iMacs didn’t have a WiFi radio at all, and the only way to apply the update is via 56k modem or (probably 100Mbit? ) ethernet?

                                                                    1. 4

                                                                      Also given the article is talking about the PSP, what would you need WiFi for anyway? The games are on UMD anyway (unless you bought the PSP Go in which case good luck) and perfectly playable. I believe if some of the games need a newer firmware, the appropriate firmware is actually also on the UMD.

                                                                      So, you could connect to WiFi to play multiplayer games. On a console that is older than the PS Vita which is also discontinued. So you can imagine how many players are gonna be online even if that worked.

                                                                    1. 3

                                                                      The function/procedure distinction is very old in programming languages, isn’t it? It’s something that Pascal and perhaps other languages of the 1970s had, that seems to have gone away by the time pretty much all of the languages in widespread use today were invented.

                                                                      It’s interesting that impure procedures in this language are deliberately barred from returning values. Haskell, a language that comes to mind has having a strict pure/impure distinction, doesn’t have this constraint - the IO type can be parameterized over an arbitrary return type, including unit IO () if a given impure function really has nothing meaningful it can return. I’m also curious how well this will work in practice, if this will make it into the final version of Bagel or if it’s something the author will find themselves changing later on in the development process.

                                                                      Either way, it’s cool that they’re trying out the idea; it’s good to have more people building programming languages and trying out new ideas in general.

                                                                      No null/undefined nonsense; nil replaces both

                                                                      Why not get rid of nil too? Option/Maybe types are a great idea and have become popular in a number of contemporary programming languages.

                                                                      Expressive if/else, possibly also a pattern-matching or expressive switch statement. Ternary operators suck.

                                                                      Great idea, this is definitely something I miss in Javascript and Python.

                                                                      Partial-application/currying supported for all functions and procedures, without special syntax

                                                                      Also a neat idea.

                                                                      1. 10

                                                                        Q: Why choose Docker or Podman over Nix or Guix?

                                                                        Edit with some rephrasing: why run containers over a binary cache? They can both do somewhat similar things in creating a reproductible build (so long as you aren’t apt upgradeing in your container’s config file) and laying out how to glue you different services together, but is there a massive advantage with one on the other?

                                                                        1. 28

                                                                          I can’t speak for the OP, but for myself there are three reasons:

                                                                          1. Docker for Mac is just so damn easy. I don’t have to think about a VM or anything else. It Just Works. I know Nix works natively on Mac (I’ve never tried Guix), but while I do development on a Mac, I’m almost always targeting Linux, so that’s the platform that matters.

                                                                          2. The consumers of my images don’t use Nix or Guix, they use Docker. I use Docker for CI (GitHub Actions) and to ship software. In both cases, Docker requires no additional effort on my part or on the part of my users. In some cases I literally can’t use Nix. For example, if I need to run something on a cluster controlled by another organization there is literally no chance they’re going to install Nix for me, but they already have Docker (or Podman) available.

                                                                          3. This is minor, I’m sure I could get over it, but I’ve written a Nix config before and I found the language completely inscrutable. The Dockerfile “language”, while technically inferior, is incredibly simple and leverages shell commands I already know.

                                                                          1. 15

                                                                            I am not a nix fan, quite the opposite, I hate it with a passion, but I will point out that you can generate OCI images (docker/podman) from nix. Basically you can use it as a Dockerfile replacement. So you don’t need nix deployed in production, although you do need it for development.

                                                                            1. 8

                                                                              As someone who is about to jump into nixos, Id love to read more about why you hate nix.

                                                                              1. 19

                                                                                I’m not the previous commenter but I will share my opinion. I’ve given nix two solid tries, but both times walked away. I love declarative configuration and really wanted it to work for me, but it doesn’t.

                                                                                1. the nix language is inscrutable (to use the term from a comment above). I know a half dozen languages pretty well and still found it awkward to use
                                                                                2. in order to make package configs declarative the config options need to be ported to the nix language. This inevitably means they’ll be out of date or maybe missing a config option you want to set.
                                                                                3. the docs could be much better, but this is typical. You generally resort to looking at the package configs in the source repo
                                                                                4. nix packages, because of the design of the system, has no connection to real package versions. This is the killer for me, since the rest of the world works on these version numbers. If I want to upgrade from v1.0 to v1.1 there is no direct correlation in nix except for a SHA. How do you find that out? Look at the source repo again.
                                                                                1. 4

                                                                                  This speaks to my experience with Nix too. I want to like it. I get why it’s cool. I also think the language is inscrutable (for Xooglers, the best analogy is borgcfg) and the thing I want most is to define my /etc files in their native tongue under version control and for it all to work out rather than depend on Nix rendering the same files. I could even live with Nix-the-language if that were the case.

                                                                                  1. 3

                                                                                    I also think the language is inscrutable (for Xooglers, the best analogy is borgcfg)

                                                                                    As a former Google SRE, I completely agree—GCL has a lot of quirks. On the other hand, nothing outside Google compares, and I miss it dearly. Abstracting complex configuration outside the Google ecosystem just sucks.

                                                                                    Yes, open tools exist that try to solve this problem. But only gcl2db can load a config file into an interactive interface where you can navigate the entire hierarchy of values, with traces describing every file:line that contributed to the value at a given path. When GCL does something weird, gcl2db will tell you exactly what happened.

                                                                                  2. 2

                                                                                    Thanks for the reply. I’m actually not a huge fan of DSLs so this might be swaying me away from setting up nixos. I have a VM setup with it and tbh the though of me trolling through nix docs to figure out the magical phrase to do what I want does not sound like much fun. I’ll stick with arch for now.

                                                                                    1. 6

                                                                                      If you want the nix features but a general purpose language, guix is very similar but uses scheme to configure.

                                                                                      1. 1

                                                                                        I would love to use Guix, but lack of nonfree is killer as getting Steam running is a must. There’s no precedence for it being used in the unjamming communities I participate in, where as Nix is has sizable following.

