1.  

    How would humor be different in this language? You can’t hide the punchline while you’re setting it up. Are there jokes that are just as funny read backwards as forwards?

    1.  

      I guess it would be somewhat similar as looking at a single frame cartoon: https://www.google.com/search?q=single+frame+cartoon&tbm=isch

      I am sure humor would work differently in this language, but it might introduce alternative ways to express it?

      1.  

        I’d also add that, while Sapir-Whorf is in general…well, um, provably wrong, to be blunt…there are certain things, especially around humour, that are language-dependent. Puns are only available in some languages, for example; German can’t really do them. Or they’re available spoken, but not written (for example, Japanese, which has many cognates, but uses a Chinese writing system in part to avoid ambiguity in written forms).

        In this case, I can imagine an almost reverse of the Japanese situation: some of these sentences would be recognizable as drawings, and could have a unique form of written-only pun depending on how that worked out.

        1.  

          German can do puns. Maybe Germans can’t, though. ;)

          1.  

            I speak German okay, not great, so I confess I’m forwarding what I was told. Can you give me a German pun? I love them in English.

            1.  

              Germans can definitely do puns, and puns are in fact pretty common in German (though generally considered to be “lame” jokes). The German name is Kalauer. A classic one: “Es wird nie wieder ein Kalauer über meine Lippen kommen, und wenn du lauerst, bist du kahl wirst.” (Of course it doesn’t work in English, but the translation would be “Never again shall a pun cross my lips, even if you lurk till you turn bald”).

              1.  

                Ooh, nice! Thanks! I’ll need to ask my buddy what he actually meant.

              2.  

                Most famous German pun (at least among English speakers): https://genius.com/Rammstein-du-hast-lyrics

                The phrases ‘du hast’ and ‘du hast mich’ when spoken can mean either ‘you have’ or ‘you hate’ and ‘you have … me’ and ‘you hate me’ respectively. When written hate is spelled differently, i.e. hast -> hasst.

                In effect the song tricks the hearer into believing that the singer is accusing them of being hateful towards him. Only when the complete sentence is sung is it clear that the much tamer meaning ‘You asked me’ is meant the whole time.

                I am not a huge fan but its such a famous example I thought it worth bringing up.

                1.  

                  Google for “Wortspiele”.

                  Wikipedia has a few: https://de.m.wikipedia.org/wiki/Wortspiel

            2.  

              That’s a good comparison! I think Scalar families is in part what prompted this thought. You could make the glyph for “big” be comically big, like 10x bigger than the rest of the sentence.

              Maybe you could show irony by making a big glyph that says “small”, or vice versa. Like the trope of a big guy named “Tiny”.

            3.  

              An ironic situation is ironic no matter which order you learn about it.

            1. 19

              I applaud Apple’s approach to privacy, http://www.apple.com/privacy I was shocked to learn that coming from one of the largest corporations in the world, they are pushing the correct approach to privacy. Control of the private key.

              Zoom has been caught lying the past and has very fishy claims and ostensible practices. https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html So this is not a fair comparison in my opinion, but I do agree with the author’s principals and reasoning.

              1. 8

                The exact problem is that in this case Apple does not give ‘control of the private key’ to the consumer.

                (It’s not clear in this article, but I believe this is specifically limited to iCloud backups of iOS devices, and that it can be resolved by turning that feature off. This is an important issue to me and I’d appreciate more info if anyone has some.)

                1.  

                  You’re correct. iCloud backups can be retrieved by Apple. Using iTunes for backups is still safe. iCloud Photo Library is not end-to-end encrypted either, but that provides major usability benefits (like being able to see your photos from iCloud.com just like the competitor, Google Photos).

                  This is the one major flaw with Apple’s privacy strategy for “average Joe” users. I think that having iCloud Backup on by default is great (losing your phone isn’t such an issue anymore), but it would be great if there were at least an option to encrypt it. Is the idea that people who lost their phone and forgot their password (because they never use their password after setting up their phone) would want access to the backups? That’s my only guess.

                  1.  

