1. 12

    You’d save yourself a lot of trouble upfront not borrowing the filezilla name - it’s trademarked. Already there’s an argument for whether “-ng” postfix constitutes a new mark, why bother even having it. Just completely rename it

    Hilariously their trademark policy seems to prohibit their use of their own name

    1.  

      Oh, great point. We will need to think of a new name.

      How about godzilla-ftp.

      1. 8

        How about filemander? It’s still in the same vein as “zilla,” but far more modest. The fact that you’re refusing cruft, provides a sense of modesty.

        Also, “mander” and “minder” — minder maybe isn’t exactly right for an FTP client, but it’s not completely wrong…

        1. 7
          1.  

            Just remember to make sure it’s easy for random people to remember and spell. They’ll be Googling it at some point.

        1. 6

          Team lobste.rs, @lattera, @nickpsecurity?

          1. 5

            Haha. I would love it if I had the time to play. Perhaps next year. Thanks for the ping, though. I’ve forwarded this on to a few of my coworkers who play CTFs.

            1. 4

              I’d love to if I hadn’t lost my memory, including of hacking, to that injury. I never relearned it since I was all-in with high-assurance security at that point which made stuff immune to almost everything hackers did. If I still remembered, I’d have totally been down for a Lobsters hacking crew. I’d bring a dozen types of covert channels with me, too. One of my favorite ways to leak small things was putting it in plain text into TCP/IP headers and/or throttling of what otherwise is boring traffic vetted by NIDS and human eye. Or maybe in HTTPS traffic where they said, “Damn, if only I could see inside it to assess it” while the data was outside encoded but unencrypted. Just loved doing the sneakiest stuff with the most esoteric methods I could find with much dark irony.

              I will be relearning coding and probably C at some point in future to implement some important ideas. I planned on pinging you to assess the methods and tooling if I build them. From there, might use it in some kind of secure coding or code smashing challenge.

              1. 3

                I’m having a hard time unpacking this post, and am really starting to get suspicious of who you are, nickpsecurity. Maybe I’ve missed some background posts of yours that explains more, and provides better context, but this comment (like many others) comes off…almost Markovian (as in chain).

                “If I hadn’t lost my memory…” — of all the people on Lobsters, you seem to have the best recall. You regularly cite papers on a wide range of formal methods topics, old operating systems, security, and even in this post discuss techniques for “hacking” which, just sentences before “you can’t remember how to do.”

                You regularly write essays as comments…some of which are almost tangential to the main point being made. These essays are cranked out at a somewhat alarming pace. But I’ve never seen an “authored by” submitted by you pointing outside of Lobsters.

                You then claim that you need to relearn coding, and “probably C” to implement important ideas. I’ve seen comments recently where you ask about Go and Rust, but would expect, given the number of submissions on those topics specifically, you’d have wide ranging opinions on them, and would be able to compare and contrast both with Modula, Ada, and even Oberon (languages that I either remember you discussing, or come from an era/industry that you often cite techniques from).

                I really, really hate to have doubt about you here, but I am starting to believe that we’ve all been had (don’t get me wrong, we’ve all learned things from your contributions!). As far as I’ve seen, you’ve been incredibly vague with your background (and privacy is your right!). But, that also makes it all the more easy to believe that there is something fishy with your story…

                1. 9

                  I’m not hiding much past what’s private or activates distracting biases. I’ve been clear when asked on Schneier’s blog, HN, maybe here that I don’t work in the security industry: I’m an independent researcher who did occasional gigs if people wanted me to. I mostly engineered prototypes to test my ideas. Did plenty of programming and hacking when younger for the common reasons and pleasures of it. I stayed in jobs that let me interact with lots of people. Goal was social research and outreach on big problems of the time like a police state forming post-9/11 which I used to write about online under aliases even more than tech. I suspected tech couldn’t solve the problems created by laws and media. Had to understand how many people thought, testing different messages. Plus, jobs allowing lots of networking mean you meet business folks, fun folks, you name it. A few other motivations, too.

                  Simultaneously, I was amassing as much knowledge as I could about security, programming, and such trying to solve the hardest problems in those fields. I gave up hacking since its methods were mostly repetitive and boring compared to designing methods to make hacking “impossible.” Originally a mix of public benefit and ego, I’d try to build on work by folks like Paul Karger to beat the worlds’ brightest people at their game one root cause at a time until a toolbox of methods and proven designs would solve the whole problem. I have a natural, savant-like talent for absorbing and integrating tons of information but a weakness for focusing on doing one thing over time to mature implementation. One is exciting, one is draining after a while. So, I just shared what I learned with builders as I figured it out with lots of meta-research. My studies of work of master researchers and engineers aimed to solve both individual solutions in security/programming (eg secure kernels or high-productivity) on top of looking for ways to integrate them like a unified, field theory of sorts. Wise friends kept telling me to just build one or more of these to completion (“focus Nick!”). Probably right but I’d have never learned all I have if I did. What you see me post is what I learned during all the time I wasn’t doing security consulting, building FOSS, or something else people pushed.

                  Unfortunately, right before I started to go for production stuff beyond prototypes, I took a brain injury in an accident years back that cost me most of my memory, muscle memory, hand-eye coordination, reflexes, etc. Gave me severe PTSD, too. I can’t remember most of my life. It was my second, great tragedy after a triple HD failure in a month or two that cost me my data. All I have past my online writings are mental fragments of what I learned and did. Sometimes I don’t know where they came from. One of the local hackers said I was the Jason Bourne of INFOSEC: didn’t know shit about my identity or methods but what’s left in there just fires in some contexts for some ass-kicking stuff. I also randomly retain new stuff that builds on it. Long as it’s tied to strong memories, I’ll remember it for some period of time. The stuff I write-up helps, too, which mostly went on Schneier’s blog and other spaces since some talented engineers from high-security were there delivering great peer review. Made a habit out of what worked. I put some on HN and Lobsters (including authored by’s). They’re just text files on my computer right now that are copies of what I told people or posted. I send them to people on request.

                  Now, a lot of people just get depressed, stop participating in life as a whole, and/or occasionally kill themselves. I had a house to keep in a shitty job that went from a research curiosity to a necessity since I didn’t remember admining, coding, etc. I tried to learn C# in a few weeks for a job once like I could’ve before. Just gave me massive headaches. It was clear I’d have to learn a piece at a time like I guess is normal for most folks. I wasn’t ready to accept it plus had a job to re-learn already. So, I had to re-learn the skills of my existing job (thank goodness for docs!), some people stuff, and so on to survive while others were trying to take my job. Fearing discrimination for disability, I didn’t even tell my coworkers about the accident. I just let them assume I was mentally off due to stress many of us were feeling as Recession led to layoffs in and around our households. I still don’t tell people until after I’m clearly a high-performer in the new context. Pointless since there’s no cure they could give but plenty of downsides to sharing it.