                                                                                        1. 2

                                                                                          So use Ubuntu as the host OS for Guix if you need Steam to work. Guix runs well on many OS

                                                                                  3. 10

                                                                                    Sorry for the very late reply. The problem I have with nixos is that it’s anti-abstraction in the sense that I elaborated on here. Instead it’s just the ultimate wrapper.

                                                                                    To me, the point of a distribution is to provide an algebra of packages that’s invariant in changes of state. Or to reverse this idea, an instance of a distribution is anything with a morphism to the category of packages.

                                                                                    Nix (and nixos) is the ultimate antithesis of this idea. It’s not a morphism, it’s a homomorphism. The structure is algebraic, but it’s concrete, not abstract.

                                                                                    People claim that “declarative” configuration is good, and it’s hard to attack such a belief, but people don’t really agree on what really means. In Haskell it means that expressions have referential transparency, which is a good thing, but in other contexts when I hear people talk about declarative stuff I immediately shiver expecting the inevitable pain. You can “declare” anything if you are precise enough, and that’s what nix does, it’s very precise, but what matters is not the declarations, but the interactions and in nix interaction means copying sha256 hashes in an esoteric programming language. This is painful and as far away from abstraction as you can get.

                                                                                    Also notice that I said packages. Nix doesn’t have packages at all. It’s a glorified build system wrapper for source code. Binaries only come as a side effect, and there are no first class packages. The separation between pre-build artefacts and post-build artefacts is what can enable the algebraic properties of package managers to exist, and nix renounces this phase distinction with prejudice.

                                                                                    To come to another point, I don’t like how Debian (or you other favorite distribution) chooses options and dependencies for building their packages, but the fact that it’s just One Way is far more important to me than a spurious dependency. Nix, on the other hand, encourages pets. Just customize the build options that you want to get what you want! What I want is a standard environment, customizability is a nightmare, an anti-feature.

                                                                                    When I buy a book, I want to go to a book store and ask for the book I want. With nix I have to go to a printing press and provide instructions for printing the book I want. This is insanity. This is not progress. People say this is good because I can print my book into virgin red papyrus. I say it is bad exactly for the same reason. Also, I don’t want all my prints to be dated January 1, 1970.

                                                                                2. 8

                                                                                  For me personally, I never chose Docker; it was chosen for me by my employer. I could maybe theoretically replace it with podman because it’s compatible with the same image format, which Guix (which is much better designed overall) is not. (But I don’t use the desktop docker stuff at all so I don’t really care that much; mostly I’d like to switch off docker-compose, which I have no idea whether podman can replace.)

                                                                                  1. 3

                                                                                    FWIW Podman does have a podman-compose functionality but it works differently. It uses k8s under the hood, so in that sense some people prefer it.

                                                                                  2. 2

                                                                                    This quite nicely sums up for me 😄 and more eloquently than I could put it.

                                                                                    1. 2

                                                                                      If you’re targeting Linux why aren’t you using a platform that supports running & building Linux software natively like Windows or even Linux?

                                                                                      1. 12

                                                                                        … to call WSL ‘native’ compared to running containers/etc via VMs on non-linux OS’s is a bit weird.

                                                                                        1. 11

                                                                                          I enjoy using a Mac, and it’s close enough that it’s almost never a problem. I was a Linux user for ~15 years and I just got tired of things only sorta-kinda working. Your experiences certainly might be different, but I find using a Mac to be an almost entirely painless experience. It also plays quite nicely with my iPhone. Windows isn’t a consideration, every time I sit down in front of a Windows machine I end up miserable (again, YMMV, I know lots of people who use Windows productively).

                                                                                          1. 3

                                                                                            Because “targeting Linux” really just means “running on a Linux server, somewhere” for many people and they’re not writing specifically Linux code - I spend all day writing Go on a mac that will eventually be run on a Linux box but there’s absolutely nothing Linux specific about it - why would I need Linux to do that?

                                                                                            1. 2

                                                                                              WSL2-based containers run a lightweight Linux install on top of Hyper-V. Docker for Mac runs a lightweight Linux install on top of xhyve. I guess you could argue that this is different because Hyper-V is a type-1 hypervisor, whereas xhyve is a type-2 hypervisor using the hypervisor framework that macOS provides, but I’m not sure that either really counts as more ‘native’.

                                                                                              If your development is not Linux-specific, then XNU provides a more complete and compliant POSIX system than WSL1, which are the native kernel POSIX interfaces for macOS and Windows, respectively.

                                                                                          2. 9

                                                                                            Prod runs containers, not Nix, and the goal is to run the exact same build artifacts in Dev that will eventually run in Prod.

                                                                                            1. 8

                                                                                              Lots of people distribute dockerfiles and docker-compose configurations. Podman and podman-compose can consume those mostly unchanged. I already understand docker. So I can both use things other people make and roll new things without using my novelty budget for building and running things in a container, which is basically a solved problem from my perspective.

                                                                                              Nix or Guix are new to me and would therefore consume my novelty budget, and no one has ever articulated how using my limited novelty budget that way would improve things for me (at least not in any way that has resonated with me).

                                                                                              Anyone else’s answer is likely to vary, of course. But that’s why I continue to choose dockerfiles and docker-compose files, whether it’s with docker or podman, rather than Nix or Guix.

                                                                                              1. 5

                                                                                                Not mentioned in other comments, but you also get process / resource isolation by default on docker/podman. Sure, you can configure service networking, cgroups, namespaces on nix yourself, just like any other system and setup the relevant network proxying. But getting that prepackaged and on by default is very handy.

                                                                                                1. 2

                                                                                                  You can get a good way there without much fuss with using the Declarative NixOS containers feature (which uses systemd-nspawn under the hood).

