1. 5

    This is a fine article, but I thought this one was more straight to the point.

    1. 18

      And.. one can upgrade from 6.5 using sysupgrade

      1. 4

        Sooooo nice!

        1. 2

          I still haven’t upgraded from 6.3 because the entire opensmtpd configuration language changed quite a bit. Maybe with 6.6 I can find some better tutorials out there, but I still need to build out a full test environment for it. E-mail is not something I want to fuck up :-P

          1. 3

            Yeah I had a lot of problems with that. Took me awhile to get back to a working configuration and I made a few mistakes! As my configuration is pretty simple I probably would have been better just starting from scratch and reading the manpage without any prior assumptions than trying to adapt what I had.

              1. 1

                Wow .. that’s .. long .. gotta skip way down to the code.

                I mean .. I’d rather just have a tutorial that tells me how to convert my old config to the new config. Like here’s the ansible template for my old one:

                https://github.com/sumdog/bee2/blob/master/ansible/roles/openbsd-email/templates/smtpd.conf.j2

                I don’t think the old one had filter implemented yet. pki and action look mostly the same, but the accept have been replaced by action. I’ve read through the official doc before and got confused and couldn’t find a straight upgrade guide. I’ll probably write one myself whenever I get around to it.

                1. 1

                  You can contact the author on twitter, maybe he knows of such a resource. https://twitter.com/PoolpOrg

          1. 3

            Maybe there’s more details not included in this article but it seems like the bigger problem is numerical instability in whatever algorithms they are dealing with, not the unpredictability of sort.

            1. 6

              From the paper:

              In the end, the inconsistency was traced to differences in the default file-sorting algorithm in Python across platforms, as shown in Figure 2, and the fact that, as written, the script “nmr-data_compilation” assumes that the frequency and NMR files are sorted in the same order.

              So it doesn’t have anything to do with numerical instability.

              1. 1

                That makes a lot more sense.

              2. 2

                bigger problem is numerical instability in whatever algorithms they are dealing with, not the unpredictability of sort.

                The rules of glob are well defined by POSIX. However, it’s likely the case that since Python runs on non-POSIX systems, it implements its own version entirely, leading to a mismatch in expectations, and therefore a problem. (Though, I don’t recall if glob specifies the order, or just the special characters and how they match.)

                So, given that chemists aren’t known for the most elegant of programs, and he mentions “When I wrote the scripts 6 years ago, the OS was able to handle the sorting,” (i.e. he doesn’t fully understand the underlying implementation, but expects a certain behavior – not an uncommon thing from even experienced, professional programmers, mind you) my guess is that there’s something more sinister going on like:

                part1 = process1(files[0:2]) 
                part2 = process2(files[2:7])
                part3 = process(3(files[7:])
                result = part1 - (part2 / part3)
                

                Regardless of the actual root cause, the fact that 150-160 studies were cargo culted based on the original research is the real story here.

                1. 4

                  From the glob specification:

                  The pathnames are in sort order as defined by the current setting of the LC_COLLATE category, see the XBD specification, LC_COLLATE.

                  If I understand correctly, two computers running the same OS can sort in different ways and still be POSIX compliant.

                  (That might be out of date)

                  1. 4

                    my guess is that there’s something more sinister going on like

                    You don’t have to guess. The code for both is available in the “supplementary materials” zip files for the original Nature paper and the recent paper:

                    The script reads all the *.out files into one big list, which was previously not explicitly sorted:

                    # https://gist.github.com/sjl/a675c449a5452cb96a9fd8ce49741888#file-foo-py-L362-L370
                    def read_gaussian_outputfiles():
                        list_of_files = []
                        for file in glob.glob('*.out'):
                            list_of_files.append(file)
                        if (len(list_of_files) == 0):
                           for file in glob.glob('*.log'):
                               list_of_files.append(file)
                        list_of_files.sort()
                        return list_of_files
                    

                    The data for each molecule is contained in two separate files: nmr-….out and freq-….out. So then the script splits the big list of files into two separate lists of nmr and freq files by iterating over the list and skipping files that don’t contain a particular word:

                    # https://gist.github.com/sjl/a675c449a5452cb96a9fd8ce49741888#file-foo-py-L346-L360
                    
                    def read_gaussian_nmr_outfiles(list_of_files):
                        list_of_nmr_outfiles = []
                        for file in list_of_files:
                            if file.find('nmr-') !=-1:
                                list_of_nmr_outfiles.append([file,int(get_conf_number(file)),open(file,"r").readlines()])
                    
                        return list_of_nmr_outfiles
                    
                    def read_gaussian_freq_outfiles(list_of_files):
                        list_of_freq_outfiles = []
                        for file in list_of_files:
                            if file.find('freq-') !=-1:
                                list_of_freq_outfiles.append([file,int(get_conf_number(file)),open(file,"r").readlines()])
                    
                        return list_of_freq_outfiles
                    

                    These two lists are processed individually for a while and then are passed to get_chemical_shifts, which iterates through the nmr list and retrieves the corresponding freq entry by indexing into the freq list (comments mine):

                    # https://gist.github.com/sjl/a675c449a5452cb96a9fd8ce49741888#file-foo-py-L285-L301
                    
                    def get_chemical_shifts(lofc_nmr, lofe):
                        ATOM_NUMBER = 0; ATOM_SYMBOL = 1; ISOTROPIC_VALUE = 4
                        counter = 0
                        #           ITERATING THROUGH FIRST LIST
                        for file in lofc_nmr:
                            proton_chemicalshift_table = []
                            carbon_chemicalshift_table = []
                            for line in file[2]:
                                if "Isotropic" in line:
                                    linesplit = line.split()
                                    if linesplit[ATOM_SYMBOL] == "C":
                                        carbon_chemicalshift_table.append([linesplit[ATOM_NUMBER],linesplit[ISOTROPIC_VALUE]])
                                    if linesplit[ATOM_SYMBOL] == "H":
                                        proton_chemicalshift_table.append([linesplit[ATOM_NUMBER],linesplit[ISOTROPIC_VALUE]])
                            # INDEXING INTO SECOND LIST
                            lofe[counter].append(carbon_chemicalshift_table)
                            lofe[counter].append(proton_chemicalshift_table)
                            counter += 1
                        return lofe
                    

                    If the original list is sorted, everything works, because it looks like:

                    [freq1, freq2, freq3, nmr1, nmr2, nmr3]
                    

                    and then gets split into:

                    [freq1, freq2, freq3]
                    [nmr1, nmr2, nmr3]
                    

                    and then the iteration and indexing pairs the correct files with each other. But if the original list isn’t sorted:

                    [nmr3, freq1, freq3, nmr1, freq2, nmr2]
                    

                    then the splitting produces lists like:

                    [nmr3, nmr1, nmr2]
                    [freq1, freq3, freq2]
                    

                    and the iteration/indexing pairs up the wrong files with each other.

                    1. 2

                      You don’t have to guess. The code for both is available in the “supplementary materials” zip files for the original Nature paper and the recent paper:

                      I didn’t have time to research the issue. Perhaps that should have meant I keep my mouth shut, but the obvious conclusion (which happened to be in the same ballpark, but out in left field) is a list gets built and split up in some way for different processes.

                      Thanks for doing the research and analysis of the root cause. It was a really interesting read!

