1. 18

    Not this again.

    Different kinds of Arabic read numbers out loud differently, so some read most significant first, and some read least significant first, many are middle-endian. It’s pretty hard to make this conclusion just based on that.

    BUT: Arabic got the numerals from India. Indian languages write down numbers the same way you do in English, most significant digit first in a left to right script. Indian languages typically say numbers as most-to-least significant, with the middle-endian nature of tens and ones digits being swapped (similar to how “thirteen” is “backwards”). So it doesn’t even matter how it’s read in Arabic, because for a long time they were writing numbers the same way as the Indians, and it would be very weird if they used the same numerals but in the opposite order when looked at visually. The numbers got copied twice, from an LTR script to an RTL script back to an LTR script, without changing the order. The RTL nature of Arabic is a red herring here.

    And this doesn’t have much to do with why our computers work a certain way, anyway (see other comments).

    1. 2

      Different kinds of Arabic read numbers out loud differently, so some read most significant first, and some read least significant first, many are middle-endian. It’s pretty hard to make this conclusion just based on that.

      What do you mean by different kinds of Arabic? Classical and Modern Arabic both read numbers out loud the same, are you referring to dialectal Arabic? because most Arabs would not consider their dialect to be a legitimate Arabic, since almost all published text is written in Modern Arabic, or still in some cases Classical Arabic.

      For the record though this post is just wrong, because 521 in both Classical and Modern arabic is read as five hundred, one and twenty, and the author claims that “formal” arabic reads it differently. I’m not really aware of any dialects that read that as one, twenty, and five hundred, and at least to me (north African native speaker, but also Arabic language enthusiast) it sounds insanely wrong even for a dialect.

      BUT: Arabic got the numerals from India.

      Eastern Arabic Numerals are from India, Western Arabic numerals are believed to have originated in North Africa. European languages use the Western Arabic numerals, and not the eastern Arabic Numerals. The decimal system though, the more interesting part in my opinion, was indeed copied from Indian mathematicians.

      1. 2

        Eastern Arabic Numerals are from India, Western Arabic numerals are believed to have originated in North Africa

        Any sources for that? Most of the sources I have seen seems to trace the origins of both to Brahmi numerals.

        1. 1

          Right, dialectal Arabic, but also I knew that MSA doesn’t follow the same rules as what the author talks about and I wasn’t sure what they meant by “formal”, so I was really talking about MSA (I don’t know enough about Classical).

          Eastern Arabic Numerals are from India, Western Arabic numerals are believed to have originated in North Africa.

          No, the exact numeral forms were invented in North Africa (with influence from the eastern arabic forms!), but the concept of using numbers like that came from Eastern Arabic numerals, and Western Arabic numerals are a bit of an early divergence from them. They’re still related, see the first paragraph in https://en.wikipedia.org/wiki/Arabic_numerals#Origin_of_the_Arabic_numeral_symbols , in particular mathematicians had already trained themselves on Eastern Arabic numerals but hadn’t necessarily agreed on the forms.

      1. 1

        wow, it’s almost as if encoding images in a standard that was intended for writing systems causes a lot of problems and cannot be implemented in a consistently sane way; who would have guessed

        1. 13

          No.

          Almost every time people say “emoji make unicode more complex” they’re wrong. Emoji simply force programmers to deal with complexities they were able to ignore in the past, because those complexities affected languages those programmers were less exposed to. Most of the complexity in handling emoji in unicode is existing complexity that affects other scripts.

          This is not to say that emoji hasn’t brought in its own complexity (they way both country and non-country regional flags are handled are novel systems, for example). But 99% of the time emoji handling is problematic in your code – congratulations, your code probably breaks on other languages as well. This is true for basically everything in the above article.

          1. 5

            Almost every time people say “emoji make unicode more complex” they’re wrong. Emoji simply force programmers to deal with complexities they were able to ignore in the past

            The problems encountered adding emoji support to Emacs have been almost all centered around moving from the completely sensible “text should be monochrome” assumption to “fonts can do colors now for some reason”, and it’s been a huge headache.

            It’s frustrating to see all this effort spent that could have been used to solve real problems.

            1. 3

              Yeah, colors are another new thing emoji have brought in. Font code is complicated a ton by them.

              But in the context of this post, nothing is emoji-specific here.

          2. 9

            It’s worth pointing out that these problems would exist even if emoji did not exist. “Extended grapheme clusters” exist to deal with the complexity of human orthograph and are not solely an emoji thing.

            I don’t really see a single issue that this article explores whose root cause is “emoji in Unicode”, to be honest.

          1. 2

            How much does it matter? I resize windows, there’s usually a few weird glitches, but as long as it mostly approximates the correct window it seems fine. I don’t like to make excuses for doing the “wrong” thing but I don’t recall anyone ever complaining and I can’t really think of any practical consequences. As soon as I stop resizing, the window has the correct contents.

            1. 16

              The point of the post is to describe a proxy metric for “good GUI frameworks” that’s easy to measure.

              Not being able to smoothly resize windows may not be too big a deal in and of itself. It points to other underlying issues that may end up being a big deal, however.

              1. 1

                Ah.

              2. 6

                It’s a good proxy that is easy to check and use.

                As someone who resizes a lot, I definitely find it important. Jarring or slow resizing has an effect on how much I like an app. For example, I hate Thunderbird for that reason, it’s just terrible at this.

                1. 2

                  Did you even read the first part of the article?

                  That’s just a proposed alternative to the “green tea test” for Chinese restaurants or the “tamagoyaki test” for sushi restaurants but for GUI frameworks.

                  1. 1

                    It’s not only a great way to test for “quality” in general, but resizing is a great insight into the attitudes and priorities of a GUI framework. It’s very easy to mess up the combination of flexible layout and nested component hierarchies, particularly when objects can have min/preferred sizes, and scrollbars can come and go. Sometimes you can get yourself into ugly edge cases where user resizes can trigger a scrollbar to appear on a container, which then causes another layout loop inside it because the inner size has changed (thanks to the new scrollbar), and so on and so forth. It can get real ugly :)

                  1. -6

                    Rust has no specification, which means that there is nothing to distinguish between unintended implemented behaviour, and intended implemented behaviour, for anyone who wishes to create a new rust compiler, or port it to another platform. It also means that the behaviour of arbitrary elements can be ‘fixed’, and potentially the meaning of currently working programs to be changed in a negative way. Thus rust shall, while it has no specification, remain less adequate than Ada for use in the “Safety Critical” domain. If you want Rust to operate in that domain, you need a spec.

                    1. 40

                      Please read the article. It goes at great length to sketch out a long term plan to arrive at this spec, to then get Rust certified. The planned ToC also contains a whole document with a complete plan for the specification.

                      There’s ample previous work done for Rust already, Ownership and Borrowing is formally proven and a memory model is far in the works, together with a checking interpreter (miri). Type resolution is being rewritten and a huge part of that is moving to an exact specification of how it actually works.

                      The plan is also informed by speaking to multiple companies that got LLVM-based compilers through certification, so it’s not like we’re just writing down wishes.

                      1. 1

                        Please read the article.

                        The parent post appeared to be talking about /now/, and your article was clearly talking about /the future/ – in your post you even go so far as to call the plan a “moonshot”, and “likely many full time developer-years of effort”. Even seems like a soft call for funding in there.

                        So I don’t see how your “please read the article” comment is fair?

                        Note: I /do/ think the goal is laudable, and exciting.

                        1. 17

                          The parent post appeared to be talking about /now/,

                          Talking about /now/ independent of the article isn’t really pertinent to a discussion on the article, is it? Especially since the article addresses the content of the comment in question. I’d say @skade’s request to read the article was reasonable.

                          1. 10

                            I mean, it’s abundantly clear from the article that Rust doesn’t have a specification yet, nobody is contesting that. “Rust has no specification” is quite nonsensical as a comment on a post talking about plans to specify Rust.

                      1. 20

                        Well, this is infuriating. I hate that my browser just became essentially useless to me because someone at Mozilla messed something up. Anyone know if there’s a way to opt out of the extension verification stuff?

                        1. 11

                          I’m seriously considering just switching to Chromium (ungoogled-chromium maybe?) as a workaround. I don’t feel like Mozilla is doing too well in general with regards to being pro-user and pro-privacy lately;

                          • There’s this issue, leaving everyone vulnerable to tracking and disabling protections for tor users.
                          • The fact that this feature exists at all, and the only supported way to disable signing requires nightly, takes a lot of control out of users’ hands.
                          • Mozilla have bought companies with closed source products (such as pocket), integrated them into Firefox, promised to open-source those products, and just never open-sourced them, leaving Firefox still with built-in integrations with potentially privacy-breaching inauditable closed-source products.
                          • They have plans to move away from DNS, where a query first consults my OS (and its hosts file) and then consults my ISP which is a norwegian company following strong privacy laws, to just sending queries directly to a random American company which follows the US’ seemingly non-existant privacy laws.
                          • It seems likely that they’ll move from IRC to discord or slack, which will be pretty bad if it happens (though this point is invalid if they end up moving to something free and open source). They should at least have come out and clearly stated that they’re not moving to a closed-source solution.
                          • And, well, Chromium just has better performance on machines I’ve tested it on; having a worse experience for a good cause is worth it, but having a worse experience just to support a company which doesn’t really stand for anything might not be.

                          I honestly really want to support Mozilla, and to do my small part in avoiding a complete browser monopoly by not using chromium, and I really don’t want to support Google. Mozilla just does so many stupid things which flies in the face of the values they claim to hold.

                          1. 27

                            I definitely plan to stay with Firefox. They are sometimes failing, but at least they’re trying to fight. There’s a saying, that “if somebody’s not failing, they’re not trying hard enough”. Whereas Chrome has a fundamental conflict of interest against many user protection mechanisms, because paid by Google Ads.

                            1. 7

                              You’re probably right. I’m on chromium right now, but I will probably honestly end up switching back to Firefox when this whole thing is over. It just sucks that Mozilla has to put themselves in the position of being the least bad of two evils, instead of just being plain good.