                                                                                                2. 4

                                                                                                  I’m not very familiar with Nix, but I feel like a Nix-based option could do for you what a single container could do, giving you the reproducibility of environment. What I don’t see how to do is something comparable to creating a stack of containers, such as you get from Docker Compose or Docker Swarm. And that’s considerably simpler than the kinds of auto-provisioning and wiring up that systems like Kubernetes give you. Perhaps that’s what Nix Flakes are about?

                                                                                                  That said I am definitely feeling like Docker for reproducible developer environments is very heavy, especially on Mac. We spend a significant amount of time rebuilding containers due to code changes. Nix would probably be a better solution for this, since there’s not really an entire virtual machine and assorted filesystem layering technology in between us and the code we’re trying to run.

                                                                                                  1. 3

                                                                                                    Is Nix a container system…? I though it was a package manager?

                                                                                                    1. 3

                                                                                                      It’s not, but I understand the questions as “you can run a well defined nix configuration which includes your app or a container with your app; they’re both reproducible so why choose one of the over the other?”

                                                                                                    2. 1

                                                                                                      It’s possible to generate Docker images using Nix, at least, so you could use Nix for that if you wanted (and users won’t know that it’s Nix).

                                                                                                      1. 1

                                                                                                        These aren’t mutually exclusive. I run a few Nix VMs for self-hosting various services, and a number of those services are docker images provided by the upstream project that I use Nix to provision, configure, and run. Configuring Nix to run an image with hash XXXX from Docker registry YYYY and such-and-such environment variables doesn’t look all that different from configuring it to run a non-containerized piece of software.

                                                                                                      1. 18

                                                                                                        The whole damn thing.

                                                                                                        Instead of having this Frankenstein’s monster of different OSs and different programming languages and browsers that are OSs and OSs that are browsers, just have one thing.

                                                                                                        There is one language. There is one modular OS written in this language. You can hot-fix the code. Bits and pieces are stripped out for lower powered machines. Someone who knows security has designed this thing to be secure.

                                                                                                        The same code can run on your local machine, or on someone else’s machine. A website is just a document on someone else’s machine. It can run scripts on their machine or yours. Except on your machine they can’t run unless you let them and they can’t do I/O unless you let them.

                                                                                                        There is one email protocol. Email addresses can’t be spoofed. If someone doesn’t like getting an email from you, they can charge you a dollar for it.

                                                                                                        There is one IM protocol. It’s used by computers including cellphones.

                                                                                                        There is one teleconferencing protocol.

                                                                                                        There is one document format. Plain text with simple markup for formatting, alignment, links and images. It looks a lot like Markdown, probably.

                                                                                                        Every GUI program is a CLI program underneath and can be scripted.

                                                                                                        (Some of this was inspired by legends of what LISP can do.)

                                                                                                        1. 24

                                                                                                          Goodness, no - are you INSANE? Technological monocultures are one of the greatest non-ecological threats to the human race!

                                                                                                          1. 1

                                                                                                            I need some elaboration here. Why would it be a threat to have everyone use the same OS and the same programming language and the same communications protocols?

                                                                                                            1. 6

                                                                                                              One vulnerability to rule them all.

                                                                                                              1. 2

                                                                                                                Pithy as that sounds, it is not convincing for me.

                                                                                                                Having many different systems and languages in order to have security by obscurity by having many different vulnerabilities does not sound like a good idea.

                                                                                                                I would hope a proper inclusion of security principles while designing an OS/language would be a better way to go.

                                                                                                                1. 4

                                                                                                                  It is not security through obscurity, it is security through diversity, which is a very different thing. Security through obscurity says that you may have vulnerabilities but you’ve tried to hide them so an attacker can’t exploit them because they don’t know about them. This works as well as your secrecy mechanism. It is generally considered bad because information disclosure vulnerabilities are the hardest to fix and they are the root of your security in a system that depends on obscurity.

                                                                                                                  Security through diversity, in contrast, says that you may have vulnerabilities but they won’t affect your entire fleet. You can build reliable systems on top of this. For example, the Verisign-run DNS roots use a mixture of FreeBSD and Linux and a mixture of bind, unbound, and their own in-house DNS server. If you find a Linux vulnerability, you can take out half of the machines, but the other half will still work (just slower). Similarly, a FreeBSD vulnerability can take out half of them. A bind or unbound vulnerability will take out a third of them. A bind vulnerability that depends on something OS-specific will take out about a sixth.

                                                                                                                  This is really important when it comes to self-propagating malware. Back in the XP days, there were several worms that would compromise every Windows machine on the local network. I recall doing a fresh install of Windows XP and connecting it to the university network to install Windows update: it was compromised before it was able to download the fix for the vulnerability that the worm was exploiting. If we’d only had XP machines on the network, getting out of that would have been very difficult. Because we had a load of Linux machines and Macs, we were able to download the latest roll-up fix for Windows, burn it to a CD, redo the install, and then do an offline update.

                                                                                                                  Looking at the growing Linux / Docker monoculture today, I wonder how much damage a motivated individual with a Linux remote arbitrary-code execution vulnerability could do.

                                                                                                                  1. 1

                                                                                                                    Sure, but is this an intentional strategy? Did we set out to have Windows and Mac and Linux in order that we could prevent viruses from spreading? It’s an accidental observation and not a really compelling one.

                                                                                                                    I’ve pointed out my thinking in this part of the thread https://lobste.rs/s/sdum3p/if_you_could_rewrite_anything_from#c_ennbfs

                                                                                                                    In short, there must be more principled ways of securing our computers than hoping multiple green field implementations of the same application have different sets of bugs.

                                                                                                                  2. 3

                                                                                                                    A few examples come to mine though—heartbleed (which affected anyone using OpenSSL) and Specter (anyone using the x86 platform). Also, Microsoft Windows for years had plenty of critical exploits because it had well over 90% of the desktop market.

                                                                                                                    You might also want to look up the impending doom of bananas, because over 90% of bananas sold today are genetic clones (it’s basically one plant) and there’s a fungus threatening to kill the banana market. A monoculture is a bad idea.

