1. 5

    Haven’t watched yet, but I don’t think that we are. Going to watch the vid shorly! =]

    Some of us are artists, some another flavor of assembly line worker. I think the first do it for a reason of passion for software while the second are only interested in making a living.

    Think about how the day feels to you. Do you really feel like you’re doing any real engineering when you’re writing software? I’d be surprised if so.

    1. 8

      Having worked alongside and very closely with mechanical, electrical, and chemical engineers, I would say that yes, writing software is an engineering discipline as well. The similarities are pretty striking in terms of problem decomposition, modularity, planning, creativity, and so on. Engineering is about building something from nothing, which all these fields have in common.

      1. 3

        I think that based on your analysis, most artists are engineers too.

        In my opinion, creating something from nothing is art, not necessarily engineering. Also, most software “engineers” maintain things that already exist. They aren’t creating something from nothing.

        1. 3

          I think that based on your analysis, most artists are engineers too.

          Not sure I would jump all the way there, but they do have some things in common. Engineering also involves all the things that I listed in the previous sentence.

          Also, most software “engineers” maintain things that already exist. They aren’t creating something from nothing.

          Have you worked with any mechanical, electrical, civil, or any other of the traditional engineers? It’s at least 10x worse for them. How many bridges are designed from scratch vs an iteration of a previous design? How many EEs do something more than mix and match pre-existing circuits? And so on.

          1. 3

            How many bridges are designed from scratch vs an iteration of a previous design?

            Writing a program is like building a bridge not like designing a bridge. Designing a bridge is like coming up with a new algorithm or improving an old one.

            1. 1

              Writing a program is like building a bridge not like designing a bridge.

              I think this analogy is poor. If pressed to tell you what software process was like “building a bridge”, I would say installing software on a server - and we’ve gotten very good at making that fast and easy.

              1. 2

                Both analogies partly work and partly don’t. That’s why I made such an effort to talk to people with firsthand experience in both sides of the discussion.

      2. 2

        I like this, I’ve always thought of myself of an artist.

      1. 2

        At the end of the day it’s just a title, and you can put whatever title you want on LinkedIn.

        1. 4

          Unless you live in Canada, in which case it’s against the law to call yourself an engineer without an engineer’s certificate.

          1. 3

            Same situation in Germany, Sweden, France and numerous other countries.

        1. 4

          Who would say no besides people who think that ‘engineer’ is a protected word that only applies to special people (themselves included of course) in their special club?

          You use some solidified math to solve some problem? That’s engineering.

          Fixing your neighbour’s bike is engineering. But some people would only call you a mechanic because you got your hands dirty.

          This whole thing is just a semantic and status game. Not really worth your time, unless you enjoy it of course.

          1. 4

            Who would say no besides people who think that ‘engineer’ is a protected word that only applies to special people (themselves included of course) in their special club?

            Among other things, it is the law of the land in Canada that “engineer is a protected word that only applies to special people.”

            1. 3

              You use some solidified math to solve some problem? That’s engineering.

              My parents are mathematicians and physicists. I am an engineer. All of us use mathematics to solve (practical) problems. However, we think so differently that I can ensure you they are not engineers.

              Fixing your neighbour’s bike is engineering. But some people would only call you a mechanic because you got your hands dirty.

              I don’t believe it is. And that is why a brick layer is called a brick layer, not a civil engineer.

              I find very easy to recognise an “engineer attitude”, but very difficult to define it.

              I would say that engineers design efficient solutions using pre-existing scientific and mathematical theories, limited by certain constraints (usually the triplet quality–price–time).

              That is the closest definition I can give to engineers.

              1. -1

                I am an engineer.

                And that is why a brick layer is called a brick layer,

                Seems like a standard case of a special member of the special member club gatekeeping his specialness to me.

                1. 6

                  It’s a standard case of trying to let a word keep its meaning as opposed to redefining it to be applicable to so many things that it becomes useless and a new word needs to be invented to describe the things a civil engineer does that a brick layer doesn’t.

                  Otherwise a bricklayer is also a scientist, an educator, an artist, a manager, a leader, a <insert other general word people use to describe aspects specific to their kind of job>.

                  1. 6

                    I am disappointed that you had to take two of my sentences, take them out of context to defend your standpoint.

                    So I will tell you why a brick layer is different from an engineer, and why on engineering course we had to layer bricks.

                    Let’s take the civil engineering example. An engineer computes the theoretical forces over every part of the structure, evaluates which materials are able to sustain such stress and make sure that even additional and unexpected stress won’t tear down the structure (using the famous “security factor” in the computation). It is a knowledge work and has certain responsibilities attach to it: for example, if a bridge falls down and a single person dies, the responsible engineer is prosecuted for manslaughter (back in my country, at least).

                    The brick layers, on the other hand, execute a skill work, in which their abilities comes less from acquired formal knowledge and much more from experience, and they are required to provide different guarantees, such as straight walls, proportion of sand and cement, properly spacing steel beams and so on. However, if the bridge falls, as a consequence or not of their job, they are not prosecuted for manslaughter; in fact, they are protected by law by a “shield” called engineer.

                    This difference was engrained at us in university years so we would deeply understand the responsibilities of our profession.

                    And, curiously, we also had classes where we would layer bricks and, afterwards, go to the lab to stress our little walls. From that particular class, I remember the professor tested our walls against the ones made by professional brick layers: all of ours collapsed easily, while the professional ones standed for the stress test. In the end, we got a lesson on trusting and respecting experienced brick layers and to stick to our expertise, but to understand our peers’ work.

                    Therefore, it is fallacious to say an engineer is simply a title and there is no difference between an engineer and a bricklayer. It is as silly as saying as a pilot and a flight assistant are no different because both work at a flying plane.

                    If your intention is to be politically correct, then let’s continue being correct and do not change meaning of words just to fix social injustices: let’s, instead, do as my aforementioned professor and show that we should respect the different types of jobs and, above it all, the symbiosis of them that makes a final product every body involved is proud of.

                    There is no reason to call a mouse a cat so you can protect the mouse.


                    My final remark: I felt unnecessarily disrespected by your suggestion that I belong to some sort of elite and trying to defend my privilege, especially because we never exchanged communications and because your quoted me in a convenient order to support your prejudice of me.

                    Please, I ask you to stop for a minute next time you feel this urge to attack someone with different ideas from you and evaluate the person’s ideas instead of drawing and stating premature conclusions that might spoil the person’s day: you seem like someone that cares about equality and respect among people.

                    1. 2

                      Your arguments are basically 2 points. 1. Engineers use “formal knowledge”. 2. Engineers are liable for damage.

                      For the first point, bricklayers have knowledge too. As stated by you. There’s no reason the knowledge of how to calculate forces should be privileged over the knowledge of how to lay bricks. For point 2, that is a legal issue. I don’t think words change their meaning based on how a legal system assigns liability.

                      So I don’t see how any of these would qualify an ‘engineer’ as special.

                      1. 1

                        I have to disagree with you, again.

                        For the first point, bricklayers have knowledge too. As stated by you. There’s no reason the knowledge of how to calculate forces should be privileged over the knowledge of how to lay bricks.

                        Physicists use the same formal knowledge as civil engineers: mechanics and mathematics. Still, they have different professional names because they address problems differently.

                        But my first answer to you was

                        I would say that engineers design efficient solutions using pre-existing scientific and mathematical theories, limited by certain constraints (usually the triplet quality–price–time).

                        And that is what differs the work done by an engineer from a bricklayer: the focus (i.e. spent most of its professional time) of the former is design using formal knowledge, while the latter focus on building a given design using acquired skill.

                        (It doesn’t mean a bricklayer is forbid to design, but his design is most likely to lack the formal methodology applied in an engineer’s design.)

                        So, in my perspective, what people call software architect is, actually, closer to a software engineer. And most people tend to call software engineer is simply a software developer.

                        For point 2, that is a legal issue. I don’t think words change their meaning based on how a legal system assigns liability.

                        I have to disagree with you: murder seems different from manslaughter even though in both cases a citizen killed the other. But the legal system names, judges and sentence people differently on name of the crime.

                        So I don’t see how any of these would qualify an ‘engineer’ as special.

                        It is so because of internal values. But if we compare “physician” to “nurse” (or, even stretchier, a “shaman”), or “pilot” to “steward”, then I think your internal values tend to disagree with your own statements.

                        1. 1

                          the focus (i.e. spent most of its professional time) of the former is design using formal knowledge

                          An engineer once was asked to design a circuit. he looked up the reference design from the chip vendor, and copy and pasted.

                          Was he engineering here? What formal knowledge and technique did he use?

                          murder seems different from manslaughter

                          This argument is basically “people in legal professions treat legally distinct catergories distinctly”. It doesnt prove much. Manslaughter is a legal term. People don’t use them generally.

                          It is so because of internal values. But if we compare “physician” to “nurse” (or, even stretchier, a “shaman”), or “pilot” to “steward”, then I think your internal values tend to disagree with your own statements.

                          You need to improve your mindreading skill. Pilots fly the plane, stewards don’t. Physicians and nurses are much more similar.

                          1. 3

                            Firstly, I would like to say that I like this discussion with you (when there is no personal attack): we have different points-of-view, and we keep pushing the discussion further.

                            An engineer once was asked to design a circuit. he looked up the reference design from the chip vendor, and copy and pasted.

                            Was he engineering here? What formal knowledge and technique did he use?

                            By your statement, I will take a wild guess and assume you are not a hardware or electrical engineer.

                            Hardware design is not simply putting elements in a board. Hardware design involves, among so many things:

                            • choosing the correct components based on the constraints of the project, both technical, spatial, financial and time;
                            • impedance matching among components;
                            • electro-magnetic compatibility on the wiring and components;
                            • thermal and power analysis of the design; and so on…

                            Of the four tasks above, I would say the first one is that with the least amount of formal knowledge and relies mostly on skills. The other three heavily rely on formal knowledge (Physics).

                            But back to your example, that is an attitude I could expect from an amateur hardware designer, a university student or, even, a junior engineer under supervision. Not from a professional engineer, in a professional environment: that is not what an engineer is expect to do, as I showed you by the small list of tasks when designing hardware.

                            Pilots fly the plane, stewards don’t.

                            That is the point I am trying to make, but on engineering: engineers design; builders build. And those are distinct activities.

                            Physicians and nurses are much more similar.

                            OK, we have a concept we converge.

                            So, in your opinion, does it make sense to have a separate word for physicians and nurses? Does it make sense to you that physician is a protect word, associated with an union and have certain legal responsibilities? Do you see people calling nurses, midwives, physicians and surgeons all by the same word, “physician”? (Technically surgeons are physicians, but that is fine.)

                            Clearly there are overlaps among all these professions but, to me, the core function of their job is different. And I would say that is clearer when comparing midwives to obstetrician: both deeply understand about pregnancy and are able to handle most cases of pregnancy, from the conception to the birth; however, that certain cases, formal knowledge (acquired in medicine school) is necessary to do the job properly.

                            That is what I have been taught and daily observe about (software, but also other) engineering: frequently there is an overlap between programmers, architects and engineers but, at (a good amount of) times, more specialised and formal knowledge (and mindset) is necessary to address some of the technical challenges of the project.

                            And, to me, that justifies the existence of the special university degree (engineering) and profession (engineer).

                            1. 1

                              So, in your opinion, does it make sense to have a separate word for physicians and nurses?

                              Sure.

                              Does it make sense to you that physician is a protect word, associated with an union and have certain legal responsibilities?

                              no

                              Do you see people calling nurses, midwives, physicians and surgeons all by the same word, “physician”?

                              I go by the humpty dumpty rule of language usage. Words mean what you want them to mean. For communication, you simply have to make sure the other party knows your definition.

                              By your statement, I will take a wild guess and assume you are not a hardware or electrical engineer.

                              You are deflecting here. You are not addressing the scenario I presented, and instead restated your definition.

                2. 3

                  people who think that ‘engineer’ is a protected word that only applies to special people (themselves included of course) in their special club?

                  That’s the legal and universally acknowledged definition of the word.

