1. 2

    What I think people are missing in this debate are the tech companies are salivating.

    What a marvellous unending revenue stream…

    …sure they are being forced to hand over their users data…

    …and they will howl and cry about that to the press…

    …all the way to the bank.

    Each search request will be done… for a fee.

    At a neat profit.

    What a scam!

    Charge the user to hold their private data…. and then sell it to the highest bidder (boohoo we didn’t want to they forced us boohoo weeheeeheehee).

    And guess what, I bet the government won’t always be the highest bidder.

    1. 4

      I don’t see how that’s the case. It sounds like the Australian government wants to force companies to give them data. They’re not paying for it.

      1. 3

        The US government does something similar. Yet, the telecoms charge the LEO’s a fee for some kinds of access. cryptome published them at one point. It was several, hundred dollars leaning toward a thousand for cellphone companies if I’m remembering right. They even had a web portal for it. Comcast also billed for the pen register taps.

        1. 2

          Want a bet?

          Yes, they will be forced to cough up the data… but I bet they can impose a fee for each search.

          I believe they already do so, for example, on all cell phone record requests.

          And even if it the fee isn’t line item on the bill just passed, I will bet you a six pack of something cold that a court challenge would succeed.

          Not to dismiss the bill, that won’t happen, but to force the government to re-imburse the tech companies for the, cough, “costs” incurred.

          Infrastructure manufacturers are also salivating… these “back doors” are a Premium Feature which command Premium Prices.

          And they will get it.

          Paid for by the taxpayer.

          I would love to see the treasurer advice on this bill… I suspect they will have already budgeted for these costs.

        2.  

          I also don’t like that law but I think you’re unnecessarily outraged by that (potential) fee. I’d assume the demand for data access is a decreasing function of the price. The more expensive they are the less likely the government is to ask for them. So the no-fee scenario is one with the maximum number of requests. I doubt that’s your intended goal.

          Regarding the regulation, please have a look at the official document. I haven’t read the whole thing but here are some highlights (emphasis mine):

          Schedule 1 of the Bill will provide for industry assistance, which can be voluntary (a technical assistance request) or ordered (a technical assistance notice or technical capability notice). […] The assistance provided by a designated communications provider would be in the form of technological assistance and include, but not be limited to: removing electronic protection; providing technical information; formatting information; and facilitating access to devices and other things.

          The key amendments in Schedule 2 of the Bill relate to computer access warrants. These warrants permit covert access to data held in a target computer (which is broadly defined and may include more than one computer networks or systems). The amendments will:

          • expand the powers available under computer access warrants and authorisations executed by the Australian Security Intelligence Organisation (ASIO), including by allowing ASIO to intercept a communication for the purpose of executing a computer access warrant and undertake activities to conceal access after the expiry of a warrant
          • introduce equivalent computer access warrants for law enforcement agencies under the SD Act and
          • make related amendments to the Mutual Assistance in Criminal Matters Act 1987 and the Telecommunications (Interception and Access) Act 1979.

          Schedule 3 of the Bill will clarify and enhance the ability to collect evidence from electronic devices under warrant, by allowing the collection to occur remotely. Amendments will enable law enforcement to access information associated with an online or web-based account.

          Schedule 4 of the Bill will bring the search warrant powers available to Australian Border Force (ABF) officers under the Customs Act 1901 into closer alignment with those available to police under the Crimes Act 1914.

          Both Schedules 3 and 4 will expand the situations in which law enforcement officers may obtain an order requiring a person to provide assistance (such as authentication on a device), or risk a custodial sentence and/or a significant financial penalty.

          1.  

            I’m outraged by the perverse incentives at work and the dishonest two facedness.

            With one face displayed to their customers they moan and wring their hands…

            …with the other face they are lobbying for the business.

            Your highlighted sentences miss the point.

            Yes they are required by law to expose the customers data, this gives them “plausible deniability”, “it’s not our fault”.

            But I think you will find another law elsewhere that says the government must pay for services rendered.

            Because of the controversial nature of this law, they have kept the two sides at arms length.

            If we had any real journalists left, that is what they would be looking for… who in the business community is (quietly) lobbying for and championing this law.

            I think you will find the “no fee” scenario is best…. it will be fought tooth and nail and dragged through court and delayed because the telco’s will lose money on every request.

            But the history of military budgets shows the price is remarkably poor at effecting demand. ie. It all comes out of some big bucket of other peoples money.

            1.  