                                                                                                                    1. 1

                                                                                                                      Yes, for humans (and other living things) the idea of immunity through obscurity (to coin a phrase) is evolutionarily advantageous. Our varied responses to COVID is one such immediate example. It does have the drawback that it makes it harder to develop therapies since we see population specificity in responses.

                                                                                                                      I don’t buy that the we need to employ the same idea in an engineered system. It’s a convenient back-ported bullet list advantage of having a chaotic mess of OSes and programming languages, but it certainly wasn’t intentional.

                                                                                                                      I’d rather have an engineered, intentional robustness to the systems we build.

                                                                                                                      1. 4

                                                                                                                        To go in a slightly different direction—building codes. The farther north you go, the steeper roofs tend to get. In Sweden, one needs a steep roof to shed show buildup, but where I live (South Florida, just north of Cuba) building such a roof would be a waste of resources because we don’t have snow—we just need a shallow angle to shed rain water. Conversely, we don’t need codes to deal with earthquakes, nor does California need to deal with hurricanes. Yet it would be so much simpler to have a single building code in the US. I’m sure there are plenty of people who would love to force such a thing everywhere if only to make their lives easier (or for rent-seeking purposes).

                                                                                                                        1. 2

                                                                                                                          We have different houses for different environments, and we have different programs for different use cases. This does not mean we need different programing languages.

                                                                                                                    2. 2

                                                                                                                      I would hope a proper inclusion of security principles while designing an OS/language would be a better way to go.

                                                                                                                      In principle, yeah. But even the best security engineers are human and prone to fail.

                                                                                                                      If every deployment was the same version of the same software, then attackers could find an exploitable bug and exploit it across every single system.

                                                                                                                      Would you like to drive in a car where every single engine blows up, killing all inside the car? If all cars are the same, they’ll all explode. We’d eventually move back to horse and buggy. ;-) Having a variety of cars helps mitigate issues other cars have–while still having problems of its own.

                                                                                                                      1. 1

                                                                                                                        In this heterogeneous system we have more bugs (assuming the same rate of bugs everywhere) and fewer reports (since there are fewer users per system) and a more drawn out deployment of fixes. I don’t think this is better.

                                                                                                                        1. 1

                                                                                                                          Sure, you’d have more bugs. But the bugs would (hopefully) be in different, distinct places. One car might blow up, another might just blow a tire.

                                                                                                                          From an attacker’s perspective, if everyone drives the same car, it the attacker knows that the flaws from one car are reproducible with 100% success rate, then the attacker doesn’t need to spend time/resources of other cars. The attacker can just reuse and continue to rinse, reuse, recycle. All are vulnerable to the same bug. All can be exploited in the same manner reliably, time after another.

                                                                                                                          1. 3

                                                                                                                            To go by the car analogy, the bugs that would be uncovered by drivers rather than during the testing process would be rare ones, like, if I hit the gas pedal and brake at the same time it exposes a bug in the ECU that leads to total loss of power at any speed.

                                                                                                                            I’d rather drive a car a million other drivers have been driving than drive a car that’s driven by 100 people. Because over a million drivers it’s much more likely someone hits the gas and brake at the same time and uncovers the bug which can then be fixed in one go.

                                                                                                              2. 3
                                                                                                                1. 1

                                                                                                                  Yes, that’s probably the LISP thing I was thinking of, thanks!

                                                                                                                2. 2

                                                                                                                  I agree completely!

                                                                                                                  We would need to put some safety measures in place, and there would have to be processes defined for how you go about suggesting/approving/adding/changing designs (that anyone can be a part of), but otherwise, it would be a boon for the human race. In two generations, we would all be experts in our computers and systems would interoperate with everything!

                                                                                                                  There would be no need to learn new tools every X months. The UI would familiar to everyone, and any improvements would be forced to go through human testing/trials before being accepted, since it would be used by everyone! There would be continual advancements in every area of life. Time would be spent on improving the existing experience/tool, instead of recreating or fixing things.

                                                                                                                  1. 2

                                                                                                                    I would also like to rewrite most stuff from the ground up. But monocultures aren’t good. Orthogonality in basic building blocks is very important. And picking the right abstractions to avoid footguns. Some ideas, not necessarily the best ones:

                                                                                                                    • proven correct microkernel written in rust (or similar borrow-checked language), something like L4
                                                                                                                    • capability based OS
                                                                                                                    • no TCP/HTTP monoculture in networks (SCTP? pubsub networks?)
                                                                                                                    • are our current processor architectures anywhere near sane? could safe concurrency be encouraged at a hardware level?
                                                                                                                    • less walled gardens and centralisation
                                                                                                                    1. 2

                                                                                                                      proven correct microkernel written in rust (or similar borrow-checked language), something like L4

                                                                                                                      A solved problem. seL4, including support for capabilities.

                                                                                                                      1. 5

                                                                                                                        seL4 is proven correct by treating a lot of things as axioms and by presenting a programmer model that punts all of the difficult bits to get correct to application developers, making it almost impossible to write correct code on top of. It’s a fantastic demonstration of the state of modern proof tools, it’s a terrible example of a microkernel.

                                                                                                                        1. 2

                                                                                                                          FUD unless proven otherwise.

                                                                                                                          Counter-examples exist; seL4 can definitely be used, as demonstrated by many successful uses.

                                                                                                                          The seL4 foundation is getting a lot of high profile members.

                                                                                                                          Furthermore, Genode, which is relatively easy to use, supports seL4 as a kernel.

                                                                                                                    2. 2

                                                                                                                      Someone wrote a detailed vision of rebuilding everything from scratch, if you’re interested. 1

                                                                                                                        1. 11

                                                                                                                          I never understood this thing.

                                                                                                                          1. 7

                                                                                                                            I think that is deliberate.

