1. 2

    Rest in peace, Ken Thomases :-(

    1. 25

      Pro tip: this applies to you if you’re a business too. Kubernetes is a problem as much as it is a solution.

      Uptime is achieved by having more understanding and control over the deployment environment but kubernetes takes that away. It attracts middle managers and CTOs because it seems like a silver bullet without getting your hands dirty but in reality it introduces so much chaos and indirections into your stack that you end up worse off than before, and all the while you’re emptying your pockets for this experience.

      Just run your shit on a computer like normal, it’ll work fine.

      1. 9

        This is true, but let’s not forget that Kubernetes also has some benefits.

        Self-healing. That’s what I miss the most with a pure NixOS deployment. If the VM goes down, it requires manual intervention to be restored. I haven’t seen good solutions proposed for that yet. Maybe uptimerobot triggering the CI when the host goes down is enough. Then the CI can run terraform apply or some other provisioning script.

        Zero-downtime deployment. This is not super necessary for personal infrastructures but is quite important for production environments.

        Per pod IP. It’s quite nice not to have to worry about port clashes between services. I think this can be solved by using IPv6 as each host automatically gets a range of IPs to play with.

        Auto-scaling. Again not super necessary for personal infrastructure but it’s nice to be able to scale beyond one host, and not to have to worry on which host one service lives.

        1. 6

          Did anyone tried using Nomad for personal projects? It has self-healing and with the raw runner one can run executables directly on NixOS without needing any containers. I have not tried it myself (yet), but would be keen on hearing the experiences.

          1. 3

            I am experimenting with the Hashiscorp stack while off for the holidays. I just brought up a vagrant box (1GB ram) with Consul, Docker and Nomad runing (no jobs yet) and the overhead looks okay:

                          total        used        free      shared  buff/cache   available
            Mem:          981Mi       225Mi       132Mi       0.0Ki       622Mi       604Mi
            Swap:         1.9Gi       7.0Mi       1.9Gi

            but probably too high to fit Postgres, Traefik or Fabio and a Rails app into it as well, but 2GB will probably be lots (I am kind of cheap so the less resources the better).

            I have a side project running in ‘prod’ using Docker (for Postgres and my Rails app) along with Caddy running as a systemd service but it’s kind of a one off machine so I’d like to move towards something like Terraform (next up on the list to get running) for bring up and Nomad for the reasons you want something like that.

            But… the question that does keep running through the back of my head, do I need even Nomad/Docker? For a prod env? Yes, it’s probably worth the extra complexity and overhead but for personal stuff? Probably not… Netlify, Heroku, etc are pretty easy and offer free tiers.

            1. 1

              I was thinking about doing this but I haven’t done due diligence on it yet. Mostly because I only have 2 droplets right now and nobody depends on what’s running on them.

            2. 1

              If you’re willing to go the Amazon route, EC2 has offered most of that for years. Rather than using the container as an abstraction, treat the VM as a container: run one main process per VM. And you then get autoscaling, zero downtime deploys, self-healing, and per-VM IPs.

              TBH I think K8s is a step backwards for most orgs compared to just using cloud VMs, assuming you’re also running K8s in a cloud environment.

              1. 2

                That’s a good point. And if you don’t care about uptime too much, autoscaling + spot instances is a pretty good fit.

                The main downside is that a load-balancer is already ~15.-/month if I remember correctly. And the cost can explode quite quickly on AWS. It takes quite a bit of planning and effort to keep the cost super low.

            3. 5

              IMO, Kubernetes’ main advantage isn’t in that it “manages services”. From that POV, everything you say is 100% spot-on. It simply moves complexity around, rather than reducing it.

              The reason I like Kubernetes is something entirely different: It more or less forces a new, more robust application design.

              Of course, many people try to shoe-horn their legacy applications into Kubernetes (the author running git in K8s appears to be one example), and this just adds more pain.

              Use K8s for the right reasons, and for the right applications, and I think it’s appropriate. It gets a lot of negative press for people who try to use it for “everything”, and wonder why it’s not the panacea they were expecting.

              1. 5

                I disagree that k8s forces more robust application design; fewer moving parts are usually a strong indicator of reliability.

                Additionally, I think k8s removes some of the pain of microservices–in the same way that a local anathestic makes it easier to keep your hand in boiling water–that would normally help people reconsider their use.

              2. 5

                And overhead. Those monster yaml files are absurd in so many levels.

                1. 2

                  Just run your shit on a computer like normal, it’ll work fine.

                  I think that’s an over-simplification. @zimbatm’s comment makes good points about self-healing and zero-downtime deployment. True, Kubernetes isn’t necessary for those things; an EC2 auto-scaling group would be another option. But one does need something more than just running a service on a single, fixed computer.

                  1. 3

                    But one does need something more than just running a service on a single, fixed computer.

                    I respectfully disagree…worked at a place which made millions over a few years with a single comically overloaded DO droplet.

                    We eventually made it a little happier by moving to hosted services for Mongo and giving it a slightly beefier machine, but otherwise it was fine.

                    The single machine design made things a lot easier to reason about, fix, and made CI/CD simpler to implement as well.

                    Servers with the right provider can stay up pretty well.

                    1. 2

                      Servers with the right provider can stay up pretty well.

                      I was one of the victims of the DDOS that hit Linode on Christmas day (edit: in 2015; didn’t mean to omit that). DO and Vultr haven’t had perfect uptime either. So I’d rather not rely on single, static server deployments any more than I have to.

                      1. 2

                        I don’t see how your situation/solution negates the statement.

