1.  

    Unfortunately, while the headline is clever, it’s not true.

    Palantir’s worst is done with code written in house, with the same open source codebase we all start with. So long as there are people willing to work there, bad things are going to be written into code and deployed.

    1. 8

      One note, the specific company wasn’t Palantir, but was in a similar space.

      I agree that not serving this company has a very small effect on them, but it was better than the alternative. Additionally, if enough companies refuse to work with companies like Palantir, it would begin to hinder their efforts.

      1.  

        Sounds like it was https://www.wired.com/story/palmer-luckey-anduril-border-wall/ ? Palantir at least has some positive clients, like the SEC and CDC.

        1.  

          not serving this company has a very small effect on them

          It has a big effect, instead. On the system. On their employees. On your employes and your customers…

          Capitalism fosters a funny belief through its propaganda (aka marketing): that humans’ goals are always individualistic and social improvements always come from collective fights. This contraddiction (deeply internalized as many other disfunctional ones) fool many people: why be righteous (whatever it means to me) if it doesn’t change anything to me?

          It’s just a deception, designed to marginalize behaviours that could challenge consumerism.

          But if you cannot say “No”, you are a slave. You proved to be not.

          And freedom is always revolutionary, even without a network effect.

      1. 7

        Good on you. It’s worth mentioning here that Microsoft is going in the other direction. https://www.mercurynews.com/2018/06/19/microsoft-defends-ties-with-ice-amid-separation-outcry/amp/

        1.  

          In response to questions we want to be clear: Microsoft is not working with U.S. Immigration and Customs Enforcement or U.S. Customs and Border Protection on any projects related to separating children from their families at the border, and contrary to some speculation, we are not aware of Azure or Azure services being used for this purpose. As a company, Microsoft is dismayed by the forcible separation of children from their families at the border.

          Maybe I’m missing something, but it seems they are going in the exact same direction…

          1.  

            It’s a very confusing article; my best guess is that they are working with ICE, but not on “projects related to separating children from their families at the border”.

            1.  

              And just because Microsoft isn’t directly helping, they are still helping. That nuance is discussed in OP’s article - any support to an morally corrupt institution is unacceptable, even if it is indirect support.

              1.  

                But that perspective is very un-nuanced. Is everything ICE does wrong? It’s a large organization. What if the software the company that @danielcompton denied service to is actually just trying to track down violent offenders that made it across the border? Or drug trafficking?

                To go even further, by your statement, Americans should stop paying their taxes. Are you advocating that?

                1.  

                  There’s always a nuance, sure. Every police force ever subverted for political purposes was still continuing to fight petty crime, prevent murders and help old ladies cross the street. This always presented the regimes a great way to divert criticism, paint critics as crime sympathisers and provide moral leeway to people working there and with them.

                  America though, with all its lip service to small government and self reliance was the last place I expected that to see happening. Little did I know!

        1. 34

          Well done.

          Ethics is not something we can turn off during working hours, to maximise profits.

          Technology is just the continuation of Politics by other means.

          1. 10

            os

            Upvote and/or comment here if you prefer “os” to be the label of the new taxon.

            1.  

              I see a lot of Plan 9 links in the list, and I don’t think anybody running Plan 9 these days is doing operating systems research or writing papers about it, so “osres” or “os-research” doesn’t seem to fit. Meanwhile, “osdev” makes me expect articles on things like “how to map the VGA framebuffer” and “how to get from 8086 real mode to x86_64 long mode”.

              “os” is perhaps a little generic, but I guess the alternative would be to tag such posts as “software”, which is even more so.

              1. 5

                I do operating system research based on Plan 9.
                And I think what 9front developers do count as research as much.
                Also people usually write “papers” when the research produce something interesting. It might take a while. :-)

                Note that “os” is fine to me, I just think it will require more moderation to keep it focused on less known operating systems.

            1.  

              osres / os-research

              Upvote and/or comment here if you prefer “osres” to be the label of the new taxon.

              1. 9

                Previous similar requests: os, systems and Operating Systems.

                I welcome a better label for the tag, but osdev seems appropriate to me.

                1.  

                  Good links to prior threads justifying it. There was 43 in favor of “os” with 35 on “osdev” in last call. Those should probably be our default options. I’m still in favor of OS since “Operating Systems” is a category covering descriptions and development that’s already standardized in tagging systems, universities, commercial suppliers, and FOSS. We could do a vote on it by having two comments, one os and one osdev, with people voting on which one they want.

                  1.  

                    I’m fine with both labels.

                    The advantage I see for osdev over os is that its more explicit in excluding mainstream operating systems.

                    While not fool-proof, this reduce the risk of articles unproperly tagged as “os linux” or “os windows”, increasing the effectiveness of the classification.

                    I also like “systems” but it’s an even more general label that could fool submitters.

                    1.  

                      We could do a vote on it by having two comments, one os and one osdev, with people voting on which one they want.

                      Let’s try.

                  1. 37

                    osdev

                    Upvote and/or comment here if you prefer “osdev” to be the label of the new taxon.

                    1.  

                      As Screwtape mentions,

                      “osdev” makes me expect articles on things like “how to map the VGA framebuffer” and “how to get from 8086 real mode to x86_64 long mode”.

                      I think this kind of content, even though maybe it’s not quite of-a-kind with plan9 stuff, should be encouraged.