                                                                                                                        2. 1

                                                                                                                          And one leader to rule them all. No, thanks.

                                                                                                                          1. 4

                                                                                                                            Well, I was thinking of something even worse - design by committee, like for electrical stuff, but your idea sounds better.

                                                                                                                          2. 1

                                                                                                                            We already have this, dozens of them. All you need to do is point guns at everybody and make them use your favourite. What a terrible idea.

                                                                                                                          1. 20

                                                                                                                            It’d be nice to have some actual background on hashing in here instead of just broad generalizations and links to various hash functions. Examples:

                                                                                                                            • There’s no mention of cyclic redundancy checks and why they are not valid as crypto functions (a mistake some programmers have made).
                                                                                                                            • There’s no mention of avalanche effects, which is a good way of seeing how “random” a digest scheme is (with some implications for how well the output can be predicted/controlled by an attacker).
                                                                                                                            • The mentioned attack on JSON hash tables in PHP (if you dig into it) would’ve been a great place to talk about trivial hashes (e.g., f(x) =0 or f(x)=x) and why they cause problems even in non-hostile environments, but that would’ve required more of an introduction to how hashing works…)
                                                                                                                            • Lots of usage of jargon like “non-invertible”, “collision-resistance”, “preimage attack resistance”, etc. which is probably inaccessible if your audience is programmers who “don’t understand hash functions”.
                                                                                                                            • There’s not really an explanation about the differences/similarities of crypto-strong hash functions, password hash functions, and key derivation functions, other than a mention that there is some relation but which isn’t elaborated on at all.
                                                                                                                            • There’s not really any useful information at all about perceptual hashing vs other forms of multimedia digest approaches–there’s just some Apple hate.
                                                                                                                            • etc.

                                                                                                                            Programmers might not understand hash functions, but infosec furries may also not understand pedagogy.

                                                                                                                            (also, can you please cool it with the inflammatory article headlines?)

                                                                                                                            1. 24

                                                                                                                              Programmers might not understand hash functions, but infosec furries may also not understand pedagogy.

                                                                                                                              Please don’t pick a fight. It seems more angry than friendly.

                                                                                                                              1. 22

                                                                                                                                Honestly I think it’s a valid concern. One of the biggest problems with the computer security world, as stated repeatedly by leading experts in the field, is communication and teaching.

                                                                                                                                1. 23

                                                                                                                                  A valid concern would be “infosec experts may not understand pedagogy” but why call out “infosec furries” specifically? Unless we should be concerned about infosec furries in particular vs other infosec experts?

                                                                                                                                  Are these acceptable?

                                                                                                                                  • but infosec gays may also not understand pedagogy
                                                                                                                                  • but infosec women may also not understand pedagogy
                                                                                                                                  • but infosec people of color may also not understand pedagogy

                                                                                                                                  No. So why furries? People need to get over it and quit furry bashing. This isn’t acceptable behavior on Lobste.rs, and I’m tired of it.

                                                                                                                                  1. 3

                                                                                                                                    See elsewhere for the explanation; furry bashing doesn’t enter into it, though I see why you might have read it that way. Furries are internet denizens like the rest of us, with all that entails.

                                                                                                                                    1. 12

                                                                                                                                      I agree with you that it’s a bad title.

                                                                                                                                      I also think that you wouldn’t have reacted nearly this strongly to the title if it wasn’t a furry blog.

                                                                                                                                      1. 11

                                                                                                                                        I read your other comments. But you said what you said, and that undermines all your pontificating about the harm of “insulting/demeaning a group” and “the sort of microaggression/toxicity that everybody talks so much about.” Take your own advice.

                                                                                                                                      2. 2

                                                                                                                                        “Furry” is a kink, not an identity or protected class. And normally you have to get people’s consent before you bring them into your kink.

                                                                                                                                        1. 7

                                                                                                                                          I don’t see any sexual imagery in this blog post.

                                                                                                                                          1. 2

                                                                                                                                            The OP’s site has some pretty well reasoned and presented articles on precisely why “furry” cannot reasonably be summarized as “a kink”.

                                                                                                                                            And, no, you do not “normally” have to get someone’s consent to introduce them to the idea of your kink, unless said introduction involves you engaging them in the practice of your kink.

                                                                                                                                          2. 1

                                                                                                                                            Sorry, I didn’t realize the “furry” part was what you were opposed to. It sounded like you were upset with the implication that the infosec world is bad at teaching.

                                                                                                                                      3. 6

                                                                                                                                        Programmers might not understand hash functions, but infosec furries may also not understand pedagogy.

                                                                                                                                        (also, can you please cool it with the inflammatory article headlines?)

                                                                                                                                        https://www.youtube.com/watch?v=S2xHZPH5Sng

                                                                                                                                        1. 10

                                                                                                                                          One of the things he talks about there is testing the hypothesis and seeing which title actually worked. I only clicked this link because I recognized your domain name and knew you had written interesting articles in the past and might legitimately explain something I didn’t know. If not for that, I probably would have bypassed it since the title alone was not interesting at all.

                                                                                                                                          1. 9

                                                                                                                                            Even so, it is still possible to write clickbait titles that aren’t predicated on insulting/demeaning a group.

                                                                                                                                            • “Hash functions: hard or just misunderstood?”
                                                                                                                                            • “Things I wish more programmers knew about hashes”
                                                                                                                                            • “Programmer hashes are not infosec hashes”
                                                                                                                                            • “Are you hashing wrong? It’s more common than you might think”
                                                                                                                                            • “uwu whats this notices ur hash function

                                                                                                                                            How would you feel if I wrote “Gay furries don’t understand blog posting”? Even if I raise good points, and even if more people would click on it (out of outrage, presumably), it would still probably annoy a gay furry who wrote blogs and they’d go in with their hackles raised.

                                                                                                                                            1. 8

                                                                                                                                              The important difference between what I wrote and your hypothetical is the difference between punching up and punching down.