                  You also can’t go around calling yourself a lawyer without being in the special club. I don’t imagine you have a problem with that.

                  You use some solidified math to solve some problem? That’s engineering.

                  Not what it means or has ever meant.

                1. 12

                  Note this is a rough draft: I’m working on a more polished version as well as a series of articles. But people seem to like it so far so I figured I’d share the current version.

                  1. 3

                    Interesting video.

                    Though I don’t understand why people want to be engineers so badly. Is it an ego thing?

                    Software development has more similarities with pigs wallowing in their own shit than with any serious engineering discipline from my perspective.

                    No quality standards, no punishment for gross misconduct, no loss of privileges for incompetence.

                    1. 3

                      Software development has more similarities with pigs wallowing in their own shit than with any serious engineering discipline from my perspective.

                      Just to be clear here, you’re saying you disagree with the entire video, right?

                      1. 2

                        Yes.

                      2. 2

                        If the only reason you can think of and think is constructive to discuss here is one you already know no one will endorse then I don’t think you are behaving virtuously.

                        1. 1

                          Oh, I forgot the comment section only exists to voice agreement.

                          1. 5

                            No, it exists for thoughtful discussion, which you aren’t making even a token attempt to provide.

                            1. 2

                              Yes, of course, the charitable, empathetic, imaginative and otherwise totally reasonable and only possible interpretation of my comment is that that is what I am saying.

                              I could also just have repeated the comment you are responding to, because you’re just doing it again.

                          2. 1

                            I share that suspicion. Giving workers a fancy job title seems to be a common way to motivate them (or at least avoid demotivating them).

                            On the other hand, I also think that construction of some software systems should be done in accordance with an engineering discipline. Control software in airplanes and cars for example. People who practice such discipline deserve to be called engineers. Even if they don’t want to be, they should be because it makes them aware of their accountability.

                            If you’re just making a video game, I don’t care how you do it (putting ethical questions about addictive game mechanics aside for a moment).

                            1. 0

                              I don’t want programming to be a regulated engineering field, for the specific reason that I’m worried about regulatory authorities defining “quality standards”, “gross misconduct” and “incompetence” in politically-biased ways in order to use “loss of privileges” as a stick to prevent types of software that they dislike from being written. Imagine if there was a regulatory body that had the power to strip a license from a programmer if they contributed to social media software that didn’t censor speech that body judged to be harmful to marginalized people (an inherently political judgment); or that kept selectively enforcing code quality standards on cryptocurrency software because a lot of the individual members of the regulatory body thought that cryptocurrency was bad for society.

                              1. 13

                                Just because there are bodies that certify (and de-certify) electronic engineers doesn’t mean that I can’t build circuits in my own time, or even do so professionally. It just means that if Boeing were to hire me, and then a system I built caused an airplane to crash, the people affected would have significantly better grounds to sue Boeing.

                                Engineering certifications are not nearly as effective an instrument of state power as you suggest here.

                                1. 2

                                  Isn’t this more about “professional engineers”? The type of person that has a “stamp of approval”.

                                  Anyone can work in an engineering field (with training, schooling) but not many are the final approvers who have a professional liability far beyond mere mortals.

                            1. 1

                              When you have to read hexadecimal packet dumps to find what’s happening, 3-letter mnemonics won’t help you to troubleshoot a dead network service.

                              While I agree that his hex answer is correct… who reads packet dumps in hex when even most simplistic traffic dump tools can decode them for you? I haven’t seen anyone talk about hexadecimal flag values, no RFC does that either.

                              Not that it invalidates the post as a whole, but still.

                              1. 4

                                To be fair, he also knows that the hex codes mean “synchronize” and “acknowledge”, and mentioned as much.

                                1. 2

                                  I’ve debugged network traffic flows before where I was printk-ing the raw hex output of ethernet frame headers, while attached to real network hardware running real traffic, over a serial connection. I’ve also just dumped traffic to a file and looked at it on my dev PC with a tool that parses the headers; but if you’re debugging a problem it’s sometimes very useful to just look at a printed hex digit and see if that digit is off in a way that allows you to fix the problem in context.

                                1. 14

                                  I love Syncthing. It’s totally obviated the need for connecting my phone or media players to my main desktop system - I just go through my normal workflow of downloading, transcoding, and labelling my music with MusicBrainz Picard and it automatically gets transferred to my mobile device once it’s dropped into my Music directory.

                                  1. 16

                                    Warms my heart to see someone that still maintains a local music collection, all the way down to transcoding and tagging.

                                    1. 4

                                      Yeah, the stuff I listen to isn’t really on the big streaming services, lol

                                      1. 3

                                        Yes, we exist! I use beets.io to autotag my new music (either from bandcamp or deemix) and it gets automatically synced with my phone with syncthing.

                                        1. 1

                                          I used to have a music collection that was nearly all ripped from CDs, stored in FLAC and transcoded to MP3 for playing on my MP3 player. It was fantastic. Unfortunately, I didn’t have any backups of it, and reformatted the drive. By the time I had realised, it was basically unrecoverable. I couldn’t stomach doing it all over again, so I switched to Spotify.

                                          But recently I’ve just become completely fed up with Spotify: they have a terrible Electron-like desktop programme and Spotify Connect constantly drops its connection. It’s just bad software. I’m ripping all my CDs and I didn’t realise how many of them aren’t on Spotify. I’d say a good half of the CDs aren’t on Spotify, and basically none of my DVDs are on NZ Netflix either.

                                      1. 33

                                        There’s a huge cultural problem around dependencies and a total lack of discipline for what features get used in most Rust projects.

                                        sled compiles in 6 seconds flat on my laptop, despite being a fairly complex Rust embedded database. Most database compile times are measured in minutes, even if they are written in C, C++ or Go.

                                        I feel that slow compilation times for a library are totally disrespectful to any users, who probably just want to solve a relatively simple issue by bringing in your library as a dependency anyway. But in the Rust ecosystem it’s not uncommon at all for a simple dependency that could have probably been written in 50 lines of simple code to pull in 75 dependencies to get the job done that you need it for. Pretty much all of my friends working in the Rust blockchain space have it especially bad since they tend to have to pull in something like 700 dependencies and spend 3 minutes just for linking for one commonly used dependency.

                                        Things I avoid to make compilation fast:

                                        • proc macros - these are horrible for compile times
                                        • build.rs same as above, also causes friction with tooling
                                        • deriving traits that don’t get used anywhere (side note, forcing users to learn your non-std trait is just as bad as forcing them to learn your non-std macro. It introduces a huge amount of friction into the developer experience)
                                        • generics for things I only use one concrete version of internally. conditional compilation is very easy to shoot yourself in the foot with but sometimes it’s better than generics for testing-only functionality.
                                        • dependencies for things I could write in a few dozen lines myself - the time saved for a project that I sometimes compile hundreds of times per day and have been building for over 4 years is a huge win. Everybody has bugs, and my database testing tends to make a lot of them pop out, but I can fix mine almost instantly, whereas it takes a lot of coordination to get other people to fix their stuff.

                                        Also, CI on every PR tends to finish in around 6 minutes despite torturing thousands of database instances with fault injection and a variety of other tests that most people only run once before a big release.

                                        Developer-facing latency is by far one of the most effective metrics to optimize for. It keeps the project feeling fun to hack on. I don’t feel dread before trying out my changes due to the impending waiting time. Keeping a project nice to hack on is what keeps engineers hacking on it, which means it’s also the most important metric for any other metrics like reliability and performance for any project that you hope to keep using over years. But most publicly published Rust seems to be written with an expiration date of a few weeks, and it shows.

                                        1. 11

                                          My take-away from the article is that open source allows different people to play different roles: the original dev got it working to their own satisfaction. Another user polished off some cruft. Everybody wins.

                                          I feel that slow compilation times for a library are totally disrespectful to any users …

                                          If someone write software to solve a problem and shares it as open source, I don’t consider it disrespectful regardless of the code quality. Only if someone else is compelled to use it or is paying for it would the developer have any obligation, IMO.

                                          1. 10

                                            Same experience here. When I started writing durduff, I picked clap for parsing CLI arguments. After a while. I used cargo-deps to generate a graph of dependencies and it turned out that the graph was dominated by the dependencies pulled in by clap. So I switched to getopts. It cut the build times by something like 90%.

                                            Another example: atty term_size depends on libc, but when you look at its source code, it has a lot of code duplicated with libc. The constants which need to be passed to the ioctl, with conditional compilation, because they have different values on different platforms. It seems to be a common theme: wrapping libraries, while still duplicating work. I replaced atty term_size with a single call to libc (in the end I stopped doing even that). One less dependency to care about.

                                            That said, I still think that waiting a couple seconds for a project as small as durduff to compile is too much. It also slows down syntastic in vim: it’s really irritating to wait several seconds for text to appear every time I open a rust file in vim. It’s even worse with bigger projects like rustlib.

                                            As for avoiding generics: I use them a lot for testing things in isolation. Sort of like what people use interfaces for in Go. With the difference that I don’t pay the runtime cost for it. I’m not giving this one up.

                                            BTW Thank you for flamegraph-rs! Last weekend it helped me find a performance bottleneck in durduff and speed the whole thing up three-fold.

                                            EDIT: I got crates mixed up. It was term_size, not atty that duplicated code from libc.

                                            1. 11

                                              it turned out that the graph was dominated by the dependencies pulled in by clap.

                                              Did you try disabling some or all of Clap’s default features?

                                              With respect to the OP, it’s not clear whether they tried this or whether they tried disabling any of regex’s features. In the latter case, those features are specifically intended to reduce compilation times and binary size.

                                              Another example: atty depends on libc, but when you look at its source code, it has a lot of code duplicated with libc. The constants which need to be passed to the ioctl, with conditional compilation, because they have different values on different platforms. It seems to be a common theme: wrapping libraries, while still duplicating work

                                              Huh? “A lot”? Looking at the source code, it defines one single type: Stream. It then provides a platform independent API using that type to check whether there’s a tty or not.

                                              I replaced atty with a single call to libc. One less dependency to care about.

                                              I normally applaud removing dependencies, but it’s likely that atty is not a good one to remove. Unless you explicitly don’t care about Windows users. Because isatty in libc doesn’t work on Windows. The vast majority of the atty crate is specifically about handling Windows correctly, which is non-trivial. That’s exactly the kind of logic that should be wrapped up inside a dependency.

                                              Now, if you don’t care about Windows, then sure, you might have made a good trade off. It doesn’t really look like one to me, but I suppose it’s defensible.

                                              That said, I still think that waiting a couple seconds for a project as small as durduff to compile is too much. It also slows down syntastic in vim: it’s really irritating to wait several seconds for text to appear every time I open a rust file in vim.

                                              It takes about 0.5 seconds for cargo check to run on my i5-7600 after making a change in your project. Do you have syntastic configured to use cargo check?

                                              1. 4

                                                Did you try disabling some or all of Clap’s default features?

                                                I disabled some of them. It wasn’t enough. And with the more fireworky features disabled, I no longer saw the benefit of clap over getopts, when getopts has less dependencies.

                                                Huh? “A lot”? Looking at the source code, it defines one single type: Stream. It then provides a platform independent API using that type to check whether there’s a tty or not.

                                                Ok, I got crates mixed up. It was term_size (related) that did that, when it could just rely on what’s already in libc (for unix-specific code). Sorry for the confusion.

                                                I normally applaud removing dependencies, but it’s likely that atty is not a good one to remove. Unless you explicitly don’t care about Windows users. Because isatty in libc doesn’t work on Windows.

                                                Yes, I don’t care about Windows, because reading about how to properly handle output to the windows terminal and output that is piped somewhere else at the same time left me with the impression that it’s just too much of a pain.

                                                It takes about 0.5 seconds for cargo check to run on my i5-7600 after making a change in your project. Do you have syntastic configured to use cargo check?

                                                I’ll check when I get back home.

                                                1. 21

                                                  I no longer saw the benefit of clap over getopts, when getopts has less dependencies.