                        You’ve simply traded one “something” (Kubernetes) with another (“the right provider”, and all that entails–probably redundant power supplies, network connections, hot-swappable hard drives, etc, etc).

                        The complexity still exists, just at a different layer of abstraction. I’ll grant you that it does make reasoning about the application simpler, but it makes reasoning about the hardware platform, and peripheral concerns, much more complex. Of course that can be appropriate, but it isn’t always.

                        I’m also unsure how a company’s profit margin figures into a discussion about service architectures…

                        1. 5

                          I’m also unsure how a company’s profit margin figures into a discussion about service architectures…

                          There is no engineering without dollar signs in the equation. The only reason we’re being paid to play with shiny computers is to deliver business value–and while I’m sure a lot of “engineers” are happy to ignore the profit-motive of their host, it is very unwise to do so.

                          I’ll grant you that it does make reasoning about the application simpler, but it makes reasoning about the hardware platform, and peripheral concerns, much more complex.

                          That engineering still has to be done, if you’re going to do it at all. If you decide to reason about it, do you want to be able to shell into a box and lay hands on it immediately, or hope that your k8s setup hasn’t lost its damn mind in addition to whatever could be wrong with the app?

                          You’ve simply traded one “something” (Kubernetes) with another (“the right provider”, and all that entails–probably redundant power supplies, network connections, hot-swappable hard drives, etc, etc).

                          The complexity of picking which hosting provider you want to use (ignoring colocation issues) is orders and order of magnitudes less than learning and handling k8s. Hosting is basically a commodity at this point, and barring the occasional amazingly stupid thing among the common names there’s a baseline of competency you can count on.

                          People have been sold this idea that hosting a simple server means racking it and all the craziness of datacenters and whatnot, and it’s just a ten spot and an ssh key and you’re like 50% of the way there. It isn’t rocket surgery.

                        2. 1

                          can you share more details about this?

                          I’ve always been impressed by teams/companies maintaining a very small fleet of servers but I’ve never heard of any successful company running a single VM.

                          1. 4

                            It was a boring little Ubuntu server if I recall correctly, I think like a 40USD general purpose instance. The second team had hacked together an impressive if somewhat janky system using the BEAM ecosystem, the first team had built the original platform in Meteor, both ran on the same box along with Mongo and supporting software. The system held under load (mostly, more about that in a second), and worked fine for its role in e-commerce stuff. S3 was used (as one does), and eventually as I said we moved to hosted options for database stuff…things that are worth paying for. Cloudflare for static assets, eventually.

                            What was the business environment?

                            Second CTO and fourth engineering team (when I was hired) had the mandate to ship some features and put out a bunch of fires. Third CTO and fifth engineering team (who were an amazing bunch and we’re still tight) shifted more to features and cleaning up technical debt. CEO (who grudgingly has my respect after other stupid things I’ve seen in other orgs) was very stingy about money, but also paid well. We were smart and well-compensated (well, basically) developers told to make do with little operational budget, and while the poor little server was pegged in the red for most of its brutish life, it wasn’t drowned in bullshit. CEO kept us super lean and focused on making the money funnel happy, and didn’t give a shit about technical features unless there was a dollar amount attached. This initially was vexing, but after a while the wisdom of the approach became apparent: we weathered changes in market conditions better without a bunch of outstanding bills, we had more independence from investors (for better or worse), and honestly the work was just a hell of a lot more interesting due in no small part to the limitations we worked under. This is key.

                            What problems did we have?

                            Support could be annoying, and I learned a lot about monitoring on that job during a week where the third CTO showed me how to setup Datadog and similar tooling to help figure out why we had intermittent outages–eventual solution was a cronjob to kill off a bloated process before it became too poorly behaved and brought down the box. The thing is, though, we had a good enough customer success team that I don’t think we even lost that much revenue, possibly none. That week did literally have a day or two of us watching graphs and manually kicking over stuff just in time, which was a bit stressful, but I’d take a month of that over sitting in meetings and fighting matrix management to get something deployed with Jenkins onto a half-baked k8s platform and fighting with Prometheus and Grafana and all that other bullshit…as a purely random example, of course. >:|

                            The sore spots we had were basically just solved by moving particular resource-hungry things (database mainly) to hosting–the real value of which was having nice tooling around backups and monitoring, and which moving to k8s or similar wouldn’t have helped with. And again, it was only after a few years of profitable growth that it traffic hit a point where that migration even seemed reasonable.

                            I think we eventually moved off of the droplet and onto an Amazon EC2 instance to make storage tweaks easier, but we weren’t using them in any way different than we’d use any other barebones hosting provider.

                            1. 4

                              Did that one instance ever go completely down (becoming unreachable due to a networking issue also counts), either due to an unforeseen problem or scheduled maintenance by the hosting provider? If so, did the company have a procedure for bringing a replacement online in a timely fashion? If not, then I’d say you all just got very lucky.

                              1. 1

                                Yes, and yes–the restart procedure became a lot simpler once we’d switched over to EC2 and had a hot spare available…but again, nothing terribly complicated and we had runbooks for everything because of the team dynamics (notice the five generations of engineering teams over the course of about as many years?). As a bonus, in the final generation I was around for we were able to hire a bunch of juniors and actually teach them enough to level them up.

                                About this “got very lucky” part…

                                I’ve worked on systems that had to have all of the 9s (healthcare). I’ve worked on systems, like this, that frankly had a pretty normal (9-5, M-F) operating window. Most developers I know are a little too precious about downtime–nobody’s gonna die if they can’t get to their stupid online app, most customers–if you’re delivering value at a price point they need and you aren’t specifically competing on reliability–will put up with inconvenience if your customer success people treat them well.