                              1. 4

                                It just sucks that Mozilla has to put themselves in the position of being the least bad of two evils, instead of just being plain good.

                                You’ve hit the nail on the head. I just want a browser that’s privacy-respecting and good.

                              2. 5

                                Mozilla is also paid by Google Ads.

                              3. 20

                                Can you not be a drama llama? They goofed up. They will probably fix it soon. So you are without addons for a few days.

                                As for their decisions, they are clearly straddling a line between purity and a little bit of the dirty stuff to make it more convenient for the non-0.1% of users who are ‘technical’. Meanwhile Google is ACTIVELY TRYING TO FUCK YOUR SHIT UP to maximise their control and profit.

                                Perfect is the mortal enemy of the good.

                                1. 2

                                  I think the problem here is that not only do they enforce the signing, but they also make it impossible for the user to turn it off, unless the user downloads non-stable or non-official versions of software, taking control out of the hands of the user.

                                  Sure, Google is worse, but what excuse does Mozilla have for the workaround (e.g., disabling the feature) not working on stable versions of Firefox? I see that as the very definition of the lesser of the two evils.

                                  1. 3

                                    I think I’ve seen some article long ago, basically saying how users will do everything they’re told by a website if this means they get to watch one more funny cat video - including changing settings in about:config, in OS, etc. Unfortunately I can’t seem to find the article with google nor ddg.

                                    1. 3

                                      This rings a bell, I read that too. I think the term you are looking for is “dancing pigs”. The Wikipedia page for dancing pigs cites a few sources for it. The one I think you and I both read is probably one of the Bruce Schneier articles. Wiki suggests the first publicly available written thing using the term was a chapter in a book about the Java security model. Which is kind of funny when one thinks about it because it’s hard to think of a piece of technology that did a worse job of what it was supposed to do than the Java security model.

                                      1. 1

                                        You’re saying the users are the only one gullible here?! What about the developers? A couple of folks at Mozilla and Google tell devs to trust LetsEncrypt with all your SSL needs, and pretty much every single developer restricts access to their websites now through LetsEncrypt now. Talking about the folks being gullible!

                                        1. 1

                                          Hm, I see now that the way I wrote it may be seen as more ambiguous than I expected! :) Basically, what I meant, and what the article I mention tried to convey AFAIR, was that as a developer, one sometimes needs to protect users from themselves; in this case, I guess the “[Mozilla] mak[ing] it impossible for the user to turn [addon signing verification] off” decision might have been to protect users from themselves. That is, to protect users from being conned into disabling the verification feature “to see this one funny cat video”, and installing some malware addon.

                                          As to LetsEncrypt, I don’t think I want to engage in a discussion completely (in my opinion) unrelated to the original post/article :)

                                    2. 1

                                      this isn’t the only thing they’ve done. it’s part of a longer trend of user-hostility which tells us that the mainstream web will not be compatible with freedom, so long as google controls what standards are implemented.

                                    3. 5

                                      Mozilla just does so many stupid things which flies in the face of the values they claim to hold.

                                      Yeah, remember that “auto install” of the LookingGlass/Mr.Robot thing a while back (end of 2017 I think…)?
                                      wtf Mozilla. I am going to check out some alternatives.

                                      Anyone here tried Brave or Vivaldi? If so, any good?

                                      1. 3

                                        Been working with Brave and Firefox for quite some time now.

                                        Brave is less polished and is missing quite a lot of sync-related-features I tend to use quite often on firefox. But the fact that firefox broke at a critical moment on my smartphone, right this morning, was the turning point.

                                        I haven’t tried Vivaldi as extensively though.

                                      2. 3

                                        The fact that this feature exists at all, and the only supported way to disable signing requires nightly

                                        https://twitter.com/SwiftOnSecurity/status/1124545069078536192

                                        There’s no solution here that doesn’t involve making normal users more vulnerable to malware. It’s been tried.

                                        Chrome has had similar problems in the past.

                                        They have plans to move away from DNS …. to just sending queries directly to a random American company

                                        Nobody has said that it will be a random American company. Mozilla’s testing this feature out with Cloudflare. I suspect this will be pretty configurable if it becomes an actual thing, and probably more local.

                                        It seems likely that they’ll move from IRC to discord or slack

                                        Mozilla’s moving away from IRC, but from the requirements here it doesn’t seem like slack or discord are likely solutions.

                                        1. 2

                                          Nobody has said that it will be a random American company. Mozilla’s testing this feature out with Cloudflare.

                                          Cloudflare is the random American company I’m talking about.

                                          1. 2

                                            Right, operative term being “testing this feature out”. There’s no indication that if this feature becomes a thing it will be only cloudflare that it uses. There’s just a lot of FUD around it.

                                            My comment is not correcting “random American company” to cloudflare, it is correcting your statement about Mozilla plans around this. They have not ever stated that this is the plan. It’s just what they’re testing out, because you have to bootstrap an ecosystem somehow.

                                        2. 1

                                          Mozilla isn’t moving away from DNS, you can disable DoH in the network settings and you can set any other DoH endpoint you want in the same dialog (so for example, you could set your Norwegian ISP or no DoH at all).

                                          The Pocket extension is open source to my knowledge, I do recall a github repo floating around. What isn’t open source (yet) is the backend.

                                          1. 4

                                            Sure, it will probably be possible to disable DoH, but how many non-American Firefox users will know to do that, compared to how many will not even know it’s something they have to worry about and send all their queries to a US corporation?

                                            The pocket extension is open source, but it’s the backend which is interesting, and it’s the backend they promised to open-source a long time ago. (Look at this comment from a Mozilla employee 2 years ago: https://www.reddit.com/r/firefox/comments/5wio45/mozilla_acquires_pocket/deadcf7/ - that didn’t say that the Pocket extension would become open source, but Pocket itself.)

                                            1. 1

                                              To my knowledge the current default and to keep it disabled, the DoH provider setting currently defaults to only using standard DNS as well, I don’t know of any plans to change that, Mozilla is still very early in testing the waters on how to deploy it.

                                        3. 2

                                          See the description of this post for a workaround.

                                          1. -9

                                            Well, this is infuriating. I hate that my browser just became essentially useless to me because someone at Mozilla messed something up. Anyone know if there’s a way to opt out of the extension verification stuff?

                                            LOL, says a person who’s website is “protected” by a time-bombed HTTPS and is unavailable via HTTP.

                                            You are aware that your website suffers from the same issues that you appear to condemn in this very comment? That it’s up to external third parties on whether or not the user is allowed to see it, because you decided to cave in to their pressure to “secure” your static website, and yourself made a choice to prohibit folks from accessing it via HTTP through your own policy?

                                            How are you then act surprised that Mozilla does same?!

                                            1. 6

                                              Well firstly, my website is not a tool that people depend on to do work. Firefox is. Secondl, I have automated systems in place to renew the SSL certs & get warned when they’re near to expiry. Thirdly, if you had my site open & the certs somehow expired, you could still see the content; Firefox just disabled a bunch of functionality while it was running without giving me any chance to intervene. Finally, if a website’s certificates are expired, you still have the ability to say “show me anyway”; there doesn’t seem to be any ability to do the same with stable Firefox.

                                              Glad to see you’re enough of a fan of mine to look into how I configure my site though!

                                              1. 2

                                                But how’s a website different from a tool? Firefox is still made by people just like you. The fact that one can click “show me anyway” on your website is merely omission on the part of site’s operator to not install HSTS. With proper HSTS, the user is guaranteed to not have any way to access your site even if you decide to cancel your https policy. There is no way to intervene, either, if HSTS is setup correctly. If you click reload and a new connection has to be established, pretty certain things won’t work no more, either.

                                                “Automated systems in place to renew SSL certs”? Are they autonomous and self-contained, or do they depend on any third parties? Are the third-parties they depend upon by any chance related to the very same party that caused the incident at stake? Isn’t Mozilla the biggest backer behind LetsEncrypt? This has got to be a joke! The most classic example of #TooBigToFail!

                                                1. 2

                                                  Firefox is only a tool you depend on because people serve websites which require a modern browser to be usable. HSTS contributes to this monoculture.

                                                2. 3

                                                  HTTPS is a bit different; with a website, you’re inherently relying on someone else paying the bills for the server and domain name continuously anyways, and if they don’t, you can’t use their website even if it”smnot HTTPS. Relying on the owner to renew their certs too doesn’t really change anything. If you want to have access to a website without relying on anyone else, you need to download it and access it locally, whether it’s HTTP or HTTPS.

                                                  There’s no such expectation for addons I have downloaded to my personal machine which don’t inherently need to rely on any third-party.

                                                  1. 6

                                                    This is a personal attack and not something that contributes to the conversation.

                                                    1. 0

                                                      How’s something a personal attack if it applies to pretty much every site operator nowadays? The comment purposefully doesn’t even contain any PII, either.

                                                      1. 2

                                                        There are better ways of discussing the merits and problems involved with the https certificate system than dismissing what someone said with “LOL, says a person who [..]” and doubting the person’s sincerity with “issues that you appear to condemn”.

                                                        1. -1

                                                          the dismissal or questioning of their sincerity is something you’re adding with your interpretation. it doesn’t follow from the parts you quoted.

                                                          maybe his goal was not to discuss the merits and problems of the https certificate system, but to actually lessen the spread of this scourge.

                                                      2. -3

                                                        Pointing out hypocrisy is a good tool when discussing moral issues.

                                                      3. -4

                                                        Good post, sad to see it got swarmed by haters.

                                                    1. 3

                                                      Hmm… not a huge fan of the JavaScript nav with no URL bar changing or way to link to a sub-step. As a side-effect of this, if I hit the “next” button at the bottom of a long step, the next step appears already scrolled to the bottom so I have to manually scroll up to read it.

                                                      Update: Showing this to macOS users at work, the first question I got was if the git from homebrew has git-send-email or not, since that’s the preferred way to install tools.