                                                  Well, with getopts you start out of the gate with a bug: it can only accept flags and arguments that are UTF-8 encoded. clap has OS string APIs, which permit all possible arguments that the underlying operating system supports.

                                                  You might not care about this. But I’ve had command line tools with similar bugs, and once they got popular enough, end users invariably ran into them.

                                                  Now, I don’t know whether this bug alone justifies that extra weight of Clap. Although I do know that Clap has to go out of its way (with additional code) to handle this correctly, because dealing with OS strings is hard to do in a zero cost way.

                                                  Yes, I don’t care about Windows, because reading about how to properly handle output to the windows terminal and output that is piped somewhere else at the same time left me with the impression that it’s just too much of a pain.

                                                  I think a lot of users probably expect programs written in Rust to work well on Windows. This is largely because of the work done in std to provide good platform independent APIs, and also because of the work done in the ecosystem (including myself) to build crates that work well on Windows.

                                                  My argument here isn’t necessarily “you should support Windows.” My argument here is, “it’s important to scrutinize all costs when dropping dependencies.” Particularly in a conversation that started with commentary such as “lack of discipline.” Discipline cuts both ways. It takes discipline to scrutinize all benefits and costs for any given technical decision.

                                                  1. 14

                                                    Just wanted to say thanks for putting in the effort to support Windows. ripgrep is one of my favorite tools, and I use it on Windows as well as Linux.

                                                    1. 1

                                                      I checked and I have a line like this in my .vimrc:

                                                      let g:rust_cargo_check_tests = 1
                                                      

                                                      That’s because I was annoyed that I didn’t see any issues in test code only to be later greeted with a wall of errors when compiling. Now I made a small change and cargo check --tests took 5 seconds on my AMD Ryzen 7 2700X Eight-Core Processor.

                                                      Well, with getopts you start out of the gate with a bug: it can only accept flags and arguments that are UTF-8 encoded. clap has OS string APIs, which permit all possible arguments that the underlying operating system supports.

                                                      I’ll reconsider that choice.

                                              2. 4

                                                But in the Rust ecosystem it’s not uncommon at all for a simple dependency that could have probably been written in 50 lines of simple code to pull in 75 dependencies to get the job done that you need it for.

                                                I don’t think I have experienced this. Do you have an example of this on crates.io?

                                                1. 1

                                                  Not quite to that degree, but I’ve seen it happen. Though I’ve also seen the ecosystem get actively better about this – or maybe I just now have preferred crates that don’t do this very much.

                                                  rand does this to an extent by making ten million little sub-crates for different algorithms and traditionally including them all by default, and rand is everywhere, so I wrote my own version. num also is structured that way, though seems to leave less things on by default, and deals with a harder problem domain than rand.

                                                  The main example of gratuitous transitive dependencies I recall in recent memory was a logging library – I thought it was pretty_env_logger but can’t seem to find it right now. It used winconsole for colored console output, which pulls in the 10k lines of cgmath, which pulls in rand and num both… so that it can have a single function that takes a single Vector2D.

                                                  …sorry, this is something I find bizarrely fun. I should probably make more time for it again someday.

                                                2. 1

                                                  Minimizing your dependencies has further advantages like making the overall system easier to understand or avoiding library update problems.

                                                  Part of this is simply insufficient tooling.

                                                  Rebuilding all your dependencies should be rare. In practice, it happens way too often, e. g. frequently on every CI run without better build systems. That is madness. You can avoid it by e.g. using Nix or bazel.

                                                  I terms of timing, I’d also love to understand why linking is quite slow - for me often the slowest part.

                                                  But all in all, bloated compile times in dependencies would not be a major decision factor for me in choosing a library. Bloated link times or bloated compile times of my own crates are, since they affect my iteration speed.

                                                  That said, I think if you are optimizing the compile time of your crate, you are respecting your own time and that of your contributors. Time well spent!

                                                  1. 1

                                                    deriving traits that don’t get used anywhere

                                                    I take it you mean custom traits, and not things like Default, Eq/Ord, etc?

                                                    1. 9

                                                      check this out:

                                                      #[derive()]
                                                      pub struct S { inner: String }
                                                      

                                                      (do this in your own text editor)

                                                      1. 2dd (yank lines), 400p (paste 400 times)
                                                      2. %s/struct\ S/\=printf("struct S%d", line('.')) name all of those S’s to S + line number
                                                      3. time cargo build - 0.10s on my laptop
                                                      4. %s/derive()/derive(Debug)
                                                      5. time cargo build - 0.58s on my laptop
                                                      6. %s/derive(Debug)/derive(Debug, PartialOrd, PartialEq)
                                                      7. time cargo build - 2.46s

                                                      So, yeah, that deriving actually slows things down a lot, especially in a larger codebase.

                                                      1. 3

                                                        This is particularly annoying for Debug because either you eat the compile time or you have to go derive Debug on various types every time you want to actually debug something. Also if you don’t derive Debug on public types for a library then users of the library can’t do it themselves.

                                                        In languages like Julia and Zig that allow reflection at specialization time this tradeoff doesn’t exist. Eg in zig:

                                                        pub fn debug(thing: var) !void {
                                                            const T = @TypeOf(thing);
                                                            if (std.meta.trait.hasFn("debug")(T)) {
                                                                // use custom impl if it exists
                                                                thing.debug();
                                                            } else {
                                                                // otherwise reflect on type
                                                                switch (@typeInfo(T)) {
                                                                    ...
                                                                }
                                                            }
                                                        }
                                                        

                                                        This function will work on any type but will only get compiled for types to which it is actually applied in live code so there’s no compile time overhead for having it available. But the reflection is compiled away at specialization time so there is no runtime overhead vs something like derive.

                                                        1. 2

                                                          Some numbers from a fairly large project:

                                                          $ cargo vendor
                                                          $ rg --files | grep -E '*.rs' | xargs wc -l | sort -n | tail -n 1
                                                           1234130 total
                                                          $ rg --files | grep -E '*.rs' | xargs grep -F '#[derive' | grep -o -E '\(|,' | wc -l
                                                          22612
                                                          

                                                          If we extrapolate from your example a minimum of 2ms extra compile time per derive, this is adding >45s to the compile time for a debug build. But:

                                                          $ cargo clean && time cargo build
                                                          Finished dev [unoptimized + debuginfo] target(s) in 20m 58s
                                                          
                                                          real	20m58.636s
                                                          user	107m34.211s
                                                          sys	10m57.734s
                                                          
                                                          $ cargo clean && time cargo build --release
                                                          Finished release [optimized + debuginfo] target(s) in 61m 25s
                                                          real	61m25.930s
                                                          user	406m27.001s
                                                          sys	11m30.052s
                                                          

                                                          So number of dependencies and amount of specialization are probably the low hanging fruit in this case.

                                                          1. 1

                                                            Doh, bash fail.

                                                            $ rg --files -0 | grep -zE '\.rs$' | wc -l --files0-from=- | tail -n 1
                                                            2123768 total
                                                            $ rg --files -0 | grep -zE '\.rs$' | xargs -0 cat | grep '\[derive' | grep -oE '\(|,' | wc -l
                                                            22597
                                                            

                                                            Same conclusion though.

                                                          2. 2

                                                            Experiment independently reproduced, very nice results. I never realized this was significantly expensive!

                                                            1. 1

                                                              Thank you for this reply. It’s absolutely beautiful. You made an assertion, and this backs it up in a concise, understandable, and trivially reproducible way.

                                                          3. 0

                                                            Without build.rs how are create authors going to mine Bitcoin on your computer?

                                                            1. 2

                                                              With a make install target, just like the olden days.

                                                          1. 3

                                                            Playing Really Awesome CTF!

                                                            1. 6

                                                              End-to-End doesn’t make sense in this case, because the other ‘end’ is a future version of yourself.

                                                              A faithful equivelant to ‘end-to-end’ in context of a backup is “Is it encrypted at rest with keys only I have access to”. And the answer to “Are Apple iCloud backups encrypted at rest with keys I control” is: “Yes, but..”

                                                              Yes Apple iCloud backups of photos/contacts are encrypted on apples servers, by keys that are yours, it works similarly to iMessage’s in that theres a keyring of unlock keys. But there is nothing stopping apple from intercepting decryption events and keeping a copy for themselves, or lying to people about having encryption features at all.

                                                              This is how the 2FA works, it requests that another machine that has a key is granted a token to unlock the ‘vault’ of contents in iCloud, then you can basically used the unsealed version of the data for the session. When you open a new session you either have an unlock token or you don’t.

                                                              So, for apple to add their own key to a keychain everytime they unseal a vault is relatively trivial, it’s impossible for you to know what unsealing keys are on your keyring. you can see what apple shows you (devices attached to your account, sessions active on the web etc;) but there’s nothing preventing them from adding themselves and not telling you.

                                                              Ultimately when you don’t control the software or the platform, you only have trust left.

                                                              1. 13

                                                                Ultimately when you don’t control the software or the platform, you only have trust left.

                                                                Picking out that last sentence because it highlights something that’s bothered me for a while. How many of us (software developers) have the ability to effectively audit the cryptographic tools we use on a day-to-day basis? Because it’s not enough to know C, or to have a rough understanding of RSA. Cryptography seems like a very intricate and fast-moving field, and even if you are competent, you need a lot of time to do a good audit.

                                                                If I use open source software that I ‘control’, but I have to trust that people more competent than I have done their job well and made things secure, how does my position differ from that of an Apple user?

                                                                1. 6

                                                                  End-to-end means that you have the key, you transport an encrypted blob so that anyone in the middle can’t see contents, then the receiver has a specific key to decrypt it.

                                                                  Whether the receiver is you in the future, your best friend on Tuesday, or an extraterrestrial in the past does not change this.

                                                                  1. 4

                                                                    Yes Apple iCloud backups of photos/contacts are encrypted on apples servers, by keys that are yours, it works similarly to iMessage’s in that theres a keyring of unlock keys.

                                                                    That is inaccurate. Backups are a special case where they get retrieved by a new device that has no keys whatsoever. The only authentication that is used is an account password, and sometimes a 2FA code.

                                                                    1. 10

                                                                      End-to-End doesn’t make sense in this case, because the other ‘end’ is a future version of yourself.

                                                                      Let’s implement some quick end-to-future-end encryption with GPG:

                                                                      gpg --encrypt --sign --armor nora@nora.codes file.txt > file.asc
                                                                      
                                                                  1. 13

                                                                    I can relate to this from a different angle. I have a not only globally, but historically unique name. Hence it’s easy to Google, which annoys me. Therefore I, whenever I can/it’s appropriate, just write the last first letter of my surname. Nevertheless I find it weird when people confuse it for my real name (“Dear Mr. K, …”).

                                                                    On the other hand, I guess one reason for not having trivially changeable names is, to re-hash the example of calling out names, is that one would suddenly see an increase of people called “Jack Mehoff”, “Jenny Talia”, and the like. Now you’re embarrassing the professors and lunch-workers, which is just a deferral not a solution, if you ask me.

                                                                    1. 9

                                                                      On the other hand, I guess one reason for not having trivially changeable names is, to re-hash the example of calling out names, is that one would suddenly see an increase of people called “Jack Mehoff”, “Jenny Talia”, and the like. Now you’re embarrassing the professors and lunch-workers, which is just a deferral not a solution, if you ask me.

                                                                      This is legit, but I don’t think it’s an issue, for two reasons. First, if you change your name to “Jack Mehoff” in a context where others will see or hear it, you’ll have immediate social consequences. Second, if changing a name in some system isn’t a big deal, someone can just change it back to a non-offensive name.

                                                                      1. 3

                                                                        First, if you change your name to “Jack Mehoff” in a context where others will see or hear it, you’ll have immediate social consequences

                                                                        So he’ll change it back. If someone changes their name as a joke, prank or to get back at someone, they’re (usually) not interested in keeping it anyway. But that doesn’t stop the next person from declaring that they have to change their name (because of a bet, eg).

                                                                        if changing a name in some system isn’t a big deal, someone can just change it back to a non-offensive name.