                      Plus, there’s a lot of overlap between non-mainstream OSes, experimental OS ideas, and OSes that have not yet reached a stable or usable level of development. I expect any ‘osdev’ tag to be used the way the ‘plt’ tag is – in other words, a mix of theory, practice, and spotlights on interesting experiments/research that doesn’t quite fit in other tags.

                      Certain articles that are currently tagged ‘historical’ but are concerned with the low-level interface to firmware, like the os2 blog entries about the A20 gate & unreal mode, could find a better home in an osdev tag. This seems like a ‘win’ for me.

                      (I should note that, as the author of two OS projects incorporating strange philosophical & technical ideas, an osdev tag benefits me quite a bit – I don’t have the time or energy to do OS work anymore but a new tag gives me an excuse to post about these old projects and talk about them!)

                      1.  

                        The advantage of osdev, in my opinion, is that it’s less likely to be erroneously attributed to mainstream operating systems.

                        I’d like to see in this group contents that challenge mainstream design of operating systems, so that using it for, say, a posix tool would be clearly off topic.

                      1.  

                        The author claims they’re a programmer, but they still clicked 338 checkboxes manually? Sounds fishy :)

                        Here’s what I’ve done on Tumblr, which also has something similar.

                        for (var x of jQuery("input[checked]")) {jQuery(x).removeAttr("checked");}

                        1. 11

                          The author is a programmer, a software architect, an hacker, and a curious person in general.

                          I can conceive several ways to fool your smart jquery script. If you cannot think of them yourself, you shouldn’t code in Javascript, actually.

                          But also I’m a UI and UX designer, at work.

                          I was surprised to see a nice UI with such a stupid mistake.

                          I hoped the developer on the other end was cool enough to surprise me.

                          After the first ten clicks I realized she was not that smart.

                          I hit F12. But then I thought “my users cannot hit F12: lets walk their path and see how I feel”.

                          I’m not stupid. I simply care.

                          1.  

                            I can conceive several ways to fool your smart jquery script. If you cannot think of them yourself, you shouldn’t code in Javascript, actually.

                            • I don’t think he was claiming his solution was a fit for all
                            • So by your logic only people who know DOM JS should code in JS? ;)

                            I know this was a reply to a slightly provocative comment in defense of the author, but this in particular seems a little silly

                            1.  

                              I’m the author. And actually I’m sorry for the tone of the reply: I’m tired, and I didn’t intended the @janiczek’s post as a joke for me, but as an attempt to justify InfoWorld by calling me fishy.

                              I’m fishy, definitely! :-)

                              But I also care about users. And I’m an European fish…

                              So by your logic only people who know DOM JS should code in JS? ;)

                              Nobody should code in JS. Really. Nobody should.

                              But yes, if you don’t know how DOM JS has been interpreted in the last 10 years, I think you shouldn’t code in JavaScript professionally. You might think I’m exaggerating to get a point, but trust me: everything is still there, under the hood. Ready to break.

                              1.  

                                Thanks for the kind reply. I wasn’t trying to provoke myself, just point out something that seemed a bit off :) Professionally? Perhaps your right in a perfect world, but the fact remains there will always be code monkeys that build or maintain simple systems for a customer base that can’t pay for a seasoned developer. Regardless, I agree with the pain point of your article :)

                                1.  

                                  Mm, I kind of feel like as a profession we should try to have more respect for our own work. Software can cause significant harm, and we’ve all just collectively agreed that it’s okay to prop up companies that want to build broken things and not properly maintain them. Maybe companies that aren’t willing to spend the money to build safe software shouldn’t have the privilege of getting engineers to work for them.

                                  I know that’s a tangent and not really what you were trying to address.

                                  1.  

                                    I completely agree with your first statement, having respect for your own work is a great virtue.

                                    The devil is in the details in regards to companies/individuals who provide shoddy services. Outside passionate and informed social circles, it’s customers vote with their pockets (counting data as a form of currency here), whether that be for trading for convenience or just a result of plain ignorance.

                                    Unfortunately there aren’t any easy remedies to this problem. Shoddy companies/individuals will find ways to work their way around regulations, and customers will quite happily dig themselves into holes in pursuit of the cheapest or quickest solution. That doesn’t mean you don’t try, in fact I personally think one of the best tactics we can use for problems such as these, is informing the general public of the consequences (though that’s another problem in itself).

                                    1.  

                                      Yes, I agree with all of that, and thank you for it.

                                    2.  

                                      Maybe companies that aren’t willing to spend the money to build safe software shouldn’t have the privilege of getting engineers to work for them.

                                      I see your point, but to me it’s like saying that companies that aren’t willing to spend the money to write proper English shouldn’t have the privilege of getting writers to work for them.

                                      They can learn how to write by themselves.

                                      I prefer a different approach: turn all people into hackers.

                                      1.  

                                        Yeah, I see that point also. But, I mean, writers have historically been more willing to stand up to exploitative labor practices than hackers have… I think there’s a balance to be found, and getting to the right balance requires rethinking some things.

                                  2.  

                                    I’m sorry if my post came as provocative! (Maybe my definition of “fishy” – as English is not my native language – is slightly off compared to your definition)

                                    Yeah, “I know I could do X instead of clicking, but common user can’t, so let’s walk in their shoes” is a fair motivation. Maybe I just expected the thought to be expressed in the post, given you’ve expressed you’re a programmer. But maybe that’s a silly expectation ¯_(ツ)_/¯ Thanks for the clarifications in the comments here.

                            1.  

                              While I agree that unix is the best tag you have here, it’s rather inappropriate for something related or derived from Plan 9 from Bell Labs.