              Regarding my highlights: I wanted to emphasize other aspects of this law that seem to be eclipsed by encryption regulation. For example, if my understanding is correct, the last highlight means the law will require you to provide the password to your device or risk penalty.

              It seems by “demand” you mean “total amount spent” but I mean “total number of services rendered”. If military suppliers slashed the prices of equipment in half would the government react by reducing the budget in half or ordering twice as much? I’d say their response would be closer to the latter option. I think the same principle applies to the fee you mentioned.

              It doesn’t matter that it’s other people’s money. If the budget is 10M and one unit costs $100k then you can buy 100 units. That’s maths. If you slash the price in half then the same 10M can buy 200 units.

              Also, I’m not sure whether my reading of the document I linked is correct but it seems their intent is to go after all companies in the world even if not present in Australia. Relevant passage:

              A failure by a designated communications provider (other than a carrier or carriage service provider) to comply with TAN or TCN requirements will attract a maximum penalty of 47,619 penalty units (currently $9,999,990) if it is a body corporate; for other providers it will be 238 penalty units (currently $49,980).

              […]

              Issue: conflict of laws

              The DIGI submission noted that the Bill ‘makes explicit its intended reach beyond the borders of Australia to any technology provider with a connection to Australia’. It considered that this ‘causes major problems for businesses and it could ultimately put Australians at risk’:

              […]

              Additionally, Apple’s comment seems to interesting. I haven’t read the law itself but if that comment is accurate then the law is written in extremely broad terms (emphasis mine):

              We encourage the government to stand by their stated intention not to weaken encryption or compel providers to build systemic weaknesses into their products. Due to the breadth and vagueness of the Bill’s authorities, coupled with ill-defined restrictions, that commitment is not currently being met. For instance, the Bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor health data of its customers for indications of drug use, or require the development of tool that can unlock a particular user’s device regardless of whether such [a] tool could be used to unlock every other user’s device as well… While we share the goal of protecting the public and communities, we believe more work needs to be done on the Bill to iron out the ambiguities on encryption and security to ensure that Australian are protected to the greatest extent possible in the digital world.

          1. 1

            I really really like where Alexandrescu is going with Design by Introspection.

            It really is a lot simpler and more understandable than the alternatives / what came before.

            Don’t believe me? Have a look at the code he is talking about…

            https://github.com/dlang/phobos/blob/master/std/experimental/checkedint.d

            Once you realise that d template instantiation is signaled by templateName!instance not templateName like C++ and that most of that file is unit test….

            It’s actually quite amazing.

            His statement that the whole thing with a void hook unravels to a plain vanilla int is also amazing.

            I wonder whether the Rust guys can compete with this?

            1. 3

              Does also provide a useful collection of quotable phrases like…

              “wastefully pointless, but adorably harmless” (describing security protocols that don’t provide truly end-to-end security)

              Fundamental Truth No.6 of the Twelve Networking Truths, “It is easier to move a problem around than it is to solve it”

              1. 2

                “PKI is like real security, only without the security part”

                a certificate is “an X.509 formatted receipt for the bribe a website owner is required to pay a Certificate Authority [in order to avoid] the Certificate Warnings from Hell”

                Microsoft have a sixty-page best practices document for code signing [399], but from an informal survey of online developer forums it seems that the impact of this on developers is negligible, if they even know of its existence, probably not helped by the fact that the document includes discussions of topics like FIPS 140-certified hardware security modules (HSMs), key cards and biometrics for access control, security cameras and guards, and periodic audits, for something that from the developers’ point of view is little more than a hurdle to be leaped or bypassed during the development process.

                No best-practices document ever seems to consider that more than one or maybe two files might need to be signed. This problem is exacerbated by the fact that there’s no real distinction made between development/test releases and final releases, with the complex and awkward signing process being required in both instances.

                The conceptual mistake that Oracle was making in this case (setting aside for a moment the numerous implementation flaws that accompanied it), even more so than other organisations relying on code signing for security, was that they conflated authentication with authorisation. If you want to see the difference between authentication and authorisation in practice, try walking into a store and buying something with your passport (authentication) instead of your credit card (authorisation). In other words Oracle assumed that as long as they knew who wrote a piece of code, it was safe to authorise it to do anything. Not only is this not the case, but because of the loose security practices of the CAs who issued the code- signing certificates and the problem of attackers stealing legitimate users’ certificates, it’s not even possible to know, from the code signature, who really wrote a piece of code.