                                                                        I think you misunderstood me. I’m saying that people will intentionally abuse a system where names can be changed easily and independently of other system – that cannot be avoided. You would have to force them to change their name back, either by punishing them if they don’t do so voluntarily, or by just changing it behind their back. Either way, the power of granting and revoking names is shown and proven to be part of the system (university, workplace, etc.)*. And they would of course, with the same credibility as anyone else, claim that this is how they have to be called.

                                                                        In short: You cannot assume good faith from bad actors. And you can’t ignore them either.

                                                                        Edit: * This would also mean that if administrations change, they could just undo everyone’s name wishes, with the same credibility and legitimation.

                                                                        1. 1

                                                                          Second, if changing a name in some system isn’t a big deal, someone can just change it back to a non-offensive name.

                                                                          If you’re too avid about doing this, the people legitimately named Wang and Dikshit and Cockburn and Schmuck will eventually have reason to be very angry with you.

                                                                          1. 1

                                                                            True! But even that becomes less of an issue if changing a name doesn’t require human intervention and paperwork.

                                                                      1. 5

                                                                        Could you help me to understand this statement?

                                                                        Experiance shows that names are […] not guaranteed […] even to exist for each person you (or your software) will encounter.

                                                                        There’s a footnote pointing to “Falsehoods Programmers Believe About Names”, which includes “people have names” as the final falsehood in its list. This stuck out to me when I first read that article, too, but I confess I never looked into it further.

                                                                        Is this supposed to be tongue-in-cheek, or is this a genuine assertion that some people do not have names? What are the cultures or contexts in which this occurs? If a piece of software addresses its users (“Welcome, Xavier”) or lists them by name, what might be considered correct behavior in this case?

                                                                        1. 10

                                                                          Yes, it’s true that in some cultures people don’t have names for some portions of their lives. Most commonly, I believe, it’s as infants. I suggest the book The Spirit Catches You And You Fall Down for a great overview of what happens when cultural expectations like this clash in a healthcare context.

                                                                          1. 3

                                                                            Anecdotally, my wife and I did this - our child was unnamed for about 24 hours.

                                                                            1. 1

                                                                              Ah, of course. Patrick McKenzie explicitly mentioned that possibility earlier in his list but I failed to make the connection. Thanks!

                                                                            2. 6

                                                                              From the brilliant Data and Reality:

                                                                              We also have some issues regarding the beginning and ending of a person. It makes sense in the context of some medical records to treat an unborn fetus as an unborn person; observations during pregnancy become a part of that person’s medical history. A recent court case considered the question of whether an unborn fetus was eligible for welfare benefits, which would have made the fetus representable in the welfare database.

                                                                              Also, in (Ashkenazic?) Jewish tradition, boys aren’t named until they’re eight days old.

                                                                              1. 1
                                                                                1. 2

                                                                                  Yeah, though I’m quoting from the second edition. The third edition was edited by someone else after Bill Kent died, who crammed in his own contradictory “data modeling” consulting.

                                                                              2. 5

                                                                                How do you handle someone who declines to give a name and insists on anonymity? How do you handle someone who’s incapable of telling you a name to use for them?

                                                                                Legal systems sometimes have conventional placeholders to use for these situations, but it would be a mistake to assert that the placeholder is the person’s name.

                                                                                1. 2

                                                                                  Parents don’t always have a final name lined up for a child by the time they’re born or they lose track of some bureaucratic step amid all the chaos of having a new child, thus temporarily leaving the child without a legal name. Or children abandoned at birth without a hospital record.

                                                                                1. 3

                                                                                  Very neat, but can we refrain from using Lobsters as a marketing and advertising channel?

                                                                                  1. 30

                                                                                    I disagree. This - and other projects like Pine64 - are social movements, attempts to prevent a future bereft of user-repairable, user-hackable, general purpose computing.

                                                                                    I think the more exposure we give them, on Lobsters and elsewhere, the better.

                                                                                    Yes, it’s marketing and advertising. But it’s marketing and advertising a better future, that we can all contribute to by the act of simply buying and using a laptop.

                                                                                    1. 13

                                                                                      Conflating conspicuous consumption with promoting the social good is one of the greatest tricks ever pulled by the capitalist.

                                                                                      There is very little technical information in this post we can learn from, there is just a Buy Now and some pretty pictures.

                                                                                      You have to look beyond the shiny and consider what negative impact normalizing this has on communities like Lobsters. Sure, these folks might be doing the right thing, but charlatans all appeal to a brighter future and once they get a whiff of the rubes they come.

                                                                                      There is an entire industry devoted to exploiting communities like ours, let’s not make their job easier.

                                                                                      1. 7

                                                                                        I also want to mention that while the blog post announcing that the campaign is live is relatively light on technical details, the main project page is detailed enough that some of it is beyond my understanding (I’m not a hardware guy, I don’t know what e.g. MIPI DSI is) and gives me some terms/concepts to research.

                                                                                        As soapdog said, this project has been around for a while, what is new is that it’s ready for people to “buy now”.

                                                                                        1. 11

                                                                                          All sources (KiCAD schematics, µC firmware, 3D case files) are up and freely available under various FLOSS licenses. You don’t have to buy anything from them to support the project or study the sources, learn, adapt and build your own laptop if you so desire. That’s the key difference, and companies who embrace this concept surely should be allowed to make a profit to strive forward.

                                                                                          1. 7

                                                                                            All sources (KiCAD schematics, µC firmware, 3D case files) are up and freely available under various FLOSS licenses.

                                                                                            Post links to those, or a write-up about them. I’d love that.

                                                                                          2. 8

                                                                                            If I just posted straight politics on Lobsters, e.g. advocating for a Green New Deal, general strikes, socialist revolution, etc. I’m pretty sure people would downvote it as off-topic.

                                                                                            Short of general societal change away from corporate capitalism, the vehicles we have for promoting potentially revolutionary technology require the exchange of money for goods and services. In other words, advertising opportunities for people to chip in. The alternative is that only the independently wealthy are able to work on and share ethical technology, and that is exclusionary + unethical. Ordinary people need money to live, and open source / open hardware needs to include everyone.

                                                                                            Could the legal/financial structure of the MNT project be better? Possibly, I am not familiar with MNT’s structure or German law. Certainly there is room for improvement in how business is conducted in the world. We should support public benefit corporations, non-profits, worker-owned cooperatives, unions, anarchist collectives, etc. People starting a new project should consider how their legal/financial structure can systematically support ethics rather than the standard model which only understands profits. But no project will ever be perfect, and we need to support people who use conventional methods in some areas (e.g. business structure) while taking risks in other areas (e.g. open hardware). We can’t wait for the perfect world to exist before we start building a better one.

                                                                                            1. 10

                                                                                              That’s all well and good, but it doesn’t answer my concern.

                                                                                              How do you keep our community from being overrun by hucksters?

                                                                                              One of the things that sets Lobsters apart from places like Reddit, the orange site, and so forth is that we generally keep out shilling threads, content marketing, and the like.

                                                                                              And yes, while it’s totally fine and even laudable to support efforts like these, doing by sharing what is effectively marketing material and advertising tends to cannibalize communities like ours by turning us into a mere host channel for marketing instead of our normal content. Is there another way I can explain this to make it more clear?

                                                                                              1. 10

                                                                                                I’m curious - what’s your line here? A lot of interesting technical work is done by for-profit companies, and a lot of that is sold. Are we to refrain from posting anything having to do with a commercial enterprise, even open source projects? Or is it only in the case that the company in question sells services related to the project? Either way, that significantly limits a lot of discussion (of, e.g., Docker, Kubernetes, and even Ubuntu Linux) that would otherwise be definitely on topic.

                                                                                                1. 14

                                                                                                  My sniff test is basically:

                                                                                                  • Is the submission on a cup-rattling site like kickstarter, crowdsupply, indiegogo, etc? If yes, flag.
                                                                                                  • Is the submission by a youngish account affiliated with the product or company? If yes, flag if they haven’t been contributing non-product related submissions to Lobsters.
                                                                                                  • Is there any code or significant actionable technical information to learn from? If no, flag.
                                                                                                  • Is there a call-to-action on the page to subscribe to their newsletter or pay them money? If yes, almost always flag.
                                                                                                  • Is the information applicable only to customers of that product? If yes, flag.

                                                                                                  I don’t have so much a problem with, say, a Cloudflare post that really digs into debugging DNS issues or something. But usually, it’s just a slick product page (see the Github/VSCode stuff or this as an example).

                                                                                                  1. 4

                                                                                                    That seems like a well-defined line, though one that does exclude a lot of content that makes it to the top of the front page pretty regularly. Might be worth having a discussion about some kind of formal definition of “advertising” that is not allowed here.

                                                                                                2. 6

                                                                                                  How do you keep our community from being overrun by hucksters?

                                                                                                  By upvoting submissions that aren’t from hucksters.

                                                                                                  No snark intended there, but I’m sure that you, me, and others here can distinguish between a good open source project like this or Pine64, and a sham product produced by hucksters. We can support the former with upvotes, and downvote the latter into oblivion.

                                                                                                  If we don’t have the skill and judgement to do that successfully, our community is doomed regardless of what measures we take.

                                                                                                  1. 4

                                                                                                    I think I actually understood better where you’re coming from with this comment, for some reason, so thank you for rephrasing.

                                                                                                    While I don’t think that banning everything that could be considered advertising would be wise, I understand the concern that it could drive out content that lacks a profit motive. And there’s no easy answer. Discouraging or banning self-promotion is one approach, which I believe Lobsters uses to some degree, but sockpuppets, viral marketing and other tricks can get around that. At the end of the day, I think we just have to depend on:

                                                                                                    • the community to submit and upvote a good mix of content, including some important projects that have commercial aspects, but not too many
                                                                                                    • the community to invite good people who aren’t hucksters
                                                                                                    • the mods to put a stop to bad behavior and kick bad actors

                                                                                                    Going any further than that risks suppressing news about important projects that people like me want to support, and that we may not hear about elsewhere.

                                                                                                    1. 7

                                                                                                      Point of fact: this was up on the orange site an hour before it was up here, and as of the time of posting is 28 on their front page.

                                                                                                      Suppressing news is exactly the point. News is the mindkiller, since it by definition is relevant only due to its novelty. There are entire industries built around news. It’s covered, don’t worry.

                                                                                                      1. 3

                                                                                                        Let me get this straight: are you saying that Lobsters posts shouldn’t include news items? I understand the sentiment, but it seems like an extreme position.

                                                                                                        Someone who does not want to read the news may be better served by disconnecting from the internet and/or powering off their devices. (I took a “technology diet” for a few days at the beginning of the pandemic for precisely this reason, although I came back to an exploding inbox and was immediately stressed out again.)

                                                                                                        1. 9

                                                                                                          Yes. I am saying that I believe Lobsters posts shouldn’t include news items. I only grudgingly agree with the news-ish tags of release and event.

                                                                                                          The core issue with news–its value is predicated specifically on its novelty (literally, how new it is) and not on its quality, topicality, or even base veracity. News is like catnip or potato chips, and tends to get upvotes because people want to “feel informed” or want to upvote a sympathetic headline. “Tech news” tends to bucket into:

                                                                                                          • product annoucements
                                                                                                          • product releases
                                                                                                          • business happenings
                                                                                                          • politics/culture war/drama
                                                                                                          • obituaries
                                                                                                          • meta coverage of other news coverage

                                                                                                          Further, news articles tend to:

                                                                                                          • Be written for the casual consumer (because simpler writing means broader audience, and broader audience means more eyeballs, and more eyeballs means more ad revenue)
                                                                                                          • Leave out useful technical details (how many of the articles on the front page of Phoronix have code or best practices in them?)
                                                                                                          • Rehash other news sources, creating games of telephone
                                                                                                          • Contain other content that leads to non-technical discussions and flamewars (a news story about launching contact tracking apps might mention Trump, that in the comments section here turns into a Whole Thing)
                                                                                                          • Be strictly less useful than the primary source they’re reporting on (in the case of academic work, for example, it’d be a better submission to have the original paper instead of a breathless university press release or sloppy coverage from Ars or New Scientist or whatever)

                                                                                                          There are many, many sites out there that cover news well. There are not many that focus on technical discussions the way we do.