                              Maybe we should have a plan9 tag, but then people might argue about what is really a Plan9 and what not.

                              Also I saw enough posts related to research operating systems lately to think there should be a dedicated tag.

                              What is your opinion @pushcx?

                              1.  

                                They usually add them when something is submitted a lot on Lobsters. That way it can be filtered by some or highlighted by others. Really just need an OS tag. I tried. There was a lot of interest but not added.

                                I just tag them CompSci, Programming, or Release.

                                1.  

                                  I don’t see that we get many Plan9 stories, but the procedure is to make a meta thread linking to untagged stories and inviting discussion. If there’s a strong consensus, I’ll add it.

                                  1.  

                                    Done. Let see if it gains traction.

                                  2.  

                                    People will argue about what’s really plan9 and what’s not, but I’m sure they could at least agree that this is more plan9 than not.

                                    1.  

                                      For sure!

                                      I just wanted to notice that the issue we face here is more general.

                                      Hackers love challenging mainstream wisdom and operating systems are definitely not a solved problem.

                                      Node9 is a heavily inspired by Plan 9 through Inferno.

                                      But, for example, the more I work on Jehanne the more heretic it becomes: in the long run, when I will complete the replacement of 9P2000, many will argue that it’s not a Plan 9 anymore even if I actually forked a well known Plan 9 kernel!

                                  1. 4

                                    What exactly is a “hosted” operating system?

                                    1. 2

                                      A rose by any other name would be known as a runtime platform or environment. See also Erlang/OTP.

                                      A hosted operating system punts on all the distracting/interesting/useful parts of OS stuff in order to focus on the aesthetic of the programming environment.

                                      1.  

                                        A hosted operating system punts on all the distracting/interesting/useful parts of OS stuff in order to focus on the aesthetic of the programming environment.

                                        This might an appropriate description of a virtual machine.

                                        Inferno is a distributed operating system.

                                        It’s rather different from a mainframe OS, such as Windows or Linux: all services of a network are served to the user with a uniform interface and programs can be distributed over the network transparently, moving data or computations as required.

                                        The network as a whole is your computing device.

                                        Now, once you understand this, you might wonder if it’s really so important who write the drivers for a single node.
                                        Turns out it doesn’t matter that much: as long as the interface is uniform the system works as a whole.

                                        Now I agree that an OS running on top of an OS is weird. Much more an OS running on top of a browser!

                                        But sadly, it’s what your cloud vps do. And what any OS that target WASM want to do.

                                        Guess what? Inferno did both things several years ago!
                                        And better, with an uniform interface.

                                        Try this on your mainframe of choice! ;-)

                                        1.  

                                          I’m not sure what you mean by mainframe OS, though it seems like it’s an attempt at derision?

                                          Virtual machines like those you might rent from a cloud provider are much more a partitioning technology these days. Though there is another operating system running on the same hardware (in the “hypervisor” role), the guest operating system is also interacting directly with quite a lot of CPU management, and increasingly other hardware devices via passthrough mechanisms. Critically, that same software can also run outside the emulation/hypervisor environment: it can take control of an entire computer, providing services to other software, and is thus an operating system.

                                          In the case of software that isn’t able to (or perhaps even intended to) run on a computer directly without other scaffolding, it’s really not an operating system. If it’s really a network service or programming environment built to run on top of other things (“hosted”, if you will!) it would be less confusing to call it that. There’s obviously no shame in building an amazing new platform for constructing distributed applications – it’d just be best to avoid hijacking existing terminology while doing so.

                                          1.  

                                            I’m not sure what you mean by mainframe OS, though it seems like it’s an attempt at derision?

                                            Absolutely no!

                                            I was trying to distingush the OSes that are designed for a single computer (thus in the ancient and noble tradiction of mainframes) from the OSes that are designed for a network of eterogenous computers.

                                            When we talk about distributed operating systems, the focus is not in the control of the hardware of a single pc, but in the control of a whole network.

                                            In the case of Inferno, you can run it on bare metal, on Windows, on Linux, on Plan9, on some game platforms and on IE8 (if I remember correctly).

                                            This covers a variety of architectures that few mainstream OS could compete with.
                                            Without an hardware emulator.

                                            it’d just be best to avoid hijacking existing terminology while doing so

                                            I’m afraid Inferno was defined as a distributed operating system before “existing terminology” was conceived.

                                            So one might argue that existing terminology was designed by people either ignoring previous art or meaning something different.

                                            In both cases, I will keep calling Inferno an OS.

                                            1.  

                                              I’m afraid Inferno was defined as a distributed operating system before “existing terminology” was conceived.

                                              I don’t think that’s true at all. Even the Wikipedia page for Inferno suggests it was released in 1996, and links to at least one paper from the authors from around that time. I think we’d kind of settled on an operating system being a body of software chiefly responsible for controlling an actual machine and providing services to software and users by then.

                                              By way of contrast, the Amoeba distributed operating system is another attempt (and seemingly prior to Inferno!) that is both distributed (providing network transparency as a core system primitive) and an operating system (Amoeba includes a microkernel base which runs on all of the machines throughout a deployment). Sprite is another similar project, also late 1980s to early 1990s, in which some level of network transparency was achieved in addition to the base job of an operating system: controlling the machine.

                                              1.  

                                                I’m not sure if this count as an objection. :-)

                                                Fine, Amoeba and Sprite are distributed operating systems.
                                                Plan 9 is a distributed operating system too. So is Inferno, that can run on bare metal AND hosted by another OS.