                  I transitioned out of that to other situations. Kind of floated around keeping the steady job for its research value. Drank a lot since I can’t choose what memories I keep and what I have goes away fast. A lot of motivation to learn stuff if I can’t keep it, eh? What you see are stuff I repeated the most for years on end teaching people fundamentals of INFOSEC and stuff. It sticks mostly. Now, I could’ve just piece by piece relearned some tech in a focused area, got a job in that, built up gradually, transitioned positions, etc… basically what non-savants do is what I’d have to do. Friends kept encouraging that. Still had things to learn talking to people especially where politics were going in lots of places. Still had R&D to do on trying to find the right set of assurance techniques for right components that could let people crank out high-security solutions quickly and market competitive. All the damage in media indicated that. Snowden leaks confirmed most of my ideas would’ve worked while most of security community’s recommendations not addressing root causes were being regularly compromised as those taught me predicted. So, I stayed on that out of perceived necessity that not enough people were doing it.

                  The old job and situation are more a burden now than useful. Sticking with it to do the research cost me a ton. I don’t think there’s much more to learn there. So, I plan to move on. One, social project failed in unexpected way late last year that was pretty depressing in its implications. I might take it up again since a lot of people might benefit. I’m also considering how I might pivot into a research position where I have time and energy to turn prior work into something useful. That might be Brute-Force Assurance, a secure (thing here), a better version of something like LISP/Smalltalk addressing reasons for low uptake, and so on. Each project idea has totally different prerequisites that would strain my damaged brain to learn or relearn. Given prior work and where tech is at, I’m leaning most toward a combo of BFA with a C variant done more like live coding, maybe embedded in something like Racket. One could rapidly iterate on code that extracted to C with about every method and tool available thrown at it for safety/security checks.

                  So, it’s a mix of indecision and my work/life leaving me feeling exhausted all the time. Writing up stuff on HN, Lobsters, etc about what’s still clear in my memory is easy and rejuvenating in comparison. I also see people use it on occasion with some set to maybe make waves. People also send me emails or private messages in gratitude. So, probably not doing what I need to be doing but folks were benefiting from me sharing pieces of my research results. So, there it is all laid out for you. A person outside security industry going Ramanujan on INFOSEC and programming looking for its UFT of getting shit done fast, correct, and secure (“have it all!”) while having day job(s) about meeting, understanding, and influencing people for protecting or improving democracy. Plus, just the life experiences of all that. It was fun while it lasted. Occasionally so now but more rare.

                  1. 3

                    Thank you for sharing your story! It provides a lot of useful context for understanding your perspective in your comments.

                    Putting my troll hat on for a second, what you’ve written would also make a great cover story if you were a human/AI hybrid. Just saying. :)

                    1.  

                      Sure. Im strange and seemingly contradictory enough that I expect confusion or skepticism. It makes sense for people to wonder. Im glad you asked since I needed to do a thorough writeup on it to link to vs scattered comments on many sites.

                  2. 1

                    I have to admit similar misgivings (unsurprisingly, I came here via @apg and know @apg IRL). For someone so prolific and opinionated you have very little presence beyond commenting on the internet. To me, that feels suspicious, but who knows. I’m actually kind of hoping you’re some epic AI model and we’re the test subjects.

              1. 34

                please don’t. When learning you make a lot of mistakes. And writing a tutorial with this mistakes doesn’t help other learners when they read this.

                1. 12

                  And even if you don’t make mistakes, most people will misunderstand their own process and come up with unhelpful things like monad tutorials: https://byorgey.wordpress.com/2009/01/12/abstraction-intuition-and-the-monad-tutorial-fallacy/

                  But now Joe goes and writes a monad tutorial called “Monads are Burritos,” under the well-intentioned but mistaken assumption that if other people read his magical insight, learning about monads will be a snap for them.

                  1. 7

                    Came here to say something similar to this.

                    Learn new technology through writing a tutorial about it, but don’t publish it.

                    There’s so much misinformation by well-intentioned learners.

                    I’m not trying to diminish the importance of journaling either! Journaling != Tutorials.

                    1. 7

                      Publishing your tutorial gives it an audience, which means someone may (hopefully!) come along and correct you on your errors. This is invaluable.

                      I also disagree with this negativity. Make it clear at the top of your tutorial that you’re a beginner and you may not have it all right. But with that caveat, publish away.

                      1. 3

                        I think we’re discussing the same thing but disagreeing on the semantics of it.

                        • Belief #1: Sharing how you learned something can be a valuable tool to someone else.
                        • Belief #2: Tutorials can seem like they’re from a source of authority, so a lack of a disclaimer could be hazardous.
                        • Belief #3: Imposter syndrome is real. We need to mitigate misinformation, but not at the expense of people being afraid to share.
                        1. 1

                          Publishing your tutorial gives it an audience, which means someone may (hopefully!) come along and correct you on your errors. This is invaluable.

                          Absolutely invaluable, but at the very same time, the exposure spreads the misinformation to more readers, potentially doing more harm than good. I don’t think a disclaimer is enough. I think the word “tutorial” implies some authority, unfortunately.

                          I think a better way is to humbly share a report of your findings so far, with questions and an (as appropriate) admission that you don’t understand everything. Julia Evans is masterful at this style.

                          As a reader new to the topic, you get the benefit of an explanation of what she currently understands (which is often from a beginner’s mind), and usually some questions to seek answers to on your own. As an expert of the topic, you are invited to share more, or clarify, or correct (and this happens a lot on twitter, and/or HN, etc). But you’re doing so from a place of empathy (you want to be helpful) instead of from a place of disgust (ugh! why is this tutorial so bad!).

                    1. -5

                      It is only a disaster if your business relies on making use of other people work, in which they own the copyright.

                      Not everybody can afford to create stuff and give it away for free, and there are plenty of people who want to earn money from there creative work.

                      Those who have made a living from steeling other peoples’ material are up in arms that their free lunch not going to be free anymore.