                                                                                                                                              My original title was along the same lines as “Falsehoods Programmers Believe About _____” but I’ve grown a distaste for the cliche.

                                                                                                                                              1. 7

                                                                                                                                                The difference between “Programmers don’t understand hash functions” and “Gay furries don’t understand blog posting” is quite obvious to me and I definitely don’t want to engage in whatever Internet flame is going on here. Especially since, uh, I have a preeetty good idea about what the problem here is, and I tend to think it’s about gay furries, not article titles, which is definitely not a problem that I have. (This should probably be obvious but since I’m posting in this particular thread, I wanted to make sure :P).

                                                                                                                                                But I also think this title really is needlessly nasty, independent of how it might be titled if it were about other audiences. It’s a bad generalisation – there are, in fact, plenty of programmers who understand hash functions – and it’s not exactly encouraging to those programmers who want to get into security, or who think their understanding of these matters is insufficient.

                                                                                                                                                I am (or was?) one of them – this was an interest of mine many, many years ago, at a time when I was way too young to understand the advanced math. My career took me elsewhere, and not always where I wanted to go, and I tried to keep an eye on these things in the hope that maybe one day it’ll take me there. Needless to say, there’s only so much you can learn about these topics by spending a couple of evenings once in a blue moon studying them, so I never really got to be any good at it. So I think the explanation is amazing, but it would definitely benefit from not reminding me of my inadequacy.

                                                                                                                                                And I’m in a happy boat, actually, this is only an interest of mine – but there are plenty of people who have to do it as part of their jobs, are not provided with adequate training of any kind, have no time to figure it out on their own, and regularly get yelled at when they get it wrong.

                                                                                                                                                Now, I realise the title is tongue-in-cheek to some degree, the playful furries and the clever humour scattered throughout the post sort of gives it away. If you think about it for a moment it’s pretty clear that this is meant to grab attention, not remind people how much they suck. But it’s worth remembering that, in an age where web syndication is taken for granted to the point where it sounds like a Middle English term, this context isn’t carried everywhere. Case in point, this lobste.rs page includes only the title. Some people might react to it by clicking because you grabbed their attention, but others might just say yeah, thanks for reminding me, I’ll go cry in a corner.

                                                                                                                                                Even if I didn’t realise it was tongue-in-cheek, it probably wouldn’t bother me, partly because I understand how writing “competitively” works (ironically, from around the same time), partly because I’ve developed a thick skin, and partly because, honestly, I’ve kindda given up on it, so I don’t care about it as much as I once did. But I can see why others would not feel the same way at all. You shouldn’t count on your audience having a thick skin or being old enough to have given up on most of their dreams anyway.

                                                                                                                                                I know this is a real struggle because that’s just how blogs and blogging work today. You have to compete for attention to some degree, and this is particularly important when a large part of the technical audience is “confined” to places like HN and lobste.rs, where you have to grab attention through the title because there’s nothing else to grab attention through. But maybe you can find a kinder way to grab it, I dunno, maybe a clever pun? That never hurt anyone. These radical, blunt (supposedly “bluntly honest” but that’s just wishful thinking) headlines are all the rage in “big” Internet media because, just like Internet trolls, they thrive on controversy, us vs. them and a feeling of smugness, but is that really the kind of thing you want to borrow?

                                                                                                                                                (Edit: just to make sure I get the other part of my message across, because I think it’s even more important: title aside, which could be nicer, the article was super bloody amazing: the explanation’s great, and I like the additional pointers, and the humour, and yes, the drawings! Please don’t take any of all that stuff above as a criticism of some sort: I wanted to present a different viewpoint from which the title might read differently than you intended, not that the article is bad. It’s not!)

                                                                                                                                                1. 15

                                                                                                                                                  How do you know that you’re punching up?

                                                                                                                                                  What if the person encountering your blog is a programmer from an underrepresented background, just barely overcoming imposter syndrome, and now here’s this scary suggestion that they don’t understand hash functions? What if they actually made one of the mistakes in the article, and feel like they’re a complete fraud, and should leave the industry? This is the sort of microaggression/toxicity that everybody talks so much about, if I’m not mistaken.

                                                                                                                                                  The point is: you don’t know. You can’t know.

                                                                                                                                                  So, err on the side of not adding more negative shit to the world accidentally in the name of pageviews–especially when there are many, many other more positive options in easy reach.

                                                                                                                                                  EDIT:

                                                                                                                                                  I wouldn’t care if it weren’t for the fact that you’re a smart dude and clearly passionate about your work and that you have good knowledge to share, and that it pains me to see somebody making mistakes I’ve made in the past.

                                                                                                                                                  1. 8

                                                                                                                                                    I wouldn’t care if it weren’t for the fact that you’re a smart dude and clearly passionate about your work

                                                                                                                                                    I’m neither of those things :P

                                                                                                                                                    and that you have good knowledge to share, and that it pains me to see somebody making mistakes I’ve made in the past.

                                                                                                                                                    I appreciate your compassion on this subject. It’s definitely new territory for me (since forever I’ve been in the “boring headline out of clickbait adversion” territory).

                                                                                                                                                    1. 9

                                                                                                                                                      Do you actually not see a difference between saying a slightly negative thing about people of a certain profession and how they engage in that profession, and an ad-hominem using sexual orientation? What a weird and bad analogy?

                                                                                                                                                      I’m trying to assume good intent here but all your comments make it sound like you’re annoyed at the furry pics and awkwardly trying to use cancel culture to lash out the author.

                                                                                                                                                      1. 7

                                                                                                                                                        Neither the label of programmers (with which I identify) nor of gay furries (with which the author identifies, according to their writing) is being misapplied. I’m sorry you feel that a plain statement of fact is somehow derogatory–there is nothing wrong with being a proud programmer or a proud gay furry.