                                                      1. 4

                                                        It’s actually not JavaScript - there’s no JavaScript on this page. That was a deliberate design decision, and the tradeoff is that I can’t scroll the page up when you switch through the steps.

                                                        1. 4

                                                          Could it just be normal links instead of whatever it is?

                                                          1. 3

                                                            Maybe… I’ll look into updating that later. Would also accept a patch.

                                                            1. 2

                                                              You can use :target selectors to control visibility depending on what the document fragment is

                                                        2. 4

                                                          git-send-email is all kinds of broken on OSX because the perl dependencies get very messed up, and the problems change over time (i’ve had multiple problems with it before, each time new ones)

                                                        1. 74

                                                          Cargo is mandatory. On a similar line of thought, Rust’s compiler flags are not stable

                                                          This is factually false. Everything in rustc that is not behind -Z (unstable flags) is considered public interface and is stable. Cargo uses only the non--Z interface, so it can be replaced.

                                                          I also don’t agree with the rest of the statement, integrating cargo into other build systems is a problem that would get worse if it were solved badly and it is terribly hard to find an interface that helps even “most” of the consumers of such a feature. Yes, it always looks like “not caring” from the side of consumers, but we have a ton of people to talk to about this, so please give that time? There’s the unstable build-plan feature which allows to export data from cargo, so please use it and add your feedback.

                                                          A lot of the arguments fall down to “not yet mature enough” (which I can easily live with, given that the 4th birthday of the 1.0 release is in 1.5 months) or - and I don’t say that easily - some bad faith. For example, Rust doesn’t have a (finalized!) spec, yes, but it should also be said that lots of time is poured into formally proving the stuff that is there. And yes, we’re writing a spec. Yet again, there is almost no practical language today that had a formalized and complete spec matching the implementation out of the door!

                                                          I also don’t agree with the statement that Rust code from last year looks old, code churn around the 2018 edition was rather low, except that you could now kill a lot of noisy lines, which a lot of projects just do on the go.

                                                          I’m completely good with accepting a lot of the points in the post and please have your rant, but can’t help but feeling like someone wanted to grind an axe instead and highlight their mastodon posts.

                                                          Finally, I’d like to highlight how much effort Federico from Meson has put into exploring exactly the build system space around Rust in a much better fashion. https://people.gnome.org/~federico/blog/index.html

                                                          1. 3

                                                            Yet again, there is almost no practical language today that had a formalized and complete spec matching the implementation out of the door!

                                                            This is factually false? JavaScript has a superb spec and also has a formalized spec. Practically speaking, formalized spec is not very useful yet, so if we restrict to complete spec, all of C, C++, Java, C#, JavaScript have complete spec supported by multiple independent implementations. Rust’s spec as it exists is considerably less complete and useful compared to those specs.

                                                            1. 16

                                                              My point is: Did all of those have it out of the door?

                                                              Yes, the current spec is not useful for reimplementing Rust and that has to change. My point is that it’s rare to see languages that have such a spec 3 years out of the door.

                                                              1. 25

                                                                Java was released in 1996 together with Java Language Specification written by Guy Steele and co (zero delay). C# was released in 2002 and ECMA-334 was standardized in 2003 (1 year delay). Compared to Java and C#, Rust very much neglected works on specification, primarily due to scarce resource. My point is that even after 3 years, unlike Java and C#, there is no useful spec of Rust.

                                                                1. 4

                                                                  Why did Steele write the Java spec? Usually there is little value in writing a spec if there is only one implementation. Did they write the Java spec because Microsoft made its own Java?

                                                                  Also, Python has no spec although it has multiple implementations and it is certainly a useful and successful language.

                                                                  1. 3

                                                                    I believe Python does have a spec. “don’t rely on dict ordering” was a consequence of saying “Python spec doesn’t specify this even if CPython in fact orders it”, though this has changed. Not closing files explicitly is considered incorrect from a spec perspective even though CPython files will close files on file object destruction

                                                                    It’s not the C++ language spec but there are a good amount of declarations relative to “standard Python behavior”

                                                                    1. 3

                                                                      By that logic, so does Rust. They both follow almost identical processes of accepting RFCs and documenting behavior.

                                                                      1. 1

                                                                        I’m agnostic to the “Rust having a spec” question. I have not thought about it more than today.

                                                                        Python has the reality of having multiple mature implementations (I’m not sure if this is true of Rust?) so there’s actually a good amount of space for a difference between spec and impl.

                                                                        I also think there’s actually an ongoing project to defining a Rust spec? It feels like “Rust spec” is pretty close to existing , at least in a diffuse form

                                                                    2. 1

                                                                      Usually there is little value in writing a spec if there is only one implementation.

                                                                      There is a lot of value in writing down the conclusion of a discussion. When the conclusions are about formalization, it adds value to write it down as formally as reasonable. That enables other humans to check it for logical errors, functional problems, etc. and catch those before they are discovered while coding or even later.

                                                                    3. 1

                                                                      You’re right. coming from a background of more dynamic languages (Ruby/Python/etc., I’m more used to their pace so speccing).

                                                                      1. 0

                                                                        hm - i was against you until this comment

                                                                        thats a good point - perhaps mozilla wants hegemony over the language and wants to prevent other rust implementations - i wonder if any other serious implementations even exist currently?

                                                                        1. 14

                                                                          I don’t think that’s the case. Spec writing is a very specific skill, and you pretty much need to hire spec writer to write specification. Mozilla didn’t invest in hiring Rust spec writer. (They did hire doc writer to produce the book.) Since Java and C# did invest in specification, it is right and proper to judge Rust on the point, but then Mozilla is not as rich as Sun and Microsoft were.

                                                                          1. 13

                                                                            Rust is independently governed from Mozilla; while there are Mozilla employees on the teams, there was a deliberate attempt to make Rust its own project a bit before 1.0.

                                                                            There are active attempts to specify parts of Rust: we have a group of people attempting to pin down the formal semantics of unsafe code so that that can be specified better (we need to figure this out before we specify the rest of it).

                                                                            Specifying a language is a huge endeavor, it’s going to take time, and Rust doesn’t have that many resources.

                                                                            1. 6

                                                                              Equally likely that Mozilla doesn’t want hegemony over Rust, and so doesn’t put a lot of effort into the things that don’t benefit them directly as much. Java and C# were both made by large companies that needed a standard written down so that a) they could coordinate large (bureaucratic) teams of people, and b) they could keep control over what the language included.

                                                                              There’s already one alternative Rust implementation: https://github.com/thepowersgang/mrustc . Afaik it’s partial, but complete enough to bootstrap rustc.

                                                                              1. 19

                                                                                (Yes, and…) Having worked not on but nearby the Microsoft JavaScript and C# teams I can tell you that in both cases the push for rapid standardization was to a significant degree a result of large-corporation politics. For JavaScript, Netscape wanted to control the language and Microsoft put on a crash effort to participate so it wouldn’t be a rubber stamp of whatever Netscape had. For C#, Microsoft wanted to avoid the appearance of a proprietary language, so introduced it with an open standards process to start with. In both cases somebody had to write a spec for a standards process to happen.

                                                                                BTW, the MS developers had some “hilarious” times trying to write the JavaScript spec. The only available definition was “what does Netscape do”, and pretty often when they tried to test the edge cases to refine the spec, Netscape crashed! Not helpful.

                                                                              2. 3

                                                                                i wonder if any other serious implementations even exist currently?

                                                                                There is mrustc, although I haven’t followed development of it lately, so I’m unsure of the exact roadmap.

                                                                                1. 2

                                                                                  mrustc doesn’t do lifetime checking at all, which is notoriously unspecified how it exactly works (like: what must be accepted, what not?)

                                                                          2. 14

                                                                            This debate is Rust vs C. Rust had good design imitating strengths of various languages with a spec to come later. C was a slightly extended variant of B and BCPL, which was bare minimum of what compiled on an EDSAC. Unlike Wirth’s, it wasn’t designed for safety, fast compiles, or easy spec. Pascal/P was also more portable with folks putting it on 80 architectures in a few years. Even amateurs.

                                                                            Far as spec, we got a C semantics with undefined behavior decades after C since the “design” was so rough. I can’t recall if it covers absolutely everything yet. People started on safety and language specs on Rust within a few years of its release. So, Rust is literally moving decades faster than C on these issues. Im not sure it matters to most programmers since they’ll just use Rust compiler.

                                                                            C is still ahead, though, if combined with strict coding style and every tool we can throw at it. Most C coders don’t do that. Im sure the author isn’t given what he stated in article.

                                                                            EDIT: Post was a hurried one on my phone. Fixed organization a bit. Same content.

                                                                            1. 2

                                                                              C is still ahead, though, if combined with strict coding style and every tool we can throw at it. Most C coders don’t do that. Im sure the author isn’t given what he stated in article.

                                                                              This is something I’m always quite surprised by. I can’t get why some don’t even use the minimum of valgrind/the sanitizers that come with the compiler they use, also cppcheck, scan-build, and a bunch of other other free C++ tools work wonders with C as well.

                                                                        1. 10

                                                                          I’ve suggested the rust tag to this post because as far as I can the issue is internal to Rust.

                                                                          1. 3

                                                                            I posted this for explanation of how Fuchsia is not unix from Fuchsia team, but okay. To summarize: no fork and exec, no child processes, no signal, no uid and gid, no unix filesystem permission, no global filesystem, no file descriptor, no C ABI, etc.

                                                                            1. 3

                                                                              Having ported C software to Fuchsia I can promise you it’s not UNIX.

                                                                              1. 1

                                                                                An issue for a specific language’s build processes is not the best forum for informing about an operating system’s internals.

                                                                                Your title editorializes the issue title.

                                                                                In the future: write a blog post summarizing the content (like in your reply to me), cite the issue as a source (ideally, look up more information about Fuschia and its goals), and submit that.

                                                                                1. 2

                                                                                  Your title editorializes the issue title.

                                                                                  No, the issue title was edited, it was a joke initially but someone complained about the title not being descriptive enough :)

                                                                                  1. 1

                                                                                    So it has, I apologize to @sanxiyn for accusing them of editorializing the title.