                      1. 17

                        Or you run any kind of site where users can input anything that another visitor can see. Not just video and file sharing sites; Lobsters users could paste copyrighted content into a comment/PM and I’d be liable for not having a system implementing some kind of copyright controls.

                        (To say nothing of Article 11 wanting us to start paying the news sites we link to for privilege of sending them traffic.)

                        1. -2

                          If somebody posted something here that I owned the copyright to, and I asked Lobsters admin to remove the material, then I imagine they would. If somebody kept posting this material they could be banned.

                          Or are you saying that the Lobsters’ site should be a place where anybody can post copyright material, without any recourse by the copyright holder?

                          1. 13

                            The new law changes this standard safe harbor behavior. Lobsters (me) is presumptively at fault for copyright infringement for not proactively checking for possibly-copyrighted material before posting. So yes, your scenario is the current, reasonable law and accurately describes why everyone is concerned about this change.

                            1. -2

                              Lots of FUD being generated by those who will lose out. Copyright holders not making much noise about the fact they will probably make some money (or rather lose less).

                              Some good points about what is going on.

                            2. 4

                              The law isn’t about that, though. The new law doesn’t say admins must take-down on request (that’s already the case under existing law) but rather that they must have an AI system that prevents any infringing uploads from happening in the first place.

                              The link tax is a much bigger problem, especially lobsters, but both articles are very bad.

                              1. 1

                                AI system that prevents any infringing uploads from happening in the first place.

                                How is that any different from what @pushcx said? As the owner/operator of lobste.rs he would have to abide by this law and produce, or buy access to some sort of copyrighted work database in order to test for it for all content that is created on lobsters.

                                That’s not going to make it easy for startups. That’s not going to make it easy for privately owned, independent side projects. That’s just going to hurt.

                                1. 2

                                  ALSO, you’d better not quote any part of my message if you reply, because I could, apparently, legitimately sue lobsters for not enforcing my copyright. e.g. there’s no such thing as fair use anymore.

                                  (yes, that’s a stretch, but that seems to be the basic threat)

                                  1. 1

                                    I replied before @pushcx and yes, it seems we agree on how bad it is :)

                                    1. 2

                                      Blargh! I am sorry. I misread the thread and thought you were replying to pushcx.

                            3. 6

                              Or lobster gets a fine when you submit a link to any European news sites.

                              1. 1

                                What’s worse is that people will devise a way to signal what content is linkable and what only with license. This will limit quality news dissemination and strengthen fake news position. This will help to kill EU. Sad, right?

                              2. 1

                                most probably that lobster will be not able to post most of the links

                              1. 6

                                I don’t understand why OP didn’t actually progress from the “evaluating Rust based on online documentation” stage to the “trying to implement a solution in Rust” stage. The exact issue being looked at, responding to certain OS signals, is entirely trivial due to this crate, which came up with a simple DDG search.

                                If the language has the problem that people are fighting with the language in order to become productive with it, perhaps something is wrong with the language, and not the programmers?

                                This misses the point. Rust is opinionated about how code should handle sharing access to data, and about when data should be shared rather than copied. It has been observed that people often take time to adjust to this, which is noted in the docs. I don’t see why that’s an issue.

                                1. 9

                                  I don’t understand why OP didn’t actually progress from the “evaluating Rust based on online documentation” stage to the “trying to implement a solution in Rust” stage.

                                  Author provided a solution in Rust…did you not read the whole article?

                                  1. 3

                                    He did a somewhat superficial research on what libraries or crates could be used though.

                                    It is the same with ocaml/reason actually: he complains about the lack of a build system but the vast majority of packages are now using dune/jbuilder that is trivial to learn and use, well documented and extremely powerful, and he does not even mention it. He picks Containers as standard library replacement but it seems unclear to me if he has even evaluated base or core for example (even if I like containers myself). He also mention the introduction of multicore as something present even though it is nit yet part of the runtime yet

                                    1. 7

                                      somewhat superficial research

                                      I think that’s pretty realistic for almost anyone in the same situation though. If I’m trying to decide between 3 or 4 different languages for a task that needed to be done yesterday, how much time do I really have to learn all the nuances of the ecosystem?

                                      So, yeah, complain that he didn’t know about X, or didn’t know about Y… But, really, if you are a member of the Z community for which X and Y is relevant, instead of complaining that people missed this well known tool, help make sure that a newcomer’s first introduction to Z informs them of X and Y. That’d be super helpful.

                                      1. 1

                                        I agree with you, but I think the three communities mentioned above are doing the best to make sure that this is the case.

                                        And about the reason/ocaml stuff, what I mention appears in most reason tutorials, almost every package and any recent blog or forum thread, and there are dozen of discussions on the current lack of multicore, so I still believe the research was superficial.

                                        This said, I wasn’t claiming that the post is bad per se, I have found it quite interesting and I agree that the current situation is not bad but still suboptimal. I was actually pleasantly surprised to see that he dod actually implement some quite non trivial example code in all those, and even contributed to pony!

                                        EDIT: updated twice to try and clarify my complaints

                                    2. 2

                                      Your question confused me for quite a while, as I was unable to find this Rust solution in the article, despite multiple reloads. The page looks like this to me: https://leotindall.com/static/noRustVersion.png

                                      Eventually, I looked at it on my mobile phone where, mysteriously, there is a code snippet. I was baffled until I realized that, indeed, the only difference between my mobile device and my laptop is… I have JavaScript disabled in my browser on my laptop.

                                      So, my apologies to OP on this one. I was unfair. On the other hand, this serves as a great cautionary tale: make sure your site works without JavaScript.

                                      1. 2

                                        make sure your site works without JavaScript.

                                        Why draw the line at Javascript?

                                        1. 1

                                          Not him, so I can only answer for myself.

                                          JavaScript is turing complete, so it can do everything and can communicate results outside my control, so I want the ability to stop that.

                                          CSS is also turing complete, but AFAIK it can’t communicate outside without JavaScript, and unlike JavaScript it’s really hard to make it do something crazy like mine bitcoin (which with JavaScript is very easy to do).

                                          1. 7

                                            Now I want to write a Bitcoin miner in pure-CSS.

                                            CSS is also turing complete, but AFAIK it can’t communicate outside without JavaScript

                                            Enter: CSS Exfil and friends.

                                            1. 1

                                              Good lord.

                                          2. 1

                                            You’re right, I should revise that statement: make sure your site works without requiring me to allow you to execute arbitrary code just to read an article you wrote.