                                                                                                          1. 4

                                                                                                            its value is predicated specifically on its novelty (literally, how new it is) and not on its quality, topicality, or even base veracity

                                                                                                            And yet a great deal of it has value beyond novelty. This, for instance - along with the start of the campaign came finalized production-ready KiCAD files for the mainboard, finalized 3D CAD files for the case, and some commits to their software which are undeniably technically interesting.

                                                                                                            1. 2

                                                                                                              This, for instance - along with the start of the campaign came finalized production-ready KiCAD files for the mainboard, finalized 3D CAD files for the case, and some commits to their software which are undeniably technically interesting.

                                                                                                              If the value of the announcement comes from that, then why weren’t they linked to directly? Why force readers to dig around for them?

                                                                                                              1. 5

                                                                                                                I don’t think it comes only from that - there are a lot of pieces of this post that are valuable to different audiences.

                                                                                                                For me, it was useful as news; I knew about MNT Reform, and knew some people who worked on it, but wasn’t following it closely. It was also useful as a sort of “release announcement” for these finalized designs.

                                                                                                                For people who weren’t aware of the MNT Reform project, it serves as a good introduction to the purpose and goals of the project. It has an interesting anecdote about how some hardware and software people got into the field, which I personally always enjoy, and it recounts the efforts of several talented engineers over the past two years.

                                                                                                                The MNT Reform is, in my opinion, a really interesting and important project. Something major changed with it recently, and it seems appropriate to link on Lobste.rs for that reason, since the last mention was six months ago, when things were very different, especially in the software department. It would be pretty weird to link to the project page without linking to this blog post, yes?

                                                                                                            2. 1

                                                                                                              I agrew with the idea that novelty is a bad predictor of most attributes. Especially in this information overloaded world we live in.

                                                                                                              Might even be like music, there is continous selection so 80ies music is now both better than it was in the 80ies and better than what’s on the radio.

                                                                                                              However, if offers such as this one are interesting to this community the fact that they are available NOW is an important aspect and it is only interesting now.

                                                                                                  2. 1

                                                                                                    Absolutely.

                                                                                                    And let’s not forget the Vivaldi Tablet nor the EOMA68 Computing Devices.

                                                                                                    It’d be a different story if the link was to technical documentation, rather than some Give Us All The Money page.

                                                                                                    It’s very easy to promise, not so much to deliver. But fundraisers by definition do specialize in the former.

                                                                                                3. 23

                                                                                                  I posted this because I’ve seen people here interested in ARM based machines and open hardware. Everything about MNT Reform is open hardware and software. They are trying to build an initial batch of machines by crowdfunding, a process that is well known and common for open hardware. It is actually the only viable self-bootstrapping way to create such machines, unless you’re a millionaire funding things from your own pocket.

                                                                                                  I am quite tired of comments such as “this is marketing and advertising” every time someone tries to post any crowdfunding thing. Do you want open hardware? Do you want to support open hardware projects? Then you need to probably understand that crowdfunding will play a role.

                                                                                                  This campaign is also the only easy way for people who are interested in such machine to get one. Building from the schematics and source code is not something easy, and will probably cost way more.

                                                                                                  I posted this because 3 months ago there were well received posts in the past year and people appeared excited by it. This serves as a reminder that they can help fund it now.

                                                                                                  This project aims to create a repairable, understandable and free machine for your general computing needs. Equating that with “corporate capitalism advertising practices” is wrong and completely missing the point on why it was posted.

                                                                                                  1. 4

                                                                                                    I disagree with your post entirely. For the most part, I come to lobsters to read about software and hardware.

                                                                                                    This is not software or hardware - it’s basically a glorified Kickstarter campaign. If I wanted to buy/consume, I’d use another site.

                                                                                                    I wouldn’t object if someone posted blog articles detailing the challenges in implementing open hardware, or design files, etc. This isn’t really that - it’s “pay us money and get a possible product” Which is kickstarter all over again.

                                                                                                    You can posture about the politics of the economy all you want, but this doesn’t seem like an appropriate fit here. On HN and Reddit? Sure - people love to spend and donate to all sorts of political endeavors. This is the first time I’ve seen here a blatant kickstarter-like project. I’m happy they’re doing open hardware, but why am I seeing their store/campaign?

                                                                                                1. 10

                                                                                                  Generally strings are a pain in rust. I.e., &str vs String dichotomy: again you need to handhold and convert manually.

                                                                                                  This criticism consistently makes me think that people are missing the point. &str, an immutable reference to some consecutive UTF-8 bytes somewhere in memory, and String, a structure describing by pointer and length a string of UTF-8 on the heap, are not the same thing. They’re also not the same thing in C, but if you get it wrong, the compiler won’t tell you; you’ll just be rolling the dice with memory corruption. They’re not the same thing in Python, either, but that’s okay because Python doesn’t let you have the first kind (or its performance characteristics) without hackery.

                                                                                                  Rust expects you to use threads, shared memory synchronization between threads, and that everything be thread safe.

                                                                                                  Or async. async isn’t done yet, but it’s already done enough to be usable in some use cases, and very effective for a lot of things threads were a suboptimal solution for.

                                                                                                  The cargo test runner will run your tests in parallel using threads by default.

                                                                                                  That this is stated as if it were a negative is telling. Being threadsafe is good and should be the default. Every machine, even a lot of the microcontrollers I program, has more than one core. Let’s use them!

                                                                                                  having global mutable state requires a crate and some verbose convincing

                                                                                                  That’s not true; it requires a crate or some verbose convincing, because either of the two very popular (and semantically different) approaches to this are available in a very neatly abstracted way. And most of the time you can just use atomics which are available in the standard library anyway.

                                                                                                  Inline assembly works OK, obviously not intended to be used for extensive ASM hacking. Could be really good for some use cases if some warts are fixed. Slightly related: LLVM tries hard to break your code, not even “volatile” ASM is safe from being optimized out a loop…

                                                                                                  This is very legitimate. It’s annoying! The faster the two communities each fix their end of this, the happier I’ll be.

                                                                                                  On high-level features… Traits… can do a lot of things, get really mental really quickly. I don’t really enjoy them.

                                                                                                  This is interesting. I also come from a Lua background, and traits, especially the way they do operator overloading, felt very, very “Lua, but statically typed” to me. I think this is definitely a personal preference thing, but traits are extremely powerful and only getting more so.

                                                                                                  the limits of small devices nudge you to avoid complex language features anyhow?

                                                                                                  This is something I really disagree with, and the core of what makes me a little annoyed by this thread. The purpose of Rust is to be a language with more fancy language features than other languages in its class, but stay in that class by compiling away the majority of the overhead they would otherwise introduce. Yes, maybe you won’t be reaching for async or two levels of dynamic dispatch very often on your ARM Cortex-M0, but that doesn’t mean that traits, generics, and compile time memory safety won’t do you any good, or save you any time.

                                                                                                  Overall I think this is a decent look at Rust, but misses the point in a few key areas. Ultimately the language is pretty good at some things, and bad at some things, and very opinionated.

                                                                                                  1. 6

                                                                                                    As much as I dislike snap, this post is overly dramatic. You can easily download the non-ubuntu chromium binary and install it without need of snap.

                                                                                                    The main problems of snap, which are “irreconcilable differences” that will alienate a part of the population, are:

                                                                                                    1. hardcoded home directory pollution
                                                                                                    2. user home must be inside /home/
                                                                                                    3. cannot disable the automatic update feature
                                                                                                    1. 9

                                                                                                      You can easily download the non-ubuntu chromium binary and install it without need of snap.

                                                                                                      I suppose they want to use official packages from a reputable repository. Installing binaries manually really is bad practice for security and maintainability reasons.

                                                                                                      1. 2

                                                                                                        I installed the official chromium .deb for Debian and it works flawlessly. (I prefer firefox, but jitsi does not work well in firefox).

                                                                                                        1. 4

                                                                                                          Is that a repository, or a single .deb file? If the latter, that doesn’t get updates along with regular system maintenance. If it’s an external repository, that could be a decent solution depending on how much you trust it.

                                                                                                          1. 2

                                                                                                            if chromium is anything like regular chrome or firefox they are updated out of cycle with the rest of the system anyway, unless you happen to turn auto-updates off

                                                                                                            1. 4

                                                                                                              At work I’m using Chromium and Firefox from the Debian repositories. Auto updates are turned off and will use the standard system update mechanism.

                                                                                                              Having random binaries update themselves in a system sounds like a recipe for madness to a sysadmin. Also, how does that even work in a multi-user system where they’re installed system wide? Does that mean these binaries are setuid root or something?

                                                                                                          2. 2

                                                                                                            jitsi does not work well in firefox

                                                                                                            I keep hearing this, but I use jitsi from firefox every day and don’t have any issues. There was a feature missing in firefox about a year ago that was preventing jitsi from working, That was reported and fixed eventually although it took a while to get through the system. Maybe there are still some minor issues but nothing I have seen that makes me want to switch to chrome.

                                                                                                            1. 5

                                                                                                              Firefox’s implementation of WebRTC has some issues that make Jitsi scale poorly when anyone in a call is on Firefox. This is fine for small groups; it only becomes an issue if there’s more than 10 or so participants.

                                                                                                              1. 2

                                                                                                                Ok, thanks for clarifying that. I can confirm I am only using it in small groups.

                                                                                                        2. 5

                                                                                                          I really don’t understand why Ubuntu pushes Snaps when there is Flatpaks (desktop) and Docker (server), unless what they really want is to generate lock in. I wished they were more collaborative and smarter about what maked them stand out (like being a polished desktop Linux). Point 1. was one of the reasons for me to switch to Fedora.

                                                                                                          1. 9

                                                                                                            I find the existence of both Flatpak and Snap confusing. They seem to solve a problem that only exists for a limited set of software within an already very limited niche of users. Web browsers on desktop Linux distros seem to be well-served by them, but how many engineer-years have gone into building these things?

                                                                                                            I suspect there’s some big benefit/use-case that I’m completely missing.

                                                                                                            1. 12

                                                                                                              I find the existence of both Flatpak and Snap confusing.

                                                                                                              This!

                                                                                                              Snap and flatpack try to solve two completely unrelated problems: application sandboxing and package distribution, and do a notoriously bad job at each one.

                                                                                                              Application sandboxing should be an OS-feature, not requiring any action by the potentially hostile application distributors. Thus, it should be able to act upon arbitrary programs. If I want to run “ls” in a controlled container, so be it. Any application, no matter how is it distributed, must be sandboxable.

                                                                                                              Package distribution is a different thing. At this point, it seems that nearly all of the problems can be solved by distributing a static executable as a single file.

                                                                                                              1. 2

                                                                                                                If I want to run “ls” in a controlled container, so be it.

                                                                                                                That may be rather difficult. It already needs access to the whole filesystem…

                                                                                                                1. 3

                                                                                                                  But it doesn’t need to access to the network, or file contents and it definitely should not be allowed to change anything. Plenty of permissions to restrict.

                                                                                                                  1. 2

                                                                                                                    or file contents

                                                                                                                    Can you restrict that on Linux? Is there a separate permission for reading files and reading directories?

                                                                                                                    You’d also need a whitelist for reading some files, such as shared libraries and locale.

                                                                                                                    and it definitely should not be allowed to change anything

                                                                                                                    Well it has to be able to write to stdout… which could be any file descriptor.

                                                                                                                    1. 1

                                                                                                                      Can you restrict that on Linux? Is there a separate permission for reading files and reading directories?

                                                                                                                      So long as the directory has r-x (octal 5) permission, and the file does not have read r permissions you can browse the directory but not read the files contents.

                                                                                                                      1. 3

                                                                                                                        No I mean is there a way to allow readdir but not read? AFAIK Linux does not have that level of granularity.

                                                                                                              2. 1

                                                                                                                This is entirely new to me too.

                                                                                                                From the wikipedia entry https://en.wikipedia.org/wiki/Snappy_(package_manager):

                                                                                                                The system is designed to work for internet of things, cloud and desktop computing.