                                          2.  

                                            You mean different from a centralized mainframe. The CTOS system looks pretty close to a distributed OS. Customers were loving it, too.

                                            Far as OS on an OS, IBM invented that (I think…) in VM/370 in the 1970’s. VM could even run itself mainly for debugging. Mainframes also supported multiple users and metered CPU/memory. The cloud reinvents mainframes on cheaper hardware with more flexible software. The core concepts were a mainframe advantage, though.

                                          3. 2

                                            Right, it definitely doesn’t feel like an especially appropriate use of the term until it’s also in control of the actual machine. If it’s a runtime environment and library, it seems clearer to just call it that.

                                            1.  

                                              The point at which services are provided to programs by “the operating system” versus other programs present but not considered part of the “operating system” is blurry, and getting blurrier all the time in a distributed world. “Control of the actual machine” sounds like the definition of a kernel, which can certainly be part of an operating system, but isn’t the whole thing.

                                              tl;dr: what you’re referring to as Linux is actually GNU/Linux,,,

                                              1.  

                                                Not all of the control of the machine is in the hands of the kernel in every operating system. For instance, in illumos we perform some amount of interrupt configuration from a privileged process running in usermode (intrd(1M)) – but it’s still part of the operating system.

                                                Words have a meaning, and I think eroding the term operating system does us a terrible disservice. There are already loads of other terms that better describe a program that runs on top of an operating system and provides services to other programs, whether over local IPC mechanisms or through some network protocol.

                                                It’s true that a distribution of Linux may include quite a lot of software that isn’t really “operating system” software per se; e.g., chat clients or drawing software. But if your software doesn’t have the ability to take a computer from cold start up to running some other workload, it’s really not, itself, an operating system.

                                                1.  

                                                  I think eroding the term operating system does us a terrible disservice.

                                                  I’m totally for a precise and clear technical language!

                                                  But, why we write hardware emulators like qemu, xen, virtual box and so on… if we cannot run operating systems on them?

                                                  And if what run on qemu is an operating system when it provides the user all the tools she needs, why a software that does the same but run without the hardware emulator is that different?

                                          4. 1

                                            Because they mention Inferno on the description they probably mean that in addition to running on ‘bare metal’ it can also run in an emulator inside another OS. Same as Inferno.

                                          1. 14

                                            I’m under the impression that opt-out is not allowed under GDPR, only opt-in. The question is, then, which this UI is. I’d argue it’s opt-out.

                                            1. 1

                                              The trick is that, had I clicked the button “Sounds Good, Thanks!”, I would have opt-in.

                                              1. 17

                                                IANAL, but I think this pretty clearly violates the GDPR. From the GDPR’s preamble:

                                                If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

                                                It is not clear, because it uses a dark pattern (using color choices) for the user to read: “We care about privacy -> Sounds Good, Thanks”. Also, I would call unticking 338 companies unnecessarily disruptive. Moreover:

                                                Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.

                                                Again, I would call manually unticking 338 pretty detrimental.

                                                1. 5

                                                  GDPR Recital 32 is particularly informative. I’ll reproduce paragraphs 1-3 here (reformatted for clarity):

                                                  (1) Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

                                                  (2) This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.

                                                  (3) Silence, pre-ticked boxes or inactivity should not therefore constitute consent.

                                                  While reading (3) alone you might think that this system would be contrary to law, I think in the broader context it’s probably okay? Your attention is being drawn to the fact that you have to give consent to use of your personal data (the modal). You can either look for more information, or say okay. So I don’t see this as a pre-ticked box within the meaning of paragraph 3.

                                                  However, it’s definitely shady (and common) practice. I think it’s borderline, and it would be fair for the regulator to raise concerns. I suspect that the “not unnecessarily disruptive to the use of the service” will actually count in InfoWorld’s favor here. The Correct Solution would be to offer a deselect all.

                                                  1. -1

                                                    Playing devil’s advocate here, but they don’t actually need to untick 338 checkboxes, they only need to click “deselect all” as the author did.

                                                    1. 9

                                                      Ehm… the author had to untick 338 checkboxes because there is no “deselect all”.

                                                      It took a while, actually, but I hate to be manipulated.

                                                      1.  

                                                        Sorry, somehow I misread that. I stand corrected.

                                                  2. 4

                                                    Yeah. I feel like that’s against the spirit of GDPR, if not the text. I guess the courts will decide. 🙂

                                                    1.  

                                                      And if not GDPR violation, Shamar and others can sue them in class action for the damage to their hands from 338 checkboxes. Each violation will pay a fine equal to the sum of their users at risk of arthritis or carpal tunnel. That’s on top of any GDPR fines.

                                                1. 16

                                                  The reality of open source is different than the myth, but still a good, positive alternative to commercial software.

                                                  Someone should explain the author that most open source software is actually commercial.

                                                  The myth, indeed, is that open source is the same as free software. It’s not. It’s just a marketing tool.

                                                  But if you step back, you realize it could only be thus.

                                                  False. A lot of valuable free software is completely developed by volunteers. Take Vim for example.

                                                  This is the kind of deductions that do not derive from logic or observation, but from cultural bias.

                                                  Yes, open source is different. […] especially as licensed under a permissive license like Apache 2.0, there’s always the option for a new developer or vendor to barge in and upset that balance.

                                                  This is hilarous.