                    I understand, iOS does not give control of the private key to the user, even more, the software used for messaging is highly proprietary and locked down. thanks for the correction, I was jaded by their slick marketing webpage.

                    Does apple have the ability to decrypt user’s imessages? Up until now, I was going on the assumption that imessages were encrypted similar to signal.

                    1. 6

                      Apple has the ability to remotely install any software on your phone that they want, and therefore exfiltrate any data that they want.

                      1.  

                        I don’t think that quite follows… Apple has the ability to install a new OS, and it has the ability to install apps, but both have limitations. I’ll deal with each.

                        1. OS. If Apple is willing to build a custom version of the new OS and serve that to you when it serves a new OS to other people, then your custom OS can do exfiltrate anything. That’s a high bar though.

                        2. Apps. Apple can install apps on your device at any time and perhaps silently, but those apps are subject to the security regime enforced by the OS version your phone already runs, which is one that countless researchers have checked as carefully as they can. The installled app won’t have the ability to exfiltrate any and all data belonging to the system or other apps.

                        The past is immutable. Apple can write any code, but noone, not even Apple, can travel into the past.

                        1.  

                          OS. If Apple is willing to build a custom version of the new OS and serve that to you when it serves a new OS to other people, then your custom OS can do exfiltrate anything. That’s a high bar though.

                          Why would it have to be a custom version, and why would it have to be timed with the release of some other version?

                          Apps. Apple can install apps on your device at any time and perhaps silently, but those apps are subject to the security regime enforced by the OS version your phone already runs, which is one that countless researchers have checked as carefully as they can.

                          Which is not carefully at all because they can’t audit the code.

                          1.  

                            Apps. Apple can install apps on your device at any time and perhaps silently, but those apps are subject to the security regime enforced by the OS version your phone already runs.

                            Security engine works with rules, and those rules on apps are set by Apple. Safari is the only app that has JIT permissions, there is no reason why they couldn’t do that for a rogue app.

                            1.  

                              And they have done this before. For example, the “Clips” app which is distributed through the AppStore has immediate camera access without prompting the user, I believe, because the app ships with a code sign entitlement that grants unprompted camera access. A regular iOS developer would never get Apple to sign such an entitlement, but as the Uber screen capture entitlement scandal proved, some developers are more equal than others.

                      2.  

                        Why would they? An average customer does not understand what a private key is. If you give out private keys to end-users and they lose them you are going to end up with massive data loss. Apple does the right thing. This is not perfect but it works for most cases. The other end (no unauthorized access to private keys) of this should be guaranteed by the law like in the EU. It is unfortunate that the US has the Patriot Act but it does not mean that you could have a chance against the US gov agencies even in the case of privately stored private keys.

                      3.  

                        I was shocked to learn that coming from one of the largest corporations in the world, they are pushing the correct approach to privacy. Control of the private key.

                        The reason gigacorps don’t care about privacy is because most of them rely on siphoning your information for profit. Apple don’t, since they sell premium hardware and fashion accessories. That’s why Apple can give users more privacy.

                        1.  

                          They are still trying to maximize their profits, and data is “the new oil,” so giving users privacy is not a viable path even for Apple. Marketing the idea of privacy on the other hand is a viable strategy.

                          Am I missing some substantive difference between Apple’s privacy policy and that of other tech companies?

                        2.  

                          I was shocked to learn that coming from one of the largest corporations in the world, they are pushing the correct approach to privacy. Control of the private key.

                          I’m shocked that you trust one of the largest corporations in the world to live up to their promises on this - or any other - issue. That implies you ascribe morals to the corporation, an organisation without morality. In the end it implies you assume Apple corp. would rather go down in flames (i.e. be forced to pay fines even they could not shoulder, being forced to split the company, etc.) than allow a bunch of TLA’s to do some harvesting.

                          It isn’t that single out Apple here, I don’t think you can trust any of these entities and should act accordingly with data you don’t want to get in the wrong hands. For most people this won’t matter but if, say, you’re a dissident writer in Hong Kong or you happen to have proof of what really happened to Epstein it would be foolish to simply trust those data to an iDevice in the assumption that they’re safe for any adversary.