                                                                                                                So it’s a more light-weight Docker I guess.

                                                                                                                1. 6

                                                                                                                  I’m not sure how much more light-weight they can be, given that Flatpak and Snap are both using the same in-kernel container mechanisms (cgroups, namespaces, seccomp etc.) as Docker.

                                                                                                                  1. 4

                                                                                                                    Somewhat tangential (maybe you happen to know, or somebody else who does is reading) – is the sandboxing any good these days, and do Flathub applications/other packagers user them? About two years ago, when Flatpak was just getting hot, the flurry of “this is the future of Linux desktop” posts convinced me to spend a few weekends with it and it was pretty disappointing.

                                                                                                                    It turned out that virtually all applications on flathub had unrestricted access to the home directory (and many of them had unrestricted access to the whole filesystem), even though it showed the pretty “sandbox” icon – arguably not Flatpak’s fault I guess, but not very useful, and also not very assuring (features that go almost completely unused tend to be broken in all sorts of ways – since no one gets to use them and hit the bugs). Lurking through the bug tracker also painted a pretty terrible picture – obvious bugs, some of which had had serious enough CVEs assigned for months, lingered for months. So basically it was (almost) zero sandboxing done by a system that looked somewhat unlikely to be able to deal with really malicious applications in the first place.

                                                                                                                    (Edit: I don’t mean that Flatpak, or Snap, are bad as a concept – and I also want to re-emphasize, for anyone reading this in 2020, that all of this was back in 2018 or so. But back then, this looked like years away from being anything near something you’d want to use to protect your data – it wasn’t even beta quality, it was, at best, a reasonable proof of concept.)

                                                                                                                    Also, even though this was all supposed to “streamline” the distribution process so that users get access to the latest updates and security fixes more quickly, even the most popular packages were hopelessly out of date (as in weeks, or even months) in terms of security fixes. I expect at least this may have changed a bit, given the increase in popularity?

                                                                                                                    Has any of this stuff changed in the last two years? Should I give it another go this weekend :-) ?

                                                                                                                    (Edit: I can’t find my notes from back then but trying to google around for some of the bugs led me here: http://flatkill.org/ . There’s a lot of unwarranted snark in there, so take it with a grain of salt, but it matches my recollections pretty well…)

                                                                                                                    1. 4

                                                                                                                      It turned out that virtually all applications on flathub had unrestricted access to the home directory (and many of them had unrestricted access to the whole filesystem),

                                                                                                                      A cursory GitHub search of the Flathub organization shows ~150-200 applications have --filesystem=host or --filesystem=home each. And close to 100 have --device=all. So it seems that a large portion is still effectively unsandboxed.

                                                                                                                      Lurking through the bug tracker also painted a pretty terrible picture – obvious bugs, some of which had had serious enough CVEs assigned for months, lingered for months.

                                                                                                                      This is a disaster in the making. Outside the standard SDKs that are provided through FlatHub, applications compile their own picked versions of… pretty much everything. Just going over a bunch of Flatpaks shows that the dependencies are out of date.

                                                                                                                      That said, I see what they are aiming for. The broad permissions are caused by several issues that will probably be resolved in time: broad device permissions are often for webcam access, which should be solved by Pipewire and the corresponding portal. The home/host filesystem permissions can partially be attributes to applications which use toolkits for which the portal mechanism isn’t implemented.

                                                                                                                      The problem that every Flatpak packages their own stuff is more concerning though… I know that the aim is to be distribution-independent, but it seems like a lot could be gained by allowing re-use of regular packages within Flatpaks.

                                                                                                                    2. 2

                                                                                                                      I’m thinking more lightweight conceptually. Docker is seen as a sysadmin/devops thing, Snappy is more like a mobile app.

                                                                                                                      1. 3

                                                                                                                        In practice however it is still a sysadmin thing.

                                                                                                              3. 4

                                                                                                                You can easily download the non-ubuntu chromium binary and install it without need of snap.

                                                                                                                Then you’re either stuck using PPAs (which is a no-go for certain environments) or manually updating the DEB. Both of which are not good options when it should be as easy getting updates from the official repositories.

                                                                                                                1. 0

                                                                                                                  I’ve found Chris’ recent posts to be increasingly histrionic. He’s otherwise been a reliable read for ages.

                                                                                                                  1. 1

                                                                                                                    You say that but I’d agree it’s a serious bug or even just WTF moment.

                                                                                                                    Yes, there’s the FHS - but nowhere it says (afaik) that software should break if you change something like this, which isn’t even an edge case but has been done for decades.

                                                                                                                    1. 1

                                                                                                                      I don’t disagree with that. It seems like a poor limitation that deserved more attention from the devs once reported. And it would have likely caused problems at the last place I was a Sysadmin.

                                                                                                                      What I’m complaining about is the tone with which he’s presented the issue. And it’s not limited to this post; I’ve been reading his blog for about ten years and it’s been a high quality read for most of that time, until relatively recently when the tone has been more entitled and (for want of a better word) whingy which detracts from the substance of what he’s writing about.

                                                                                                                1. 2

                                                                                                                  My blog is at https://nora.codes. I discuss a number of topics around programming, computer science education, and soon modular synthesis as I’ve just released my first modules for VCVRack.

                                                                                                                  1. 16

                                                                                                                    So Microsoft GitHub is doing the “lower the price, so the competition dies”-trick in this market as well, now. Interesting.

                                                                                                                    1. 26

                                                                                                                      A company responding to market pressures and pricing their products more competitively. Truly an evil ploy 😒🙄

                                                                                                                      1. 8

                                                                                                                        Wouldn’t you say it’s unfair competition to be able to dump infinite money into a business area in order to drive out competitors? That’s way past aggressive pricing.

                                                                                                                        1. 4

                                                                                                                          Wouldn’t you say it’s unfair competition to be able to dump infinite money into a business area in order to drive out competitors? That’s way past aggressive pricing.

                                                                                                                          It depends on how much you do it and for how long. Most startups start by selling below cost. The joke about Amazon in the ‘90s was that they make a loss on each sale, but make it up in volume. The typical marker for anticompetitive behaviour is whether the low price is long-term sustainable. If you are selling below cost because you expect to be able to lower your costs via economies of scale, that’s fine. If you’re cross-subsidising from another revenue stream and just trying to push your competitors out of business, that typically isn’t.

                                                                                                                          As I understand it [1], GitHub is independently profitable, primarily from the enterprise offerings. The free offering is one of the highest return-on-investment advertising campaigns that any company has ever offered (Gillette sending free razors to everyone in the UK who appeared as male on the electoral roll one year is close). Pretty much everyone coming out of university with a vague interest in programming has GitHub experience and I would be shocked if that didn’t translate into a load of companies buying the enterprise offerings. Even the $21/month/dev offering is a lot cheaper for most companies than doing the same thing in-house (compare that to even the salary of one person full time maintaining the infrastructure and you need quite a lot of devs for that to reach the break-even point).

                                                                                                                          [1] Disclaimer: I work for Microsoft Research, so may be considered biased, but I have no visibility into GitHub.

                                                                                                                          1. 2

                                                                                                                            Bitbucket’s been like this forever right?

                                                                                                                            “Offer basic service for free, advanced features behind paywall” is not really an odd concept, and it doesn’t require infinite money pits. As a (relatively small, granted) team we evaluated this change and decided to keep on paying for the paid service because we wanted the feaetures it was providing.

                                                                                                                            I also remember a thing about how GH makes a bunch of money on its on-premise thing, and I imagine that pricing is not changing at all

                                                                                                                          2. 9

                                                                                                                            A company responding to market pressures with no regard for profit against competitors that don’t have vast resources backing them is a net detriment to the market. Similarly large companies (Google, Facebook) have no reason to get into the market and smaller companies (GitLab, sourcehut) can’t easily compete with Microsoft operating at a loss. This a classic monopoly tactic.

                                                                                                                            1. 5

                                                                                                                              I’m not so sure if it’s the case that GitHub “has no regard to profit”; in the HN thread Nat said they’ve been wanting to do this for a while, but had to wait for revenue in the enterprise to be high enough. The existing pricing for BitBucket and GitLab are similar to the new GitHub pricing; GitHub was actually quite expensive before. The new pricing seems reasonable and fair to me, and is competitive. I see no evidence of it being sponsored by Windows sales, for example.

                                                                                                                              GitLab seems to be doing quite well with $100M revenue, Atlassian has $1.2 billion revenue (can’t find numbers for BitBucket specifically), sourcehut will always remain a niche product due to its idiosyncrasies (which is not just fine, but great; niche markets deserve good products too). So I’m not especially worried about any of those.

                                                                                                                              I’m also not hugely enthusiastic by large companies becoming ever larger, and would have preferred if GitHub had remained independent. I think we probably have some common ground here. But what I’m a little bit tired of is that everything GitHub does these days is seen as part of some sort of malicious plan, and the assumption that everything they do is done in bad faith. Certainly in this case, it seems like a normal common-sense business decision to me.

                                                                                                                              Is there a potential for Microsoft to abuse their power with GitHub? Sure! But thus far I’ve seen no indications of this. I agree we should be watchful for this (and ideally we should have better anti-trust laws), but I think we must also keep a level head and not jump to conclusions over every small thing. As someone who started using Linux/BSD systems in the early 2000s I have plenty of gripes with Microsoft (being sent a .doc file was a proper hassle back then), but pretty much all of the leadership has changed and Microsoft is not the same company. Referring to long-since abandoned strategies like EEE is, quite frankly, just inappropriate. I have actually flagged that comment as “unkind”, because random accusations without evidence are not appropriate IMO, even when directed at companies.

                                                                                                                              CC this this also replies to your comments: @nomto @caleb @azdle

                                                                                                                              1. 2

                                                                                                                                I wrote a whole in-depth response but then, upon re-reading, I realized that we pretty much have no common ground on which to discuss this.

                                                                                                                                I have actually flagged that comment as “unkind”, because random accusations without evidence are not appropriate IMO, even when directed at companies.

                                                                                                                                Y’all are on some real bootlicker shit over here.

                                                                                                                                1. 1

                                                                                                                                  I can see you’re committed to constructive discourse where everyone is free to voice their opinions without fear of being insulted; not so much to convince each other, but to at least understand each other’s positions better. Thank you!

                                                                                                                                2. 1

                                                                                                                                  But what I’m a little bit tired of is that everything GitHub does these days is seen as part of some sort of malicious plan, and the assumption that everything they do is done in bad faith.

                                                                                                                                  Everything that GitHub does these days is part of some sort of malicious plan. That’s how business works (at this scale and in this part of the economy, at any rate).

                                                                                                                              2. 4

                                                                                                                                It’s a ploy to eliminate competition and expand private control over the infrastructure used by developers. Whether you think it’s evil depends on your values.

                                                                                                                              3. 5

                                                                                                                                The interesting part is that they chose to do it after their Enterprise business got big enough to subsidize it, not as a loss-leader using Microsoft money. It seems like the strategy to keep GitHub and Microsoft relatively separated has allowed GitHub to continue to connect very well with their target audience. Someone on HN mentioned Cloudflare as another company that has done a similarly good job of understanding who they’re marketing to and making changes that makes their target market happy.

                                                                                                                                1. 3
                                                                                                                                  1. 12

                                                                                                                                    Do you have any examples of GitHub or Microsoft extending git so that it’s incompatible with non-GitHub/Microsoft clients?

                                                                                                                                    1. 11

                                                                                                                                      I don’t know if/don’t think that this is a case of EEE, but FWIW, I’ve had a lot of trouble explaining people past a certain level of management (read: who have not programmed for more than some amount of time) that git and Github are different things. I’ve worked in a place where virtually everyone with a word to say in terms of budget, tooling and whatnot hadn’t used a version control system since back when SVN was pretty fresh, and some of the things that I had lots of trouble (read: needed countless hours and countless meetings) were:

                                                                                                                                      • Git is a VCS, Github is a tool that uses git. (This was all happening while I was lending a hand with a very tortuous transition to git and virtually everyone referred to it as “the transition to github”, even though we were actually using Gitlab!)
                                                                                                                                      • git is not developed by Microsoft.
                                                                                                                                      • Github is not the enterprise/SaaS version of git, git is not the free/community version of Github.
                                                                                                                                      • Gitlab is not a free/self-hosted/community edition of Github.
                                                                                                                                      • You don’t need something like Github or Gitlab to use git.
                                                                                                                                      • The pull request-oriented workflow of Github is just one of the possible workflows, and you can do it without Github or Gitlab.