                                Everybody is scared that their stupid Uber-for-birdwatching or whatever app might be down for a whole hour once a month. Who the fuck cares? Most of these apps aren’t even monetizing their users properly (notice I didn’t say customers), so the odd duck that gets left in the lurch gets a hug and a coupon and you know what–the world keeps turning!

                                Ours is meant to be a boring profession with simple tools and innovation tokens spent wisely on real business problems–and if there aren’t real business problems, they should be spent making developers’ lives easier and lowering business costs. I have yet to see k8s deliver on any of this for systems that don’t require lots of servers.

                                (Oh, and speaking of…is it cheaper to fuck around with k8s and all of that, or just to pay Heroku to do it all for you? People are positively baffling in what they decide to spend money on.)

                              2. 1

                                eventual solution was a cronjob to kill off a bloated process before it became too poorly behaved and brought down the box … That week did literally have a day or two of us watching graphs and manually kicking over stuff just in time, which was a bit stressful,…

                                It sounds like you were acting like human OOM killers, or more generally speaking manual resource limiters of those badly-behaved processes. Would it be fair to say that sort of thing would be done today by systemd through its cgroups resource management functionality?

                                1. 1

                                  We probably could’ve solved it through systemd with Limit* settings–we had that available at the time. For us, we had some other things (features on fire, some other stuff) that took priority, so just leaving a dashboard open and checking it every hour or two wasn’t too bad until somebody had the spare cycles to do the full fix.

                      1. 4

                        Thank you for the article! What a fascinating read, and you made it so digestible.

                        The part I had the hardest understanding was the video from Wikipedia. I feel like I almost get it, but I just want to know even more nitty gritty details, like what are each of those colored things? How do they get there? Why are they being locked into place onto the ribbon? How do they get off the ribbon? How is the machine formed in the first place? It’s so fascinating, but the more details I’m given, it seems to prompt even more questions.

                        I couldn’t help but wonder what kinds of nefarious things could be done with that Ψ trick. It seems like this is just a silver bullet to make intentional viruses infect humans that completely evade our immune systems?

                        1. 5

                          So the flying things are explained in the video on https://berthub.eu/dna/ - and I think your question about the Ψ-trick might be addressed by some of the other answers on this page.

                          1. 1

                            Thanks for the tip, I ended up purchasing Molecular Biology of the Cell, can’t wait to read it!

                          2. 3

                            The Ψ thing (that I was wondering about as well) discussed elsewhere was “Could nature figure out Ψ organically and thereby evolve viruses that evade our immune system?” and thankfully the answer is a resounding “No” (unless the entire mechanism including ribosomes learns how to create those things, I suppose, by which point the immune system probably catches up as well?)

                            It’s not explicitly spelled out, but as I understand it, this also means that an artificially created/modified virus that comes with Ψ to evade the immune system couldn’t make our cells create Ψ. So either such a virus would be replicated with U in place of Ψ (if the functional equivalence extends to the replication) or the replication would fail entirely (because Ψ is an invalid input to the full replicator pipeline), I’m not sure.

                            Either way, the best outcome for such a virus (it’s replicated with U) would be that it can create a larger starter colony inside the organism of the first infected victim but any follow-on generations, including those transmitted to other individuals are fully visible to the immune system.

                            (disclaimer: lots of conjecture)

                          1. 2

                            Gonna whine a bit but like…. seriously, people who write this kind of “takedown” of stuff like jQuery are exhausting.

                            Yeah, you work at like some agency and you have a “sprinkle of interactivity” and you can just write up the tiny script, and that will work. Yeah, sure, maybe that’s the right balance.

                            People who grab these tools are writing way more stuff, working on a team, and value being able to maintain this stuff over squeezing performance.

                            Like the AJAX snippet:

                            var r = new XMLHttpRequest();
                            r.open("POST", "path/to/api", true);
                            r.onreadystatechange = function () {
                              if (r.readyState != 4 || r.status != 200) return;
                              alert("Success: " + r.responseText);

                            Seriously? This is your big response to $.ajax? Like you think this is good or easy to manage? Nice lack of error handlign too by the way.

                            Maybe I’m just not the target for this. But given that jQuery, in particular, has such a good API that people go out of their way to port it to other languages, I’m not super interested in hearing people whine about jQuery’s relative performance and propose spaghetti in exchange.

                            (Much love to the people who got stuff like fetch to exist though, actually improving the base libraries from stuff learned from the community is very appreciated)

                            1. 2

                              Seriously? This is your big response to $.ajax? Like you think this is good or easy to manage? Nice lack of error handlign too by the way.

                              Just make a function. You don’t need jQuery.

                              1. 1

                                Ignoring the existence of fetch for a minute (which is what I do nowadays instead of $.ajax now that standard stuff has caught up)…

                                I can go in and try out XMLHttpRequest. I can call the lifecycle methods, and make sure to add headers correctly. I can also make sure not to fuck up the lifecycle of that object when calling open and all that. Capture some callbacks, or maybe use a promise library.

                                And now I’m like halfway down implementing $.ajax. There’s a thing “on the market” that does stuff nicely. It doesn’t have weird idiosyncracies to track down, it lowers the bar in general (there are probably more people who can safely use $.ajax than people who can safely implement $.ajax), and it will probably work.

                                I think there’s more nuance when you go down the “endless frameworks” or whatever. But here’s a self-contained thing that works nicely. I think if your metric is “I want things to work”, there’s few arguments for not using this. Perf arguments are there, but I don’t really buy the “random web dev will write more performant stuff when being forced to implement stuff themselves”.