                                                  Linux is under a strong copyleft and still there are so many corporates working on it that Linus can mock them.

                                                  The issue of communities in Open Source has a simpler explaination.
                                                  It’s just a valuable marketing tool: a group of individuals with one common interest is not a community.

                                                  1. 2

                                                    AFAIK no valid licence means “all rights reserved” all over the world.

                                                    This means that if GPL is not valid in a country, no one can use that software in that courty.

                                                    1. 1

                                                      Not always. e.g. the creators of the EUPL argue that under EU law, GPL, LGPL, MPL, etc are all equivalent and compatible in any direction (because you can’t enforce copyleft on anything above file level)

                                                      1. 1

                                                        Can you share some legal sources to back this statement?

                                                        I’ve never listen such argument, but I have listened an opposite one, stating that software copyright is based on literary one, so that you can translate a C GPL software into Python only under GPL, as a derived work (with a caveat I do not remember). That’s different from common wisdom, as such protections are usually demanded to patents not copyright.

                                                        So I’m very curious about your sources.

                                                        And BTW file level copyright doesn’t means that, without a license you can use that file…

                                                        1. 2

                                                          And BTW file level copyright doesn’t means that, without a license you can use that file…

                                                          Correct, but it means that e.g. the viral part of the GPL is entirely gone, as it only applies to a single source file, not to any binary artifacts, intermediate compilation products, or other sources.

                                                          See https://joinup.ec.europa.eu/collection/eupl/eupl-compatible-open-source-licences#section-3 on why clauses on linking, in the eyes of the authors of the EUPL, have no legal validity.

                                                          1. 1

                                                            Thanks this has been a great read for several reasons. I’ll double check with an European lawyer.

                                                            If this interpretation is confirmed, I will probably write an new stronger copyleft for my code instead of using AGPLv3.

                                                        2. 1

                                                          We’ve had this discussion before, and I don’t think that your interpretation of the interpretation of the EUPL authors is correct.

                                                          https://lobste.rs/s/oroz5k/google_loses_android_battle_could_owe#c_wxup7r

                                                          1. 1

                                                            In the discussion you admitted that you interpret it the same way, as them saying that based on written law, this would be the case, but there is no case law.

                                                            Generally, under civil law (which is what’s used in the relevant EU countries), decisions from courts rarely rely on previous court rulings, only on the written law. That’s why the US-american fixation on case law is a bit weird (and not exactly helpful).

                                                            1. 1

                                                              GPLv3 was written with consideration to EU law. It is why several of the legal terms in it were changed, to fit a more global perspective than GPLv2. I think Eben and his team are fairly competent at international law. I am aware of some difference between the legal traditions around the world, and I still think it’s uncertain that your interpretation of their interpretation is accurate.

                                                              I don’t see consensus that copyleft is invalid in Europe. It remains, as far as I can tell, a minority opinion, and despite the different usage of jurisprudence in Europe, successful legal challenges against copyleft still would give some credence to the interpretation that strong copyleft is currently null in Europe (with the patronising insinuation that copyleft is just some silly colonial idea).

                                                              After all, the VMWare case was brought up in Germany and it wasn’t immediately thrown out because copyleft is considered null. The judge seemed to consider copyleft to be worthy of consideration, if Hellwig could demonstrate sufficient copyright ownership over his kernel code.

                                                              1. 1

                                                                (with the patronising insinuation that copyleft is just some silly colonial idea).

                                                                What do you mean?

                                                                Btw, the EUPL authors does not say that GPL be void. Just the reciprocity would be invalidated (what some people call “virality”).

                                                                1. 2

                                                                  That’s why the US-american fixation on case law is a bit weird (and not exactly helpful).

                                                                  This statement sounds a bit like a European doesn’t like that a foreign legal document with its silly foreign ideas is being discussed in Europe.

                                                                  One aspect of the hereditary nature of the GPL is exactly what was being considered in the VMware case in Germany. The judge there didn’t seem to think that strong copyleft was unworthy of consideration.

                                                      1. 4

                                                        Or maybe shells were pretty much built to be primitive User interfaces and not serious “typed” languages. Stop trying to see shells as “scripting” and a lot of your problems pretty much become secondary.

                                                        Seriously, just use a REAL scripting language, then you can readdir() or whatever without having to depend on ls and all the weird ways you can invoke it.

                                                        1. 4

                                                          While I understand your argument, you should consider that we use the term “script” instead of, say, “command” exactly because scripts were originally a sequence of shell commands saved in a file for future convenience.

                                                          So there is a continuous between the glue provided by a shell and a full interpreted programming language.

                                                          Shell were designed to glue small programs providing specific features into larger ones.

                                                          Interpreted language are designed to write larger programs in the first place, by composing the available libraries that provide the specific features.

                                                        1. 31

                                                          at this point most browsers are OS’s that run (and build) on other OS’s:

                                                          • language runtime - multiple checks
                                                          • graphic subsystem - check
                                                          • networking - check
                                                          • interaction with peripherals (sound, location, etc) - check
                                                          • permissions - for users, pages, sites, and more.

                                                          And more importantly, is there any (important to the writers) advantage to them becoming smaller? Security maybe?

                                                          1. 10

                                                            Browsers rarely link out the system. FF/Chromium have their own PNG decodes, JPEG decodes, AV codecs, memory allocators or allocation abstraction layers, etc. etc.

                                                            It bothers me everything is now shipping as an electron app. Do we really need every single app to have the footprint of a modern browser? Can we at least limit them to the footprint of Firefox2?