                    2. 1

                      Python’s glob.glob() indeed doesn’t use the platform libc’s glob() at all. Instead it uses functions from Python’s os module to get a list of filenames in the searched directory/directories, and does matching of the pattern against the filenames in Python. You can find the Python 3.8.0 implementation of glob.glob() here, for example.

                      The cross-platform variation comes from the first part of that: Python’s os.scandir()/os.listdir() are implemented in C and call the appropriate low-level directory-listing functions for the operating system you’re using. And that’s not guaranteed to order the same way, or at all, on every platform/filesystem.

                      And if anyone’s wondering why Python does it this way: I don’t know for certain, but my guess from reading the implementation of the Python os.scandir() is mostly for normalization of the different platforms’ directory-listing results.

                  1. 3

                    What exactly makes the fun surprise fun for the HN folks? The 42s average is for all 44,890 visits. Even if all 850 of the commenters read the article for a full 10 minutes, that’s still 44,040 people who neither read the whole article nor made a comment.

                    1. 2

                      “And that, kids, is why we don’t use averages.”

                      1. 1

                        What would’ve been really interesting is to know the distribution of how long people spent on the page. My hypothesis is that it’s a bimodal distribution, where most people spend a few seconds just scrolling through stuff, and a few people spend a few minutes and read most or all of the article.

                        I might try to dig up some stats from matomo from a similar “hacker news famous for a day” experience, but it sounds like a lot of work…

                        EDIT: I dug it up: https://s.mort.coffee/d/img/scr-2019-10-14T17:24:04.png

                        That’s a lot flatter than I expected. Apparently it’s a lot more common than I expected to click on the link, read it for a couple of minutes, but then get bored and leave. Though I wish it was possible to make it show divisions with fixed increments (i.e how many were there for 0-1m, how many for 1-2m, 2-3m, etc).

                        The HN post (https://news.ycombinator.com/item?id=16234213, 156 comments) is responsible for ~9500 of the visitors, with Reddit (https://old.reddit.com/r/programming/comments/7syz0y/, 99 comments) ~3000, and then it quickly drops off from there (twitter is ~1000, lobste.rs ~270, etc). Even assuming each of those 156+99=255 comments comes from different people, it’s possible that every comment is from someone who spent over 15 seconds on the page, even though the average visit was around 40s.

                        1. 1

                          Yeah, from the very little experience I have looking at this kind of stuff, I’d probably expect it to be somewhere between that and a fairly flat y=1/x. I don’t know if bounces are included in this figure either, or what’s counted as a bounce (I’ve never used Piwik).

                          1. 1

                            A bounce, from what I understand, is when someone enters the website but leaves without navigating to other pages. For blogs that’s kind of what you expect people to do - click the link, read the article, go back to wherever they found the link. Matomo claims I had a 18500 visits and a 91% bounce rate, so it doesn’t seem to count visitors who bounced any differently from people who didn’t.

                            I don’t know if Wordpress counts stats differently though.

                            1. 1

                              Ah, yeah, you’re right. I was thinking the kind of visits that don’t scroll or stay for any length of time.

                        2. 1

                          I think that was a little exaggerated but I’m still kinda surprised

                          • the amount of users from HN
                          • the “click and close”. When I click on links here or on HN I usually read them, or at least skim them to see if they’re interesting. Just so not my usage pattern that I found it interesting, but maybe it’s common?
                          1. 1

                            It’s got a fairly clickbaity title. I can imagine people opening it, seeing it’s about macOS, and immediately leaving.

                        1. -1

                          An uninteresting foray into PLT by a rich guy. As far as I can tell, there’s not really anything novel or interesting here, but I’m not well-versed in the Lisp tradition. Is there anything good here worth sharing, or is it a vanity project?

                          1. 17

                            He was the author of two fairly popular books on Common Lisp years before becoming rich. In the industry where a good deal of renowned practitioners and researchers are also multi-millionaires it’s a ridiculous dismissal.

                            1. 5

                              Now, regarding Bel proper. As I finally found time to read through his text, my opinion is it’s stillborn. The perspective of taking ‘theoretical’ Lisp as formalism to its extreme is an interesting one. However the language does not seem particularly axiomatic. It is also too full of hacks which seem to reflect Graham’s particular preferences.

                            2. 15

                              I think it’d be unwise to discount the intelligence of Paul Graham in his chosen field, whether or not you like him. He’s a lot more than just “a rich guy”, though he is that too. Like Rob Pike, even if he’s wrong, I’d expect it’s probably for a good reason.

                              Either way, the guide makes it pretty clear Bel is an experiment in thinking about the math anf engineering behind Lisp. If the result isn’t anything interesting… then that’s a pretty interesting result, actually.

                              1. 5

                                “ think it’d be unwise to discount the intelligence of Paul Graham in his chosen field”

                                This post supports your point with much, much detail. Very interesting, too, for the cultural and historical aspects that he presents along with the technical details.

                                1. 4

                                  For what it’s worth, PG didn’t write that one. Olin Shivers is the author.

                                  1. 4

                                    That’s worth a lot. I don’t like misattributing such detailed write-ups. Thanks a lot for the correction.

                                    Edit: Oh Ok. There’s images on top that didn’t render. One says just the top pieces of his name. I see it now.

                                    Edit 2: He’s currently at Northeastern. There’s a lot of good work that comes out of there. Turns out he was part of team that did Preliminary Proposal for SAFE, too. Heck yeah!

                              2. 11

                                I mean, Lisp is one of the fields where Graham isn’t out of his depth

                                1. 8

                                  He’s also a Harvard PhD in comp sci, has patents related to software granted, and was a founder / programmer of one of the first SaaS applications. He’s hardly someone to ignore from a technical perspective, industry or academically.

                                  1. 5

                                    I don’t know if it’s uninteresting, but I didn’t find anything about Bel exciting. Although I don’t mind seeing what PG is up to, I’m not sure whether there’s even an unusual evaluation model present here. It’s just call/apply with eval-by-request as usual right? Maybe there’s some convention to handling things in a bit cleaner way but meh. If I want this style of programming I have javascript there waiting for me.

                                  1. 2

                                    This seems trickier to me than “it’s broken.” But, maybe I’m missing something. There’s 4 common orientations when taking photos on an iPhone. (I assume most of the modern phones have the lightning port at the bottom, and, when the screen is facing the ceiling, the power button the the right. The camera is on the same side as the power button.)

                                    1. (portrait #1): Camera is top-right, lightning connector is facing ground. Power button to the right.
                                    2. (portrait #2): Camera is bottom-left, lightning connector is facing sky. Power button to the left.
                                    3. (landscape #1): Camera is top-left, lightning connector is to the right. Power button left.
                                    4. (landscape #2): Camera is bottom-right, lightning connector is to the left, Power button to the right.

                                    Which would you consider “no rotation”? Based on the the picture, and how I assume you were holding the phone, “landscape #2” seems like the “no rotation” ?

                                    1. 2

                                      When I take a picture in Portrait #1 the EXIF data turns the image to Landscape #2.

                                      Honestly the image should always be encoded to match the way you’re holding your phone. The EXIF orientation should be a hint when you’ve modified the image with the editing tool to rotate it.

                                      This was never an issue in previous iPhone. The behavior previously was always correct.