              1. 2

                I’ve become complacent with my emacs set up with regards to code navigation…. I think it should be possible to do better…. but C/C++ is horrid because the preprocessor makes a horrible syntax horribler and Ruby is happy to invoke methods on anything….

                1. 6

                  I find a helpful way of looking at it and resolving the debates is to see it as a pile of engineering trade offs.

                  All engineering is all about trade offs anyway.

                  You do it this way… you win these things…. but you lose those… choose wisely according to what you are doing.

                  An instructive set of examples is the history of version control systems and seeing which way they made these trade offs that REST is talking about and why… RCS, CVS, svn, git/hg…

                  So if REST is a pile of trade offs not doing pure REST is not the end of the world…. you merely lose the benefits of that particular trade off.

                  That may hurt you, it may not.

                  So what is that pile of trade offs trying to achieve?

                  Anarchic Scalability.

                  Where neither the control and evolution of the server, nor the behaviour and evolution of the clients is under control of any unified organization.

                  You cannot command one client to come, nor prevent a million from coming if they so choose, and there is always another server but one click away.

                  If you designing a network for such an environment…. REST is what you end up with.

                  If you are designing an API that will work and grow when you cannot force your clients to upgrade, nor as a client prevent the server from changing…. a REST API is the maximally decoupled solution you end up with.

                  You can choose to discard one or more of the trade offs in the pile… but you will always lose something (and win something else).

                  Choose wisely.

                  (The classic one is a REST client should never bookmark, but always navigate from the root. If you do bookmark you risk breaking if the server evolves, but you gain speed. It’s a trade off… you win something and you lose something. Do it with both eyes open.)

                  If you are not designing for such an environment, eg. the client and server is under the rigid control and evolution and deployment of a single team….. REST will probably get in your way. Doing something else will be simpler.

                  Conversely, your simpler solution will still require rigid control as it scales multiple teams and organizations….

                  1. 1

                    I couldn’t but wonder if, like 80% of stats, including this one, the numbers were made up on the spot.

                    1. 1

                      Refactoring 2nd Edition Martin Fowler.

                      1. 5

                        Technical (mostly old for future debugging reviews):

                        • Computer Architecture, 5th Ed. (Hennessy and Patterson, 2012)
                        • Computer Systems: A Programmer’s Perspective (Bryant and O’Hallaron, 2003)
                        • How Debuggers Work (Rosenberg, 1996)
                        • COBOL II (Bookman, 1990)
                        • Debugging C (Ward, 1986)
                        • Invitation to MVS (Katzan Jr. and Tharayil, 1984)
                        • System 370 Job Control Language (Brown, 1977)
                        • Programs for an Electronic Digital Computer (Wilkes, Wheeler and Gill, 1957)

                        Non-Fiction:

                        • The Tyranny of Experts (Easterly, 2013)
                        • 23 Things They Don’t Tell You About Captialism (Chang, 2010)

                        Fiction:

                        • The Once and Future King
                        • Some of the Harry Potter series, I guess
                        1. 5

                          System 370 Job Control Language (Brown, 1977)

                          Why do you hate yourself so so so much?

                          I have a nice hammer which you can hit yourself with…. I’m sure it will hurt less.

                          1. 1

                            Computer Systems: A Programmer’s Perspective is a great book. The 3rd edition covers x86_64. I’m surprised I don’t see it popping up more in lists like these.

                          1. 2

                            I’m always conflicted about Systems Theory….

                            Part of me says Cool…. part of me says it’s so fuzzy and so glossing over details as to be provably useless. (Look at any system which produces chaotic behaviour).

                            This seems like it might be a good use for it….

                            ie. Use systems theory to identify all contributory factors and take actions on all of them instead of a single scape goated “root cause”.

                            But then that niggle about vagueness and fuzzyness and how it doesnt fit with any software intensive system I work with….

                            1. 2

                              What’s good about the presentation in this handbook is, that the STPA-method is presented as a step-by-step process, without much of the fuzzy stuff. Leveson & co. claim to have reached pretty good results with the methodology, usually exceeding what was reached by FMEAs or HAZOPs. Leveson typically argues replacing the old methodology completely with STPA. A couple of presentations I’ve seen about it in an industrial setting usually suggest using it for a high level analysis in combination with e.g. FMEAs for low-level stuff. The hope there is, that you catch the more complicated causal scenarios (possibly involving humans with “fuzzy” behaviour) but for circuit board-level stuff remain with the traditional methods.