                                                                            1. 4

                                                                              I don’t think at any point was the addition of Rust touted as a replacement for XUL, they do very different things in Firefox.

                                                                              What happened was that the big release – Firefox Quantum – contained both the introduction of a lot of key Rust code, as well as disabling external XUL as a first step to getting rid of it entirely. People definitely misinterpreted these two things as being “Rust is replacing XUL”, but that’s not the case. Rust replaced a bunch of C++ code.

                                                                              If anything, the dependency chain is the other way around: Completely ripping out the C++ code was blocked on a bunch of XUL stuff going away (or the Rust code getting support for it); until then the old C++ code still had to be around for some special cases.

                                                                              The XUL code is being replaced by more normal HTML/JS, slowly.

                                                                              FWIW if you don’t want to actually build Firefox, most of the Firefox XUL stuff is on your disk in plaintext form, just in a weird zip file that also contains cached “compiled” versions. I’ve edited this and had it work in the past, I think the advice there should still be applicable but I’m not sure.

                                                                              1. 2

                                                                                When I started, I didn’t know that the changes would all be in XUL. I didn’t want to learn anything more than necessary to get my goal done. At the time, it was easier to spend a few hours recompiling than figuring out how not to.

                                                                                Now I wonder, since apparently the only changes I made are in omni.ja, could I just save that file and keep it around for future Firefox updates until they finally rip out XUL?

                                                                                1. 2

                                                                                  Could I just save that file and keep it around for future Firefox updates

                                                                                  No, that would almost certainly break, omni.ja contains most of the browser UI code and is tied tightly to browser internals

                                                                                  But you can keep around a patch and write a script that lets you repatch omni.ja each update

                                                                                  until they finally rip out XUL?

                                                                                  It doesn’t really matter if they rip out XUL, the code would then be replaced with HTML/JS still living in omni.ja and you’d be able to write your patch to work with that when it changes

                                                                                  1. 2

                                                                                    could I just save that file and keep it around for future Firefox updates

                                                                                    In fact, that was the spirit behind why these things were put in a JAR in the first place—so you could do almost exactly that. The choice to build on XPCOM was deeply tied into that philosophy. In practice, this failed for reasons similar to why semver can fail. People kind of do what they want to do instead of satisfying the constraints that are laid out. And of course, after acknowledging that it never really worked, Mozilla doesn’t pretend to follow that architecture anymore.

                                                                                    If you haven’t read Yegge’s old “Pinocchio Problem” yet, it’s a great read in its own right. But extremely relevant to this topic are the parallels he draws wrt systems like Emacs and systems like Firefox.

                                                                                1. 5

                                                                                  If I’m not mistaken, the XUL pages should be editable as content of omni.ja within a release build directory of Firefox, which could spare you all the building of binary files.

                                                                                  Again I might be wrong, but I think you could “just” extract the XUL files from omni.ja, patch them and then deflate again.

                                                                                  Hopefully someone in irc.mozilla.org #developers or #build can confirm this.

                                                                                  1. 4

                                                                                    omni.ja is not quite a ZIP file, although it’s close enough that some unmodified ZIP tools can extract files from it.

                                                                                    Apparently you can use unmodified ZIP tools to repack omni.ja, if you’re careful.

                                                                                    1. 2
                                                                                    2. 4

                                                                                      This is true, however it’s not so simple, you also need to purge some caches.

                                                                                      http://inpursuitoflaziness.blogspot.com/2014/01/editing-files-from-omnija-in-firefox-20.html

                                                                                      1. 3

                                                                                        There should be more threads about arcane and obscure Firefox trickery. Thanks! 👍

                                                                                    1. 3

                                                                                      +Semi-related work

                                                                                      +Replacements (refs/replace) are superficially similar to obsolescences in that they describe that one commit should be replaced by another.

                                                                                      git replace is new to me. When did it appear? Is anyone using it?

                                                                                      I’ve also been meaning to try git absorb which looks thoughtfully designed.

                                                                                      1. 4

                                                                                        If I remember correctly, git replace was useful to me in a case where an old CVS repository had been imported without history to git and then worked on for a long, long time. Much later, the old CVS history was preserved by using a decent cvs2git kind of utility, creating another git repository. Git replace would then allow me to stitch these two repositories together, effectively prepending history (something which would be impossible to do with a normal git parent commit ref, without completely cracking sha1)

                                                                                        1. 3

                                                                                          Absorb is really nice if you’re using a fixup-heavy workflow. Fast, too.

                                                                                          1. 1

                                                                                            Are you an actual user of git absorb? Or are you talking about the hg original? I’ve wondered how usable it is for git already.

                                                                                            1. 1

                                                                                              Yes I use git absorb. Haven’t run into any problems yet 🙂

                                                                                          2. 2

                                                                                            I’m hoping to eventually integrate git absorb into git revise, which is basically a faster in-memory version of git rebase for rebases that don’t change the final file contents, just reorder when changes happen (i.e. 90% of my use cases for git rebase)

                                                                                            1. 3

                                                                                              Since that’s in Python you could probably take advantage of the linelog implementation that’s underneath hg absorb to make the work easier. I recommend looking at the hg absorb code. Linelog makes it easy and slightly more robust than just moving patch hunks around.

                                                                                          1. 2

                                                                                            This seems a very strange definition of “undefined behavior”. At first it seems to be referring to the same concept as C, but there’s nothing undefined about accessing a uint8_t variable through a uint8_t pointer.

                                                                                            1. 5

                                                                                              What do you mean?

                                                                                              C pointers, as far as I understand them (I not an expert C standard rules lawyer), can be chopped up into about three categories

                                                                                              • restrict pointers, which definitely allow you to invoke UB by accessing a uint8_t pointer through a uint8_t pointer, if you deference two different aliasing pointers, one of which is restrict.

                                                                                              • “normal” pointers, which are still subject to the strict aliasing rules in standard C. This definitely means you can access a uint8_t variable through a uint8_t pointer, but you can’t access the first byte of an int through one unless you do an appropriate dance through union. Otherwise, it’s undefined behavior.

                                                                                              • “generic” pointers, namely void* and char*, have no aliasing rules. About the only way to invoke undefined behavior is to alias them with a restrict pointer, or dereference them when they dangle.

                                                                                              You’ll notice that this article describes two different types of pointer in Rust:

                                                                                              • References, which are a bit like restrict pointers in C.

                                                                                              • Raw pointers, which are a bit like “generic” pointers in C, but can exist in any type, not just c_char.

                                                                                              “a bit like restrict” is a complete oversimplification, though. The real deal of how any of these things work is the spec. The C spec is at least as bad as this article is for Rust.

                                                                                              1. 2

                                                                                                The first code example, in C:

                                                                                                uint8_t x;
                                                                                                uint8_t *y = &x;
                                                                                                x = 7;
                                                                                                *y = 5;
                                                                                                

                                                                                                Or whatever. There’s nothing undefined about that.

                                                                                                1. 5

                                                                                                  That’s not a completely accurate translation. An accurate translation would make the pointer a restrict pointer, and it would be undefined behavior in C too.

                                                                                                  An easier way to look at it is this: In Rust, some things that would be UB in C (e.g. strict aliasing violations) are not UB in Rust, however other things that not UB in C (writing through multiple aliases that are not marked as unsafecell) are UB in Rust.

                                                                                                  The final nature of undefined behavior in Rust will likely not map cleanly to C concepts. We can refine the concept of restrict pointers a lot, for one.

                                                                                              2. 4

                                                                                                Yes, Rust has its own cases of undefined behaviour. Especially that &mut references are not allowed to alias and are always unique, so getting hold of a second on the same value while one is already active is undefined behaviour. unsafe allows you to create that case.

                                                                                                The nomicon has an example why breaking this rule does matter, as the compiler will rely on the uniqueness of &mut references. https://doc.rust-lang.org/nomicon/aliasing.html

                                                                                                The example is trivial, but &mut needs to be globally unique (its on of the core guarantees of Rust), so some care is necessary when handing them out from Rusts unsafe blocks.

                                                                                                Ralfj has more writing on this (that’s his research topic).

                                                                                                1. 2

                                                                                                  Thanks. I missed some context.

                                                                                                  cc @notriddle @Manishearth

                                                                                                  1. 1

                                                                                                    You’re welcome.

                                                                                              1. 55

                                                                                                Any tool proponent that flips the problem of tools into a problem about discipline or bad programmers is making a bad argument. Lack of discipline is a non-argument. Tools must always be subordinate to human intentions and capabilities.

                                                                                                We need to move beyond the culture of genius and disciplined programmers.

                                                                                                1. 20

                                                                                                  Indeed; this practice strikes me as being uncomfortably close to victim-blaming.

                                                                                                  1. 15

                                                                                                    That’s a good analogy. People like to think they’re good programmers and don’t write buggy code so when faced with the evidence to the contrary in others they defensively blame the other programmer because otherwise they’d need to admit the same thing would happen to them.

                                                                                                    I think these broken arguments persist because their psychology and internal logic forces admitting our own faults which most people find displeasurable so defensive thinking kicks in to avoid it.

                                                                                                    1. -5

                                                                                                      Victim blaming is not a problem. It takes two people to make a person a victim: a bad actor and the actor without adequate protection.

                                                                                                      1. 4

                                                                                                        This is a pretty gross saying, even if it’s nice-sounding and pithy.

                                                                                                        1. 0

                                                                                                          Not really. Every victim chose at some point to be a victim. That is not to say the other party can be absolved of blame. Far from it, the other party is the guilty one.

                                                                                                          Take software. If nobody chooses hard languages, unsafe languages, nobody will be victimized. Choosing those languages and then blaming the language leaves you responsible for your choices, even while the tool chain is at fault

                                                                                                          1. 2

                                                                                                            This is absolutely ridiculous. If I walk down the street and I’m mugged, how did “I choose to become a victim”? There’s many, many cases where someone becomes a victim randomly.