                                      edit: a Portrait #1 has the correct orientation on an iPhone XR https://share.icloud.com/photos/0QP7nEX0XQMV-EjZ4XLXe3s5Q

                                      1. 1

                                        The more and more I think about this, the more I disagree. I think the Orientation should provide the correction which can be applied to the data the sensor supplies. The Medium article that @gerikson posted desribes this.

                                        Now, I understand your frustration a bit, because applications obviously assume that things are stored “correctly,” for viewing instead of relying on the corrective measure from the EXIF data.

                                      2. 1

                                        Based on the Medium link I posted in my other comment, the “natural” orientation would be the one where the sensor scans the image from top to bottom, left to right(?) - in any case, the “natural” readout orientation.

                                        1. 2

                                          Right! Presumably, for an iPhone they’re expecting you to use it in landscape #2, which seems like the natural way to hold the phone for landscape photos.

                                      1. 6

                                        I am certainly not part of the Haskell community, but I wonder this: Will the name “Ormolu” (which seems to mean a gold in color alloy) hinder widespread adoption of it? When I think about gofmt, Go’s formatter, even if it weren’t part of the standard toolchain, I could find it really easy with a search like “go format”, and remember it’s name, trivially. How does a newcomer to Haskell learn about ormolu, and remember that it’s there, as opposed to discovering it because of the name ghcfmt or haskfmt or some other variation like that?

                                        1. 2

                                          If you’ve never used a code formatter before I think you’d probably find one first in the options of your editor plugin or part of a linting system at work. Once you experience one and decide you like them, one of the first things you search for when learning a new language is a code formatter, and Ormolu already shows up in the results. There are already others named haskell-formatter and hformat as well, using a name related to this might make it even more confusing as to which one is best. As for existing users, I usually learn about it from Twitter or a coworker, and to me a distinctive name is easier to remember.

                                          1. 2

                                            I doubt the name would harm adoption. One of the more awkward names that comes to mind is zxcvbn, and I don’t think its adoption was harmed by it either.

                                            1. 2

                                              It certainly ought not to be called ghcfmt nor haskfmt because it is in no way an official formatter!

                                            1. 3

                                              But why would you need Docker to deploy Erlang? OTP releases are better than Docker containers.

                                              1. 1

                                                I suggest reading the Releases and Docker chapters, or at least the introductions. They are not really comparable and I try to explain what a container provides when bundling a release.

                                                1. 3

                                                  I know what a container provides, I’ve been running jails since before Linux had any notion of containers.

                                                  BEAM does not need cgroups or other types of process isolation. And when you’re deploying with docker, you can’t do hot code upgrades because to upgrade the container you’ll have to destroy the container and deploy a new one, right? So… what do you benefit from except tooling that is far more complicated than rsync and now you have to rely on infrastructure in front of your services for load balancing/failover every time you upgrade vs only when an actual outage occurs.

                                                  edit: maybe I’m being fed some incorrect information as well, so I’m curious to hear what you have to say about this

                                                  1. 3

                                                    I hope it is well covered in the chapters and would be interested to know if it isn’t so I can update them.

                                                    Briefly, release upgrades are rare. They should only be used when necessary because of the complexity which often comes with no actual benefit.

                                                    Your point about rsync and load balancers in front of a service is unrelated to BEAM. This is true for any language. Cases where you only have 1 node, which you fully control, isn’t what is being covered here. But BEAM isn’t different when it comes to horizontal scaling and the need for infrastructure in front and needing infrastructure for release management. BEAM projects work just as well with whatever infrastructure the organization is already using for deployment, whether it is rsync to nodes or orchestrating containers.

                                                    1. 1

                                                      Briefly, release upgrades are rare.

                                                      Is a “release upgrade” alternatively called “hot code reloading”?

                                                      1. 2

                                                        “release upgrade” (http://erlang.org/doc/design_principles/release_handling.html#release-upgrade-file) is a structured form of “hot code loading”. Since “hot code loading” could refer to also what people do during development to reload modules in the shell after its been recompiled.

                                                        I have worked on one system that did production upgrades outside of release upgrades, by basically doing what a relup would do itself but doing so manually in a script, but it is rarer than even release upgrades.

                                                        1. 1

                                                          Thanks for the clarification!

                                              1. -9

                                                I’m shocked (in a good way) people haven’t expressed outrage at 9front’s propaganda. http://9front.org/propaganda/

                                                Maybe because it’s blatant satire, so no one could possibly think that they were literal nazis.

                                                Unfortunately in today’s social climate humor is becoming less and less acceptable. Anything mocking, outrageous, edgy, or otherwise not-mainstream can make your coworkers feel unsafe or uncomfortable. A react programmer was nearly crucified after he made the OK symbol with his hand during a conference talk.

                                                https://twitter.com/ken_wheeler/status/1164934308366340096?lang=en

                                                And it was 4chan that started that “OK symbol = white power” troll, specifically to troll everybody into thinking it actually had any kind of white power meaning. It’s like the media can’t help but play right into 4chan’s hands. https://www.bbc.com/news/newsbeat-49837898

                                                1. 27

                                                  4chan is also packed to the rafters with open and unironic white power enthusiasts so it’s not particularly giving your arguments any credence. When you do something ironically enough times that unironic enthusiasts of that thing are more prevalent than the people who do it ironically, then it’s no longer ironic, it’s just that thing.The thing that makes 9Front different is that they also espouse literal opposites as propaganda. It’s like putting skateboarding is a crime on your skateboard.

                                                  1. 19

                                                    Can you think of a reason why recycled Nazi propaganda, even as a joke, might cause some people earnest anxiety, in our present moment?

                                                    1. 10

                                                      Which of those images are Nazi propaganda? I can see a V2 launch, but I’m not sure it is propaganda any more than archival footage. I see far more references to the US nuclear program and radiation than anything else (Which I suppose could be offensive to some).

                                                      1. 3

                                                        For the same reasons a repurposed Jurassic Park screencap might?

                                                        1. 4

                                                          For the same reasons a repurposed Jurassic Park screencap might?

                                                          I don’t understand the reference or implication here, can you spell it out for me?

                                                            1. 1

                                                              Maybe just riffing on Operation Paperclip? Who knows, actually…there’s even a photo from the Alien 3 set, which really sold them to me. Alien 3 is a strange flick.

                                                      2. 7

                                                        Maybe because it’s blatant satire, so no one could possibly think that they were literal nazis.

                                                        I think it’s because there imaginary is all over the place. You’ve got Kennedy, Mao, 30’s Germany, Orwell, movies, etc.

                                                        As far as I remember They also had have the communist manifesto somewhere in their source , which I guess ends up worrying other people (and sometimes the same).

                                                        Edit: It’s in this directory, under manifesto: https://code.9front.org/hg/plan9front/file/82cc8a9cd294/lib

                                                        And it was 4chan that started that “OK symbol = white power” troll, specifically to troll everybody into thinking it actually had any kind of white power meaning. It’s like the media can’t help but play right into 4chan’s hands. https://www.bbc.com/news/newsbeat-49837898

                                                        That was particularly mean, because on the one hand it started as satire, but at the same time it became a symbol, because it was satire, making it an actual symbol, beyond satire, masked as satire. Quite honestly, it was executed masterfully, it’s really a surprised it even worked.

                                                        1. 1

                                                          Quite honestly, it was executed masterfully, it’s really a surprised it even worked.