                              You might be interested in a recent PhD thesis from Uni Stuttgart, where they combined STPA into a systems engineering approach for software-intensive systems in an automotive setting. These slides provide a nice concise summary of that work. The approach uses STPA to identify system specifications, which are then translated into something more formal for model-checking / software testing.

                              I’ve had similar feeling when reading Leveson’s stuff. I think however, the analysis method they’ve built is powerful, also outside the domain of safety engineering. maybe especially when incorporated in a similar way as suggested in the thesis above, where it’s used to formulate specifications early on, as writing specs might often be the more fuzzy part of the system engineering process?

                            1. 4

                              Non-fiction: I’ve recently finished October by China Miéville, and just started reading Revolting Prostitutes, which I’ve been looking forward to for a while.

                              On the fiction side, I just finished Blackfish City. In case the non-fiction choices weren’t a clue, I generally like progressive or topical themes in my sci-fi, but when the blurb starts ‘After the climate wars…’ I did initially wonder if this was going to be a bit heavy-handed (and a co-worker said the same thing when I recommended it).

                              I’m glad I ignored that and read it anyway - it’s a really imaginative book and a good read.

                              I’m also re-reading the short stories from The Little World of Don Camillo, which are as lovely as I remember.

                              1. 2

                                Ah, Don Camillo, a very different age of the world, but quaint and fun and nice.

                                One of the things I enjoyed about it was, although the priest and the communist were represented as the angel and the devil… the political split in some senses was less sharp than it is these days.

                                Both sides could see the good (and bad) in what the other was doing.

                              1. 2

                                Ah, I really really wish more people would build on Edsger Dijkstra’s view….

                                The purpose of abstraction is not to be vague, but to create a new semantic level in which one can be absolutely precise.

                                It is a remarkably powerful concept.

                                1. 2

                                  Notably absent was any analysis of actual real world downstream losses and damages.

                                  It’s all at the level of “This Is A Bad Thing” rather than “The following Bad Things happened to N people resulting in estimated $M loss.”

                                  You can’t expect people to take this stuff seriously until you put a $ value, a count and a face to the resulting damages.

                                  1. 1

                                    Ah, the good old broken record of “re-use doesn’t work because we write shitty code that nobody can re-use because the layering and the abstraction and the licensing and the ownership and the coupling is all wrong and I can’t be stuffed to ever clean it up”.

                                    1. 9

                                      Hmm. No.

                                      The point of classes is to protect the class invariant.

                                      No class invariant, you have a Plain Old Struct and don’t need data hiding.

                                      If you have a class invariant, there should be no way of breaking it using a public method.

                                      If you can implement a function using existing public methods… it shouldn’t be a method, just a Plain Old Function.

                                      1. 1

                                        @JohnCarter, you were griping yesterday about closed bitstreams. How much does this help?

                                        1. 2

                                          Very interesting….

                                          Sadly I only have Altera Cyclone’s/Max10’s on my desk at the moment…. but that Torc thing is definitely worth watching.

                                          Certainly Altera goes on and on about it’s “IP”.

                                          Sort of like a Google / Apple “App Store” equivalent… except the blobs for sale are far more, ahh, narrow in their applicability.

                                          Clearly they see that as an important revenue stream so will fight tooth and nail to protect it.

                                          But the flip side of libraries of very very narrow applicability… is that is exactly the sort of thing open source does well.

                                          So the first vendor to blink and step away from “locked down everything” will see a surge of engineers heading towards them.

                                          And given that they are losing heavily on the clock speed race to Arm…. that might just save them.

                                          1. 1

                                            Appreciate the insight. I collect papers on FPGA designs in case anyone wants to try to implement an open-ish one commercially with better tools for developers. There was an open one in development at one point. The problem I see is:

                                            (a) I need to know what specific features or I.P. a good set of users would want in the FPGA platform, open or not. I figure I’ll just ping a few people like you in unlikely event someone wants to spend millions developing it. ;)

                                            (b) It’s a patent minefield. Gotta get around that where possible while staying useful enough to buy.

                                            One thing I was thinking about was starting with a 20+ year old Xilinx design, one of their high ends, for lower risk of patent losses. Add power-saving tech, integrate it with must-have components like I/O blocks (3rd-party at first), and deployed on 28-45nm (Moore’s Law). Likewise, something similar (or new) for Structured ASIC’s with approach like eASIC’s Nextreme’s. For old FPGA’s, here’s a random book I just found from 1998 showing what they could do. Any of that look on a quick skim look useful today for a significant sum of FPGA users, esp with scaled numbers from process upgrade?