                                                            1. 9

                                                              but if you limit it to the footprint of firefox2 then computers might be fast enough. (a problem)

                                                              1. 2

                                                                New computers are no longer faster than old computers at the same cost, though – moore’s law ended in 2005 and consumer stuff has caught up with the lag. So, the only speed-up from replacement is from clearing out bloat, not from actual hardware improvements in processing speed.

                                                                (Maybe secondary storage speed will have a big bump, if you’re moving from hard disk to SSD, but that only happens once.)

                                                                1. 3

                                                                  moore’s law ended in 2005 and consumer stuff has caught up with the lag. So, the only speed-up from replacement is from clearing out bloat, not from actual hardware improvements in processing speed.

                                                                  Are you claiming there have been no speedups due to better pipelining, out-of-order/speculative execution, larger caches, multicore, hyperthreading, and ASIC acceleration of common primitives? And the benchmarks magazines post showing newer stuff outperforming older stuff were all fabricated? I’d find those claims unbelievable.

                                                                  Also, every newer system I had was faster past 2005. I recently had to use an older backup. Much slower. Finally, performance isn’t the only thing to consider: the newer, process nodes use less energy and have smaller chips.

                                                                  1. 2

                                                                    I’m slightly overstating the claim. Performance increases have dropped to incremental from exponential, and are associated with piecemeal attempts to chase performance increase goals that once were a straightforward result of increased circuit density through optimization tricks that can only really be done once.

                                                                    Once we’ve picked all the low-hanging fruit (simple optimization tricks with major & general impact) we’ll need to start seriously milking performance out of multicore and other features that actually require the involvement of application developers. (Multicore doesn’t affect performance at all for single-threaded applications or fully-synchronous applications that happen to have multiple threads – in other words, everything an unschooled developer is prepared to write, unless they happen to be mostly into unix shell scripting or something.)

                                                                    Moore’s law isn’t all that matters, no. But, it matters a lot with regard to whether or not we can reasonably expect to defend practices like electron apps on the grounds that we can maintain current responsiveness while making everything take more cycles. The era where the same slow code can be guaranteed to run faster on next year’s machine without any effort on the part of developers is over.

                                                                    As a specific example: I doubt that even in ten years, a low-end desktop PC will be able to run today’s version of slack with reasonable performance. There is no discernible difference in its performance between my two primary machines (both low-end desktop PCs, one from 2011 and one from 2017). There isn’t a perpetually rising tide that makes all code more performant anymore, and the kind of bookkeeping that most web apps spend their cycles in doesn’t have specialized hardware accelerators the way matrix arithmetic does.

                                                                    1. 4

                                                                      Performance increases have dropped to incremental from exponential, and are associated with piecemeal attempts to chase performance increase goals that once were a straightforward result of increased circuit density through optimization tricks that can only really be done once.

                                                                      I agree with that totally.

                                                                      “Multicore doesn’t affect performance at all for single-threaded applications “

                                                                      Although largely true, people often forget a way multicore can boost single-threaded performance: simply letting the single-threaded app have more time on CPU core since other stuff is running on another. Some OS’s, esp RTOS’s, let you control which cores apps run on specifically to utilize that. I’m not sure if desktop OS’s have good support for this right now, though. I haven’t tried it in a while.

                                                                      “There isn’t a perpetually rising tide that makes all code more performant anymore, and the kind of bookkeeping that most web apps spend their cycles in doesn’t have specialized hardware accelerators the way matrix arithmetic does.”

                                                                      Yeah, all the ideas I have for it are incremental. The best illustration of where rest of gains might come from is Cavium’s Octeon line. They have offloading engines for TCP/IP, compression, crypto, string ops, and so on. On rendering side, Firefox is switching to GPU’s which will take time to fully utilize. On Javascript side, maybe JIT’s could have a small, dedicated core. So, there’s still room for speeding Web up in hardware. Just not Moore’s law without developer effort like you were saying.

                                                            2. 9

                                                              Although you partly covered it, I’d say “execution of programs” is good wording for JavaScript since it matches browser and OS usage. There’s definitely advantages to them being smaller. A guy I knew even deleted a bunch of code out of his OS and Firefox to achieve that on top of a tiny, backup image. Dude had a WinXP system full of working apps that fit on one CD-R.

                                                              Far as secure browsers, I’d start with designs from high-assurance security bringing in mainstream components carefully. Some are already doing that. An older one inspired Chrome’s architecture. I have a list in this comment. I’ll also note that there were few of these because high-assurance security defaulted on just putting a browser in a dedicated partition that isolated it from other apps on top of security-focused kernels. One browser per domain of trust. Also common were partitioning network stacks and filesystems that limited effect of one partition using them on others. QubesOS and GenodeOS are open-source software that support these with QubesOS having great usability/polish and GenodeOS architecturally closer to high-security designs.

                                                              1. 6

                                                                Are there simpler browsers optimised for displaying plain ol’ hyperlinked HTML documents, and also support modern standards? I don’t really need 4 tiers of JIT and whatnot for web apps to go fast, since I don’t use them.

                                                                1. 12

                                                                  I’ve always thought one could improve on a Dillo-like browser for that. I also thought compile-time programming might make various components in browsers optional where you could actually tune it to amount of code or attack surface you need. That would require lots of work for mainstream stuff, though. A project like Dillo might pull it off, though.