                                                                                                            Your logic applies only if we have some sort of perfect foresight. That’s impossible.

                                                                                                            1. -1

                                                                                                              When the mugging starts, do you give up? Do you look for an exit? Or do you just hand over your dignity without a further thought? Did you not notice the people before they started mugging you?

                                                                                                              1. 1

                                                                                                                People who downvoted as troll, look at Active Self Protection on YouTube for examples of places people choose to be or choose to not be victims

                                                                                                            2. 1

                                                                                                              Person’s walking down the street. Hell, let’s make them heavily armed, far more “adequately protected” than most people would think is reasonable. A sniper from outside visible range shoots them in the back of the head. They chose to be a victim? Come on.

                                                                                                              1. 0

                                                                                                                An exception to prove the rule. Most victimizing isn’t as mismatched, nor as final, as the proposed scenario.

                                                                                                          2. 2

                                                                                                            People who downvoted because Troll.

                                                                                                            Come on. This position is in good faith, and I only bring it because yes, saying a person is at fault for choosing their tools is indeed victim blaming. And victim blaming is not a problem.

                                                                                                        2. 20

                                                                                                          We’re at a point where we already were in the 60’s with cars and in the 90’s with planes. Everything was “driver error”, “pilot error”. In that case, since the results were actual fatalities, at a certain point there was this group of people that basically said: “that’s always going to happen, we’re always going to have human error, get over yourselves - how do we prevent people dying regardless”?

                                                                                                          And that’s how we got seat belts, airbags, telescopic steering wheels, etc. for cars and detailed checklists, redundant systems, etc. for airplanes. I think 2017 was the first year with 0 fatalities for air travel. So it can be done.

                                                                                                          It’s a very difficult mindset issue.

                                                                                                          1. 11

                                                                                                            Tool authors should not blame the programmer, but programmers should not blame their tools. Discipline and responsibility are needed from both.

                                                                                                            1. 8

                                                                                                              If you’re writing a lot of code in a memory-unsafe language, and find yourself occasionally writing memory- or concurrency-related bugs, and you know there are languages out there which make such bugs impossible or hard to write with no loss in performance or productivity, is it not okay to blame the tool? When should a carpenter stop blaming themselves for using the hammer incorrectly, and just accept that they need a new hammer whose head doesn’t occasionally fly off the handle?

                                                                                                              1. 3

                                                                                                                Discipline and responsibility means using the most appropriate tools for the job, being aware of the limitations of those tools, and doing what is necessary to compensate for those limitations.

                                                                                                                1. 3

                                                                                                                  I agree with that, I work as a C++ programmer specifically because it’s the right tool for the particular job I’m doing. However, we use a safer language (Go in our case, because that’s what we know) for stuff where C++ isn’t completely necessary. If performance and no GC was a higher concern, or if we were on weaker hardware, Rust instead of Go would’ve been very interesting for all the parts where we don’t have to interact with a huge C++ library (in our case WebRTC).

                                                                                                                2. 2

                                                                                                                  When a carpenter loses a hand they don’t blame the bandsaw. That I see so many programmers blame dangerous tools for being dangerous means were not even reached the level of a craft yet. Let alone an engineering discipline.

                                                                                                                  1. 18

                                                                                                                    I appreciate the analogy, but it doesn’t really apply. First of all, there is no tool that can replace a bandsaw for what a bandsaw does well. However, any worker who uses a bandsaw recognizes that it’s a fundamentally dangerous machine, and they take safety precautions when using it. If the analogy really applied, it would be considered unthinkable to write C code without a full suite of static analyzers, valgrind test suites, rigorous (MISRA C-level) coding standards, etc. Second, and more importantly, the saying applies to the quality of tool, but sometimes the tool is simply too dangerous to use: good carpenters will refuse to use a tablesaw without an anti-kickback guard or other safety features. Finally, when there was another tool that would do they job just as well, they’d use it.

                                                                                                                    1. 9

                                                                                                                      https://schneems.com/2016/08/16/sharp-tools.html

                                                                                                                      this is not how tools work, either in programming, or in carpentry

                                                                                                                      1. 3

                                                                                                                        This is a fantastic essay and you should submit it as a story.

                                                                                                                      2. 8

                                                                                                                        When a commercial carpentry shop has a carpenter lose a hand to a bandsaw, they are more or less forced to stop and try to make the bandsaw safer. This might be done by adding safety features to the tool, or by redesigning the process to use it less/differently, or by ensuring that the workers are trained in how to use it correctly without risk and are wearing proper safety equipment.

                                                                                                                        It’s not the carpenter’s fault, and it’s not the bandsaw’s fault, it’s the fault of the system that brings them together in a risky manner.

                                                                                                                        1. 4

                                                                                                                          The company should not blame the employee or the bandsaw, and the employee should not blame the company’s training or procedures or the bandsaw. Discipline and responsibility are needed from both. That includes the discipline and responsibility needed to make the bandsaw, training, and procedures as safe as is possible, and to only certify employees who are capable of operating the device safely, and the employee’s discipline and responsibility to follow the training and procedures properly and to not defeat the safety measures.

                                                                                                                          Assigning blame is useless. The focus should be on identifying all root and proximal causes, and eliminating each one, with priority chosen based on the heirarchy of values.

                                                                                                                1. 14

                                                                                                                  My feelings are kind of mixed so far. The lightweight UI and responsive site are a breath of fresh air. What’s a little jarring is how much of the service is centered around email. I’ve never been part of a mailing list, and emailing code to other people sounds like something from 20 years ago, but maybe I’m just a young whippersnapper that doesn’t know what he’s talking about. Git is already a complicated tool, and adding email to the mix just increases the cognitive load. I’ll still learn how to use it because it sounds kind of interesting, but my preference would still be some kind of browser interface.

                                                                                                                  1. 19

                                                                                                                    I think you should give email a chance. Git has built-in tools for working with email and you can do your entire workflow effectively without ever leaving your terminal. Sending a patch along for feedback is just git send-email -1. (-1 meaning one commit, -2 meaning the last 2 commits, etc). Here’s a guide, which is admittedly terse and slated to be replaced with a more accessible tutorial:

                                                                                                                    https://man.sr.ht/git.sr.ht/send-email.md

                                                                                                                    That being said, web tools are planned to seamlessly integrate with this workflow from a browser.

                                                                                                                    1. 11

                                                                                                                      That being said, web tools are planned to seamlessly integrate with this workflow from a browser.

                                                                                                                      I would use that.

                                                                                                                      1. 4

                                                                                                                        I like the email workflow, but I also have to be realistic - it is unlikely that my colleagues or drive-by contributors would adopt it. So, in practice it will mean fewer contributions and less cooperation.

                                                                                                                        The GitHub-like workflow is something that is ingrained now and has a relatively low barrier to entry. So, if something is going to take over, it’s something that is very similar, such as GitLab or Gitea.

                                                                                                                        Of course, there will always be projects that cater to an audience that feels at home with an email workflow.

                                                                                                                        It’s good to hear that there will be web tools as well.

                                                                                                                        1. 4

                                                                                                                          I like the email workflow, but I also have to be realistic - it is unlikely that my colleagues or drive-by contributors would adopt it.

                                                                                                                          I think as this workflow proliferates, this will become less and less true. It’s remarkably easy to make a drive-by contribution with email if you already have git send-email working, easier even than drive-by GitHub pull requests.

                                                                                                                          1. 4

                                                                                                                            git send-email working

                                                                                                                            that’s a big ask

                                                                                                                            git send-email needs a bunch of perl packages, which often means you need to set up perl packaging.

                                                                                                                            Depending on your distro/OS this can be tricky, especially because git send-email needs a bunch of network packages and they don’t always cleanly install and you have to figure out why (except you don’t know much about perl packaging, so you can’t).

                                                                                                                            There have been multiple cases on different OSes (i think osx and some version of ubuntu) that i gave up after half an hour of various cpan commands trying to get things to work. I’m not even going to try setting that up on Windows.

                                                                                                                            Furthermore, the UX of git-send-email is terrible. Sending followup patches is annoying, for one.

                                                                                                                            All this has forced me to try and paste patches directly into an email client. But this is broken, too. GMail, for one, converts tabs to spaces in plaintext emails, breaking patches. I could use a local client, but setting up a client well is a lot of work and confusing (i could also rant for a while about why this is the case, but i won’t) and I don’t really want to switch my workflow over to using a client.

                                                                                                                            Furthermore, half the patch mailing lists I’ve worked with have hard-to-figure-out moderation rules. They’ll outright reject some kinds of emails without telling you, and because many are human moderated it’s hard to know if your email setup worked especially if you’re using git-send-email (which you may not have invoked or set up correctly) because 90% of the time your patch won’t show up on the list and you have no idea which of the many possible reasons for that is the case.

                                                                                                                            Despite all this I’ve submitted quite a few patches to a patch mailing list (hell, I’ve been involved enough in mailing-list-based project to have commit), either by lucking out on the perl setup for send-email, by temporarily setting up a client that doesn’t sync, or by sending patches through gmail with “ignore the whitespace please, that’s gmail’s fault, I’ll fix it when I commit”. It’s a chore each time.

                                                                                                                            I’ve given email multiple chances. It doesn’t work. The activation energy of email for patch contributions is quite high.


                                                                                                                            The web UI thing sounds like a good idea, especially if it can handle replies. It’s basically what I’ve been suggesting projects on mailing lists do for ages. Use email all you want, just give me a way to interact with the project that doesn’t involve setting up email.

                                                                                                                            1. 2

                                                                                                                              Almost no one has to package git’s perl dependencies themselves. Doesn’t your OS have a package for it already? And as someone who has packaged git before, it wasn’t really that bad.

                                                                                                                              Also, the golden rule of emailing patches is never paste them into some other mail client.

                                                                                                                              1. 2

                                                                                                                                Also, the golden rule of emailing patches is never paste them into some other mail client.

                                                                                                                                Paste not, but maybe attach? FreeBSD don’t like it, but it’s OK for Postgres.