                                            To be clear, there is an obvious tradeoff here: syntax highlight on the server side is annoying. My blog solves this by having an acceptable no-JS fallback that is less pretty but is not missing content.

                                          3. 1

                                            That sure would be confusing! It looks like the author embedded a gist, rather than using Medium’s code tool. I assume you can embed code in Medium without JavaScript….

                                      1. 8

                                        All of the times I’ve upgraded my personal computer in the last two decades have been because my web browser, of all things, got slow to the point of annoyance. Didn’t need better graphics, a bigger disk, or more RAM for VMs at all. Just faster browsing.

                                        I don’t know how much I trust this “cloc” tool, though. I’ve used it a few times and found it to sometimes wildly inaccurate. (I mean, even considering what a generally useless metric “lines of code” is anyway.) For example, I’m going to be quite surprised if either Chrome or Firefox have any Visual Basic, C Shell, Tcl/Tk, or Pascal in them.

                                        Or, if they do, it would be more interesting to know what those files are for.

                                        1. 3

                                          My guess is that the dependencies are bundled in the repo, and they have all the other stuff that seems out of place.

                                          1. 1

                                            Also cloc just guesses based on file extension. I have a project I check with it which has a bunch of intermediate .d clang build files, and if I don’t clean those out first it thinks I’m writing loads of D. But otherwise in terms of actual counting and speed cloc seems pretty good fir me anyway.

                                        1. 0

                                          Don’t treat them like a status meeting. They are meant to be a mini sprint planner. They are for replanning the sprint daily. See “Daily Scrum” in http://www.scrumbook.org/

                                          1. 1

                                            How do you “replan the sprint” without understanding the status of open tasks?

                                            Basically, your current status is the input to replanning—are you done with that task that was planned to take 3 days after only 1 day? Better pull something else into the sprint!

                                            1. 0

                                              You are correct that status is important for planning. I agree and didn’t say status isn’t involved, or isn’t important, just pointing out it isn’t the goal of the meeting. As I said, they are not status meetings but planning meetings.

                                          1. 36

                                            Then again, I’ve rarely seen anyone use their editor of choice well. I’ve lost count of how many times I’ve watched someone open a file in vim, realise it’s not the one they want, close vim, open another file, close it again… aaarrrgh.

                                            I do this a lot, because I prefer browsing files in the shell. I make pretty extensive use of a lot of other vim features though. When did you become the arbiter of how “well” I’m using my computer?

                                            1. 3

                                              Closing vim seems odd to me. Why wouldn’t one instead open the new file without closing vim? Maybe it’s a cultural thing? I don’t think anyone would do that in Emacs.

                                              1. 26

                                                “Why would I ever leave my editor” definitely feels like a common refrain from the Emacs crowd.

                                                1. 1

                                                  I do the thing you quoted as well, but that is because vim is often my editor of convenience on a machine rather than my editor of choice, which is true for many usages I see of vim.

                                                2. 21

                                                  Because the shell lets me change directories, list files with globs, run find, has better tab-completion (bash, anyway), etc, etc. I might not remember the exact name of the file, etc. Finding files in the shell is something I do all day, so I’m fast at it. Best tool for the job and all that.

                                                  (Yes I can do all that with ! in vi/vim/whatever, but there’s a cognitive burden since that’s not how I “normally” run those commands. Rather than do it, mess it up because I forgot ! in front or whatever, do it again, etc, I can just do it how I know it’ll work the first time.)

                                                  1. 6

                                                    This is exactly why I struggle with editors like Emacs. My workflow is definitely oriented around the shell. The editor is just another tool among many. I want to use it just like I use all my other tools. I can’t get on with the Emacs workflow, where the editor is some special place that stays open. I open and close my editor many, many times every day. To my mind, keeping your editor open is the strange thing!

                                                    1. 3

                                                      It’s rather simple actually: the relationship between the editor and the shell is turned on it’s head – from within the editor you open a shell (eg. eshell, ansi-term, shell, …) and use it for as long as you need it, just like a one would use vi from a shell. Ninja-slices.

                                                      You can compare this as someone who claims to log out of their x session every time they close a terminal or a shell in a multiplexer. Would seem wierd too.

                                                      1. 3

                                                        I know you can launch a shell from within your editor. I just never really understood why you would want to do that.

                                                        Obviously some people do like to do that. My point is just that different ways of using a computer make intuitive sense to different people. I don’t think you can justify calling one way wrong just because it seems odd to you.

                                                        1. 6

                                                          I know you can launch a shell from within your editor. I just never really understood why you would want to do that.

                                                          I do it because it allows me to use my editor’s features to:

                                                          a) edit commands b) manipulate the output of commands in another buffer (and/or use shell pipelines to prep the output buffer) c) not have to context switch to a different window, shutdown the editor, suspend the editor, or otherwise change how I interact with the currently focused window.

                                                          1. 1

                                                            That makes a lot of sense. I guess I have been misleading in using the word “shell” when I should really have said “terminal emulator”. I often fire off shell commands from within my editor, for just the same reasons as you, but I don’t run an interactive shell. I like M-! but I don’t like eshell, does that make sense?

                                                            Having pondered this all a bit more, I think it comes down to what you consider to be a place. I’m pretty certain I read about places versus tools here on lobsters but I can’t find it now. These are probably tendencies rather than absolutes, but I think there are at least a couple of different ways of thinking about interaction with a computer. Some people think of applications as places: you start up a number of applications, they persist for the length of your computing session, and you switch between them for different tasks (maybe a text editor, a web browser and an e-mail client, or something). Alternatively, applications are just tools that you pick up and drop as you need them. For me, a terminal, i.e. an interactive shell session, is a place. It is the only long-lived application on my desktop, everything else is ephemeral: I start it to accomplish some task then immediately kill it.

                                                      2. 3

                                                        It’s really simple in emacs. Just Ctrl-z and run fg when you are ready to go back.

                                                  1. 1

                                                    Does anyone know what their release names are about? I’m really hoping this isn’t some sick joke where version 3.0.0 will be ISO 8859, because that’ll bring Devuan ISO 10646 (aka UNICODE) 4.0.0.. and where do you go from there? You can’t exactly go back to EBCIDIC

                                                    1. 1

                                                      It’s been explained here in this thread on LWN, as well as on the Devuan website, and basically it’s related to planet names.

                                                      That being said, I understand that they will be having a few more options to choose their name from than Debian and the rather limited set of Toy Story characters, but the idea is wierd… “ASCII” is is cool name, but since the last one was called “jessie” (just like the corresponding debian release), but the next one will be “Beowulf”, it appears inconsistent, even setting aside Jessie: First a character code name and then a epic peom?