                            1. 3

                              Putting on my Zig hat here, the thing that jumps out to me is this:

                              assert(meta.deepEqual(expected.items, actual.items));

                              If we had a better facility for testing deep equality, there would be no need for a debugger at all! We have this for string comparison. With a line like this:

                              testing.assertStringsEqual(a, b);

                              The output for one example values of a and b looks like:

                              Test [1/1] test "example"... 
                              ====== expected this output: =========
                              ======== instead found this: =========
                              First difference occurs on line 2:
                              test failure

                              I know the point of the blog post is trying to use this as an example to examine the state of linux debuggers, but this was my personal takeaway :)

                              1. 2

                                This is great and I would love to have more of it. I feel like I’ve ended up implementing test diffing in every language I’ve used.

                                Does it always print the whole string? A few tests up I’m comparing strings, but they’re ~1gb each :)

                                I know the point of the blog post is trying to use this as an example to examine the state of linux debuggers,

                                The point was actually just to get people to recommend me a debugger that works. I just made a very poor choice of title.

                                1. 2

                                  Just checked - it has no detection of long strings! That would be a nice contributor-friendly improvement to make :-)

                                  1. 1

                                    Touche :)

                                2. 1

                                  I prefer the approach of using the same infrastructure you have for debug-printing values, then just using your normal string-diffing equality comparison.

                                  The nice thing about this is you can build an expect-test workflow on top of it where failing tests produce a diff which you can use to update your tests to pass.

                                1. 35

                                  Imagine thinking that at the world’s largest surveillance company that the ‘ethical AI’ team could be anything other than lip service.

                                  “Hey Ethical AI team, how can we capture all this data from everyone and feed it into an AI system to help scumbags sell things like payday loans to people about to lose their homes?”

                                  Any response other than “shove it up your hole” is unethical by nature.

                                  1. 3

                                    under what other conditions is it possible to do this sort of research?

                                    1. 15

                                      a more even distribution of wealth so that normal, everyday people have access to do research if they want to

                                      1. 3

                                        ok, I’m not sure that’s a particularly realistic thing to expect Timnit to do before she does her research.

                                        1. 13

                                          I’m not criticising Timnit. I’m criticising our entire society. I want people like Timnit to thrive instead of being forced to exist in a system that is fundamentally opposed to the work that she is doing.

                                          1. 8

                                            OP’s comment is essentially shifting the burden to the individual, who has a comparatively tiny amount of power. What’s being posed is that a tech behemoth says “we have our own oversight group”, and a person who has the capability to serve on that oversight group, who thinks that such oversight existing is very important, should not serve on that group since it is assumed to be a farce:

                                            Any response other than “shove it up your hole” is unethical by nature.

                                            Consider an individual’s actual position in this situation: an individual with the capability to serve on such a group and an interest in seeing that group’s mission fulfilled. If this is important to them, they can either participate in this way, or participate in some other way, or not participate. What other opportunities do they have to participate in such oversight?

                                            Hypothetically, if someone was in a position where they could pick between being on Google’s AI Ethics team or some greater opportunity to effect change (such as being the head of a government oversight committee and lab with millions of dollars in funding), it would be very stupid to pick the former. The much more likely situation is that the opportunity was to be on Google’s AI Ethics team or something else with significantly less likelihood of being influential.

                                            OP’s comment only holds if you believe that Timnit was naive going into the relationship, or that she had significantly better opportunities to effect change that she turned down. The idea that Timnit would be simply naive going into that position is, I think, an in-kind criticism.

                                            1. 4

                                              OP’s comment is essentially shifting the burden to the individual, who has a comparatively tiny amount of power.

                                              You are not OP and you do not speak for me. Don’t put words in my mouth. Never once did I mention the researcher, nor their role. I talked about the oxymoron of the concept of an ‘ethical AI team’ in an organisation founded on unprecedented levels of surveillance, providing an example of unethical actions the broader organisation enables. My comment doesn’t shift the burden to the individual, it’s about an organisation inherently corrupted by the breadth and depth of it’s actions.

                                              1. 2

                                                imagine thinking that other people lacked the agency to interpret the things one says.

                                  1. 5

                                    I support the addition of tags for specific programming languages. Just the other day I used one for the purpose of seeking out posts about a certain language.

                                    At the same time, “I am completely uninterested in X or the people behind it” is…not the kind of thing I would say to someone’s face. Or broadcast to a community which includes a number of those people.

                                    1. 16

                                      Those are my true feelings but it was not my intent to be rude. I’d rather not put a filter on them when they’re what drove me to make this post in the first place. As has been said elsewhere in this thread some people found positive reasons to create a tag for Zig even though they differ from my own.

                                      So taking a step back and being perfectly honest I think this is just some evidence that Zig is being validated despite my lack of interest.

                                      There are only two kinds of languages: the ones people complain about and the ones nobody uses.

                                      1. 18

                                        For the record I think Blintk is being perfectly reasonable in the OP and no offense taken.

                                    1. -10

                                      Imagine green-fielding a 32-bit only kernel in the year 2018

                                      1. 11

                                        did you have anything meaningful to contribute to the discussion, other than this lazy, vaguely antagonistic comment?

                                        1. -2

                                          Imagine if you will, Andrew, that you wrote Zig to only produce 32-bit binaries. How do you think people would react to your project?

                                          1. 5

                                            I certainly would not antagonize or make fun of him had he made the zig compiler only produce 32-bit binaries.

                                            I think I would question such a choice, but I would do so civilly not dismissively.

                                            Beyond that, though, an OS is much different to a compiler; and the goals of zig as a compiler are different to the goals of serenity as an OS. Using a framework like llvm (which zig does) it’s not overly difficult to support different platforms. The marginal work required to support a new architecture in an OS is not at all trivial.