                                                                                                                                      Some of these I’m pretty sure I never managed to really get across. The last meeting I attended before leaving that place saw a bunch of questions like “can we upgrade from Gitlab to Github” and “Can the CLI version of Github (NB: git. That guy meant git.) create pull requests?”

                                                                                                                                      I don’t really follow the politics of these things because I can’t really say I care – VCSs come and go, I self-host git for myself but otherwise I use whatever my customers want to use and I’m happy with it. But if Microsoft wanted to do the EEE thing, the fruit is definitely ripe.

                                                                                                                                      1. 3

                                                                                                                                        The fact that github run the git.io URL shortener is pretty darn deceptive, IMHO.

                                                                                                                                        1. 2

                                                                                                                                          I’m not so worried about that in the case of git/GitHub to be honest, since it’s primarily a development tool. If devs decide they want a different tool en-masse, then usually they will get it (…eventually). This is pretty much what happened with svn → git.

                                                                                                                                        2. 11

                                                                                                                                          It’s not git, but the other various services tacked on (issues, the workflow, CI, etc) that have basically become synonymous with ‘git hosting’, which require more and more effect to break free from once you become invested in using it.

                                                                                                                                          1. 21

                                                                                                                                            That’s not “Embrace, extend, extinguish”, that’s just building a successful product that people find pleasant to use. There is no “Microsoft git” and you can download all your data from GitHub. If you want to make the argument that there should be more competition in the market, then okay, fair enough. But again, very different from EEE.

                                                                                                                                            There is a massive difference because EEE is all about forcing people in to using a product and is malicious, whereas building a very popular product isn’t. There is nothing forcing you to use GitHub. If you want to use any competitor, then you have 100% freedom in doing so.

                                                                                                                                            GitHub is also quite far removed from being a monopoly. If anything, then lowering their prices is proof of that; monopolists don’t lower prices.

                                                                                                                                            more and more effect to break free from once you become invested in using it.

                                                                                                                                            This is true for anything. I stuck to tcsh for years because converting my extensive tcsh config to zsh would be a lot of work, as would re-learning all the tcsh tricks I knew. Even now I just stick with Vim even though Spacemacs is probably better just because I’m so invested in it.

                                                                                                                                            1. 4

                                                                                                                                              There is a massive difference because EEE is all about forcing people in to using a product and is malicious, whereas building a very popular product isn’t. There is nothing forcing you to use GitHub. If you want to use any competitor, then you have 100% freedom in doing so.

                                                                                                                                              But if you want to contribute to a project, and their workflow is centred on Github (push requests, CI, etc.) then you are kind of required to comply. And all that infrastructure is also not that easy to move around – or at the very least it’s an effort that would require a great dissatisfaction with GitHub.

                                                                                                                                              1. 6

                                                                                                                                                But if you want to contribute to a project, and their workflow is centred on Github (push requests, CI, etc.) then you are kind of required to comply.

                                                                                                                                                In Microsoft’s defense, that was true of GitHub long before Microsoft took over.

                                                                                                                                                1. 1

                                                                                                                                                  I wasn’t “attacking” Microsoft, but rather GitHub. The change in ownership is more of a formality to me ^^.

                                                                                                                                                2. 4

                                                                                                                                                  But if you want to contribute to a project, and their workflow is centred on Github (push requests, CI, etc.) then you are kind of required to comply.

                                                                                                                                                  This is true for any workflow. I really don’t like mailing lists or IRC for example, but if that’s what a project uses then I’m “required to comply” just as much as you are “required to comply” with my GitHub workflow (although I won’t turn down patches sent over email, if that works better for you).

                                                                                                                                                  Unfortunately, there is no way to satisfy everyone here; different people just have different preferences, and the GitHub workflow works well for many.

                                                                                                                                                  1. 1

                                                                                                                                                    Sure, but you don’t need an account for mailing lists, you don’t have to sign anything. Also, due to it’s decentralized nature, it’s easier to prevent a lock-in.

                                                                                                                                                    GitHub workflow works well for many.

                                                                                                                                                    Exactly! This pushes developers to adopt GitHub, as they fear (and I have experienced myself) that any other platform will have less interactions (bug reports, patches, etc.).

                                                                                                                                                    1. 1

                                                                                                                                                      You need an email account, and you typically need to subscribe to the email list (resulting in a lot of email in my inbox I don’t care about). It also doesn’t offer things like a good code review UI, which are IMO much easier in a GitHub-like UI, especially for larger patches. I appreciate it works better for some, but there’s a lot of friction involved for many.

                                                                                                                                                      If you’re really opposed to the GitHub-style UI, then my suggestion would be to work on an alternative which doesn’t have the downsides you see, but also removes the friction and UX issues that many really do experience. “Everyone is doing it wrong” is not really very constructive; people usually do it “wrong” for a reason, so best to address that.

                                                                                                                                                      This pushes developers to adopt GitHub, as they fear (and I have experienced myself) that any other platform will have less interactions (bug reports, patches, etc.).

                                                                                                                                                      The same applies not just to GitHub, but also git itself. I much prefer mercurial myself, but there’s much more friction involved for (potential) contributors. Related thing I wrote a few years ago: I don’t like git, but I’m going to migrate my projects to it

                                                                                                                                                      The problem with these kind of tools that everyone needs to use, is that a lot of people don’t really like using and learning multiple of them, so there may be kind of a natural tendency to go towards a single tool. There are certainly some advantages with having these kind of “industry standards”.

                                                                                                                                                      1. 1

                                                                                                                                                        It’s true that subscribing to mailing lists can be annoying. But personally, I don’t have a “everyone is doing it wrong” approach, as I think that sourcehut is building towards a very good system that both works for web-oriented and mail-oriented users.

                                                                                                                                                        And regarding git, I think that main difference is tool vs service. Git is free software, I don’t need permission to use it, not could it be revoked. GitHub is a platform with their own interests. But other than that, I understand your point. I too find hg interesting, but what keeps me from transitioning is manly that in Emacs, Magit is too comfortable to git up.

                                                                                                                                                3. 2

                                                                                                                                                  That’s not “Embrace, extend, extinguish”, that’s just building a successful product that people find pleasant to use. There is no “Microsoft git” and you can download all your data from GitHub. If you want to make the argument that there should be more competition in the market, then okay, fair enough. But again, very different from EEE.

                                                                                                                                                  There is a massive difference because EEE is all about forcing people in to using a product and is malicious, whereas building a very popular product isn’t. There is nothing forcing you to use GitHub. If you want to use any competitor, then you have 100% freedom in doing so.

                                                                                                                                                  Everything you say also applies to the classic examples of EEE like extending HTML in IE. Every example of EEE is “building a successful product that people find pleasant to use,” so I don’t know why you juxtapose those things. Users of IE in the 90s had 100% freedom in switching to Netscape too. If you think these are fine justifications, you simply have no problem with EEE.

                                                                                                                                                  And there is “Microsoft git,” it’s called “hub.”

                                                                                                                                                  1. 2

                                                                                                                                                    Extending HTML is different because it forced Netscape and other vendors to “catch up” or their product would be “defective” (in the eyes of the user, since it didn’t render websites correct). This is the devious part of the “Extend” phase because it seems like it’s adding useful helpful new features, but it’s done with the intention to make the competitor look “broken”.

                                                                                                                                                    As I said, GitHub has made no attempts to extend git in that way, or even hinted at attempts to do so.

                                                                                                                                                    1. 1

                                                                                                                                                      Adding helpful new features always has the effect of making the competitor look broken, and we have no way of evaluating intentions in either case. Extending git with pull requests makes repo.or.cz look defective because you can’t send pull requests with hub to a repo hosted there. It’s not different.

                                                                                                                                                      1. 1

                                                                                                                                                        It’s just some UI to improve the process, not a incompatibility. To me it sounds like you’re basically saying “you can’t improve your product to make it easier to use, because that will make competitors seem bad”, which I find a rather curious line of thinking.

                                                                                                                                                        1. 1

                                                                                                                                                          I’m not saying anything about what a company can and can’t do. Hub is not compatible with standard git hosting, so that seems like an incompatibility to me.

                                                                                                                                                          You seem to have decided that EEE is inherently bad and malicious, yet it was a phrase originally used proudly by Microsoft employees. They were proud because they viewed their actions exactly the way you view the current GitHub developments. If you have no problem with proprietary git extensions, what’s wrong with upgrading a browser with proprietary extensions to enable video playback in a web page?

                                                                                                                                                          1. 1

                                                                                                                                                            Yeah, a solution that works for both would be best. I’m not entirely sure of SourceHut will be that – at least from the perspective of a “web hipster” like me – but I’m keeping an eye on it. You can already do that with GitHub to some degree as well btw; for example Vim sends all issues to the mailing list, and you can (and many people do) reply from there. You can probably do something similar with PRs if you want.

                                                                                                                                                            You seem to have decided that EEE is inherently bad and malicious, yet it was a phrase originally used proudly by Microsoft employees. They were proud because they viewed their actions exactly the way you view the current GitHub developments. If you have no problem with proprietary git extensions, what’s wrong with upgrading a browser with proprietary extensions to enable video playback in a web page?

                                                                                                                                                            Like I said, I don’t think it’s the same since the git protocol isn’t modified. It’s more similar to the video popup thingy Firefox added a while ago: it didn’t modify anything about the underlying protocols and standards, but it did modify the UI based on those standards.

                                                                                                                                                            I can see where you’re coming from since you’re “forced to use GitHub”, but isn’t that the case for any issue tracker I add? If I self-host some Ruby on Rails issue tracker, and maybe a code review system, then you’re “forced” to use that too, right? I’m not sure how different that would be to GitHub?

                                                                                                                                                            At the end of the day, I think by far the most important issue is that git remains the open and free protocol and tool that it is today; issue tracker, code review, and whatnot are all very convenient and nice, but they’re really just auxiliary features of relative low importance to the actual code. By far the most important thing is that everyone is able to clone, share, and modify the software freely, and GitHub doesn’t stand in the way of that at all as far as I can see.

                                                                                                                                                            1. 1

                                                                                                                                                              I’m still not clear what problem you have with using otherwise-ignored HTML to embed useful features in a web page. Microsoft didn’t modify HTTP.

                                                                                                                                                              1. 1

                                                                                                                                                                A webpage is inaccessible if I view it in a browser which doesn’t implement the feature (how inaccessible depends on the details), whereas git is still the same git with GitHub.

                                                                                                                                                                1. 1

                                                                                                                                                                  That is true of any advance in web standards. Web pages which use those standards are inaccessible from browsers which don’t implement those features.

                                                                                                                                                  2. 1

                                                                                                                                                    That’s not “Embrace, extend, extinguish”, that’s just building a successful product that people find pleasant to use. There is no “Microsoft git” and you can download all your data from GitHub. If you want to make the argument that there should be more competition in the market, then okay, fair enough. But again, very different from EEE.

                                                                                                                                                    There is a massive difference because EEE is all about forcing people in to using a product and is malicious, whereas building a very popular product isn’t.

                                                                                                                                                    If we ignore the pricing, it’s not “extinguish”, but it’s pretty clearly “embrace” and at least a little bit of “extend”.

                                                                                                                                                    There is nothing forcing you to use GitHub. If you want to use any competitor, then you have 100% freedom in doing so.

                                                                                                                                                    Yes, currently that is true. But if Microsoft is pricing GH below cost, it will make it hard for those commercial competitors to make enough money to continue existing.

                                                                                                                                                    GitHub is also quite far removed from being a monopoly. If anything, then lowering their prices is proof of that; monopolists don’t lower prices.