                                                      But nevertheless, I find Devuan a very interesting Distro, and am quite tempted to try it out, and replace my current void setup, since it has been having a few issues related to Haskell and TeX… Has anyone been using Devuan and can say more about the experience? Is it comparable to Debian?

                                                      1. 1

                                                        Thanks for the serious response to counteract my lame attempt at an EBCIDIC joke. ;)

                                                        But nevertheless, I find Devuan a very interesting Distro, and am quite tempted to try it out, and replace my current void setup, since it has been having a few issues related to Haskell and TeX… Has anyone been using Devuan and can say more about the experience? Is it comparable to Debian?

                                                        I installed a very early version, when it was Debian without systemd. It was fine. They seem to provide some upgrade path from Debian 9 now:

                                                        Now Devuan ASCII offers an upgrade from Devuan Jessie as well as a transition from Debian 9 (Stretch) that avoids unnecessary entanglements and ensures Init Freedom.

                                                        and as a result, I can’t imagine they’ve changed much from their initial intention of being Debian, but without systemd. And, I’m not sure it’d make sense for them to try… Being able to reuse/repackage debs from ubuntu / debian that don’t have systemd taint would be hugely helpful.

                                                    1. 5

                                                      What I don’t really understand is how Andrew has a comfortable standard of living in NYC on $600 per/month.

                                                      https://www.patreon.com/andrewrk/overview

                                                      I’m guessing that there must be another source of Zig donations aside from Patreon?

                                                      1. 7

                                                        Savings?

                                                        1. 2

                                                          Oh woops, I misread the first paragraph, I thought it stated that Zig was supporting him entirely, when it’s actually about his programming supporting him.

                                                          1. 3

                                                            Note that this isn’t his first attempt at doing this. But the project he was working on before Genesis didn’t find the same traction as Zig has. BUT, if I recall correctly, he also didn’t live in NYC the last time… Anyway, he’s got experience with living frugally, so I’m sure he knows what he’s doing here.

                                                            1. 2

                                                              he extrapolated the donations growth versus his savings.

                                                          2. 2

                                                            What I don’t understand is if you are not working in NYC anymore, and only working on your own and getting donation, why doesn’t he move to anywhere but NYC to minimise his personal expense?

                                                            I’m sure there are cities in the US with 80% the fun of NYC at lower than 80% of the cost.

                                                            1. 17

                                                              I work remote, and there are places I could move that are < 20% of the cost.

                                                              My friends aren’t going to move with me, and I have enough money to live where I am. Why be wealthy and lonely?

                                                              1. -10

                                                                Didn’t know your city is the only source of friends in the world. That must be good for the economy.

                                                                1. 32

                                                                  I know that this is very hard for some people to believe (seems to be harder the more western the society is), but some people don’t consider their friends a replaceable commodity. Not that I don’t want to make new friends, but these are my friends right now and I am more loyal to them than I am to a meaningless job or to money.

                                                                  1. 4

                                                                    Maybe because your partner has a job he/she really enjoys in this city? I mean, we’re lucky in our field to have a lot of different possibilities, in remote or not, mostly well paid. Let’s not forget that it’s a chance and not something everybody has.

                                                                2. 2

                                                                  The usual reason is the significant other.

                                                                  1. 1

                                                                    There’s a shit-ton of them. Even Memphis TN that’s close to me with all its problems is low cost of living with all kinds of fun stuff to do. Just don’t live in or shop around the hood. Solves most of problems if you don’t have kids going to school or college.

                                                                    There’s plenty of cities in the US that similarly have low cost of living with plenty going on. One can also live in areas 30-40 min from cities to substantially reduce their rent. The fun stuff still isn’t that far away. The slight inconvenience just knocks quite a bit off the price.

                                                                    1. 4

                                                                      I don’t remember the details, and I can’t find the link, but a few years ago someone did some research here in Berlin where they compared the cost of rent in more-or-less the city proper, and the cost of rent + public transportation tickets when you lived in the outskirts. It ended up being not much of a difference.

                                                                      1. 2

                                                                        Well, if you don’t workin in the city and need to commute then you spend even less. Though OTOH, you get tax returns for commutes in Germany so probably the commute is not that expensive to begin with.

                                                                        1. 2

                                                                          Berlin is currently the city with the highest increase in rent world-wide and a few years ago, it was unusually low.

                                                                          Also, Berlin is hard to compare in many aspects, possibly because of a very unique city history.

                                                                  1. 0

                                                                    Talk about over complicating things. There are plenty of ways to make money from software - just ask Oracle, Microsoft, Amazon, Facebook, Twitter, Google, Docker, Red Hat, etc.

                                                                    Honestly, the self martyrdom of some FOSS developers is difficult to understand.

                                                                    1. 3

                                                                      Software that is being created to be sold, yes. Software that is being created to further society in a way that is beneficial for all, e.g., free software, no. Even the super important projects like OpenSSL aren’t well funded… Everyone makes a lot of assumptions about software—“oh they do this at work, for their jobs”—but my guess is that is the case for only a small handful of the most popular projects, and the rest are doing the work, gratis.

                                                                      1. 1

                                                                        Every single one is VC-backed. Your “plenty of ways” boils down to one way.

                                                                        1. 1

                                                                          I agree with the premise but it’s been a while since MS raised VC, right?

                                                                          1. 1

                                                                            The ones I listed were VC backed, but that’s only because I purposely chose over the top examples where the founders became billionaires. (And also RedHat ;-)

                                                                            But there are tons of smaller companies who aren’t backed by VCs, whose founders and employees make a decent living creating software. Things like Pixelmator, Reaper, Quicken, etc.

                                                                            1. 2

                                                                              whose founders and employees make a decent living creating software. Things like Pixelmator, Reaper, Quicken, etc.

                                                                              None of those examples are open source… No one is making a claim that you can’t successfully sell software…

                                                                              1. 1

                                                                                The concepts of “open source” and selling software for money are orthogonal. The linked article is about a scheme for people who have chosen to give away their software to try making money from it. My point is that they already made that choice when they decided to give it away to everybody for free.

                                                                                I think there’s some short sighted-ness in software developers around FOSS. To use your OpenSSL example, if it’s a “super important project” (which is just an opinion), then it’s important for the project to organize itself in such a way that it’s sustainable, and that means providing for the developers so that they can keep developing it.