                                            1. 1

                                              The marginal work required to support a new architecture in an OS is not at all trivial.

                                              That’s certainly true, which is why it should have been 64-bit only. Even TempleOS is 64-bit, and that tiny OS only offers 16 colors and a cooperative scheduler.

                                              1. 8

                                                And making it 64-bit would have provided what, exactly? Were you planning to switch your cloud containers to Serenity OS anytime soon and are worried about compatibility? Did the author advertise it somewhere as the next-generation operating system for AI, ML, IoT and augmented reality workstations, and now you’re bummed that there’s no way the buzzwords match the architecture?

                                                Green-fielding a 32-bit only kernel in the year 2018 sounds like fun, which looks like this is what it’s all about. Maybe it’s not exactly this year’s greatest achievement in OS design, but yeah, if we’re talking technical merit, I’d rather wrestle with this than stupid Docker, thank you very much.

                                            2. 7

                                              Hopefully not like a douche with a superiority complex.

                                          2. 6

                                            It is 32-bit because of the expertise the author has in x86 microarchitecture. SerenityOS was never intended to be business-first-or-whatever project; author started it in private as a part of his convalescence process after years of alcohol overuse.

                                            Who the fuck are you to judge? If you’re not interested, leave and let others enjoy the thing.

                                          1. 7

                                            “Here is a gallery of whimsy and examples of people making life harder for everyone else.”

                                            Please just use semver and don’t fuck about.

                                            1. 2

                                              At least one of the tools mentioned is an application (Knuth’s), and semver only makes sense within the context of a library. Funnily enough, the versioning schemes for TeX and MetaFont are the direct inspiration for my own application versioning scheme, “goldver”, based on asymptotically approaching phi as new versions are released.

                                              1. 1

                                                I’d love to hear why you feel this way. Without the cursing, though :).

                                                1. 7

                                                  Sure. :)

                                                  Quite some time ago I did game development with friends, and one of the nice things about the C/C++ libraries we used was that they pretty well followed semantic versioning. Patch numbers were bugfixes, minor numbers were additions, major numbers meant all bets were off and we really should check the release notes. This made it really, really easy to keep our deps up to date.

                                                  Unfortunately, web development norms seem to be frequently v0.yolo.whatever with no real attempt to provide consistent, reliable APIs. For URL API routes, this is kinda forgivable, but for libraries it really isn’t. In the true fashion of web development, it seems that in some circles (arguably this article included) this lack of rigor is not only tolerated but actively encouraged!

                                                  1. 6

                                                    I’m pretty sure this article is satire. It’s pretty well written and funny once you realize that.

                                                    1. 2

                                                      I wish it was satire….

                                                      But I have seen enough heat and steam and no light has been generated on version numbers to say……

                                                      … I settle for a sha256 and be done.

                                                      1. 4


                                                        (notice the circular definition!)

                                                        What ever happens, not everyone will understand your intentions, possibly your genius will not be recognized within your lifetime

                                                        it’s 100% satire

                                                        1. 4

                                                          In $CURRENT_YEAR, I no longer trust anything to be satire.

                                                          Even things that are satire are held up by people who treat them as good-faith truth.

                                                          1. 2

                                                            You’re not deep enough into The Dilbert Zone (cue ominous music).

                                                            Do you realize the teeth gnashing and meetings caused by hard coding limits on number of digits in version numbers in multiple systems?

                                                            ie. Meetings caused by running out of numbers.

                                                            This article isn’t satire… it isn’t nearly ridiculous enough.

                                                  2. 1

                                                    What do you do when a semver lies?

                                                    1. 2

                                                      Well, since we know what should be going on, we can flag it and report it for future issues.

                                                    2. 0

                                                      Speaking of making life harder, what the heck is that font

                                                    1. 4

                                                      I wonder if they will end up implementing a C preprocessor in zig to allow import-c to work again. I have written parts of one before and its not too big in scope compared to zig already.

                                                      Consider https://github.com/michaelforney/cproc as a clean C compiler for reference.

                                                      1. 6

                                                        translate-c is already self-hosted and while it uses libclang for semantic analysis of C code, it does its own macro parsing to try to provide best effort macro translation

                                                        1. 2

                                                          I’d love to see QBE get a Wasm backend, possibly in Zig or Rust. I think it is important for Wasm to remain first class. I do like that Zig appears to removing a large C++ dependency, which means Zig will be less reliant on that whole stack, ecosystem and complexity. Zig gains a lot of agency over its future with this move.

                                                          No LLVM hate here, just like to see this decision being made now before Zig is over coupled to LLVM.

                                                        1. 6

                                                          The current aim is to fully replace the C++ implementation with the self-hosted backend for Zig 0.8.0, roughly 7 months from now.

                                                          Little concerned about bootstrapping now…

                                                          1. 9


                                                            Have a look at the build script. This is the current bootstrapping process and it’s the process that we will have at 1.0. I do reserve the right to regress this feature temporarily in between now and then.

                                                            1. 3

                                                              So essentially keeping the non-self-hosted implementation in “long term support” for bootstrap purposes, like LDC does? Good.

                                                            2. 1

                                                              Is that because the timeline is aggressive?

                                                            1. 12

                                                              I find the whole Zig / Zen thing super annoying. Zig is MIT licensed meaning closed source forks entirely part of the social contract. There was an apparently a disruptive community member who was banned and that former community member started a fork.

                                                              THIS IS HOW IT’S SUPPOSED TO WORK!

                                                              If you want derivative works to be open source then you can chose a license that requires that. If you don’t want any derivative works at all then you can make your project source available with a license that restricts forks, but that’s not open source definitely not free software.