                                                                                                                                1. 2

                                                                                                                                  I generally prefer that people don’t attach patches, either. IMO the best way to send patches is send-email.

                                                                                                                                  1. 1

                                                                                                                                    “IMO” and “the best” is perfectly fine. But I was under impression that it was unconditionally the only way to submit patches, when I wanted to improve sr.ht’s PG DB schemas.

                                                                                                                                    1. 2

                                                                                                                                      Each project on sr.ht can have its own policies about how to accept patches. sr.ht itself does require you to submit them with send-email (i.e. for patches to the open source sr.ht repositories).

                                                                                                                                      1. 1

                                                                                                                                        Can you elaborate on what you dislike about sending patches with a normal MUA? It’s certainly a lot easier for someone who has spent the time to configure their MUA to be able to re-use the config they’ve already got rather than configuring a new tool they’ve never used before.

                                                                                                                                        1. 3

                                                                                                                                          The main issue is that nearly all MUAs will mangle your email and break your patches, which is annoying for the people receiving them and will be more work for you in the long run. Also, most end-user MUAs encourage the use of HTML emails, which are strictly forbidden on sr.ht. Also, code review usually happens by quoting your patch, trimming the fat, and replying inline. This is more annoying if you attach your patch to the email.

                                                                                                                                          Setting up git send-email is pretty easy and will work every time thereafter. It’s also extremely convenient and fits rather nicely into the git workflow in general.

                                                                                                                                          1. 1

                                                                                                                                            I see; so it has more to do with the fact that you can’t trust most popular MUAs not to screw up the patch rather than any inherent problem with that flow. For a well-behaved MUA it should be fine, but assuming a MUA is well-behaved (or even assuming that a user knows whether theirs is or not) isn’t a good bet.

                                                                                                                                            Thanks.

                                                                                                                                2. 1

                                                                                                                                  Almost no one has to package git’s perl dependencies themselves. Doesn’t your OS have a package for it already?

                                                                                                                                  No, i don’t mean you have to package them, but you have to install them and the installation isn’t always smooth. It’s been a while since I did this so I don’t remember the precise issues but i think it has a lot to do with the TLS part of the net stack. Which kinda makes sense, openssl packaging/linking has issues pretty much everywhere (especially on OSX).

                                                                                                                                  Also, again, Windows. A lot of devs use Windows. I got involved in open source on Windows, back when I didn’t have my own computer. I could use Git and Github, but I’m pretty sure I’d have been unable to set up git-send-email if I had to at the time. Probably can now, but I’m an experienced programmer now.

                                                                                                                                  Also, the golden rule of emailing patches is never paste them into some other mail client.

                                                                                                                                  I know, except:

                                                                                                                                  • now handling replies is annoying
                                                                                                                                  • now i need to set up git-send-email, which doesn’t always work
                                                                                                                                  1. 1

                                                                                                                                    Windows devs aren’t in the target audience. I heard from a macOS user that they were able to get send-email working without too much trouble recently, maybe the situation has improved.

                                                                                                                                    now handling replies is annoying

                                                                                                                                    Not really?

                                                                                                                                    now i need to set up git-send-email, which doesn’t always work

                                                                                                                                    git send-email will always work if your email provider supports SMTP, which pretty much all of them do.

                                                                                                                                    1. 1

                                                                                                                                      Windows devs aren’t in the target audience

                                                                                                                                      If you’re wishing for email to be the future, you’re going to have to think about windows devs at some point.

                                                                                                                                      (this choice is also even more hostile to new programmers, as if patch email workflows weren’t newbie-hostile enough already)

                                                                                                                                      Not really?

                                                                                                                                      You have to copy message ids and stuff to get lists to thread things properly

                                                                                                                                      git send-email will always work

                                                                                                                                      I just told you why it doesn’t always work :)

                                                                                                                                      1. 3

                                                                                                                                        I’m prepared to lose the Windows audience outright on sr.ht. Simple as that.

                                                                                                                                        (edit)

                                                                                                                                        Regarding message IDs, lists.sr.ht (and many other email archives) have a mailto: link that pre-populates the in-reply-to for you.

                                                                                                                                        1. 1

                                                                                                                                          I’m prepared to lose the Windows audience outright on sr.ht. Simple as that.

                                                                                                                                          oh, sure, for your own tool it’s fine.

                                                                                                                                          what I’m saying is that if you’re expecting this workflow to proliferate you will have to deal with this too.

                                                                                                                                          Do whatever you want with your own tool: I’m just explaining why send-email proliferating is a tall order, and windows is a major draw here.

                                                                                                                                          Regarding message IDs, lists.sr.ht (and many other email archives) have a mailto: link that pre-populates the in-reply-to for you.

                                                                                                                                          ah, that’s nice. I may not have encountered lists with this (or been interacting only by email and not using the archive)

                                                                                                                                3. 1

                                                                                                                                  git send-email needs a bunch of perl packages, which often means you need to set up perl packaging.

                                                                                                                                  Personally I’ve never once seen a unix machine where the perl stack wasn’t already installed for unrelated system-level stuff.

                                                                                                                                  1. 1

                                                                                                                                    to be clear, perl is usually installed, it’s the relevant packages (specifically, the networking/TLS stuff) that usually aren’t

                                                                                                                                    this is particularly bad on OSX which has its own openssl issues, so the Perl SSL packages refuse to compile

                                                                                                                                4. 4

                                                                                                                                  if you already have git send-email working

                                                                                                                                  Sadly, I think this is extremely uncommon :’(

                                                                                                                                  1. 3

                                                                                                                                    Hence:

                                                                                                                                    I think as this workflow proliferates

                                                                                                                                    1. 5

                                                                                                                                      I think I’d phrase this as if it proliferates, as if anything I think the number of people with sendmail (or equivalent) working on their computer is going down, not up. It’d be fun to see it rise again due to sr.ht, though I don’t know that I’m optimistic. But perhaps I’m just being overly pessimistic :)

                                                                                                                                      I do worry about more casual developers though, who may not even really know how to use the command-line. I think an increasing number of developers interact with version control solely through their IDE, and only touch their command-line if they have to copy-paste some commands. It’d be interesting to see if that’s something this workflow can still cater to. Some simple web-based tooling may go a long way there!

                                                                                                                                      1. 3

                                                                                                                                        You don’t need to set up sendmail, you just need a mail server with SMTP - which nearly all of them support.

                                                                                                                                        1. 3

                                                                                                                                          Sorry, what I meant was more that you have to set up git for e-mail sending. I happen to have sendmail already set up, so all I needed was git config --global sendemail.smtpserver "/usr/bin/msmtp", but I think it’s very uncommon to already have it set up, or to even be comfortable following the instructions on https://man.sr.ht/git.sr.ht/send-email.md.

                                                                                                                                5. 2

                                                                                                                                  I like the email workflow, but I also have to be realistic - it is unlikely that my colleagues or drive-by contributors would adopt it. So, in practice it will mean fewer contributions and less cooperation.

                                                                                                                                  The great thing about this is it’s not all-or-nothing.

                                                                                                                                  For https://fennel-lang.org we accept patches over the mailing list or from GitHub pull requests. Casual contributions tend to come from GitHub, while the core contributors send patches to the mailing list and discuss them there. Conveniently, casual contributions tend to require less back-and-forth review, (so GitHub’s poor UI for their review features is less frustrating) while the big meaty patches going to the mailing list benefit more from the nicer review flow.

                                                                                                                                6. 3

                                                                                                                                  … that is if you’ve managed to set it up in the first place, probably without an opportunity to test it – that means that you have send your commit, not knowing what will come out, to test your setup, your configuration and the command you chose in the first place, which puts quite a lot of pressure, especially on people who have little experience with projects, let alone email-projects.

                                                                                                                                  That being said, web tools are planned to seamlessly integrate with this workflow from a browser.

                                                                                                                                  very nice.

                                                                                                                                  1. 2

                                                                                                                                    Nah, on sr.ht I have an open policy of “if you’re unsure about your setup, send the patch to me (sir@cmpwn.com) first and I’d be happy to make sure it’s correct”.

                                                                                                                                    1. 2

                                                                                                                                      I wonder if it would make sense to set up a “lint my prospective patch” email address you could send your patch to first which could point out common mistakes, assuming that kind of thing is easy to write code to detect.

                                                                                                                                      1. 2

                                                                                                                                        I plan on linting all incoming emails to lists.sr.ht to find common mistakes like this and reject the email with advice on how to fix it.

                                                                                                                                        1. 1

                                                                                                                                          If you can get this running well and cheaply, you could potentially do an end run around people’s send email setup related issues by hosting a “well formed, signed, patches-only” open email relay, and local git config instructions.

                                                                                                                                      2. 1

                                                                                                                                        Is there a way or a plan to have a patch-upload form for example? That might be helpful for beginners.

                                                                                                                                        1. 3

                                                                                                                                          Yes, I plan on having a web UI which acts as a frontend to git send-email.

                                                                                                                                  2. 4

                                                                                                                                    I like that it’s using e-mail so it’s “federated” and decentralized by default.

                                                                                                                                    The e-mail workflow has two problems though:

                                                                                                                                    • integrations: usually projects have a lot of checks that can be automated (“DCO present”, “builds correctly”), for e-mail workflow this kind of stuff needs to be built (check out how Postgres does it),
                                                                                                                                    • client configuration: to correctly use this workflow, one need to configure git send-email (setting up credentials for example), project configuration (correct sendemail.to and format.subjectprefix) and e-mail client to send plain text, 72-characters wrapped messages. Apparently not everyone does that.

                                                                                                                                    Mailing lists vs Github nicely summarizes benefits of ML over Github but also highlight the number of things maintainers need to setup to run their projects on ML that Github gives them “for free”.

                                                                                                                                    From my point of view sr.ht looks like a great way to validate the idea if it’s possible bring easy project collaboration from Github to MLs.