                                            1. 2

                                              I’m not sure, based on memories of a chat with an expert….

                                              …the thing with FPGA’s is clock speed.

                                              So it sort depends on what you want them for.

                                              For glue logic… great.

                                              For high speed ultra parallel computation, I think they struggle, at least price per mip compared to the ARM ecosystem.

                                              Certainly we find our softcore has it’s benefits…

                                              Want to see how your CPU works….? Read the source luke.

                                              Want a cycle precise debug signal coming out of it’s depth, just route the signal to a pin and put a scope on it.

                                              Want an accelerator? Write one or drop an ip block in.

                                              Would we be better cheaper faster with an member of the Arm ecosystem…. Hmm. Probably.

                                              That said the economics of asic production seems to be changing over the years… so maybe you won’t need millions.

                                              1. 1

                                                All that sounds really neat. Like I missed my calling where embedded software and hardware is where the fun is at. If anything, looks like you all have too many choices at times.

                                                “Want a cycle precise debug signal coming out of it’s depth, just route the signal to a pin and put a scope on it.”

                                                Stuff like that is why I read Ganssle’s newsletter. Yall get to do some wild stuff compared to just running things through gdb.

                                                1. 2

                                                  too many choices

                                                  too many (tightly constrained) choices.

                                                  You’re always pushed for smaller mechanical form factor, longer battery life, cheaper manufacturing cost, cheaper unit cost…. whilst adding new features and battling component obsolescence.

                                                  1. 1

                                                    Oh yeah, that slipped my mind. The reasons Jack says folks like 8-bitters and such. I guess that could be a pain in the ass. Alternatively, a series of optimization problems for people who like puzzles or getting out of straight-jackets. :)

                                        1. 17

                                          The submission itself has no downvotes, and only 14 upvotes.

                                          Umm. I don’t even have a downvote button on a story. Am I missing something?

                                          Whenever I see a flamewar erupt about ethics and civility, I’m reminded of that brilliant crack from Flanders and Swann… “They’re all strictly apolitical. ie. They’re all conservatives.”

                                          I come from The Very Bad Old days of Apartheid South Africa… I remember all too clearly the endless “Why drag politics into this?” rants by those who desperately wished to operate in an ethical vacuum, whilst maintaining a deeply inethical status quo.

                                          To me a demand to “keep politics/ethics/issues of justice/fairness and equality” out of daily discourse is a huge red flag.

                                          After decades in that nightmare society, to me it’s like that rock you spot out of the corner of your eye, that seems to have too many legs…. you just know if you lift it there things will be crawling about under it…

                                          Assuming that open-source and sharing software is a good thing by itself, how do you think this sort of reaction encourages that for folks at Palantir?

                                          Ever had a look at Eric Raymond’s personal stuff? Now there is a dyed in the wool far right American red neck if I ever saw one!

                                          signal to noise ratio

                                          One man’s signal is another man’s noise.

                                          Someday I’ll get off my butt and create a redditish / lobsterish site that uses Singular Value Decomposition (SVD) to present to each user a personal ranking of articles and comments, that aligns to her own history of voting. ie. Make all these debates go away forever.

                                          1. 6

                                            “To me a demand to “keep politics/ethics/issues of justice/fairness and equality” out of daily discourse is a huge red flag.”

                                            We demanded it on one, tech-focused site. Many of us are either fine with it on other sites or even (my case) actual activists that just want a mental break via content or activities we can really get deep into. The technical stuff on Lobsters is like that. Kind of like reading a book, actually, without someone interrupting with a political diatribe every few pages.

                                            “Make all these debates go away forever.”

                                            We did suggest a politics tag so people can have both political and technical discussions here in a separate way for those that choose. That’s so much easier to implement even though your idea sounds cool. There were two, main objections if I’m not misremembering:

                                            1. The anti-political types thought it would legitimize politics increasing politics on the site. I thought that was funny reason to not add a filter given the upward trend. Politics is now default and higher priority.

                                            2. Some political activists wanted to be able to inject politics into every submission and thread to force others to see it claiming social value. Maybe it has value but I mostly see finger-pointing, fights, and metas like this. I opposed this practice but it’s the new, dominant position based on votes for people doing it.

                                            So, politics tag was reasonable. One side rejected it because it could be an enabler. One rejected it since they wanted to be enabled. Lack of mechanism enabled pervasive politics. Adding it could change that. Some people said they’d leave, though. Where we’re at was an intentional, successful move by activists plus a possible accident by those opposing them.