                          1.  

                            This makes so little sense to me, I think I might be parsing it wrong.

                            1.  

                              Who has control over the private key? Steve has always been a pioneer in taking control away from users. Even if they claim the key resides on the device, this is far from the user controlling the key. The actual correct approach to privacy would have to give real control to users, and Steve could not be farther from this.

                            1. 6
                              1. Some of the arguments apply to both desktop and server. One is considered lost the other won. Clearly, these arguments cannot be useful.
                              2. If you only care about server the whole issue with marketing people not using the OS on desktop disappears.
                              3. “Linux people are dumb” is a really pointless way of looking at things. It cannot even be made constructive.
                              4. Putting Linux and “open source in general” in the same bucket is also not very useful. Projects have different technical and organizational problems and this doesn’t help us identify them. I may have missed any points that apply in general.

                              Here are some more plausible reasons why Linux on desktop sucks:

                              1. It doesn’t. The competition is just better these days. But Ubuntu is probably as usable as Windows 98. (Except for the package manager point below).
                              2. Linux is fragmented. Lots of work is done to achieve similar things instead of making one thing work really well. Linux makes us customize things; it’s part of the fun for many people. This is terrible for making things work well out of the box since we are optimizing for something else.
                              3. Few people consider QA to be fun work. One of the main points about free and open source is “free”. People don’t do work for free if they don’t like it. The same applies to the previous point.
                              4. Linux has package managers. Even if we only had one this would still mean that a Linux requires a huge amount of work that does not exist for Windows or Mac (at least if you ignore the “stores). This work could be done in a distributed way by people who make the software if we had something like AppImage that works and which Linux people would find acceptable.
                              5. Inertia is a huge problem. If you have a solution A to some specific problem (e.g. Xorg) and somebody proposes a new solution B to a very similar problem (e.g. Wayland). Even if solution B is better in almost every respect, a lot of people will want to stick with A because in some respects A was better. And this is just on top of the usual problems of rewriting software. So you end up with both A and B and we are back to the fragmentation.
                              1. 6

                                Linux is fragmented. Lots of work is done to achieve similar things instead of making one thing work really well.

                                This sounded like a good argument in 2003, but 17 years later something just doesn’t add up. KDE and Gnome, to pick just the two biggest players, are both 20+ years old at this point. Fragmentation does decrease the amount of work that gets put into any one project but it’s been twenty years.

                                IMHO the fact that neither of them quite cuts it has less to do with fragmentation, and more to do with the fact that, once you start picking them apart, most of their components aren’t actually 20 years old. So they don’t have twenty years’ worth of functionality, not to mention bugfixes and stability.

                                My favourite KDE bug is a good example, I guess: NT 3.51 had a pretty similar bug, more than 22 years ago, and I think a big part of the reason why Microsoft is still ahead in this game is that their bugfix is probably still around in explorer.exe’s source code, whereas KDE has gone through at least three completely different modules for that thing, in the same timeframe (“modules” is a bit hand-wavy here, I hesitate to call it “shell”, although I guess it wouldn’t be completely inaccurate as far as Plasma 5 is concerned).

                                (BTW, I call it “my favourite KDE bug” because I actually like KDE and I’d love to use it more, so I spent a few weekends trying to fix that thing, but alas my QML-fu is basically zero)

                                I mean, yes, if you were to put Gnome and KDE together, you’d get one project instead of two, so “50% less fragmentation”. But between the two of them they’ve basically written five or six desktop environments already, and I’m just counting the major shifts here, where few applications/technologies were retained, not the major releases (albeit there would be some merit in that, too). That is the real source of “fragmentation”, and just hypothetically merging projects isn’t going to help, not when a good portion of the community sees nothing wrong with a “well, they’‘ll have to decide if they’re a Gnome app, an XFCE app, or a GTK app” sort of approach.

                                1. 3

                                  Putting Linux and “open source in general” in the same bucket is also not very useful.