                                                          Heads they win, tails we lose: the more the symbol is used by fascists the more people talk about how it’s a fascist symbol; the more people talk about how it’s a fascist symbol the more cryptofash, fash-lite and fash adjacent people mock the notion that it’s a fascist symbol - thus giving cover to fascists who use it.

                                                          Feedback loops, oof.

                                                        2. 17

                                                          Unfortunately in today’s social climate humor is becoming less and less acceptable. Anything mocking, outrageous, edgy, or otherwise not-mainstream can make your coworkers feel unsafe or uncomfortable.

                                                          This is such bullshit and I’m tired of hearing these tired and lazy talking points repeated without question any time the topic comes up.

                                                          Humor is not “becoming less and less acceptable.” What is actually happening now is that, at least in the United States, we are slowly starting to be aware as a culture, in fits and starts, that the status quo in place for most of the history of the U.S.–where it was okay to use people in a perceived lower social class as punching bags and call it “humor”–is actually maybe not okay and not a cultural value we want to keep and moreover, not even funny. And in response what we are hearing is a bunch of people getting butthurt about not being able to talk shit about whoever they want without repercussions…and claiming that actually they are just being “edgy” and the rest of us snowflakes can’t take it. It’s the same bullshit as when Rush Limbaugh was complaining about political correctness hampering his ability to say racist shit without getting called on it back in the 90s, and he is still making money, so obviously things haven’t really changed that much…yet.

                                                          You know what edgy humor is? Scott Thompson going to Russia during the Sochi Olympics and flaunting his gayness in a place where that could get him arrested or beaten. It’s the Monopoly guy showing up to senate hearings, or, basically anything The Yes Men do. It’s the Satanic Temple unveiling a Baphomet statue at the AR state capitol to make a point about church and state. It’s the Chappelle show’s Frontline Sketch about Clayton Bigsby but, unfortunately, not Dave Chappelle making jokes about trans or gay people or doing racist Chinese accents–that stuff is old and tired.

                                                          So maybe if you’re saying shit that makes your co-workers feel unsafe and uncomfortable, you should first ask yourself if you should really be saying shit that makes your co-workers uncomfortable (if it’s not about the work itself) or unsafe, and then consider whether it’s really that important to be able to freely make “edgy” and “outrageous” jokes in a work environment. It’s probably not. I will go out on a limb and say that you’re almost definitely not contributing anything useful if you’re making people feel unsafe, and you should probably be fired.

                                                          I don’t think any of this is particularly hard but yet, a lot of folks seem to have trouble figuring it out. Hopefully this helps.

                                                          1. 14

                                                            Why would you bring this up? At best, it’s off-topic…at worst, it could result in an outrage ball that could result in issues for 9front or the removal of that comedy.

                                                            Why?

                                                            1. 9

                                                              Unfortunately in today’s social climate humor is becoming less and less acceptable.

                                                              It’s all fun and games to cry “wolf!” when everybody knows there’s no wolves for hundreds of miles around.

                                                              It’s not cool to cry “wolf!” in a dark forest when the howling of wolves is carried clearly on the midnight air.

                                                              My point is: if I tell a joke and my audience doesn’t laugh, blaming the Fun Police might soothe my ego, but really I should think about what my audience will find funny before I try again.

                                                              1. 4

                                                                Are we even looking at the same thing? Can you explain what, exactly, you’re reacting to? (Maybe a screenshot?) All I see is a bunch of random images with their logo on them.

                                                                1. 6

                                                                  Maybe because it’s blatant satire, so no one could possibly think that they were literal nazis.

                                                                  How could anyone get the impression that they are Nazis from that collection of almost entirely Nazi-less images?

                                                                  1. 4

                                                                    Someone started a rumor that the ok sign is white supremacist and then white supremacists started doing it en masse so it’s safe to say it’s officially a white supremacist symbol now. You’re playing into their hands by allowing them to maintain plausible deniability.

                                                                    1. 4

                                                                      How should anyone who lives outside the social media filter bubble know what symbols are used by extremists now and thus are not okay to use anymore? I never heard of this rumor before and do not know anyone who has.

                                                                      1. 3

                                                                        The user I’m responding to posted a link to the BBC, it’s not just some social media thing.

                                                                      2. 3

                                                                        Rather than flipping out, why not just claim it back by doing it for the exact opposite reasons? If you don’t they will just do the same thing with a million other symbols… maybe thumbs up is next?

                                                                        All that you are doing by perpetuating the idea it is a white supremacist symbol, is losing a little ground.

                                                                        The original trolls who started that joke must laugh to themselves every time they see someone mention it seriously like you just did.

                                                                        1. 4

                                                                          No, the white supremacists who use it as a white supremacist symbol are perpetuating the idea that it’s a white supremacist symbol.

                                                                          1. 2

                                                                            The point is the same, why allow that? They are just gonna steal thumbs up and the peace sign next. Is there not a counter to that?

                                                                            1. 3

                                                                              Yeah, the best counter is to organize and smash white supremacy.

                                                                              1. 4

                                                                                Yeah, but even then, when can we do okay signs again?

                                                                                1. 8

                                                                                  It’s a lot like viking runes, Nazis picked em up for their propaganda, using them doesn’t mean you’re a Nazi but if you see someone with a bunch of them they might be a Nazi. People who have viking heritage and want to have an artifact of their culture avoid the most propagandized ones.

                                                                                  You can do whatever you want. It is a white supremacist symbol now. If you see someone doing it in a situation that seems overtly racist, they’re probably a white supremacist. If you see someone doing it when someone would say ok, it’s probably not a white supremacy thing.

                                                                                  1. -2

                                                                                    Do you actually think this is a question I can answer or are you making some kind of point?

                                                                                    1. 1

                                                                                      It’s a serious question.

                                                                                      1. 3

                                                                                        I’m a lot more worried about the increased frequency of hate crimes in the last few years than when I’ll be allowed to use a specific hand gesture again to be honest with you.

                                                                                        1. 5

                                                                                          I’m worried about the rise of hate crimes, for sure. But, I’m also worried about the Internet’s ability to cause irrepairable harm to innocent people. It’s incredibly easy to take some tweet, some forum post, some photo out of context and cast someone as $X because of $Y, and $Z. “They used a certain hand gesture, and wrote a tweet 3 years ago that, if you squint, suggests they support nationalism–they’re a white supremacist!”

                                                                                          The downvoted OP linked to a tweet where this seems to have happened. I don’t know anything more than what is in the thread, but guy is bald, used an OK sign for another reason, suddenly he’s the same as Richard Spencer.

                                                                                          I don’t want to make light of White Nationalism! Far from it. But, we cannot assume, by default, that everyone is bad, and we seem to be doing that more by default. Of course, this could be, and probably is to some degree, reactionary to the rise in hate crimes…

                                                                      1. 2

                                                                        So, Facebook continued developing Scribe after they threw it over the wall “to open source,” (and abandoned it) and are publicly talking about it again. Cool.

                                                                        1. 2

                                                                          This is a great intro to slides! I’ve never actually used it (edit: whoops! I thought you were talking about the Go slides thing, now I see this is yours and yours alone. Will still try it out next time though!!!), because I’m fond of Racket’s slideshow tool, and my Takahashi inspired language slideshow/simple, which takes the complexity out of slideshow for basic use cases.

                                                                          But, I am going to give this a shot to compare the next time I need a slideshow.