                                            1. 4

                                              “Make all these debates go away forever.”

                                              I think you missed the idea of SVD.

                                              If you think of each person’s personal biases as a vector in a high dimensional vector space…. and her vote on any particular item of (story or comment) content as a measure of her alignment with that content.

                                              Then everybody else’s vote on the same content allows one to infer the (relative) direction of each item of content.

                                              ie. The Zeroth Principle component is the “Hive Mind”, the average view.

                                              The result of this scheme is if you never want to see content type X, and you down vote it every time you do see it.

                                              Then if somebody who is aligned opposite to you submits or upvotes a new item of content.. that will receive a low ranking according to your alignment, probably below your threshold, and you simply won’t even see it.

                                              1. 3

                                                That sounds both convenient and terrifying at the same time from my perspective. Like a simpler version of what those personal assistants in AI field were supposed to do for us. Just seems like it would create the same echo chambers algorithms at Facebook, etc are doing. Those have done a lot of damage. I’d rather avoid something that total in presentation if possible.

                                                The reason I mentioned just politics tag is that it’s the main point of contention leading to many of these threads and fights. A good chunk of the members just want it to be invisible at least here. They want an oasis for tech-focused people. So, making it invisible with a tag per story or comment solves a lot of that with one feature. Maybe. People will probably still gripe about standards, languages/tools of choice, and so on. Filtering politics will knock down a lot of the worst.

                                                There’s a saying in the South that many go by: “I’ll talk to people [in context here] about anything except politics and religion.” The reason being folks talking about those usually just argue or become enemies unless they’re already in agreement. Destroys lots of relationships, productivity, etc. So, such people attempt to separate it where possible from places or activities where we want focus, fun, etc. Usually works fine among all groups here. So, I pushed for a solution proven in one of most heated areas of America. Might work here.

                                                1. 4

                                                  I’ll talk to people [in context here] about anything except politics and religion.

                                                  That was a very characteristic feature of The Bad Old Days of Apartheid South Africa.

                                                  Translated from the Original South African it meant “I’m comfortable with the status quo, don’t make me think about things that make me uncomfortable.”.

                                                  Personally I wouldn’t find the SVD ranked world an echo chamber, even in the Bad Old days I regularly listened to the ultra right wing radio station…. not because I agreed with them, but so I would know what they were up to / how they were thinking. (Well, to be honest I also do like Boere Musiek)

                                                  Useful.

                                                  So in a SVD ranked world I would often sort to display lowest ranked first.

                                                  Because in the SVD ranked world 0 means “Meh. I don’t care one way or another about that”

                                                  Very negative rank means “I really do care about and strongly disagree with that.”

                                                  Which is something very very different.

                                                  1. 4

                                                    Re feature of South Africa. I believe it. It’s used to reinforce the orthodoxy in the South, too. The other thing it does is keep the peace. Note that minority members I meet almost universally support the same rule for the same benefit.

                                                    Although it’s the default, we do talk politics periodically in the workplace and other public places. We just know folks can only handle so much. Someone will eventually draw the line where others then back off that topic to respect their boundaries. Alternatively, someone might cut it after it gets unproductive shifting to non-political, esp funny. Humor helps a lot.

                                                    Many of the Lobsters type of leftist talk like their method is the only thing that works for minorities or makes progress. Yet, selective, high-impact use of politics that we otherwise avoid has worked for minority members and gotten progress down here for years. That on top of occasional, legal action or protests. If anything, it worked better than what people here advocate since:

                                                    1. Government, schools, and many business were black controlled when I was in Memphis, TN. They were running it all their way with a focus on black issues and investment. There’s also a large segment of hispanics with their own businesses, areas and so on. There’s lots of everyone in most workplaces with a range of biases.

                                                    2. The companies and sites run by leftist activists often seem composed of white men and women, add indian or asian males for tech. For instance, I called out Rust compiler team about just being a bunch of white dudes despite talented women out there in compilers and them claiming to want inclusion if it’s words on a forum. Likewise, Lobsters is heavy on inclusion/outrage politics but there’s basically just one of them consistently submissing work by underrepresented folks (tagged culture). Most dont invest any effort in under-represented, minority submissions in various areas of tech but will in piles of comments about how important it is to help them.