                                                                  1. 10
                                                                    1. 3

                                                                      Oh yeah, I have that on a Raspberry Pi running RISC OS. It’s quite nice! I didn’t realise it runs on so many other platforms. Unfortunately it only crashes on my main machine, I will investigate. Thanks for reminding me that it exists.

                                                                      1. 1

                                                                        Fascinating; how had I never heard of this before?

                                                                        Or maybe I had and just assumed it was a variant of suckless surf? https://surf.suckless.org/

                                                                        Looks promising. I wonder how it fares on keyboard control in particular.

                                                                        1. 1

                                                                          Aw hell; they don’t even have TLS set up correctly on https://netsurf-browser.org

                                                                          Does not exactly inspire confidence. Plus there appears to be no keyboard shortcut for switching tabs?

                                                                          Neat idea; hope they get it into a usable state in the future.

                                                                        2. 1

                                                                          AFAIK, it doesn’t support “modern” non-standards.

                                                                          But it doesn’t support Javascript either, so it’s way more secure of mainstream ones.

                                                                        3. 7

                                                                          No. Modern web standards are too complicated to implement in a simple manner.

                                                                          1. 3

                                                                            Either KHTML or Links is what you’d like. KHTML would probably be the smallest browser you could find with a working, modern CSS, javascript and HTML5 engine. Links only does HTML <=4.0 (including everything implied by its <img> tag, but not CSS).

                                                                            1. 2

                                                                              I’m pretty sure KHTML was taken to a farm upstate years ago, and replaced with WebKit or Blink.

                                                                              1. 6

                                                                                It wasn’t “replaced”, Konqueror supports all KHTML-based backends including WebKit, WebEngine (chromium) and KHTML. KHTML still works relatively well to show modern web pages according to HTML5 standards and fits OP’s description perfectly. Konqueror allows you to choose your browser engine per tab, and even switch on the fly which I think is really nice, although this means loading all engines that you’re currently using in memory.

                                                                                I wouldn’t say development is still very active, but it’s still supported in the KDE frameworks, they still make sure that it builds at least, along with the occasional bug fix. Saying that it was replaced is an overstatement. Although most KDE distributions do ship other browsers by default, if any, and I’m pretty sure Falkon is set to become KDE’s browser these days, which is basically an interface for WebEngine.

                                                                            2. 2

                                                                              A growing part of my browsing is now text-mode browsing. Maybe you could treat full graphical browsing as an exception and go to the minimum footprint most of the time…

                                                                          2. 4

                                                                            And more importantly, is there any (important to the writers) advantage to them becoming smaller? Security maybe?

                                                                            user choice. rampant complexity has restricted your options to 3 rendering engines, if you want to function in the modern world.

                                                                            1. 3

                                                                              When reimplementing malloc and testing it out on several applications, I found out that Firefox ( at the time, I don’t know if this is still true) had its own internal malloc. It was allocating a big chunk of memory at startup and then managing it itself.

                                                                              Back in the time I thought this was a crazy idea for a browser but in fact, it follows exactly the idea of your comment!

                                                                              1. 3

                                                                                Firefox uses a fork of jemalloc by default.

                                                                                1. 2

                                                                                  IIRC this was done somewhere between Firefox 3 and Firefox 4 and was a huge speed boost. I can’t find a source for that claim though.

                                                                                  Anyway, there are good reasons Firefox uses its own malloc.

                                                                                  Edit: apparently I’m bored and/or like archeology, so I traced back the introduction of jemalloc to this hg changeset. This changeset is present in the tree for Mozilla 1.9.1 but not Mozilla 1.8.0. That would seem to indicate that jemalloc landed in the 3.6 cycle, although I’m not totally sure because the changeset description indicates that the real history is in CVS.

                                                                              2. 3

                                                                                In my daily job, this week I’m working on patching a modern Javascript application to run on older browsers (IE10, IE9 and IE8+ GCF 12).

                                                                                The hardest problems are due the different implementation details of same origin policy.
                                                                                The funniest problem has been one of the used famework that used “native” as variable name: when people speak about the good parts in Javascript I know they don’t know what they are talking about.

                                                                                BTW, if browser complexity address a real problem (instead of being a DARPA weapon to get control of foreign computers), such problem is the distribution of computation among long distances.

                                                                                Such problem was not addressed well enough by operating systems, despite some mild attempts, such as Microsoft’s CIFS.

                                                                                This is partially a protocol issue, as both NFS, SMB and 9P were designed with local network in mind.

                                                                                However, IMHO browsers OS are not the proper solution to the issue: they are designed for different goals, and they cannot discontinue such goals without loosing market share (unless they retain such share with weird marketing practices as Microsoft did years ago with IE on Windows and Google is currently doing with Chrome on Android).

                                                                                We need better protocols and better distributed operating systems.

                                                                                Unfortunately it’s not easy to create them.
                                                                                (Disclaimer: browsers as platforms for os and javascript’s ubiquity are among the strongest reasons that make me spend countless nights hacking an OS)

                                                                              1. 2

                                                                                There are a number of issues in this article.

                                                                                The main, most obvious error is talking about fairness of algorithms.

                                                                                Fairness, like trust, is a human construct that applies only to humans.
                                                                                Talking about “fair machines” is misleading: it’s the byproduct of the antropomorphic language we should replace because it fools both experts and laymen.

                                                                                So we should never talk about algorithm fairness, but about decision transparency and accountability.