                                                                                1. 1

                                                                                  To use your OpenSSL example, if it’s a “super important project” (which is just an opinion)

                                                                                  I’m basing it’s “super important project” status on the fact that it has 100s of millions of users (or more) given it is linked in popular browsers, and popular web servers. You’re likely interacting with OpenSSL as you load Lobste.rs. So, yeah, it’s “super important.” There are viable alternatives, now, but that wasn’t really the case until recently, and the amount of effort for the 2 developers to keep it up, in their free time, for the benefit of society, has caused issues in the past. See also GPG’s fund raising efforts, and countless others.

                                                                                  for people who have chosen to give away their software to try making money from it.

                                                                                  No. It’s absolutely not about that. It’s about recognizing that free / open source developers aren’t peons to be trampled on, but, instead, valuable members of our global economy. The chances of this model, or any other model, being sustainable for all contributors is next to nil. Please keep that in mind. Even the most successful of projects that use a foundation model can’t pay their contributors living wages. But, if the original authors choose a different model (than open source) for release, it’d have been very, very, very difficult to make it.

                                                                                  As you’ve stated now, multiple times, if you want to make money off of your software, you have many avenues to do so. And, look at @mperham, nginx, puppet, and all the other businesses that have successfully created sustainable businesses from roots in open source. It’s possible, but this avenue isn’t right for every project, nor is it right for every situation. I’m not going to give up my cushy corporate job to struggle to survive on and build a business based on a piece of software I found useful to me. I’d be happy to let others do that if they desire, and I indicate that with the licensing I choose to use.

                                                                                  1. 1

                                                                                    I’m basing it’s “super important project” status on the fact that it has 100s of millions of users (or more) given it is linked in popular browsers, and popular web servers. You’re likely interacting with OpenSSL as you load Lobste.rs. So, yeah, it’s “super important.” There are viable alternatives, now, but that wasn’t really the case until recently, and the amount of effort for the 2 developers to keep it up, in their free time, for the benefit of society, has caused issues in the past. See also GPG’s fund raising efforts, and countless others.

                                                                                    At the same time, 100s of millions of people are using iOS, Windows, and OSX, so by that criteria they are also “super important”, yet none of them are available for free. Price and size of user base aren’t really criteria for determining importance.

                                                                                    I’m just pointing out that society in general isn’t going to have much sympathy for people who’ve voluntarily given away all of their work.

                                                                                    1. 1

                                                                                      Price and size of user base aren’t really criteria for determining importance.

                                                                                      Just what do you think the word important means, then?

                                                                                      iOS, Windows, and OSX

                                                                                      This logic… is so weird. Yes, they are super important, too. They contribute 100s of millions of dollars in revenue every year to Microsoft and Apple. Do you agree that Microsoft and Apple save millions of dollars a year by not hiring developers to develop proprietary replacements for the libraries and programs they bundle in their distributions? And, at the same time, reap tremendous additional benefits from doing so, by virtue of remaining compatible with other software systems that said, users of those systems want compatibility with?

                                                                                      This post outlines one possible way for them to say thanks. Making a contribution to this type of fund would more than pay for itself in good will and positive PR.

                                                                                      Note: I don’t even know if I agree with the model outlined. Though, I do agree that some monetary compensation to folks contributing to liberally licensed software is healthy for the ecosystem, human/labor rights generally, and the economy

                                                                                2. 1

                                                                                  The linked article is about a scheme for letting people who have chosen not sell the software they write can try to make money off of it. My point is that they already made that choice when they decided to give it away to everybody for free.

                                                                                  I think there’s some short sighted-ness in the software world around FOSS. If OpenSSL is a “super important project” then it’s important for the project to organize itself in such a way that it’s sustainable to develop it. Forcing the developers to work on other things for their day jobs, or having them beg for money isn’t sustainable, and it really isn’t necessary - it’s a choice they’ve made.

                                                                          1. 11

                                                                            I feel like we’re missing a central piece of the discussion here–the creation of, and maintenance of mailing lists. The post touches on it, but it’s a hassle to host your own email. The community, as a whole, would benefit from some innovation in mailing list hosting and interactions. I’ve not seen anyone even enter this space since Librelist… close to 10 years ago at this point. And, Librelist seems to be rotting…

                                                                            1. 1

                                                                              Man, I don’t think I’ve setup a Mailman instance for a project since like 2012.

                                                                            1. 6

                                                                              BSDCan!

                                                                              1. 2

                                                                                I was on my way to BSDCant, but it turns out they’ve cancelled it. There’s nothing BSD Can’t do!

                                                                                Enjoy!

                                                                                PS: (I made this joke on Mastodon as well, with similar groans for responses).

                                                                              1. 8

                                                                                I would be very interested to see how this compares with say Carp. I’m not knowledgeable in this space though so it might be universes apart.

                                                                                1. 3

                                                                                  Despite having posted this myself, I’m interested in such a comparison, too. Though, I hadn’t heard of Carp until today. (That’s the right link, right? The author recommends RabbitVM instead.)

                                                                                  So, I’d like to see a comparison to PicoLisp.

                                                                                  1. 7
                                                                                    1. 5

                                                                                      PicoLisp has a single data type internally, and as a result doesn’t do anything fancy in terms of garbage collection (there’s no real avenue for heap fragmentation). As such it’s just a mark-sweep collector.

                                                                                      newlisp does do something more fancy, Automatic Memory Management in newLISP, which is similar in nature to what Interim does, and what Rust does as well, albeit in a completely different way.

                                                                                      newLISP follows a one reference only (ORO) rule. Every memory object not referenced by a symbol is obsolete once newLISP reaches a higher evaluation level during expression evaluation. Objects in newLISP (excluding symbols and contexts) are passed by value copy to other user-defined functions. As a result, each newLISP object only requires one reference.

                                                                                      1. 1

                                                                                        newLISP memory management in practice felt like Tcl to me, and not in a good way. The details are different, but you end up doing similar kluges, where you pass a handle to data that must be manually GC’d if you need to pass large stuff around/mutate data. That’s radically different from what Rust does, both in broad strokes and in the details.

                                                                                        [Edit: accidentally wrote PicoLisp the first time I drafted this comment.]

                                                                                        1. 1

                                                                                          Yes, Rust is undoubtedly better in practice, though far more complicated to learn, and implement (from a compiler standpoint). A couple of hacks here and there and you get “arena-like” allocation properties, and it’s easy to implement? Yeah, seems like a good trade off for small, embeddable languages, to me.