                                                                                                                                                    Pricing yourself lower than your costs is exactly how you use money to build a monopoly though.

                                                                                                                                                    All the being said, I don’t think anyone is worried about them “extinguishing” git, because you can’t extinguish open source software. But, it definitely doesn’t look good for GH’s commercial competitors.

                                                                                                                                                4. 2

                                                                                                                                                  Applied to a service, what they’d do is something to get people to put their critical assets in it, build their business processes on using it, eliminate the better competition somehow if possible, and lock-in results. Once locked-in, they start jacking up prices, reducing quality, selling them out to advertisers, etc.

                                                                                                                                                  Microsoft has a long history of that for its own products and its acquisitions. I decided to recommend nobody depend on Github the second that… they were a SaaS startup. They usually become evil after acquisition or I.P.O.. If not a startup, the second Microsoft bought them.

                                                                                                                                            1. 3

                                                                                                                                              My experience (as a CS TA teaching Pascal in the mid-80s, and as parent to a gifted child) is that most people, even smart people, have a difficult time mastering basic programming. Some of the concepts are intrinsically quite difficult, like indirection (pointers), recursion, and simulating control flow in your mind. At that level, anything you can do to remove minor distractions helps! IDEs are a godsend. FFS, don’t make the students worry about line endings or invisible files! That’s like failing a student’s English essay because she was told not to use past tense but let a “was” slip in [true story.]

                                                                                                                                              The gifted students, the ones who take to code like a penguin to water, will thrive even in the harshest environments. These are the ones your advice makes sense for. I learned to code on a goddamn Teletype, and later hand-assembled Z80 instructions. My kid politely ignored the Xcode and Python I set up for them, but a few years later discovered GameBoy emulator ROM modding and taught themselves 65816 machine code by deciphering and extending other people’s Pokémon Blue hacks. Ten years later they’re reversing Apple’s private graphics frameworks and writing GPU shaders, despite being unable to survive a single semester of college.

                                                                                                                                              1. 2

                                                                                                                                                At that level, anything you can do to remove minor distractions helps!

                                                                                                                                                I would (and do, in the post) argue that Java is chock full of these distractions, by its very nature; switching to a language like Python or Racket means that not only is the whole complexity of an IDE removed, but the language itself is easier for a new programmer.

                                                                                                                                                Tell me, which is more distracting to a new programmer:

                                                                                                                                                class HelloWorld {
                                                                                                                                                    public static void main(String[] args) {
                                                                                                                                                        System.out.println!("Hello, world!");
                                                                                                                                                    }
                                                                                                                                                }
                                                                                                                                                

                                                                                                                                                or:

                                                                                                                                                print("Hello, world!")
                                                                                                                                                

                                                                                                                                                Or, from another perspective, is it easier to teach a student:

                                                                                                                                                “There’s a program called Python. It looks at the code you wrote and tells the computer what to do based on that. To run your code, put it in a file and tell Python the name of the file, and it will run.”,

                                                                                                                                                or “To run your code, open Eclipse, create a new project from the menu File -> New Project, then do x, y, and z in the wizard, then navigate through the project tree to your main class, then enter your code and click this specific button on the top toolbar.”?

                                                                                                                                                1. 2

                                                                                                                                                  Totally agree with you there. Teaching java as a fist language seems like a bad idea these days.

                                                                                                                                                  1. 2

                                                                                                                                                    We can have both a language with minimal distractions and a helpful IDE. Maybe not with Python or Racket, because of dynamic typing. But there are other possibilities. One recent language that has been designed specifically for teaching, and now has its own IDE to go with it, is Quorum. (Disclosure: I contributed some code to the project.)

                                                                                                                                                    1. 1

                                                                                                                                                      that looks pretty neat, you should submit it as its own post!

                                                                                                                                                1. 3

                                                                                                                                                  The Harvard CS50 course does a really nice thing here. They teach C and Python using a simple cloud-hosted IDE built atop Cloud9 which is called “CS50 IDE”. It has a simple file manager, text editor with basic syntax highlighting, and integrated terminal for compiling/running programs. They have built small command line tools to help with debugging and interpreting error messages. The first 75% of the course is taught using C, with the last 25% taught with Python. For the C portions, their command-line invocations just use make, which uses clang under the hood for compilation of C code. They also teach valgrind for debugging memory leaks. They also have a simple step–through debugger integrated with the IDE, but they actually encourage students to begin debugging with simple printf statements and logical reasoning. For the Python portions, they just run CPython 3.x directly.

                                                                                                                                                  So, the students get an experience that is very close to a “real-world development environment”, but it all runs in their browser. Their online documentation describes how you can get an similar development environment running locally, and use your own text editors and shells and even IDEs. In my opinion, this is a great way to do it. You spare intro-to-CS students of all the vagaries of setting up a local or remote UNIX dev environment, but you also lay down a foundation of tools that allows them to do so on their own time, as they please. Rather than picking an IDE bound to a specific language and time, they have abstracted the “IDE concept” and managed to teach a little UNIX in the meanwhile (ls, cp, mv, compiler command-line arguments, etc.), by osmosis.

                                                                                                                                                  1. 1

                                                                                                                                                    That seems like a great idea! Is that tool available to other institutions?

                                                                                                                                                    1. 1

                                                                                                                                                      Based on my understanding it’s a bit of a complex setup they have, since they give every student their own container and disk space on shared cloud infrastructure that is tied to an authentication system for the course. I am also not sure if they have open sourced their customizations. But the actual editor itself that runs in the browser is a customized version of Cloud9, which does have a public open source project. And using AWS, you can spin up Cloud9 environments.

                                                                                                                                                  1. 1

                                                                                                                                                    I definitely agree with this, and I personally found IDEs cumbersome when I was trying to learn programming.

                                                                                                                                                    But, I am curious, are there fields and/or career paths where you can just stick with programming in an IDE and never really have to worry about the operating system or network system your code will run in?

                                                                                                                                                    Scientific programming comes to mind, but what others?

                                                                                                                                                    1. 4

                                                                                                                                                      Oh, definitely. Windows application programming, for one. I don’t think it’s acceptable for the CS programs to cater only to that kind of career path, though!

                                                                                                                                                    1. 1

                                                                                                                                                      That’s why I think the focus on high level languages is bad.

                                                                                                                                                      I’d teach baremetal raspberry pi assembler programming, or on x86 FreeDOS and Flat Assembler.

                                                                                                                                                      The amount of cs grads I’ve encountered who can’t even write a simple program in assembler or C sickens me.

                                                                                                                                                      1. 14

                                                                                                                                                        The amount of cs grads I’ve encountered who can’t even write a simple program in assembler or C sickens me.

                                                                                                                                                        If you take the stance that CS is training for programming jobs, then there are a multitude of programming jobs where this doesn’t matter. Especially writing in assembler. (We should let C die a slow death anyway. And I say this as someone who works on a C compiler for a living.)

                                                                                                                                                        If you take the stance that CS is learning to think computationally and understand computation, what evidence is there that knowing C and assembler even matter in this regard? I’ve never heard of anything about it. Everything I hear about it is dogma and completely unsubstantiated.

                                                                                                                                                        1. 3

                                                                                                                                                          If you take the stance that CS is training for programming jobs

                                                                                                                                                          I have to say: I absolutely do not take this stance. University traditionally has been all about learning all about and advancing a subject or series thereof. A place of knowledge and research.

                                                                                                                                                          It is a really bad trend that, for many universities and degrees, it is turning into a “prepare for job” course like the alternatives to university.

                                                                                                                                                          to think computationally and understand computation, what evidence is there that knowing C and assembler even matter in this regard?

                                                                                                                                                          That how computers work do not matter on understanding computation is quite the claim. I believe the burden of supporting this claim is with you.

                                                                                                                                                          1. 3

                                                                                                                                                            The comment by @matklad on this thread is proof of how very far a beginner can get without getting around to the so-called basics.

                                                                                                                                                            1. 1

                                                                                                                                                              It’s kind of amazing, but ultimately I have to feel sorry for the person who had to do it with hands tied on his back, and can’t help but wonder how much faster and farther they could have got otherwise.

                                                                                                                                                              1. 4

                                                                                                                                                                For that matter, along the four hours of Pascal we also got exposure to CS-flavored Boolean algebra (Karnaugh maps for minimization, and Boolean scheme modeling in some GUI program). This bit of knowledge was fun, but irrelevant for the polynomial things. We didn’t talk about assembly and compilers, and the lack of that knowledge didn’t harm, at that time.

                                                                                                                                                          2. 2

                                                                                                                                                            Came to this thread for exactly this idea. When I’ve taught uni students Java (which is only one of a few languages I’ve taught to students, not all of whom were in CS) we’ve used BlueJ which is an environment that removes the thinking between “open environment” and “type in Java”. That’s good for when you want students to explore an algorithm, coincidentally in Java notation, and bad for when you want them to learn how professional programmers write software, which is often done in Java despite the protestations of the RESF.

                                                                                                                                                            Agreeing with or even understanding critiques of programming tooling in a CS class requires acceptance of what a CS class is for, and there isn’t wide agreement even among educators. Where I teach, plenty of the undergraduate classes don’t even use a computer because the goal is to understand computation, not to make a computer implement a customer’s requirements.

                                                                                                                                                          3. 8

                                                                                                                                                            I don’t think optimizing Computer Science education for the current local maximum of C-on-Unix is future proof.

                                                                                                                                                            Anyway, most recent CS grads I’ve gotten to know online are very unhappy that their first developer jobs don’t allow them to use Haskell for everything.

                                                                                                                                                            1. 1

                                                                                                                                                              May I ask why? I agree that learning a systems programming language is probably a boon, but I imagine that C++ would be the language of choice at many institutions.

                                                                                                                                                              1. 2

                                                                                                                                                                I guess @ethoh is saying that universities shouldn’t be vocational schools, factory lines churning out programmers that know only one or few more things.

                                                                                                                                                                I think students need to learn both, the high-level stuff and the low-level, from web servers to the basics of digital electronics. Assembler is not a very complicated language. It is useful for a student to understand how do you add two numbers using just two registers and an instruction. I wouldn’t have students write a game in assembler. But writing a number guessing game in a high-level language first, showing the compiler assembler and then being able to study what it does is a valuable skill.

                                                                                                                                                                I would teach the full spectrum with a parallel curriculum of two courses, a programming 101 teaching some basics of a high-level programming language, and a computer engineering basics teaching the low-level bits. The first one of the high level one starts with hello world in Java/Python/X, moving on to more complicated applications focusing on more abstract problems, while the first class of the low-level one starts from boolean logic, moving on to logic gates, flip-flops, registers, von Neumann architectures, and so on.

                                                                                                                                                                Eventually, about one third in of the curriculum, these courses would meet, so to speak; we would have now a sufficient understanding of the high-level language and the compiler so that we can inspect the raw assembler it generates, which we would then be able to understand given the low level knowledge we’ve accumulated. Then they would again diverge, the high-level language builds something more interesting and tangible, like a compiler, a web server, a game, while the low-level part goes on to study different microarchitectures, computer architectures, microcontrollers, embedded operating systems, and so on.

                                                                                                                                                                By the end, the students would understand what the abstract machine C describes (a PDP-11) is different from the computers we have today, and how compilers, operating systems, even programs, make all sorts of interesting compromises to be able to perform efficiently. They would understand why your JavaScript web app was also vulnerable to Spectre.

                                                                                                                                                                1. 2

                                                                                                                                                                  This is almost exactly how things are done at Georgia Tech, where I’m a student. There’s some variability depending on your specializations, but almost everyone goes through the sequence you’ve described. I’ve found that it’s given me a really solid foundation for learning the more practical parts of software engineering (SCM, web dev, building stuff with the cloud, best practices, etc), most of which I’ve learned on my own.

                                                                                                                                                                2. 1

                                                                                                                                                                  C++ can be used to teach systems programming, but it is too much of an invitation to abstract away the machine. C is less problematic in that sense, but it is no replacement for assembly.