                                                                                I find it funny when I see a self defined “AI/ML expert” stating that no human could explain a decision of a deep learning system:

                                                                                • first, an artificial neural network does not decide, it computes “decision” is a poor interpretation of its output
                                                                                • second, if you cannot explain a software exactly, it is simply broken

                                                                                Such people should probably be treated as a sort of apprentices: they can have great insights but should never be trusted for serious tasks.

                                                                                So basically if you cannot explain your software computations precisely (transparency), your software should not be applied to human input or produce output that affects decisions related to humans.

                                                                                However, transparency is not enough. Because of bugs.

                                                                                Even if you provide all the sources and all the data and information required to understand and explain the computation of your AI (that btw is what article 13 and 14 of GDPR requires if you apply such techniques to data of European people), you are accountable for errors.

                                                                                This is where fairness comes into play: it’s not in the design or development of the system that you decide what fairness rules you will grant! That would be too simple!

                                                                                It’s when the system is in production that you will be held accountable for any observed discrimination, even if it was not a relevant social issue when the AI was designed.

                                                                                That’s simply because we create machines to serve humans, and we cannot allow any human to violate the rights of another human through a machine proxy.

                                                                                Otherwise we would sacrify humans to machines (or more precisely, to corporate profits).

                                                                                1. 1

                                                                                  And then the usual horror would come: “Translate these numbers, which are written in base seven, to base five.” Translating from one base to another is an utterly useless thing. If you can do it, maybe it’s entertaining; if you can’t do it, forget it. There’s no point to it.

                                                                                  True for elementary school students but it does become important later on for those who want to study mathematics or computer science / engineering.

                                                                                  1. 6

                                                                                    Useful, but not important.

                                                                                    And I’m not sure it’s math, actually: a computer can do it for you.

                                                                                    Math is understanding that digits are not numbers, that they are just symbols, a useful notation.

                                                                                  1. 4

                                                                                    Suggest removing the ai tag unless the article actually has code for ML or AI.

                                                                                    1. 3

                                                                                      In ai several posts provide no code.

                                                                                      Also, I’d say the article is about AI and ML: face recognition is an application of artificial intelligence and the analysis of data collected will use machine learning techiniques. Indeed, I’d say the collection would be pointless without the recent advancements in the field.

                                                                                      Maybe I’m missing something?

                                                                                      1. 5

                                                                                        So, the way I look at it, a tag tells me what I’m going to learn by reading an article. I don’t learn anything new about ai from this article, because it doesn’t have code, doesn’t have math, and doesn’t have implementation information. I do learn something about privacy (already a weak tag by in my opinion, but whatever) because I know more about implementation details of the US surveillance state.

                                                                                        The AI part here is not interesting or a main focus, because it’s a minor supporting point to the expansion of surveillance powers. The article, a few decades ago, could’ve been written about taking pictures and fingerprints of all citizens.

                                                                                        Save the ai tag for things that are technically illuminating–and just because others have misused tags in the past doesn’t mean we should perpetuate those inaccuracies.

                                                                                        In fact, law here would be a better replacement for ai.

                                                                                        1. 1

                                                                                          I don’t learn anything new about ai from this article, because it doesn’t have code, doesn’t have math, and doesn’t have implementation information.

                                                                                          I learn about one application of AI and ML in US.
                                                                                          It is technically illuminating.

                                                                                          I do not think of myself as a mere executor of the orders of people who can’t code or understand a gradient descent, so such article is very useful.

                                                                                          Code, math and implementation details answer the question “How?”

                                                                                          But the first question an engineer should ask is always “Why?”

                                                                                          That’s the role of this article in my work with machine learning.

                                                                                    1. 3

                                                                                      Nice article.

                                                                                      But I’m afraid it’s not that hard to fake a Github profile full of contributions.

                                                                                      1. 3

                                                                                        Yes, it could be done but it would take a fair amount of work to make it actually convincing. There will definitely be red flags to anyone who has actually used Github.

                                                                                        Also, there’s people like me for whom this isn’t particularly helpful advice. I have quite a lot of techical knowledge gathered over the decades but spend very little of my time programming. I can write code, but it’s not at all my core strength. Thus my GitHub profile is pretty anemic and only contains small useless projects and tiny bug fixes. The only way that I know of to show off my skills online is to write articles in my blog. But keeping a blog up to date is a lot more work, whereas a GitHub profile you more or less get “for free” when you contribute patches and such to open source projects.

                                                                                        1. 2

                                                                                          Also, there’s people like me for whom this isn’t particularly helpful advice.

                                                                                          To be fair to the author, he was clear his advice might apply in specific context of trying to get through screeners starting underprivileged. His conclusion was Github could be a great tool for sending a signal of competence. The success stories he saw made him further encourage everyone in such circumstances to immediately go for that option as low-hanging fruit. He qualifies his claims on the Github part pretty well for these kinds of articles.

                                                                                      1. 4

                                                                                        There are many people like me who would just like their work to be used by others without restriction

                                                                                        Actually this is still an unsolved issue.

                                                                                        If I want every use of my creative work to be unrestricted for free, so that every person can get most from it, no patent or license helps.

                                                                                        In the United States, a typical examiner is supposed to devote a total of 19 hours to all phases of the examination process. …
                                                                                        In practice, US examiners often lean heavily on the patent database itself to find prior art.

                                                                                        Probably law should provide a free and simple way to patent royalty free ideas, just to contrast patent trolls. Even better would be a sort of patent copyleft, so that you cannot build upon a free idea without giving the derived idea for free.