                                                              I wish Andrew would celebrate the fact that his creation is successful enough to inspire forks rather than obsess about them.

                                                              1. 26

                                                                Reading the statement implies that there is no problem with Zen being closed-source code. Seems the foundation Is concerned with false statements used to advocate Zen. Maybe I’m missing more context.

                                                                1. 3

                                                                  This is exactly how I read it. They address the fork from their side.

                                                                2. 23


                                                                  As a Japanese-speaking software engineer

                                                                  Many of my friends didn’t actually know until this statement was made that Zen is a fork of Zig

                                                                  And there you have it. Did you want me to celebrate the fact that people were being tricked?

                                                                  Also check out the license section of Zig’s readme. The law is a blunt weapon and not always the most appropriate tool for the job.

                                                                  1. 19

                                                                    I think the point being made is more that these kind of issues are largely solved by the GPL, which I wholeheartedly agree with - not to say that you deserve the trickery and abuse that’s going on here, which you clearly don’t.

                                                                    However, GPL having fallen by the wayside in recent years for new projects does make things like this kind of inevitable for those projects that use permissive licenses.

                                                                    1. 13

                                                                      GPL being suppressed coincided with the adoption (usurption) of Open Source by corporations. Greed leads to FUD.

                                                                    2. 4

                                                                      The law is a blunt weapon and not always the most appropriate tool for the job.

                                                                      What a great way to put it. I need to save this quote somewhere.

                                                                      It’s also a weapon that seems extremely difficult to wield. As a regular person open source developer, how would you even start an international lawsuit against a license violator?! How much are all the fees? How do these even work? What if the countries are not friendly? What would you even achieve with the lawsuit other than lots of stress for everyone involved?

                                                                      I know there are non-commercial foundations that help with copyleft enforcement, but they probably aren’t going to help every small project ever.

                                                                      1. 3

                                                                        The law is a blunt weapon and not always the most appropriate tool for the job.

                                                                        It is, but it’s also worth highlighting that there’s a big discrepancy between what we expect open source to be, and what the Open Source licenses actually require.

                                                                        1. 4

                                                                          That’s why I’ve stopped contributing to open source.

                                                                        2. 3

                                                                          This may be off topic, but I feel like it’s the only appropriate thing to add to this conversation: Thanks for your work on Zig, it’s super neat!

                                                                          1. 4

                                                                            If you think it’s important for users of your code to know your name and/or the name you chose for the software you should choose a license that embodies that value. The original BSD license is a popular example. The BSD copyright owners chose to change the license to remove that requirement and now people who fork their code don’t mention them at all. Many macOS users have no idea that much of the system they’re using is derived from BSD Unix. Maybe that’s good, maybe that’s bad, but it’s the intended behavior.

                                                                            1. 8

                                                                              If you think it’s important for users of your code to know your name and/or the name you chose for the software you should choose a license that embodies that value.

                                                                              Not at all. This presupposes that you’re comfortable using the legal system to enforce what you think is important. I can think it’s important not to plagiarize work (for example) while simultaneously putting my code into the public domain, which legally allows plagiarism simply because I don’t think the legal system is the right way to solve those kinds of problems. Laws != Ethics.

                                                                              1. 4

                                                                                Yeah, but you can’t enforce ethics.

                                                                                So when someone comes across a project that is licensed like this, and (rightfully) essentially does whatever they want with it, They have the legal high ground.

                                                                                So the best you can do at that point is public shame them. It just sounds like people want their cake and eat it too. You wanna use a permissive license to get that sweet wide adoption? Great, but accept the risks, or start with copyleft.

                                                                                1. 13

                                                                                  So the best you can do at that point is public shame them


                                                                                  1. 6

                                                                                    I feel like you read my comment, ignored it, and just decided to say, “use laws or STFU and stop complaining.” That’s a lame response.

                                                                                    So the best you can do at that point is public shame them.

                                                                                    Yeah that is one method. What do you think is happening here?

                                                                                    1. 1

                                                                                      nothing is happening here… I doubt Zen feels shamed

                                                                                      1. 5

                                                                                        Zen feeling shamed is not necessary for ostracization tactics to be effective.

                                                                                  2. 3

                                                                                    It’s not plagiarism to fork a MIT licensed project. It’s not unethical to take a work whose authors have explicitly asked not to be credited, make changes and not credit them. MIT licensed its software like this so that proprietary Unix vendors could take X11 and fork it. When you start a project and choose a license like this you’re making a clear statement about what your expectations are.

                                                                                    1. 8

                                                                                      Plagiarism is the representation of another author’s language, thoughts, ideas, or expressions as one’s own original work. This is absolutely plagiarism. It may be legal (I’m not convinced; it’s probably illegal in Europe), but it’s definitely unethical.

                                                                                      Being on the right side of the law but the wrong side of your friends sounds like something only a real loser would celebrate.

                                                                                      1. 3

                                                                                        Okay, then you’re making the argument that Laws == Ethics. Why not just come out and say it?

                                                                                        It’s not unethical to take a work whose authors have explicitly asked not to be credited, make changes and not credit them.

                                                                                        This is disingenuous because that’s not the argument I’m making. A license is about what’s lawful. So the only thing a public domain (for example) declaration says is that “I will not use the legal system against you if you do bad things like plagiarize.” That is nowhere near saying “I’ve explicitly asked not to be given credit.”

                                                                                2. 7

                                                                                  The license, sure, but the issue here is more ethics than legal. The article didn’t even once mention legality, but was focused on the ethics of what is going on, and rightfully warning other developers so they don’t get caught the same way others have.