                                                                                                                                                        My point in giving that example was to critique the used construction of “ is ”. I picked that label because the author identified with it, and I picked the “bad at blogging” because it’s pretty obviously incorrect in its bluntness. If I had picked “lobsters” or “internet randos” the conjured association for the person I was in discussion with may not have had the same impact it that “programmers” had on me, so I went with what seemed reasonable.

                                                                                                                                                        1. 4

                                                                                                                                                          What do you gain by emphasizing soatok’s sexual identity, other than this morass of objections?

                                                                                                                                                        2. 5

                                                                                                                                                          I’m trying to assume good intent here

                                                                                                                                                          that’s exactly what friendlysock is hoping for

                                                                                                                                                          1. 5

                                                                                                                                                            you’re right but it’s best not to feed them

                                                                                                                                                          2. 8

                                                                                                                                                            What if the person encountering your blog is a programmer from an underrepresented background, just barely overcoming imposter syndrome, and now here’s this scary suggestion that they don’t understand hash functions?

                                                                                                                                                            Or they may read this and think ‘I’m glad it’s not just me!’. As a programmer who probably has a better than average understanding of hash functions, I don’t feel demeaned by this generalisation, if I were worried about my level of understanding I’d feel comforted by the idea that I wasn’t in a minority in my lack of understanding.

                                                                                                                                                            What if they actually made one of the mistakes in the article, and feel like they’re a complete fraud, and should leave the industry?

                                                                                                                                                            Or they may feel better that this mistake is so common that someone writes about it on a list of mistakes programmers make.

                                                                                                                                                            1. 1

                                                                                                                                                              What if the person encountering your blog is a programmer from an underrepresented background….

                                                                                                                                                              While I said you’re picking a fight (and would add: “look at the thread, it’s a fight”), I see what you’re saying in this paragraph. I also value non-judgmental explanations.

                                                                                                                                                          3. 6

                                                                                                                                                            My problem with the title isn’t that it’s insulting, but that it’s inaccurate. Clearly some programmers do understand hash functions, even if other programmers do not. If nothing else, @soatok, a programmer, presumably understands hash functions, or why else would he write a blog post purporting to explain the right way to use them?

                                                                                                                                                            Programmers don’t understand hash functions, and I can demonstrate this to most of the people that will read this with a single observation:

                                                                                                                                                            When you saw the words “hash function” in the title, you might have assumed this was going to be a blog post about password storage.

                                                                                                                                                            Specifically is wrong, at least about me, and almost certainly among other programmers as well. I don’t claim to have deep knowledge about cryptography, and I do expect that there’s probably something I could learn from this blog post, which I will read more carefully when I have a chance. But I am aware that the computer science concept of hash functions is useful for a variety of programming problems, and not just storing password-related data.

                                                                                                                                                      1. 4

                                                                                                                                                        I sometimes joke that “Latin unification” would’ve been a good idea in Unicode, in order to prevent the issue where (say) a Cyrillic “a” looks identical to an ASCII “a”, even though they are assigned different unicode code points because they are in an important sense members of different alphabets. It happens that in the font used on that website on my machine, the two p’s in "tyрeablе" == "typeable" do look different, I assume because I haven’t tried to configure Cyrilic fonts at all on this computer yet (there are a number of non-Latin scripts I can read and care about my computer displaying correctly, but Cyrilic is not one of them).

                                                                                                                                                        Of course even if Unicode had been designed such that (say) Latin, Greek, and Cyrilic “a” all used the same codepoint, it would be difficult to make it so that every single unicode character “canonically” looks different. And that would be a fool’s errand anyway, since nothing actually stops an individual font-designer from making the glyphs for (say) k and the Kelvin symbol identical, or making two emoji look exactly the same, or any other graphical decision that could lead to confusion when an end-user is reading text rendered with that font.

                                                                                                                                                        It’s also worth noting that this article glosses over the distinction between “Unicode” and “UTF-8”. UTF-8 is the most common way to encode sequences of Unicode code points as bytes, but it’s not the only way. If you really want to avoid having variable-length encoding issues, you could encode your text in UTF-32, where every character is a nice, static 4 bytes long. Wasteful, perhaps, for texts primarily using ASCII characters, but you could do it if you want.

                                                                                                                                                        1. 3

                                                                                                                                                          I know you’re joking but in case anyone’s considering this seriously: there are several good reasons why this didn’t happen, including:

                                                                                                                                                          • Allowing for correct case conversion. E.g. Basic Latin A’s lowercase is a, but Greek A’s lowercase is α. You need to know “which A” we’re talking about in order to get to its corresponding lowercase.
                                                                                                                                                          • Preserving ordering and, thus, allowing us to easily sort things in alphabetical order. In Basic Latin, Z is the last letter of the alphabet, but in the Greek alphabet Z is the sixth letter in the alphabet, right after E (no kidding), and right before H (which is nothing like the Latin H, it’s actually a vowel).

                                                                                                                                                          (Edit: I’m not sure why it’s like that, I’m not a native Greek speaker, either, and I barely speak any for that matter)

                                                                                                                                                          1. 3

                                                                                                                                                            Right, this is a design decision with tradeoffs, just like the design decision to unify Han characters used across different east asian countries was a design decision with tradeoffs. Even with the system as it was decided upon, there are issues with case-conversion across different languages (like how to handle German ß, which as I understand it is used differently depending on whether you’re in Germany or Switzerland, and which has had several orthographic reforms post-dating the earliest versions of Unicode). The rules for alphabetical ordering as well differ from language to language, including between languages using variants of the Latin script, and those rules have been subject to orthographic reform in various countries in recent decades too.

                                                                                                                                                            (Edit: I’m not sure why it’s like that, I’m not a native Greek speaker, either, and I barely speak any for that matter)

                                                                                                                                                            Just today the latest episode of Word Safari dropped, wherein historical linguists Luke Gorton and Jackson Crawford discuss the history of the western alphabet over the timespan from the Phonecians to to the early Roman empire. As it happens, they answer exactly those questions about why Z is in different positions in the Greek and Latin alphabets, and why the H grapheme is different between Greek and Latin.