                                  It is a very deliberate tactic used by influencers to equate Linux and Open Source/Free Software in people’s minds, thus closing the door to other, often better designed, open source operating systems.

                                  This allows them to control the discourse. For a real world example, you’ll see a lot of “Linux communities” (forums, irc, slack/telegram/discord/whateverpopularcrap) where almost all of the discussion going on isn’t about Linux (be it the kernel or linux-specific userspace), but about third party open source applications.

                                  But the people in charge of these are often Linux fanatics, and will lock threads and ban people when they mention other open source OSs. Often enough, questioning their Idols’ (Linus and the core team) perfection will warrant such a response.

                                  This is, for instance, a major component of why so many Linux users believe the Tanenbaum-Torvalds Debate was somehow won by Linus. It couldn’t be farther from the truth. Echo chambers breed brainwashing.

                                  1. 2

                                    Linux has package managers. Even if we only had one this would still mean that a Linux requires a huge amount of work that does not exist for Windows or Mac (at least if you ignore the “stores). This work could be done in a distributed way by people who make the software if we had something like AppImage that works and which Linux people would find acceptable.

                                    This is one of the primary reasons I use linux. Package management makes installing software much better than any other paradigm.

                                    1. 1

                                      Package management makes installing software much better than any other paradigm.

                                      Which is faint praise indeed. Package managers work well with a single centralised repository. When you’re using Debian, Ubuntu, Fedora, FreeBSD, or whatever and the thing you want is in the default repositories for the version of the OS that you’re using, it works really well. So well that you forget the amount of effort that it takes to maintain those repositories, ensure that everything that depends on libWhatever works with the same version of libWhatever or, if not, that you can install libWhatever v42 and libWhatever v43 in different directories and point the respective dependencies at different versions.

                                      It starts to break down when you start having multiple sources. For example, I have an Ubuntu system that has three different package repos configured that can all provide cmake. Which one do I get? Whichever is newer. That’s fine, as long as they’re all using the upstream versioning. In this case they are, so that’s fine. It’s also fine because CMake has very strong backwards compatibility guarantees and so nothing breaks when I install a newer version than the one older things were expecting.

                                      Now try substituting something like ICU for CMake. ICU is not backwards compatible and it requires things to be recompiled when you install a new version. If an external package repo is shipping a program that depends on a newer version of ICU, they will provide a newer version. If two external package repos are shipping programs that depend on newer versions of ICU than the default repos, they may both provide different newer versions of ICU. They may make sure that their versions can be installed in parallel with the main repo’s version, but the that are probably unaware of each other and so won’t test for compatibility with them.

                                      This is the kind of thing that PC-BSD’s PBI, Ubuntu’s Snap, Docker containers, and GNOME’s thing-that-I-can’t-remember-the-name-of are intended to solve. Unfortunately, they do it by brining in a lot of the problems of the distribution models that are common on Windows and Mac: everything comes with a complete set of its own dependencies and now you can’t easily do central updates to a security vulnerability in one of the libraries that many things depend on.

                                      It’s 2020 and we still haven’t solved the software distribution problem. I find that sad, especially the fact that I have no concrete suggestion of how we could do it better.

                                      1. 1

                                        It starts to break down when you start having multiple sources.

                                        This is a major reason why I switched to Arch. On Fedora (or whatever) if something isn’t in the repos, you have a few options. If you are lucky, upstream will have an rpm on their website. If not, you could compile it yourself (if you can figure out how to compile it). Of course, you will never be able to uninstall it if you ever type make install. You could use flatpak/snap/docker/whatever. However, those packages tend to be huge, and their dependencies can get stuck on really old versions. None of these solutions tie into any of the normal update mechanisms. So you can be stuck with outdated/insecure software without even knowing it. If you use a third-party repo you run into all the problems you mentioned. So I use arch where I just need one repo (actually three, but who’s counting) and the AUR. Of course, building everything from scratch is a bit of a pain, and I end up not updating most AUR packages anyway. But it’s by far the most painless solution in my experience.