                                                                                  1. 9

                                                                                    Zen’s claims seem sketchy.

                                                                                    1. “We cannot see a future for Zig where the founder does not allow corporate entities to use and support Zig” — unless I really missed something, there’s nothing in Zig’s licensing or community against that.
                                                                                    2. OK, they have a point here; I also feel that polymorphism is important. (That was one of several missing things that led me to stop exploring Zig. The other one being lack of a global memory allocator.) But that of course is only a rationale for forking, not for going closed-source.
                                                                                    3. IANAL, but I know that trademarks are very domain-specific. Would the existing “Zig™” trademarks cover a programming language/compiler? Is “Zen™” any more available?
                                                                                    4. “we want to prioritize embedded development” — other languages, notably Rust, have been able to accommodate embedded systems without a hard fork. (Not sure if MicroPython / CircuitPython count as forks or not.)
                                                                                    1. 12

                                                                                      That entire list just seems like a post-hoc rationalisation of “I don’t like to work with Andrew”. That’s actually fair enough; sometimes people don’t work well together based on different interests, personalities, differences of opinion, etc. but just be honest about it instead of all this FUD.

                                                                                      1. 4

                                                                                        zig is already ideal for embedded development. zen has no value-add there other than translating the docs into japanese.

                                                                                        1. 3

                                                                                          Maybe they are offering support contracts zig does not?

                                                                                        2. 4

                                                                                          “We cannot see a future for Zig where the founder does not allow corporate entities to use and support Zig” — unless I really missed something, there’s nothing in Zig’s licensing or community against that.

                                                                                          I’m reminded of the old saying, “A lack of imagination on your part does not constitute impossibility on our part.” Taking the premise that Zig doesn’t ‘support corporate entities’ as true (which I do not think is the case) – Just because a company can’t imagine a future for a language that doesn’t support companies doesn’t mean that there is no future.

                                                                                        3. 5

                                                                                          Some interesting info over at the orange site too. Apparently Zen/connectFree is trying to register Zig as a trademark?!
                                                                                          That’s really shady.

                                                                                          1. 3

                                                                                            It reminds me of something similar which happened with Linux a long time ago:

                                                                                            The Linux trademark is owned by Linus Torvalds in the U.S.,[2] Germany, the E.U., and Japan for “Computer operating system software to facilitate computer use and operation”. The assignment of the trademark to Torvalds occurred after a lawsuit against attorney William R. Della Croce, Jr., of Boston, who had registered the trademark in the US in September 1995[3] and began in 1996 to send letters to various Linux distributors, demanding ten percent of royalties from sales of Linux products.[4] A petition against Della Croce’s practices was started,[5] and in early 1997, WorkGroup Solutions, Yggdrasil, Linux Journal, Linux International, and Torvalds appealed the original trademark assignment as “fraudulent and obtained under false pretenses”.[5] By November, the case was settled and Torvalds owned the trademark.[3]

                                                                                            The lesson is to register the trademark early, before someone else does and begins to use it against you.

                                                                                            1. 4

                                                                                              The lesson is to register the trademark early, before someone else does and begins to use it against you.

                                                                                              It’s not really as simple as that.

                                                                                              1. There are a lot of different jurisdictions around the world.
                                                                                              2. Registering a trademark is not free (there are generally fees, in addition to the time and knowledge required to do it. For foreign jurisdictions, you may need the services of somebody who speaks the language and understands the legal process to acquire a trademark)

                                                                                              So yes, if you have a moderately successful project, it may make sense to trademark the name in your own jurisdiction, and possibly a few other key areas, but it’s by no means something that everyone should do early on, especially for projects which have no idea that they will grow into something big.

                                                                                              An alternative lesson from that story would be that registering your trademark early is not that important, because using a name outweighs registering it anyway (though doing both will probably save you a legal battle).

                                                                                            2. 2

                                                                                              There was some Japanese company (a sort of programming class) that was able to get a trademark on Python and would claim that they were the only ones allowed to do “Python training certification” with it…. really shady stuff when you see this sort of thing going on

                                                                                            3. 4

                                                                                              Just to be clear, is Zen violating the MIT license here by replacing it with their own license?

                                                                                              If so, then at the moment it wouldn’t make a difference if Zig were licensed under the GPL, Zen is currently violating copyright law and Zig could sue. Presumably Zig is not doing so because they don’t think it’s a good use of their time and money, and these public posts warning about Zen’s bad faith actions should achieve most of what they want, i.e. preventing people from getting scammed.

                                                                                              Personally I think that A/GPL licenses specifically and copyleft in general deserve more popularity with new projects than they currently enjoy, and I avoid permissive licenses in my own work, but this may not be the time to bring it up.

                                                                                              EDIT: According to a random comment on HN, “They are complying, the original Zig license is at the bottom of the file lib/zen/std/LICENSE (complete with “Copyright (c) 2019 Andrew Kelley”). I just downloaded it from the Zen website, and the tarball is dated 2020-09-04.”

                                                                                              1. 5

                                                                                                The BSD license (some of them anyway, there are a gazillion variants) is actually a bit clearer on this:

                                                                                                1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

                                                                                                With “retain” it seems to mean more “keep this notice here”, rather than “stuff it somewhere in the project”.

                                                                                            1. 45

                                                                                              Here’s my take on it:

                                                                                              test "example" {
                                                                                              fn foo() i32 {
                                                                                                  return 1234;
                                                                                              ./test.zig:2:8: error: expression value is ignored
                                                                                              1. 5

                                                                                                Is this what she meant? I assumed they weren’t validating the output of the function before doing something with it. Not that they weren’t using it.