                                                                          1. 1

                                                                            Sorry for the confusion, I guess the text was a bit longer than I indented, and the name is unoriginal tbh. But what is the “the Go slides thing” you mention? I tried to compare a few formats before sitting down to write the tool, yet I didn’t know of another (published) one written in Go.

                                                                            1. 4

                                                                              apg probably means the “present” tool provided by Go that is used for their slideshows: https://godoc.org/golang.org/x/tools/present

                                                                              I like this a lot and have been using sent for ages now, it’s hands down my favorite way to do presentations, but always has the awkward conversation of “well my slides are in plaintext”. Personally if this tool was able to grok the sent syntax I’d use it in a heartbeat.

                                                                              1. 2

                                                                                apg probably means the “present” tool provided by Go that is used for their slideshows: https://godoc.org/golang.org/x/tools/present

                                                                                Ah, didn’t know about this one. It’s interesting that they’d have a syntax that reminds me a bit of org-mode. But as far as I see, this produces HTML, right?

                                                                                I like this a lot and have been using sent for ages now, it’s hands down my favorite way to do presentations, but always has the awkward conversation of “well my slides are in plaintext”. Personally if this tool was able to grok the sent syntax I’d use it in a heartbeat.

                                                                                if by this tool you mean what I wrote, then the only difference is that I don’t currently support the @ to include an image (and the images aren’t in farbfeld, but in png/jpeg/gif), and unicode support is lacking.

                                                                              2. 1

                                                                                Sorry for the confusion

                                                                                I just didn’t read carefully enough. My fault. :)

                                                                                But what is the “the Go slides thing” you mention?

                                                                                https://godoc.org/golang.org/x/tools/present

                                                                            1. 33

                                                                              Ignoring completely conventions for how software should be updated on macOS (either via signed Sparkle updates, built-in updater ala Firefox, or via the Mac App Store), Google chose to implement a piece of malware known as GoogleSoftwareUpdate that resides in /Library/Google and ~/Library/Google. It is a specific kind of malware known as an APT (Advanced Persistent Threat), and several articles have been written on this subject (but I can’t find at the moment via a cursory search).

                                                                              Sometimes people have “legitimate” reason to use Google Chrome (i.e. because it supports some piece of DRM you might need which better browsers like Brave choose to not ship with). If you’re one of these users, to prevent Google Chrome from infecting your computer with its malware, you need to perform the following actions:

                                                                              # create folders if they don't already exist
                                                                              $ sudo mkdir -p /Library/Google ~/Library/Google
                                                                              # if they do exist delete everything inside of them
                                                                              $ sudo rm -rf /Library/Google/* ~/Library/Google/*
                                                                              # prevent Google from writing to these folders
                                                                              $ sudo chown -R root:wheel /Library/Google ~/Library/Google
                                                                              $ sudo chmod -R go-rwx /Library/Google ~/Library/Google
                                                                              
                                                                              1. 10

                                                                                In what world is this an APT? I deal with threat hunting, APT attack simulation, and TTP recreation on a daily basis and this is not the first time that I’ve seen a few people who don’t like Google try and pin the term on GoogleSoftwareUpdate. It makes no sense and you make your argument way weaker by throwing around terms like that and spreading FUD. APT’s are acting groups who create payloads for specific targeted purposes, not the payloads themselves. That’s like calling Stuxnet a APT.

                                                                                1. 11

                                                                                  I consider it an APT. Even removing Chrome doesn’t remove it, and if you don’t excise it completely it will restore itself. It’s nasty. Really evil stuff on MacOS.

                                                                                  1. 12

                                                                                    That’s like calling Stuxnet a APT.

                                                                                    The Wikipedia page calls Stuxnet an APT. Copied from there:

                                                                                    The Stuxnet computer worm, which targeted the computer hardware of Iran’s nuclear program, is one example.

                                                                                    GoogleSoftwareUpdate is an APT because, well, it fits the definition. It runs in the background, without your permission, it phones home to Google, and at any point in time it can modify your computer either directly or with a payload it downloads.

                                                                                    1. 10

                                                                                      An Advanced Persistent Threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period

                                                                                      I don’t mean to be inflammatory, but I honestly don’t even think you read the first sentence of the Wikipedia article you linked. It references to threat actors specifically. So this would generally be considered a tool used by an APT. Google is the actor, GoogleSoftwareUpdate is their payload/TTP (Tools Techniques and Procedures). We assign APT names and numbers to groups, not malware families, your description doesn’t fit that definition at all.

                                                                                      1. 6

                                                                                        It seems like the Wikipedia entry uses it in multiple ways as well, since it calls Stuxnet an APT, and later refers to its creators.

                                                                                        If you’re used to hearing the term APT refer to the people behind the code, I can see being confused at the way that I’m using it here. Wikipedia does not use the term consistently, and others have also used the term to refer to the software itself, so I’m not alone in this usage.

                                                                                        I think confining the term “APT” to the software’s creators can be unnecessarily limiting. In the case of GoogleSoftwareUpdate, it might not be accurate to call Google the APT, since their mechanism (GoogleSoftwareUpdate) can be hijacked by completely unknown entities to infect computers. In a sense, you could also say that GoogleSoftwareUpdate is the entity that’s doing the infecting, and I don’t think that’s an unreasonable expansion of the definition.

                                                                                        1. 6

                                                                                          I’m saying that the entire computer security field has seemingly agreed (whether or not the terms are somewhat confused in Wikipedia) that APT refers to specific threat actors not their tooling, which means when you use those terms in technical groups they are going to misconstrue them since no one calls TTPs APTs. Whether or not you are meaning to, you are accidently leading people away from the in field terms. I have never once heard a threat hunter call a artifact an APT in my entire career.

                                                                                          Generally in the malware and analysis world GoogleSoftwareUpdate wouldn’t even count as malware, it would be a PUP (Potentially Unwanted Program) that functions in a known way but might do something unwanted. That’s not the same as malware either. Also if you are refering to the fact that GoogleSoftwareUpdate is installed in a user writable directory and can be replaced or DLL hijacked then you are further purposefully choosing to make that fit into you view. This is a common terrible practice, but can be mitigated by installing the Google Chrome Enterprise which installs system wide and doesn’t leave GoogleSoftwareUpdate writable by users.

                                                                                          1. 5

                                                                                            I’m saying that the entire computer security field has seemingly agreed

                                                                                            I thought my presence on Hacker News and Lobsters bringing in all the high-assurance and CompSci folk showed that popular security != entire computer security field. The popular ones also built many fewer systems highly-resistant to penetration. They knew nothing of those that did or even denied they existed. When they failed, they doubled down on their ways instead of relenting or admitting the other groups had anything of value. If anything, I’m skeptical when the “computer security field” that most know about make a pronouncement. The skepticism usually pays off.

                                                                                            Back to this, I see why @itistoday is talking like this. Many security and news pieces I read at the time talked about APT in terms of their methods. They highlighted how different the methods were. Who cares who the source is if the methods are the same things you already blocked. The “APT’s” were different using stealthier techniques that involved getting a foot in, bringing in more, and doing a lot of exfiltration of data under users’ noses. That’s basically Google minus outright hacking. Hence, hyperbole.

                                                                                            1. 1

                                                                                              Skeptisism is always fair and I appreciate being called out when I accidently arbitrate or overly claim authority, that was not my goal and very much not my objective either. Appeal to authority was a failure on my part. I know based on our conversations that I very much have respect for the HA world and the world outside of “pop-security”, but in both of those I have never heard the term get used as a reference to persistence techniques and only referred (even in the research I read) to as the groups executing real world attacks. I agree that the term “persistence” is of importance, and isn’t represented properly in the original acronym, but I have always heard and read about them in the terms of “persistence” in general.