                                                    Looking at the results, minorities are getting further ahead in one of the most-racist, least-PC areas of America than in most companies or sites with views similar to Lobsters majority, including Lobsters. So, although our “politics here not there” rule can be used to surpress dissent, it can also be used to get people ahead by focusing on their work/happiness in most places saving political effort for places & using techniques with high ROI. Which folks like me are doing down here in the Mid-South with better results at least for blacks and hispanics.

                                                    Re your preference on ranked content

                                                    That’s a really neat idea. You and I are more alike on some aspects of thinking than you might think. I always did something similar, last time on Facebook. Kind of like marketers or campaigners do, I had one of each type of person in my feed, blog roll, etc. Every significant group I could think of along with some oddballs who were just really interesting or fun. Plus family, friends, and other obvious.

                                                    When a media event happened, they’d all start talking politics. For each issue, I’d read their comments, follow each of their links with evidence, try to assess bias/reliability, and then try to combine it into truth. Id discuss it with them. Similar to what I did asking everyone questions when younger about many topics. Process turned me from Christian Republican about trusting markets to Agnostic Moderate Socialist. I could still be wrong: gotta keep listening even though painful.

                                                    Im still fine with a few places either politics free or isolate it in normal operation. Lets me shift into productive mindset with maximum flow. I mean, I doubt most folks here want to be told negative, political implications of actions every time they read a book/paper, write code, are hiking, and so on. You all already practice what I preach at work and in some hobbies. Then, many make an exception for Lobsters or forums saying we should get bombarded, attacked, etc there since we can never, ever leave out politics to focus on tech/fun/work. Inconsistent. Id rather focus here like most of you allow yourselves to do in other tech activities.

                                            2. 1

                                              Someday I’ll get off my butt and create a redditish / lobsterish site that uses Singular Value Decomposition (SVD) to present to each user a personal ranking of articles and comments, that aligns to her own history of voting.

                                              I like that idea. If it is something that each user can toggle, it could be genuinely useful (if untogglable then filter bubble, of course).

                                              1. 3

                                                More useful than toggle is invert.

                                                The closest redditish sites have is “sort by controversial”, they don’t have “sort by most down voted”, since that corresponds to “most regarded as trollish by the hive mind”.

                                                The interesting thing is the idea of principle components of the content. The first one is typically the hive mind, the second one is probably the most popular topic on the site…

                                                The next interesting thing are your personal principle components.

                                                As I was saying nickp.

                                                0 is Meh dont care.

                                                Positive is interesting and I agree

                                                Negative is interesting and dont agree.

                                                So positive and negative is interesting.

                                                1. 2

                                                  Negative is interesting and dont agree.

                                                  I kinda like that idea. When I’ve seen a really good film, I enjoy reading reviews from people that didn’t like it. They are often more precise than the positive ones.

                                            1. 10

                                              I’m with Groucho Marx.

                                              I wouldn’t want to belong to any (exclusive) club that would except me as a member.

                                              So, no, please.

                                              1. 7

                                                I describe how I failed to do what I preach and ended up writing integration tests instead of unit ones.

                                                1. 18

                                                  It’s ok to take a dual approach. In fact, it’s often inevitable. Tests are a way of asking questions and documenting the answers. Some questions are high-level and others are low-level. In legacy code this is particularly true. Write unit tests for a monolithic controller and they become integration tests once you extract classes from it.

                                                  1. 6

                                                    In legacy code, maybe, but this is code I wrote from scratch this year.

                                                    You’re not… the Michael Feathers are you?

                                                    1. 11

                                                      Yup. I am.

                                                      1. 10

                                                        I read “Working Effectively With Legacy Systems” a few years ago after my company moved me to a team suddenly responsible for maintaing a codebase written by a completely different team in another company. Thanks for the tips therein, even though I struggled to get any of my new teammates to read it.

                                                        A few of us that fought the good fight did eventually manage to bring order into the chaos by writing a lot of tests though.

                                                        1. 2

                                                          Great to hear. Glad I was able to help.

                                                        2. 1

                                                          You’re joking?

                                                          1. 4

                                                            Can confirm, we met in person. He’s super cool in real life, too!

                                                            1. 3

                                                              This is one of my favorite things about the internet =)

                                                      2. 2

                                                        I really like the collaboration test approach (partially) described by JB Rainsberger….

                                                        It took me awhile to realize it implied a separate, standalone module of code, that get’s reused in multiple contexts.

                                                        ie. Atila shouldn’t be testing that libclang works, that’s the job of the unit tests inside libclang.

                                                        He should be writing collaboration tests that prove that his code and libclang agree on the interface specification.