                                        It’s 2020 and we still haven’t solved the software distribution problem. I find that sad, especially the fact that I have no concrete suggestion of how we could do it better.

                                        Has anyone solved it? Perhaps android? Though I think they have a lot of problems that snaps, et al. have.

                                  1. 13

                                    The below essay is Frankfurtian bullshit. I wrote it in the same style as https://shouldiusethreads.com/, because I believe that it is also bullshit of the same type; all of the statements are true, or at least very very hard to falsify, but it’s written primarily to offend, not based on its actual truth or falsehood.


                                    Should I use the filesystem?

                                    No

                                    Some people would have you believe that NULL is the worst mistake in computer science. They make a good case for it, but they’re dead wrong. Shared mutable state is the worst mistake in the history of computers. Ask anyone who has debugged both a segfault and a race condition. They will assure you that the latter is 10-100× more difficult to solve.

                                    Look at a list of files that your system has touched recently. How many of them have actually been manipulated by more than one program? I’m mostly thinking of the hidden ones, like .bash_history and the .dvdcss directory. Outside of highly-visible but comparatively-rare circumstances, the filesystem is an excessively general abstraction for the “silent majority” of its use. The poorly-defined concept of filesystem atomicity result in a system that simultaneously has both excessive synchronization and not enough synchronization for the purposes of the same application (PostgreSQL, in the case of those two links). It’s impossible to design an fsync() call that provides full-filesystem atomicity while preventing two applications on the same computer from blocking each other, because fsync() is fundamentally a filesystem-global lock.

                                    What’s worse is that the default behaviour is to allow limitless race conditions. A process has access to the same filesystem space as other processes in your machine, and can do whatever they want with it (as long as they’re running as the same user, which is the default behaviour when you launch processes). You have to take extreme pains to avoid accidentally doing the wrong thing. You’ll probably mess it up, and the symptoms will show up in an unrelated part of the multiprocess system 10 minutes later. There is no shame in making such mistakes — we’re only human, after all. The shame is in believing ourselves super-human, and reaching for a tool that we don’t need, in full knowledge that we’re likely to shoot ourselves in the foot with it. Nine out of ten times, this tool is the filesystem. If you’re asked to dig a hole and you point a pistol between your feet to get the job done… you should have used a shovel.

                                    But, perhaps your problem requires multiple processes to operate on the same data. In that case — you still shouldn’t use the filesystem! Consider using message passing instead. A good model is an overseer program, which organizes the work to be done and aggregates the results, spawning worker programs to run the actual computations. This is not only much more robust, but it scales better, since you could distribute these programs across multiple computers later on*. This approach is more useful, too, because often the user of the program may have a more novel idea about how to distribute work, and if they can invoke the worker processes themselves, they’re empowered to try it out. This is easier to test and debug for the same reasons. And, in addition to all of these benefits, you get brand new virtual memory scratch space which is much more difficult to fuck up.

                                    What’s worse is that, while there has been a great deal of attention paid to memory-safety, filesystem-safety in programming languages is essentially nonexistent**. Python, Java, Rust, even Haskell expose almost identical APIs for manipulating files, and that interface is terrible. Database designers since before I was born have known that user data and query code should be connected using prepared statements only, but that’s not how you manipulate paths on the filesystem on any of the major operating systems. If you want to connect user input that might potentially contain a forward slash, the best thing that language abstractions might provide is a function that will error out in the presence of “forbidden characters.” At least HTML has standardized escape sequences; how is it acceptable that, in 2020, we can’t have forward slashes in file names? You want to scrape the IMDB and use it to populate file names? Sorry; those episode titles have forward slashes in them, so you’re going to have to invent some arbitrary, non-standardized character substitution and hope it doesn’t result in a naming conflict. “Don’t fuck with user input” is a pretty low standard for API design, and the filesystem paths fail it.

                                    Don’t use the filesystem! It’s a trap!

                                    * NFS is not a solution. Because it’s designed to be transparent to the application, it can’t be both reliable and fast, because the application doesn’t give it enough information to know whether an operation should be retried or failed out if something goes wrong.