                                                                                              For the second portion, the corporate world and enterprise land is almost the opposite of what you stated in my experience. They care much more about who, how to block them, and how to detect them than necessarily root cause detection/prevention. I think this is fundamentally flawed (as I bet you do too), but just look at something like the MITRE ATT&CK and show me how the Google example fits in? I think that the “outright” hacking and purest of intent is important to seperate out threats from potentially unwanted behavior. There is a fundamental difference between a risk and a threat no?

                                                                                              1. 2

                                                                                                “but in both of those I have never heard the term get used as a reference to persistence techniques and only referred (even in the research I read) to as the groups executing real world attacks”

                                                                                                Thanks for fairly evaluating what’s going on here. It could be the reporting media doing it. Being outside your group, what I was reading was a combination of actors and methods that were supposedly better than everything else. If anything, it looked like media and security companies were making excuses for bad security in general by making hackers look amazing. Hackers whose methods were sending loaded emails and such followed by gradual expansion of access. Not amazing.

                                                                                                “the corporate world and enterprise land is almost the opposite of what you stated in my experience. They care much more about who, how to block them, and how to detect them than necessarily root cause detection/prevention.”

                                                                                                I don’t have much experience there past what I read about they do. I appreciate the insight. They’re often reactive based on whatever is getting a lot of attention. This could be an extension of their habit to want to create an easy characterization of something, point blame at it, and have some solution that eliminates it entirely. It doesn’t work with IT security in general. I definitely can see them doing it.

                                                                                                “ I think that the “outright” hacking and purest of intent is important to seperate out threats from potentially unwanted behavior. There is a fundamental difference between a risk and a threat no?”

                                                                                                I agree in general. I already said it was likely hyperbole. Thing is, Google is a threat actor of its own sort trying to get as much secret and public information about its users and non-users as possible to sell influence attempts by third parties. Also, getting close with D.C. in a police state with whatever comes with that. And they do their own thing in a sneaky way.

                                                                                                I agree that the APT term doesn’t fit them in definition of mainstream, security community or news headlines I saw for some reasons. I do see how the sneaky, bring-in-backdoors, exfiltrate-data behavior justifies a comparison with hyperbole, though.

                                                                                            2. 1

                                                                                              I didn’t realize the APT Language Police were here, sorry!

                                                                                              I have heard various people use APT to refer to software. Multiple definitions for the same words often exist. This is how language works. Since you keep banging on about this, I’ll remind you that I’ve linked to one paper that uses “APT” in this way, that sentence from Wikipedia, and here’s another person:

                                                                                              The Advanced Persistent Threat (APT) has become the watchword for today’s cyber espionage. It frequently involves a piece of malware or group of malware programs that can evade detection

                                                                                              Re some people not considering it “malware”. Great, we can agree to disagree. I’m with Stallman on this.

                                                                                              1. 4

                                                                                                Multiple definitions for the same words often exist.

                                                                                                Yeah, we have to stop this in computing. We have enough complexity, and enough trouble communicating ideas. We don’t need to overload terms and make this worse.

                                                                                                Precision is a foundational aspect of why math is a universal language.

                                                                                                1. 4

                                                                                                  Yeah, we have to stop this in computing.

                                                                                                  Great idea, now let’s nominate you to be in charge of the definitions of the words everyone in computing uses. 👍

                                                                                                  Precision is a foundational aspect of why math is a universal language.

                                                                                                  And math is definitely not known for overloading the definitions of symbols.

                                                                                                  1. 2

                                                                                                    Great idea, now let’s nominate you to be in charge of the definitions of the words everyone in computing uses.

                                                                                                    Thank you for your kind nomination!

                                                                                                    And math is definitely not known for overloading the definitions of symbols.

                                                                                                    There are very few “symbols,” but you can generate new words for your definitions by using the generalized concept of addition (which has axiomatic properties) and basic set theory primitives like subset. Put another way, assuming a function newword(L, N), where L is a tuple, containing production rules for valid words, P, and a set, C, of valid symbols (e.g. characters), I can call newword, to generate valid words contained in L of length N. While I’ll leave the proof as an exercise to the reader, it follows that incrementing N is all that is needed to create additional words in L, provided, that production rules in L are unbounded.

                                                                                                  2. 2

                                                                                                    Mathematics is the art of giving the same name to different things. (Henri Poincaré)

                                                                                                    Math is precise when it comes to the definitions and what a word means in a context, but the keyword here is context.

                                                                                                  3. 3

                                                                                                    There is a difference between being the language police and accepting the fact that the common use terms in the industry itself (to which I have been taken part of IR engagements that discover named APT’s) are not confused in their day-to-day use. I think when you do that you are doing it on purpose to try and craft the narrative in a way that you are the language police and can redefine terms that are not confused inside of a field. It is purposefully trying to confuse people who are not part of the field and I think that’s just as dangerous.

                                                                                                    It frequently involves a piece of malware or group of malware programs that can evade detection

                                                                                                    Again even in the your quote you are are ignoring that entire sentence, APT’s do use malware to evade detections. That just solidifies my statement.

                                                                                                    APTs often embed programs in a penetrated system

                                                                                                    From the first summary sentence in the paper, which btw is describing how GoogleSoftwareUpdate would be a good model for malware used by an APT (not crafting an APT again).

                                                                                                    EDIT: I’m bailing out of this argument for the sake of the length of the thread. I’ll squat in IRC or messages if you want to have a further discussion after your response to this.

                                                                                                    1. 4

                                                                                                      From the first summary sentence in the paper, which btw is describing how GoogleSoftwareUpdate would be a good model for malware used by an APT

                                                                                                      This is the first sentence:

                                                                                                      Google’s software update system can serve as a model Advanced Persistent Threat (APT).

                                                                                                      The thing being called an “APT” in that sentence is “Google’s software update system”.

                                                                                                      I’m bailing out of this argument for the sake of the length of the thread.

                                                                                                      Good call. It was fun and I also have work to get done.

                                                                                          2. 7

                                                                                            Oh come on, it’s just some hyperbole about Google doing things with similarities to stealthy attackers. It was a warning and joke mixed together to get more attention to the issue. That’s on top of entertaining the Lobsters.

                                                                                            Far as APT’s, my favorite counter on the term back when it was hot was Luiz Firmino’s comment on Kreb’s blog. It just explained why the media was making a big deal about what was just hacking 101 for any careful party targeting enterprises. Heck, the whole post makes what they were doing look obvious. I threw in 2 cents worth of corroboration.

                                                                                            1. 2

                                                                                              I’ve read studies that only one out of four lobsters are born with a humerus bone in their body. The rest don the thick skin of an exoskeleton one should naturally expect.

                                                                                              1. 1

                                                                                                That’s great lol.

                                                                                            2. 3

                                                                                              APT’s are acting groups who create payloads for specific targeted purposes, not the payloads themselves.

                                                                                              Huh, I thought those were “threat actors”. But I’m not very in touch with threat hunting.