                                                        He needs to prove that his code meets the preconditions for calling the libclang code, and that his code can handle every possible return code and result permitted by the interface specification.

                                                        ie. He needs to create a collaboration test shim that is shared between his unit tests and mocks and integration test and production code that checks the interface specification.

                                                        ie. The collaboration test shim checks whether the unit tests, the mocks, the integration tests, the production code, and libclang itself all conform to (what he believes is) the documented interface, and the test shim is common standalone code that is byte exact shared (as appropriate) between all the above.

                                                        ie. The single responsibility of a collaboration test shim is to document, understand, check and enforce the interface specification for a particular concrete 3rd party interface..

                                                      3. 6

                                                        I often start from an integration/system test and work my way in. My reason is that I want to build some software because it solves a problem someone has, and the system test shows that I am solving that problem. I write a unit test when I think of some software I want to write, and the unit test shows that I have written that software. That’s fine, but I also want to know that the software I write is solving the problem :).

                                                        1. 3

                                                          I often start from an integration/system test and work my way in

                                                          Me too, I learned this by doing BDD. The thing is then writing and relying way more on unit tests.

                                                        2. 3

                                                          I might do another blog post covering how I ended up porting a codebase with pretty much only integration tests to the unit variety.

                                                          Alternative suggestion: do a blog post on switching your project to something other than libclang (what would that even be?!). That would help determine whether these concerns you’re trying to separate actually matter in practice. Porting tests is a certain amount of effort. It makes a lot more sense if it’s in aid of a specific purpose.

                                                          There’s always some dimension you can generalize in software. But if it’s never going to be needed it’s just useless work. (Or a kata, which would be a totally valid reason.)

                                                          1. 1

                                                            Somebody suggested gcc plugins. I don’t know how that works. But yes, using a different parser frontend would help point out where I’ve gone wrong.

                                                        1. 16

                                                          Reads like a collection of own goals underlining the need for open source.

                                                          1. 17

                                                            Every exposure I’ve ever had to FPGA design and synthesis tools and IP sets has left me deliriously happy to be working not in that space. A truly deeply proprietary space with tools that serve to make Lotus Notes seem fun to deal with.

                                                            1. 2

                                                              I guess it’s because of how capital intensive developing hardware can be. Anyone with a computer can start writing and distributing code with negligible marginal cost, but to develop hardware you need money.

                                                              One of the big incentives for Open Source software is interoperability/adoption (the open source solution should theoretically spread the fastest), but it’s more profitable to keep it closed source if people will adopt it anyway (no good alternatives).

                                                              1. 2

                                                                We’re already using GHDL and as soon as any FPGA vendor opens up their bitstream…. we will push to jump to that one.

                                                              2. 2

                                                                And ASIC EDA tools aren’t any better. At $dayjob we’ve recently starting working with one of the major vendors in the space (/^S.+s$/) and the general quality of the software & support thereof has been…profoundly underwhelming, especially considering the convoy of trucks loaded with cash we had to send them in exchange for the privilege of using it.

                                                                Open source is by no means a silver bullet (there’s plenty of examples of terrible pieces of it), but man…I guess I’m spoiled by the sorts of things I usually deal with – when I suddenly have to use some proprietary something for some reason, probably 80+% of the time the drop in general quality is pretty astonishing.

                                                                1. 2

                                                                  I think one of the main points about open source is the ability to scratch itches and ease pain points.

                                                                  But if you have a vast monolith of proprietary crap… you’re stuck in a land of pain and digital eczema.

                                                                  1. 2

                                                                    I think one of the main points about open source is the ability to scratch itches and ease pain points.

                                                                    Oh, certainly. I have on occasion though had situations where I’ve noticed such an itch, pulled back the curtain to scratch it, and been too horrified by what was going on beneath the UI surface to follow through and do so. (Like “I don’t want my name publicly associated with this codebase”.)

                                                                    But such instances have been rare, and having at least the ability to do so is massive advantage.

                                                                    1. 1

                                                                      I have in quite a few instances in the Open Source world I have done no more than give a good bug report and well defined small test case and had the issue resolved the next day.

                                                                      In other instances I had to walk about in the debugger until I reach a “Huh? Wtf!” moment and then posted a query to the appropriate mailing list… and received a prompt “Yeah, that looks a bit odd… I think it should be…” reply which fixed it.

                                                                      In the closed source world my experience has been universally, ahhh, buy the next version, it might be fixed in that.