                                                                                      2. 3

                                                                                        Oops! There’s some naming conflict there. I’m the author of the Carp and Rabbit you mentioned, both of which are small learning projects. https://github.com/carp-lang/Carp is probably the Lisp you are looking for.

                                                                                    1. 3

                                                                                      It seems like these “X implemented in Y” and “Z in N bytes” types of posts/articles have become increasing common the past few years. These things can be great learning experiences I suppose, and the “wow” factor can vary. But it makes me wonder if it’s a symptom of something larger, like are people not doing (as much) original stuff now?

                                                                                      1. 5

                                                                                        Also that we take bloat for granted in the tools we use.

                                                                                        1. 4

                                                                                          original stuff now?

                                                                                          It’s interesting. There was certainly a lot of low hanging fruit to discover and invent in the early days of computing. That’s not to say it was easy, but as that low hanging fruit has fallen, the difficulty level has increased to creating something truly original and new. You can peel existing fruit in a new way (which so many people do), and you can combine multiple pieces in new ways, but it’s pretty hard to go beyond the lower branches, and most people don’t have the time, patience, or need to do so.

                                                                                          Keep in mind that PhD programs last years, and yet, very rarely do they surface with research that has a lasting effect on industry, or, it’s so cutting edge that it’s not practical for many years later.

                                                                                          So what’s an average person to do for fun? Well, you can reinvent stuff you already know! Maybe you rewrite it smaller, faster, stripped of “bloat,” or with new features. Maybe you apply the ideas of an existing tool like, say, AWK, to a new data type, say, JSON, and invent jq. Maybe, instead, you make JSON work with the tools you already know by writing an adapter to make it more greppable. All these things are just new peels, or new cuts of the low hanging fruit though.

                                                                                          And maybe, just maybe, you’re just up for a challenge that sounds ridiculous. “Is it even possible?” The average Docker image, even with the nesting (there’s a better term which I can’t think of), is still large. It’s an absurd, but challenging idea, to fit an entire docker image in a tweet (which hasn’t been done, mind you. But holy crap, how cool would that be?). But, if you manage to do it, and even if not, you’ve probably learned a new way to peel existing fruit, and that might be applied to a the construction of a reach extender that gets you closer to the top of the tree.

                                                                                          1. 2

                                                                                            I’d also push back on the idea that such articles aren’t original/novel/innovative. There’s two distinct kinds of novelty here: getting something working that does something new, and packaging things up better so they can be used by everyone rather than just insiders. Both are equally important, and the latter is what it took to turn Roman-era cataphracts into medieval knights.

                                                                                            See also Carlota Perez’s notions of installation and deployment phases for a new technology.

                                                                                            1. 1

                                                                                              I’m not sure if you’re pushing back on me, or the OP that I responded to. I’m completely in favor of these types of experiments as I believe them to be fun, interesting, and useful in the generation of new places to explore.

                                                                                              We may have different ideas of what “new” is though, but that’s OK. :)

                                                                                              1. 3

                                                                                                Yes, the ‘also’ was intended to convey that I thought we were mostly in agreement. What words we choose for the categories is less important.

                                                                                                I responded to you in hopes that both you and @markt would see my comment.

                                                                                                1. 3

                                                                                                  Thanks for the clarification. I thought that might be the case, but whether it’s exhaustion, or something else, I couldn’t tell for sure.

                                                                                                  1. 1

                                                                                                    For my part, I’m often too terse when tapping out comments on my phone.

                                                                                          2. 2

                                                                                            Bit of a counterpoint: I find the “Z in N bytes” stuff to be pretty informative about learning about Z

                                                                                            Loads of these tiny docker experiments have really helped to clarify (at least for me) what Docker is and what it isn’t (not a VM). Some valuable stuff to be learned in there I think.

                                                                                            X implemented in Y is a bit less of this, but it can also be helpful if someone understands Y more than X.

                                                                                          1. 1

                                                                                            I agree, polling is much better. I check my phone every 5 minutes to see if something has happened.

                                                                                            Push notifications are only a symptom.

                                                                                            1. 1

                                                                                              I check my phone every 5 minutes to see if something has happened.

                                                                                              I hope you don’t mean that literally, as if you did, I’d think having the phone do this for you would be a better option?

                                                                                              1. 1

                                                                                                My point is that I get push notifications less frequently than I would feel compelled to “poll” the phone myself. 5 minutes is an exaggeration.

                                                                                            1. 6

                                                                                              The fact that Guix is written in Scheme is a big appeal for me as opposed to Nix’s custom language. I preferred Nix as a way to support a standard environment (it has more packages), but this new feature makes the distribution of fat binaries a lot simpler than the other solutions. Less is more!

                                                                                              1. 1

                                                                                                FWIW, I tried to dissuade Gentoo from using Bash and Nix from creating their own language, both at basically around the 0.0.1 timeframe. I guess I am not terribly persuasive. Guix and Nix should merge. The separation is kinda ridiculous.

                                                                                                1. 3

                                                                                                  Guix and Nix should merge.

                                                                                                  Seems like a great idea until you consider Guix’s commitment to freedom, and as a result blobless experience. Unless NixOS adopted that stance as well, the philosophical incompatibility would doom it. Nix adopting guile is more likely, I’d say, especially since guile did have a lua like front end that might make it a bit easier to slowly migrate everything…

                                                                                                  1. 2

                                                                                                    It is similar to vegetarian and non-vegetarian, one can have a blobless, freedom filled diet and then occasionally should they choose, sprinkle some bin01bits on top.

                                                                                                    1. 1

                                                                                                      I upvoted, but as a vegan, I kind of take offense to vegetarians (in a half hearted way, of course), who only “half” commit. But, I recognize that not everyone does it for the animals (even vegans).

                                                                                                      But, why would you go out of your way to run a completely free system, only to sprinkle some blobbits on it? That completely invalidates the point! That blob, is where the nasty things that disrespect your freedoms are.

                                                                                                      1. 1

                                                                                                        you wouldn’t run it for the freeness, but supposedly guix has some other strengths as well

                                                                                                    2. 1

                                                                                                      I didn’t realize Guix forbade blobs (though I’m not surprised, given its origin). Is there a with-blob version of Guix? I didn’t see one, but that doesn’t necessarily mean no…

                                                                                                      1. 1

                                                                                                        Obviously, you can acquire and install the blobs yourself, and I’m sure there are blog posts around in support of that. But, yeah, it’s like Trisquel, gNewsense, and the others that have similar governance for totally-libre.