                                                                                              ETA: OK, from the top of Wikipedia:

                                                                                              An Advanced Persistent Threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group

                                                                                            3. 3

                                                                                              Do you by any chance have the same directions for Windows, too? There were some official instructions that Google would post; I’ve followed all of those when they were still current, and yet sometime afterwards they’ve still broken out of their sandbox, and performed damage to my seldom-used copy of Google Chrome.

                                                                                              Also, you mention Brave, but Brave doesn’t quite have a way to disable autoupdate, either — unlike Firefox and SeaMonkey.

                                                                                              1. 2

                                                                                                I don’t have any direct directions, but Google provides Chrome Enterprise installers that have administrative templates that let you control the vast majority of these controls. They have Mac DMG’s too.

                                                                                                1. 1

                                                                                                  Do you by any chance have the same directions for Windows, too?

                                                                                                  I do not, sorry. Maybe someone else knows.

                                                                                                2. 2

                                                                                                  Or you can (in this case at least) keep your operating system up to date, and not disable System Integrity Protection.

                                                                                                  I realize SIP disable is required for 3rd party graphics cards on Macs. And possibly the version of whatever graphics software was required for these machines only run on older versions of MacOS. This raises the question of why they were running (presumably) non-mission critical software (Chrome) on machines that absolutely have to be running…

                                                                                                  1. 3

                                                                                                    Maybe they just wanted to use a 3rd-party GPU? I don’t see why the users are suspect because of a completely arbitrary MacOS anti-feature

                                                                                                    1. 0

                                                                                                      What anti-feature are you referring to? SIP or that lack thereof, or Google’s Keystone updater software?

                                                                                                  2. 2

                                                                                                    Somewhat similarly, on Linux (at least on Ubuntu) Chrome installs itself into /etc/cron.daily: so that even if you notice its existence in your repos and remove it from there, it will re-add itself.

                                                                                                    1. 2

                                                                                                      you need to perform the following actions

                                                                                                      Also recommended, KnockKnock, which can tell you what launch agents, etc. can be installed:

                                                                                                      https://objective-see.com/products/knockknock.html

                                                                                                      And BlockBlock (which I haven’t tried yet), which warns you if software tries to install anything persistent.

                                                                                                      https://objective-see.com/products/blockblock.html

                                                                                                      Ignoring completely conventions for how software should be updated on macOS (either via signed Sparkle updates, built-in updater ala Firefox, or via the Mac App Store)

                                                                                                      Luckily, Microsoft now offers Office in the App Store. Another terrible installer/autoupdater that I hated.

                                                                                                      1. 1

                                                                                                        Although I haven’t verified it, using a portable version of Chrome should be a solution, as nothing is installed.

                                                                                                        1. 1

                                                                                                          This is funny because I think you’ve heard the term APT and thought persistence meant persisting in memory or on disk, which is important in malware terms. But as far as I’ve known the term (in infosec for a few years) the persistent in APT means persistent in trying to get at you. Interesting that this whole time I never thought of confusing persistence of malware with the persistence in APT, but they are different meanings.

                                                                                                          APTs are groups, not code, a different approach would be crimeware groups that send out ransomware indiscriminately then take the profits where they can. Calling Google an APT seems hyperbolic since their primary goal is shareholder value not intel/influence/surveillance, a list of APTs and their inconsistent names (aka all infosec vendors come up with their own names) are here: https://medium.com/@cyb3rops/the-newcomers-guide-to-cyber-threat-actor-naming-7428e18ee263

                                                                                                        1. 3

                                                                                                          Trying to catch up on hours at work. Last week was short due to several doctor’s visits, and me wanting to take a week a bit slower due to a long week the week before, I wasn’t able to get much time in at work. This week I’m playing catch-up.

                                                                                                          I’m also thinking about trying to write some more Nim code, the next project I have in mind is porting https://idea.junglecoder.com from Erlang to Nim, to see what that would take. I might write a Nim script to slurp data out of ets tables while I’m at it, just to see how that goes.

                                                                                                          But mostly, going to be working this week, side projects are pretty solidly on the back burner for now.

                                                                                                          1. 1

                                                                                                            I came across idea.junglecoder.com the other day. Have you written at all about it? I quite like the simplicity of it, and the way it’s organized. How is it updated?

                                                                                                            1. 2

                                                                                                              I’ve written little snippets about here on it itself, see: https://idea.junglecoder.com/view/idea/34 and https://idea.junglecoder.com/view/idea/40, but never a more full write-up.

                                                                                                              The long and short of is that it’s Erlang+Cowboy+ets, with on-the-fly rendered markdown. Everything administrative lives behind /admin routes, which are protected by nginx basic auth. So you can add ideas under /admin, and edit ideas under idea specific links. It’s just basic http POST forms right now.

                                                                                                              Unfortunately, I ran out of steam to work on this before I learned the best practices for learning best practices for erlang releases, and working with Erlang was higher friction than working with Go. Not in the writing of code, per-se, but in getting things to build with erlang.mk (the build system I chose), adding packages, and in figuring out how to add dependencies. The markdown parsing package I found is very fiddly with how it renders markdown.

                                                                                                              The upshot of this is that right now the 2 instances of this that I run, I run in tmux panes, and the code is split up into more files than I’d normally use, and I had to write more code for datastore interaction than I’d normally write, since ETS tables don’t have a lot of the convenience code that code that interacts with SQL databases often does in other languages. Those are all motivations for moving to Nim, I anticipate all of that being easier to manage.

                                                                                                          1. 18

                                                                                                            It’s nice to see someone else abusing Python for the sake of fun. I’ve blogged in the past about many hacks, including: let, attempting to make call/cc, worlds, pattern matching with with, and dispatching with with. Basically, yes, yes, yes, more of this kind of stuff! It makes languages really fun.

                                                                                                            1. 6

                                                                                                              I’ll join this party :) I figured out how to make Rust-like macros in Python by stuffing things in type-annotations, which you can read here.

                                                                                                              1. 1

                                                                                                                I don’t write much Python these days, but as a Schemer interested in macros, I used to try out all sorts of stuff. There was one really good attempt: MetaPython which hasn’t had a release since 2009. I think that was the one I felt worked best, so if you’re still interested, you might play with it.

                                                                                                                Also, this is awesome! And, I don’t know much rust, but I did not realize that what I would call “pragmas” are powered by macros (in hindsight this makes total sense!), making them accessible for all sorts of hackery and wizardry. Thanks for sharing!

                                                                                                                1. 2

                                                                                                                  … but as a Schemer interested in macros

                                                                                                                  Do you know about Hy?

                                                                                                                  1. 1

                                                                                                                    I do! A long time ago I had a similar project called Ruse, which aimed to be a compliant Scheme on top of Python 2, which fizzled before I prepped it for release. I’m happy that someone else, independently, thought the idea of a Lisp targetting Python was good. :)

                                                                                                              2. 3

                                                                                                                It sounds like you’d enjoy my (now quite old) blog post about abusing encodings in Python: http://benjiyork.com/blog/2008/02/programmable-python-syntax-via-source.html

                                                                                                                1. 3

                                                                                                                  Thanks, that is amazing.

                                                                                                                  Very relatedly, I blogged about sourefiles using built in rot13 with a starting comment #encoding: rot13 that then have all Sourcecode encoded: https://frederik-braun.com/rot13-encoding-in-python.html

                                                                                                                2. 1

                                                                                                                  I think you might enjoy the complete works of Oleg Kiselyov, full of mind-bending trickery in Scheme, ML and others. I sometimes wish I could just set aside a year and thoroughly study and understand what Oleg is publishing.