                                                                                                Specifically, loading this new config put a NULL/nullptr/nil/None type thing into the value, and then something else tried to use it. When that happened, the program said “whoops, can’t do that”, and died.

                                                                                                They obviously are using a dynamically typed language or Java (as much as Rachel belabors the point that she’s not calling out the language for the blame) that allowed the return value to have a null field when it really shouldn’t have.

                                                                                                1. 3

                                                                                                  They obviously are using a dynamically typed language or Java

                                                                                                  Foo * f = g();

                                                                                                  happens in plenty of staticly typed languages that aren’t Java and could be considered as “not validating the return value” in this sense.

                                                                                                  Even in say Haskell you can do

                                                                                                    f (fromJust (g h))

                                                                                                  if you choose.

                                                                                                  1. 1

                                                                                                    You are, of course, technically correct. But my statement was context-driven by the assumption that this is backend web code. That’s most likely not C, C++, or Haskell. It’s most likely PHP, JavaScript, Java, Python, or Go.

                                                                                                    I guess this could happen in Go, though. So I’ll change my statement to “They’re almost definitely using a dynamically typed language or Java or Go.” ;)

                                                                                                    And I struggle to believe that this would happen with a language like Haskell anyway. I know it can, but I’d put money down that they weren’t using Haskell or Rust or Ocaml or Kotlin or Swift.

                                                                                                    1. 7

                                                                                                      You’re missing the whole point. Language is not the problem.

                                                                                                      The problem is the culture.

                                                                                                      Their culture was “somebody else have me incorrect input so it’s their fault if the business went down”.

                                                                                                      Which is complete nonsense. And you’re bikeshedding on the language when it was explicitly said to ignore the language.

                                                                                                      The bigger discussion, possibly even a philosophical discussion, is what do we do when we get incorrect input? Do we refuse to even start? Can we reject such input? Shall we ignore the input? And if we ignore it will the software behave correctly anyway for the rest of the correct input (configuration or whatever) ?

                                                                                                      1. 1

                                                                                                        Yeah, my comment about language choice was somewhat tangential. Originally, I wasn’t even sure if we were all reading the same thing from the article. The user I replied to made a point about not using a return result. My reading of the article lead me to believe that they just chose not to check the returned value. Based on her description of the issue being around null, I then made an off-the-cuff remark that I believe the only way that’s likely is because they are using a language that makes that kind of null-check “noisy”.

                                                                                                        Not at all disagreeing with the bigger picture. Yes, it’s a culture issue. Yes, we need to discuss validating input and whether input validation is sufficient.

                                                                                                        Language is a very small point, but I’m not sure it’s totally irrelevant. It’s a small problem that such checks are noisy enough that it makes developers not want to do it, no? I wish that she went into a little more detail about exactly what the devs aren’t checking.

                                                                                                  2. 3

                                                                                                    Don’t validate, parse. Validation errors are parsing errors and can be encoded as an Err result (in languages like Rust)

                                                                                                1. 2

                                                                                                  I’ve got it pretty bad in my right wrist :-/ Not sure what to do. I spend 10+ hours every day at the keyboard. A good night’s sleep helps, but I can always feel the dull ache.

                                                                                                  Going to the gym regularly seemed to help, pre-covid. I’ve been unable to go to the gym since the pandemic.

                                                                                                  1. 2

                                                                                                    That’s all cool and all but my biggest concern with statically linked binaries is: How does ASLR even work? What mechanism can a static binary do to make sure the libc it shoved into itself isn’t predictably located?

                                                                                                    1. 5

                                                                                                      Look into static PIE. gcc has had support for a few years now, and musl even before that (musl-cross-make patched gcc before support was upstreamed in version 8).

                                                                                                      1. 2

                                                                                                        Does ASLR work?

                                                                                                      1. 3

                                                                                                        The security arguments against static linking aren’t about managing vulnerabilities. It’s about things like the lack of ASLR:


                                                                                                        1. 5

                                                                                                          You can do ASLR / PIE executables with statically linked programs. According to this article, it’s statically linked glibc that’s the issue, not statically linked programs in general. Here’s a proof of concept of statically linked PIE executables with zig. It didn’t land upstream yet, but it works fine.

                                                                                                        1. 10

                                                                                                          In support of the article:

                                                                                                          4496	libc
                                                                                                          4484	linux-vdso
                                                                                                          4483	ld-linux-x86-64
                                                                                                          2654	libm
                                                                                                          2301	libdl
                                                                                                          2216	libpthread

                                                                                                          linux-vdso doesn’t count. That one is automatically placed into every application by the kernel, and even statically linked applications can use it. Statically linked Zig binaries, for example, still take advantage of the vdso for clock_gettime (which is the main use case of this vdso).

                                                                                                          ld-linux-x86-64 doesn’t count either. That’s the dynamic linker itself, which is not needed for statically linked programs.

                                                                                                          Finally, libc, libm, libdl, libpthread are all just glibc, that’s the same thing. There’s not really a point of linking them separately.

                                                                                                          So even more to the point of the article.

                                                                                                          1. 18

                                                                                                            It’s not unheard of to make such a jump: PHP went directly from 5 to 7, and isn’t it time to steal something from that community?

                                                                                                            🔥 🔥 🔥

                                                                                                            1. 5

                                                                                                              I appreciated the hell out of that joke. I very nearly spit out my water onto my brand new keyboard.

                                                                                                              1. 9

                                                                                                                In general I find that the Perl community has the best sense humour of all the major languages. I am not a huge Perl fan myself, but I much prefer this over the humourless Very Serious attitude of some other languages.