                                                                                                                                    1. 2

                                                                                                                                      usually projects have a lot of checks that can be automated

                                                                                                                                      This is planned on being addressed soon on sr.ht with dispatch.sr.ht, which is used today to allow GitHub users to run CI on builds.sr.ht. The same will be possible with patches that arrive on lists.sr.ht.

                                                                                                                                      client configuration

                                                                                                                                      There’s a guide for send-email:

                                                                                                                                      https://man.sr.ht/git.sr.ht/send-email.md

                                                                                                                                      As for other emails, I’m working on some more tools to detect incorrectly configured clients and reject emails with advice on how to fix it.

                                                                                                                                      Thanks for the feedback!

                                                                                                                                      1. 2

                                                                                                                                        I’m really interested in how far can one push this model.

                                                                                                                                        Would it build the patch and e-mail back build results? For example with a link to build results and a quick summary?

                                                                                                                                        Are you also planning for some aggregation of patches? (Similar to what Postgres has). For example Gerrit uses Change-Id to correlate new patches that replace old ones. Would you for example use Message-Id and In-Reply-To with [Patch v2] to present a list on a web interface of patches that are new / accepted / rejected? This interface could be operated from e-mail too I think, e.g. mailing LGTM would switch a flag (with DKIM validation so that the vote is not spoofed).

                                                                                                                                        By the way I really like how sr.ht is challenging status-quo of existing solutions that just want to mimic GitHub without thinking about basic principles.

                                                                                                                                        Good luck!

                                                                                                                                        1. 7

                                                                                                                                          Would it build the patch and e-mail back build results? For example with a link to build results and a quick summary?

                                                                                                                                          Yep, and a link to a full build log as well.

                                                                                                                                          Would you for example use Message-Id and In-Reply-To with [Patch v2] to present a list on a web interface of patches that are new / accepted / rejected?

                                                                                                                                          Yep!

                                                                                                                                          This interface could be operated from e-mail too I think, e.g. mailing LGTM would switch a flag (with DKIM validation so that the vote is not spoofed).

                                                                                                                                          Aye.

                                                                                                                                          1. 3

                                                                                                                                            Great!

                                                                                                                                            By the way I admire you pro-active approach of not only explaining the problem but also building beautiful software that solves the problem! 👍

                                                                                                                                    2. 3

                                                                                                                                      emailing code to other people sounds like something from 20 years ago

                                                                                                                                      At least OpenBSD is still doing that on the regular on the tech@ mailing list. It definitely still works.

                                                                                                                                      1. 2

                                                                                                                                        And I love it. It’s so damn easy to just email a one-off diff and watch someone land it. No accounts, no registration, no forking repos and dealing with fancy weird web UIs…

                                                                                                                                      2. 3

                                                                                                                                        One day, the current generation of “Email is SO 5 minutes ago!” kids are going to wake up and realize that e-mail is an amazing tool.

                                                                                                                                        Or so I’d like to think :)

                                                                                                                                        1. 1

                                                                                                                                          I could be convinced. What’s your argument in favor of email?

                                                                                                                                          1. 3
                                                                                                                                            • Inherently de-centralized
                                                                                                                                            • Can be tuned for nearly real time end to end response of low bandwidth batch processing for where network is at a premium
                                                                                                                                            • Vendor neutral
                                                                                                                                            • As rich or as minimal as you want it to be
                                                                                                                                            • Arbitrary context types - you can send everything from 7 bit ASCII to arbitrarily complex HTML/CSS and varying payload types
                                                                                                                                            • Readable with everything from /bin/cat to a nice client like Thunderbird and everything in between
                                                                                                                                            • Rich capabilities for conversation threading
                                                                                                                                            • Rich search capability client and server side
                                                                                                                                            • Myriad archival and backup options

                                                                                                                                            The list goes on.

                                                                                                                                            For a more end user/business-centric version of this see In Defense of Email

                                                                                                                                      1. 7

                                                                                                                                        Most of the marketing done by Firefox is precisely of the form you describe here. I’m not sure why you feel that’s not the case.

                                                                                                                                        1. 6

                                                                                                                                          Yeah I didn’t mean Firefox’s own marketing but more the community word of mouth message.

                                                                                                                                          Added a footnote outlining as such, thanks for making the ambiguity clear to me.

                                                                                                                                        1. 12

                                                                                                                                          I made a long thread about this (and other properties of voting systems) a couple weeks ago

                                                                                                                                          A very important property of voting systems is secrecy. Once you drop in your vote, nobody should be able to tell who you voted for. This includes yourself – you should not be able to prove who you voted for.

                                                                                                                                          This protects against candidates paying for votes, as well as people forcing you to vote a certain way. Once you’re out of the polling place, you’re free to lie about who you voted for and nobody – not even someone with power in the government – can tell if you’re lying.

                                                                                                                                          Coercion is absolutely a problem in the united states. Often families are forced to vote the way the patriarch does. Many polling places in the South will even help families get adjacent voting booths (this is bad).

                                                                                                                                          Secret ballot is a property of voting systems that is there quite universally – most countries have it.

                                                                                                                                          Alameda County – the county in which I was helping run a polling place –does give you ballot stubs that you can take home. These don’t have your vote on them (they do have a unique ID) but you can use them to prove you voted (e.g. if you need to prove to your employer you voted so you can justify taking the 2 hours paid leave California requires employers to give you on election day)

                                                                                                                                            1. 2

                                                                                                                                              Reading your thread about ID, and about secure elections (no personally identifying paper trail) made me realize it’s actually quite easy to be ineligible to vote and still vote and there is no way to track this. A certain someone keeps harping on illegal voters and I drink the kool-aid that this is all over blown, but now I realize that anyone with any kind of id can just vote and we can’t track legality - we can only, after the fact, identify people who registered to vote illegally and only after systematically going through the whole voter roll and tracking down everyone and checking their citizenship. In the polling station I went to in Mass they don’t need any signature, so one can claim someone else voted in their name and so on. They took my ID, but I can’t remember if that was just because they initially couldn’t find me on the rolls, so I think you just need a name and address.

                                                                                                                                              1. 12

                                                                                                                                                You sign the voter roster under penalty of perjury, and if you’re voting provisionally that all gets dealt with later.

                                                                                                                                                If you are voting for the first time they often need ID because of the HAVA act, but otherwise there is no ID requirement in many states (california too).

                                                                                                                                                A lot of things in this country operate under trust that you’re not lying in a situation where lying is illegal. It works out.

                                                                                                                                                There’s plenty of research showing that the threat of illegal voting is extremely low. Illegal voting is very hard to scale, and if you’d like to flip an election you’d need a lot of illegal voters. The chances of getting caught go up dramatically as you try to scale this. It’s not worth it; and very few people do it.

                                                                                                                                                Your argument is that you can game the system. That is true, but that doesn’t mean people do game the system, and that doesn’t mean that it’s worth it to game the system.

                                                                                                                                                OTOH a lot of people don’t have photo id. The cons of requiring id outweigh the pros. Disenfranchising a large segment of our poorer population is totally not worth it to catch a couple cases of voter fraud.

                                                                                                                                                1. 3

                                                                                                                                                  Don’t want to start this discussion on lobste.rs but that makes me worry - because now there is an incentive for candidates to treat illegal voters as a voting block and cater to them, just like any other voting block. This creates a market for this. May be I should try and understand more from you via message.

                                                                                                                                                  I recall telling someone canvassing for votes a few years ago (local election) that I couldn’t vote because I wasn’t a citizen (at that time) and she just shrugged in a strange way. I always puzzled about that. It wasn’t “Oh, yes you can’t vote, bye.” almost a wink-wink.

                                                                                                                                                  1. 10

                                                                                                                                                    That could also be because non-citizens can still be politically active – in fact iirc non citizens are often over-represented amongst campaigners because that’s all they can do to affect the election.

                                                                                                                                                    I know non-citizens who have been canvassed and asked to help phone bank or whatever when they explain they’re not citizens.


                                                                                                                                                    Again, scaling a process of catering to illegal voters is hard. Every single vote you try this for is an opportunity to get caught; you can’t do it in bulk. And a wink-and-nudge isn’t enough since you still have to explain how to impersonate a different voter or whatever – most people don’t know how voting works.

                                                                                                                                                    It is totally possible for a single person to vote illegally. This process is very hard to scale without getting caught. Furthermore, it has not historically been a problem, and still isn’t.

                                                                                                                                                    Voter fraud fearmongering is typically used to enact hurdles to voting that end up disenfranchising legitimate voters.

                                                                                                                                                    1. 6

                                                                                                                                                      One of the most salient political issues in the US right now is the presence of tens of millions of illegal immigrants on US soil, and the question of what, if anything, should be done about it (anything from “national borders are inherently illegitimate” to “greatly expand the size and power of the government’s law enforcement apparatus in order to deport them all”). Many illegal immigrants have some kinds of official documentation, because not all parts of the government are the ones that check for citizenship/legal residency, and because deliberately not checking for citizenship/legal residency when interacting with government services is a politically-popular pro-immigrant position in many jurisdictions (of course, it’s also a massively unpopular position in other jurisdictions).

                                                                                                                                                      If someone’s presence in the country at all is illegal, but they are part of a group of tens of millions with similar status, know that enforcing the law (i.e. deporting them) is logistically difficult for law enforcement and very politically contentious, and in general feel like they are rightfully Americans, just without documentation, I find it very plausible that they might decide to cast a vote, and that the mechanisms to detect illegal voting wouldn’t detect them doing so. I don’t think that doing something under penalty of perjury is a significant deterrent to someone whose is already subject to deportation if the parts of the government that enforce immigration law learn about it.

                                                                                                                                                      1. 6

                                                                                                                                                        I find it very plausible that they might decide to cast a vote

                                                                                                                                                        They can’t cast a vote under their own name though, they have to be registered.

                                                                                                                                                        And as the OP mentioned it’s much easier to be caught during the registration process.

                                                                                                                                                        What they have to do is turn up at a voting place, and impersonate someone else. This is very much an actively malicious act, not a passive “I feel like I’m american, i’ll vote” act where there’s more misunderstanding than malice.