                                                                                                                  1. 2

                                                                                                                    I sometimes wish I could just set aside a year and thoroughly study and understand what Oleg is publishing.

                                                                                                                    I sometimes ask the question, legitimately, “What would Oleg do?” – Yes, aware. But similar to you, completely understudied due to time.

                                                                                                                1. 5

                                                                                                                  You could use a generator that subsequently yields the next function. So, in Python ish:

                                                                                                                  def cycle(*fns):
                                                                                                                      while True:
                                                                                                                           for f in fns:
                                                                                                                                 yield f
                                                                                                                  

                                                                                                                  Then, you do the equivalent of take(cycle(one, two), N) and call each in a loop.

                                                                                                                  1. 1

                                                                                                                    Dang, I know all those words individually but I don’t understand the sentences you’ve built with them. :(

                                                                                                                    I get a glimmer, though.. your cycle will give back either one or two.. Actually.. it gives back a never-ending stream of one-two-one-two-[…] ? I gather that python has ‘lazy evaluation’, then? (Or I have no idea what I’m looking at. :) )

                                                                                                                    1. 1

                                                                                                                      Yup! The idea is to build a lazy, never ending stream that cycles through the values you passed in. take in this case would build a stream that stops pulling values after N, from the cycle stream. Does that make sense?

                                                                                                                      You can do this with a regular iterator in a language like C++. Your next() method advances state, for the next call to next()

                                                                                                                  1. 1

                                                                                                                    Mostly on a Mac for work, which is sad.

                                                                                                                    • Emacs
                                                                                                                    • tmux in Terminal.app, bash
                                                                                                                    • Slack
                                                                                                                    • iTunes (or whatever it is these days)
                                                                                                                    • Chrome for work, Firefox for personal stuff.
                                                                                                                    • golang toolchain

                                                                                                                    Home (OpenBSD, iPhone)

                                                                                                                    • Emacs (including irc)
                                                                                                                    • xterm, ksh, tmux
                                                                                                                    • Firefox and some Chromium
                                                                                                                    • YouTube.app
                                                                                                                    • chibi-scheme, chicken scheme, racket
                                                                                                                    1. 2

                                                                                                                      On some systems, it’s just \$ , but typically: \u@\h \W \$

                                                                                                                      1. 7

                                                                                                                        I hit a milestone on the side project I was hacking on all week, but now I want more. I want to self host the whole compiler from a single file, so I may spend some time working through some of that.

                                                                                                                        Otherwise, yard work!

                                                                                                                        1. 5

                                                                                                                          He’s responsible for relying too much on people’s careful reading of his note, but even that’s not the problem.

                                                                                                                          I am glad someone finally made this point. Stallman has a glossary in which he meticulously defines the way he uses some words. A non-careful reading of anything of his without that context, is ripe for misinterpretation of his intentions. But, even with that, his resignations, and the community’s outrage – all justified, and right. He had to be held accountable for his shit throughout the years.

                                                                                                                          I still can’t help but be disappointed, and angry about it all though.

                                                                                                                          1. 4

                                                                                                                            It is disappointing. RMS was one of my heros. Kevin Spacey was my favorite actor. I live in a world of deep disappointment. Never meet your heros.

                                                                                                                            1. 2

                                                                                                                              It’s sadly probably why he’s so good (i.e. bad) in House of Cards. Just being himself more on screen. In the past, The Negotiator and K-Pax were pretty awesome, too. Also, doing the voice in Moon.

                                                                                                                              1. 1

                                                                                                                                Charges against Spacey have been dropped.

                                                                                                                                1. 2

                                                                                                                                  So has his reputation. Even if they were dropped because he legitimately didn’t do anything (which, seems pretty unlikely), he’s already been through trial by the press.

                                                                                                                              2. 1

                                                                                                                                I don’t know what incidents over the years you are talking about, could you elaborate?

                                                                                                                                1. 4
                                                                                                                                  1. 4

                                                                                                                                    She listed a few, lets talk about them:

                                                                                                                                    I recall being told early in my freshman year “If RMS hits on you, just say ‘I’m a vi user’ even if it’s not true.”
                                                                                                                                    

                                                                                                                                    So he hit on people. I believe it. Did they reject him? probably. Super awkward? Yes. Victim in this is a bit of a strong word for me.

                                                                                                                                    “He literally used to have a mattress on the floor of his office. He kept the door to his office open, to proudly showcase that mattress and all the implications that went with it. Many female students avoided the corridor with his office for that reason…I was one of the course 6 undergrads who avoided that part of NE43 precisely for that reason. (the mattress was also known to have shirtless people lounging on it…)”
                                                                                                                                    

                                                                                                                                    I wouldn’t be surprised if he slept at work, I’m not sure what the implications are meant to be there. “shirtless people lounging on it” does seem strange, but it is missing some context for me.

                                                                                                                                    When I was a teen freshman, I went to a buffet lunch at an Indian restaurant in Central Square with a graduate student friend and others from the AI lab. I don’t know if he and I were the last two left, but at a table with only the two of us, Richard Stallman told me of his misery and that he’d kill himself if I didn’t go out with him.
                                                                                                                                    
                                                                                                                                    I felt bad for him and also uncomfortable and manipulated. I did not like being put in that position — suddenly responsible for an “important” man. What had I done to get into this situation? I decided I could not be responsible for his living or dying, and would have to accept him killing himself. I declined further contact.
                                                                                                                                    
                                                                                                                                    He was not a man of his word or he’d be long dead
                                                                                                                                    

                                                                                                                                    To me this mostly shows he was very lonely and sexually frustrated person in the past. He probably needed help and someone to guide him in the right direction.

                                                                                                                                    I don’t know if he has a girlfriend or wife, lots of this type of behavior disappears from sexually frustrated men after they have had a long term girlfriend.

                                                                                                                                    1. 2

                                                                                                                                      In Soviet Russia, every man was assigned a women.

                                                                                                                                      There are plenty of “sad and lonely” women, but they don’t appear to do anything like “sad and lonely “ men do.

                                                                                                                                      1. 3

                                                                                                                                        I don’t see your point? Yes sad and lonely men do stupid things. Likely more than women. So? That’s not a solution to the problem.

                                                                                                                                        I don’t think he needed ‘an assigned women’, I don’t know where you even got that idea from. He probably just needed a friend to teach him the right ways to find dates without being so creepy.

                                                                                                                                        I just think making them sadder and more lonely leads them to more desperation.

                                                                                                                                        1. 2

                                                                                                                                          In Soviet Russia, every man was assigned a women.

                                                                                                                                          Got a cite? I’m curious how that worked.

                                                                                                                                          1. 1

                                                                                                                                            That was a joke, just in case, anyone didn’t get that.

                                                                                                                                          2. 1

                                                                                                                                            Men and women are completely different, that’s why.

                                                                                                                                  1. 3

                                                                                                                                    I don’t think I should be allowed to name the technology that powers it, but I really hope the author considers TextGL.

                                                                                                                                    Also, this is… I’m speechless.

                                                                                                                                    Edit: Also, for the shading aspects, coming from the world of ink / graphite – text hatching. I know it’s been done before digitally (I’ve even written scripts to shade using text), but it’s like cross hatching, but you use text characters. OK, I’ll stop.