                                                                                                                                                            1. 1

                                                                                                                                                              As it happens, they answer exactly those questions about why Z is in different positions in the Greek and Latin alphabets, and why the H grapheme is different between Greek and Latin.

                                                                                                                                                              Oh, that’s so cool! I thought it might have something to do with that but I never really looked into it, one of the cool things about being just a history buff instead of an actual historian is that it’s a lot easier to restrict your study to the things you’re really curious about, and this one just never made it high enough on the list :-D.

                                                                                                                                                          2. 2

                                                                                                                                                            The Soviet version of the Ada-83 standard actually mandated that in the source code, any two letters that look the same in Latin and Cyrillic must be treated as the same letter. I’m pretty sure it made the life of lexer writers much more interesting, but I’m not sure if it solved any real issues.

                                                                                                                                                            In any case, I think preventing identical-looking names is a non-issue. The correct solution to username impersonation is to pictogram or color coding of important usernames. The solution to attempts to trick admins into banning a wrong person is to allow admins to ban the post author rather than make them search by username.

                                                                                                                                                            The solution to domain and package name squatting is… I’m not sure really, disallowing identical-looking names isn’t enough. Nothing is going to be foolproof, but one option is to search for names with very small edit distance and if there are any, show the user all names and their descriptions/signatures and make them explicitly choose from that list.

                                                                                                                                                            $ packagemanager install letf-pad
                                                                                                                                                            
                                                                                                                                                            There are packages with similar names:
                                                                                                                                                            
                                                                                                                                                            left-pad | Library for padding text to the right.                        | jrandomhacker@example.net
                                                                                                                                                            letf-pad | Totally not a typo-squatting attempt, I assure you. | honestjohn@example.com
                                                                                                                                                            
                                                                                                                                                            1. 1

                                                                                                                                                              It’s also important to note that “characters” don’t exist, that code points are not something that should be expired to most programmers, and that UTF32 is a waste of space for little benefit as a result on any correct algorithm.

                                                                                                                                                              1. 1

                                                                                                                                                                It’s also important to note that “characters” don’t exist

                                                                                                                                                                The Unicode Standard, which frequently uses the term, would be surprised to hear this.

                                                                                                                                                                code points are not something that should be expired to most programmers

                                                                                                                                                                The only – to my mind – sensible abstraction for exposing Unicode is as a sequence of some reasonably atomic unit of Unicode. Which leaves the choice of code points or graphemes. There are languages which have chosen code points, and languages which have chosen graphemes, and languages which pretend to have “Unicode” but really have byte arrays with few or no useful semantics.

                                                                                                                                                                1. 1

                                                                                                                                                                  Graphemes are better for sure. Though lots of algorithms (like case conversion being the most famous) are better done on whole Text

                                                                                                                                                            1. 12

                                                                                                                                                              Warren Teitelman originally wrote DWIM to fix his typos and spelling errors, so it was somewhat idiosyncratic to his style, and would often make hash of anyone else’s typos if they were stylistically different. Some victims of DWIM thus claimed that the acronym stood for ‘Damn Warren’s Infernal Machine!’.

                                                                                                                                                              In one notorious incident, Warren added a DWIM feature to the command interpreter used at Xerox PARC. One day another hacker there typed delete *$ to free up some disk space. (The editor there named backup files by appending $ to the original file name, so he was trying to delete any backup files left over from old editing sessions.) It happened that there weren’t any editor backup files, so DWIM helpfully reported *$ not found, assuming you meant ‘delete *’. It then started to delete all the files on the disk! The hacker managed to stop it with a Vulcan nerve pinch after only a half dozen or so files were lost.

                                                                                                                                                              The disgruntled victim later said he had been sorely tempted to go to Warren’s office, tie Warren down in his chair in front of his workstation, and then type delete *$ twice.

                                                                                                                                                              1. 6

                                                                                                                                                                I had no idea git auto-correct existed, and now that I do I have zero plans to use it, for exactly this reason.

                                                                                                                                                              1. 10

                                                                                                                                                                I use .lan only because it was the default in openwrt, but I like that this exists.

                                                                                                                                                                1. 2

                                                                                                                                                                  You should avoid that and other made-up TLDs unless you’ve configured your DNS server/root with a .lan top-level domain zone file.

                                                                                                                                                                  1. 4

                                                                                                                                                                    Confused by this comment. Wouldn’t they have to do that to even use any made up TLD like .lan?

                                                                                                                                                                    1. 2

                                                                                                                                                                      I believe openwrt just uses that as the default name, but doesn’t do any DNS setup to handle it.

                                                                                                                                                                      1. 4

                                                                                                                                                                        That’s not true. dnsmasq in openwrt is configured to route foo.lan to whichever device advertised their name as foo with DHCP (or the ipv6 equivalent).

                                                                                                                                                                        1. 1

                                                                                                                                                                          Got it. I meant that if you did start using it, it wouldn’t work anyway so you’d have to set it up correctly. So you can’t use (or avoid) made up TLDs without DNS configuration.

                                                                                                                                                                          I guess I’m just being particular about the language but the OP to me communicated there’s a way to use a made up TLD without configuring DNS and that you should avoid doing so which doesn’t make sense.

                                                                                                                                                                          1. 1

                                                                                                                                                                            Is this a bug in openwrt that could be fixed with a submitted patch?

                                                                                                                                                                    1. 2

                                                                                                                                                                      The argument that the code is written for python2.7 is pretty poor seems just print statement is requiring python2 adding a pair of parenthesis is not so hard

                                                                                                                                                                      1. 15

                                                                                                                                                                        Its not just the print statement that changed between Python 2 and 3. There’s a number of subtle differences that might affect the semantics of a program, and I wouldn’t want to debug those in someone else’s project I was using to quickly check one thing.