                                                                                                                                                        1. 2

                                                                                                                                                          hah I just brought up where that happened to my great grandfather, the misunderstanding option though. He thought he had done all the proper paperwork but he had not. I don’t have the full story though he may have gotten a visa confused with citizenship or something, the world will never know.

                                                                                                                                                          1. 2

                                                                                                                                                            You don’t need proof of citizenship to register. I did it online.

                                                                                                                                                            1. 4

                                                                                                                                                              Sure, but once done it’s something they can look for and catch at any time they want. Unlike voting under someone else’s name – if not caught that day (e.g. if the person being impersonated comes in and tries to vote later), it won’t be caught at all (but this is fine because it doesn’t scale).

                                                                                                                                                              When you register online you’ll provide an SSN or state id number, both of which can be traced to citizenship status. The state may not be interested in helping the federal government deal with illegal immigrants, and may not care about citizenship status in general, however the registrar of voters definitely will care about these things.

                                                                                                                                                              1. 1

                                                                                                                                                                I gave my drivers license I think. Don’t recall if that is tied to my ssn. If registration is linked to ssn then its less scary because automated scans can be done re: eligibility

                                                                                                                                                                1. 2

                                                                                                                                                                  I’m registered in california; I registered through my state id (you can autoregister when you apply for an id). When you register online you either provide an id number or ssn.

                                                                                                                                                                  When I want to access my voter settings (change vote by mail preference, check if my VBM ballot was counted, check my polling place, etc) it asks me for an id number or ssn. Being too lazy to fish out my id I just use my SSN, which I know. It still works, despite having registered through my state id.

                                                                                                                                                                  This stuff can be linked if they want to, usually.

                                                                                                                                                                  And again, evidence shows that none of this is actually a problem.

                                                                                                                                                          2. 5

                                                                                                                                                            Yeah except all research on this issue shows that voter fraud is exceptionally rare. Some of the most recent examples were conservatives who thought voter fraud was easy with this exact mindset and got caught. My great grandfather found out he wasn’t actually a citizen when he went to vote, they told him he couldn’t because he wasn’t a citizen, and then went to mexico and applied for proper citizenship in the US.

                                                                                                                                                            The reality is voter fraud, intentional or accidental is actually deceptively difficult. There are actually many layers at every step of the process that end up preventing this from being a problem. Voting machine based voter fraud, that may be a real thing, and we’ll probably never know how much. Humans walking in to do voter fraud, accidental or purposeful is statistically not a thing.

                                                                                                                                                            Even Trump’s voter fraud investigation turned up dust.

                                                                                                                                                            1. 5

                                                                                                                                                              I don’t think that doing something under penalty of perjury is a significant deterrent to someone whose is already subject to deportation if the parts of the government that enforce immigration law learn about it.

                                                                                                                                                              But the threat of deportation definitely is - have you met anyone who’s undocumented? The ones I know are terrified of every interaction with law enforcement, DMVs, employers, etc. Go to any restaurant kitchen anywhere in the country, any farm anywhere in the country, and see if you can even get them to tell you their full name without knowing why you’re asking.

                                                                                                                                                              I sense you’re not close to any of these people. You would be subjecting yourself to an immense personal risk of losing access to all personal property, friends and family, etc just by putting yourself on a voting roll when you aren’t a citizen. I would never risk losing access to my children because of my desire to vote on anything.

                                                                                                                                                              This is outside any discussion as to what we should do about the fact that large portions of our economy depend on labor that is undocumented – but their voting power is nil.

                                                                                                                                                              1. 4

                                                                                                                                                                yeah I found that part of the argument absurd, but it seemed very subjective so I left it alone

                                                                                                                                                                I’ve known some illegal immigrants, all of them are very careful about this.

                                                                                                                                                                1. 2

                                                                                                                                                                  I sense you’re not close to any of these people.

                                                                                                                                                                  That’s painfully clear.

                                                                                                                                                                  My wife works with a community organization that serves undocumented migrants. The list of services public or private they avoid to avoid any interaction with government officials who might question their immigration status would amaze you.

                                                                                                                                                                  The thought that an organized voting fraud bloc would arise around them is positively risible.

                                                                                                                                                                  As noted in the thread, the evidence clearly shows in person fraud is a non issue; in reality, strict voter ID laws are the real problem, as they serve to disenfranchise the poor and those underserved by government while providing no real benefits.

                                                                                                                                                          3. 3

                                                                                                                                                            Way too many unsourced assertions here. And I hope I’m not the only Lobster for whom “just trust, don’t verify” rings hollow.

                                                                                                                                                            1. 4

                                                                                                                                                              here’s a whole bunch of sources from a non-partisan org: https://www.brennancenter.org/analysis/debunking-voter-fraud-myth

                                                                                                                                                      1. 24

                                                                                                                                                        I think the arguments around coercion and bribery for votes are quite compelling. Any system that proves to me who I voted for can also prove to someone else who I voted for; this feels extremely risky.

                                                                                                                                                        And offering a sweepstakes as an incentive seems interesting, but doesn’t seem to drive a politically engaged populace. I guess it would force the government to ensure that adequate voting sites are available which is a net positive, but I’d rather drive people to the polls by having candidates that push policies that improve their material conditions.

                                                                                                                                                        Voting in my county works in a way that addresses your concerns: a voter makes selections on an electronic machine that prints a paper ballot. The ballot contains the names of the candidates you voted for, as well as a “Scantron” representation. Once your ballot is printed by the machine, you run it through an optical scanner that records the votes, and you then seal it in an envelope and put it in a locked box. Certifying the vote involves taking random samples from across the county and comparing the recorded optical vote against the printed paper vote. And all paper ballots are preserved for recounts/full audits.

                                                                                                                                                        In my mind, this appears to be a fairly tamper resistant system: an attacker would need to effectively change two counts - the electronic count, and the paper ballots as well. Any attack I thought of had many moving pieces.

                                                                                                                                                        1. 4

                                                                                                                                                          The biggest attack on paper + electronic systems is to not routinely count the paper ballots. As we saw this week, it also makes it easier to restrict voting opportunities by doing a crappy job at deploying the machines.

                                                                                                                                                          Your comments on coercion are valid and at the heart of secret voting.

                                                                                                                                                          1. 4

                                                                                                                                                            This is decent but a problem with such systems (and similar systems that use a VVPAT printer for the paper trail) is that this stuff isn’t obvious. Consider the latest texas goof up, where texas machines were switching votes and many people didn’t really think to verify before submitting. There’s a risk the machine messes up and people neglect to check the paper ballot.

                                                                                                                                                            The system we have locally is a paper ballot you mark, which gets scanned in (scanner can detect problems and tell you, too). Scanner keeps an immediate internal tally (printed out by the end of the day), and also keeps the paper ballots in an internal receptacle. The scanner printout, the scanner’s memory bank, and the contents of the internal receptacle all get sent out to the registrar of voters at the end of the day.

                                                                                                                                                            Marking the ballot is easy and hard to mess up (and you don’t have to check anything for machine-caused mistakes), but there’s still a paper trail.

                                                                                                                                                            So this system is okay, but you can make it better by removing machines from the ballot-marking stage of the process entirely.

                                                                                                                                                            1. 1

                                                                                                                                                              Instead of offering rewards, like a lottery, we could make voting mandatory. That would help enforce adequate voting sites.

                                                                                                                                                              I think San Francisco is getting something like the process you mention, in 2019.

                                                                                                                                                            1. 24

                                                                                                                                                              As far as I can tell at no point has it been suggested in Firefox’s plans for the future involve moving everything to Cloudflare. AIUI Cloudflare was the testbed, nothing more, and Mozilla has explicitly stated that they’re going to look into having a choice of providers.

                                                                                                                                                              (I’m a bit annoyed by the amount of FUD on this coming from the PowerDNS folks, there’s been a bunch on Twitter too)

                                                                                                                                                              1. 2

                                                                                                                                                                I remember reading the blog posts when this was announced and I felt it really wasn’t clear. Maybe I should go read it again.

                                                                                                                                                                I’m still a little concerned. Will there be a big list in Firefox of name servers, similar to SSL roots? Do the browser vendors then get to decide the list of authorized DNS providers?

                                                                                                                                                                I wonder how viable it would be to add a layer of DNS-over-HTTP root servers? Companies who are serious about privacy could contribute to ICANN to see this happen.

                                                                                                                                                              1. 1

                                                                                                                                                                Does this change require any changes from web developers or is this something the browser can do in the background to speed up rendering any page? When I looked it up I saw some stuff in Servo but not the MDN.

                                                                                                                                                                1. 2

                                                                                                                                                                  No, this is an implementation change, so webdevs do not need to change anything.

                                                                                                                                                                1. 2

                                                                                                                                                                  Cool project 👍🏻. I’m wondering is it “correct” to say that “now we can write safer c” if the C code is transpiled to Rust?

                                                                                                                                                                  1. 13

                                                                                                                                                                    The resulting Rust code is only slightly safer. Some things like array bounds that were not previously checked will be checked. For the most part this translation is just the first step in enabling more substantial refactoring from which the benefits from Rust can start to shine.

                                                                                                                                                                    1. 2

                                                                                                                                                                      Ah okay, thanks 👍🏻

                                                                                                                                                                      1. 1

                                                                                                                                                                        Why is the resulting rust code only slightly safer? Rust as a language is a lot more memory safe than C. If you’re talking about current transcompilers, then improving those should lead to improvements in C.

                                                                                                                                                                        1. 6

                                                                                                                                                                          It’s translating to mostly-unsafe Rust (so does corrode, the other project that does this)

                                                                                                                                                                          This means you still have the same burden of checking most of the invariants involved.

                                                                                                                                                                          One use case for tools like these is an easy way to start converting a codebase from C to Rust, doing away with a bunch of the tedium.

                                                                                                                                                                          1. 2

                                                                                                                                                                            Ah, I’ve misread that. I was referring to Rust -> C compilers which are useful to create if only to understand the domain well enough to bring improvements to C.