                                                                                                        1. 1

                                                                                                          I haven’t used it in a long time, but I thought that you could point Guix at the package store from Nix, similar to how you can point Debian at apt repos from other sources. You would have to be really careful with this; I remember early on getting burned because I asked Nix to install Firefox and it gave me Firefox-with-adobe-flash which was pretty gross.

                                                                                                      2. 3

                                                                                                        Ha! Well, there must be an alternate universe where you managed to convince them ;) I think they do borrow some ideas and even some code (I remember a FOSDEM talk from Ludovic last year mentioning that). Implementation wise, I would suspect Guix has the upper hand, but the restriction to GNU packages is problematic not you need specific packages.

                                                                                                    1. 1

                                                                                                      “but WebAssembly is designed to run safely on remote computers, so it can be securely sandboxed without losing performance.”

                                                                                                      Assuming the hardware works correctly. This assumption is failing more often now. You pretty much have to know what the code is going to do up front to securely run it.

                                                                                                      1. 5

                                                                                                        WebAssembly is the new SWF (Adobe Flash) ?!??!. A, potentially, binary format that we expect to run and do “totally not malicious” things on our computers delivered via our web browser.

                                                                                                        I think it’s certainly the case that WASM has it’s use cases, and this maybe one of them. But, I’m so much more skeptical of it all than I am excited.

                                                                                                        1. 4

                                                                                                          We’re already running untrusted JavaScript. A binary representation of JavaScript would be exactly equally safe. WASM is a binary representation of a language that’s simpler than JS and has the same or fewer capabilities. Whether JS is safe or not can be debated, but WASM isn’t a step down; it’s at worst a lateral move.

                                                                                                          You could argue that it’s harder to inspect WASM (you need to translate it into its textual representation, and then read a language much lower level than JS), but really, reading through minified and obfuscated JS, or JS compiled from C, isn’t exactly easy either.

                                                                                                          1. 1

                                                                                                            I havent looked at it deeply yet. I have no opinion. Highly skeptical by default due to Worse is Better effect in web tech.

                                                                                                            1. 1

                                                                                                              The APIs that come to talk to the environment outside of the waam runtime are going to be the deciding factor here Safely crunching numbers types doesn’t get you very far.

                                                                                                              1. 1

                                                                                                                Periodic reminder: The Flash plugin was also supposed to be a set of safe APIs.

                                                                                                                1. 1

                                                                                                                  Sure. I’m not arguing for or against WASM. I’m just saying that current wasm doesn’t have any of those APIs at all.

                                                                                                                  1. 1

                                                                                                                    That’s fair.

                                                                                                            1. 7

                                                                                                              So as far as I see, this isn’t necessarily a bug with PGP “itself”, when used for signing git commits or used in combination with pass, but rather when sending encrypted emails. Or am I wrong?

                                                                                                              1. 2

                                                                                                                The first exploit, is definitely not PGP’s fault.

                                                                                                                Unfortunately because I don’t know S/MIME, I can’t comment. But it seems like there is some inherent problem with the second attack affecting both it and PGP.

                                                                                                                1. 2

                                                                                                                  CBC and CFB encryption modes use the previous blocks when encrypting new blocks. There are some weaknesses, and of course OpenPGP and S/MIME use them. That seems to be part of the problem. The other part is that stitching together multipart messages is something that email clients have no problem with doing, so shit HTML, can result in a query string that exfiltrates the content of the decrypted parts.

                                                                                                                  1. 2

                                                                                                                    OpenPGP mitigates those weaknesses with authenticated encryption (MDC). So it’s still only a problem if a broken MUA ignores decryption errors from gpg (or if the email in question is using a very old cipher. so, the attack may work if you auto-load remote content on encrypted emails from before 2000)

                                                                                                                    1. 1

                                                                                                                      OpenPGP mitigates those weaknesses with authenticated encryption (MDC). So it’s still only a problem if a broken MUA ignores decryption errors from gpg (or if the email in question is using a very old cipher. so, the attack may work if you auto-load remote content on encrypted emails from before 2000)

                                                                                                              1. 26

                                                                                                                The circular shape of the letters hints at the eyes of the Go gopher

                                                                                                                They’re really stretching with that line. Two circles could be a lot of things and the first things that come to mind don’t have anything to do with the Go gopher. I don’t like this. It’s generic corporate, and I’ll miss the ode to Plan 9.

                                                                                                                1. 29

                                                                                                                  they needed an excuse to update the website and make it not work without javascript.

                                                                                                                  1. 16

                                                                                                                    i kind of respect the cynicism that went into this reply

                                                                                                                    1. 2

                                                                                                                      But, they didn’t update the website. The branding is entirely absent from the website. It’s boggling.

                                                                                                                      1. 3

                                                                                                                        oh, they will

                                                                                                                        1. 1

                                                                                                                          Over two weeks later and still no redesign of the website.

                                                                                                                    2. 15

                                                                                                                      It’s generic corporate

                                                                                                                      but… Go doesnt have generics! \s

                                                                                                                      Maybe it just supports the corporate interface.

                                                                                                                      1. 1

                                                                                                                        It’s generic corporate

                                                                                                                        Actually, it makes sense.

                                                                                                                        I’ll miss the ode to Plan 9

                                                                                                                        IMHO, Plan 9 had the technical potential to disrupt the centralized web. Years before it became a problem.
                                                                                                                        Now it’s a niche OS, developed by weird hackers that don’t buy mainstream buzzwords.

                                                                                                                        So, from certain points of view, Plan 9 is dangerous.
                                                                                                                        Something that any good programming minion should forget…

                                                                                                                        1. 4

                                                                                                                          Wait, does the COC rotate every time you click it? If so, are they being serious? The COCs generally looked really laudable, but now I can’t tell if they’re just posting them ironically.

                                                                                                                          1. 1

                                                                                                                            Wait, does the COC rotate every time you click it?

                                                                                                                            Yes.

                                                                                                                            If so, are they being serious?

                                                                                                                            Yes.

                                                                                                                            The COCs generally looked really laudable, but now I can’t tell if they’re just posting them ironically.

                                                                                                                            As my doctor say, irony is the worst side effect of intelligence.
                                                                                                                            A pretty serious side effect, that most people cannot tollerate.

                                                                                                                            (but since my doctor is my wife, she could be ironic about that… :-D)