                                    ** The closest you can get is sqlite, which is great, but it can’t really fix the pessimistic synchronization, and it doesn’t work very well with existing tooling like git.

                                    1. 6

                                      Honestly, this mostly makes sense to me? The fact that we don’t have any better solutions to the use cases filesystems address doesn’t mean that a global shared filesystem is a good idea to begin with. In fact, if you look at more recent OSs that cared less about retro compatibility, like the mobile OSs, they all have some sort of per-app scope for filesystem, and in iOS specifically it’s something very abstracted over.

                                      I mean, if you were designing a OS today, without any care for any retro compatibility, without any need to support any sort of posix API, would you really provide files and a filesystem as an abstraction for storage? I don’t think I would.

                                      1. 1

                                        I can’t decide.

                                        On the one hand it feels pretty archaic to just store labeled blobs of bits vaguely sorted in a tree and maybe with an extension as a rough type indicator. How are we going to explain this to the kids swiping on the TV? ;) And that in times where we have cloud everything and our phones have share buttons to avoid dealing with files! I am totally on-board with this accidentally true rant.

                                        On the other hand pretty much every order I need I can create with the wonderful filesystems we have and I prefer that to dealing with having my files scattered over sharepoints and onedrives and google docs and whatnots.

                                        1. 2

                                          Your second alternative is not the only other option to filesystems though. It might seem like the only feasible one, but I’m not constraining myself with such minor concerns as “is this even remotely viable in the real world at all”.

                                          What if we could have one (or a couple) rich, programmable, safe, and portable interface that every program could (and did) use? What if you could have even more flexibility (or rigidity) at your fingertips to organize your data, in pretty much any device?

                                      2. 1

                                        You nailed it! I would just add a few solutions like “use INT 13h directly” or “print your data on paper”.

                                      1. 3

                                        I am satisfied with Nextcloud, but this looks neat. It looks synchronous, though, and I wonder if that’d be a UX impediment to adoption.

                                        1. 18

                                          Yup. It is synchronous because it tries to establish a direct connection between the two peers. If, for example, they were on the same local network, the data would not travel out to some server only to be sent back again.

                                          For asynchronous file transfer I love https://send.firefox.com. I also use https://upspin.io/ and a web gateway to it, but that requires some setup. I hope that changes one day.

                                          Disclaimer: I’m author of https://webwormhole.io.

                                          1. 4

                                            I’d like to plug ffsend here as fully featured CLI tool for Firefox Send. It has been super useful ever since I built it.

                                            1. 1

                                              Pretty disappointed that upspin died out.

                                              1. 1

                                                This is just ludicrously good. Thank you so so much.

                                                It’s also a great demo of RTCPeerConnection which is really helpful!

                                                The only one thing I can think of as feedback: the dictionary used for the keys has some difficult to spell words in it, so if the use case of “read it down the phone” is high on your priorities, it might be better to use a larger number of short words. Or maybe even present the same binary key two ways: would you rather read a phrase or a long number? Depending on language and medium, one might be easier than the other.

                                                1. 1

                                                  Thanks for the feedback. I completely agree the dictionary has to change. We use the PGP word list but some of the word combinations are quite unsavoury. I think it would also be cool to have word lists for different languages.

                                                  I’d also like to implement word completion at some point which I think might help with spelling.

                                                  1. 3

                                                    I have a similar need for a readable string encoding … I started off writing a response in this box but instead it is now a “shorter words list” blog post

                                                    1. 1

                                                      I really liked this blog, thanks for doing it :)

                                              2. 4

                                                This is a very different use case than next cloud.

                                                1. 3

                                                  Is it really so materially different? My use case: I want to send a file to someone [which is too big for email] in as non-technical a way as possible.

                                                  1. 2

                                                    The point of magic wormhole is easily useable e2e encryption. Nextcloud does not have e2e encryption.

                                                    1. 1

                                                      Ignoring the underlying technical details and coming at it from the viewpoint of a user who doesn’t care about security (it’s not part of their use-case spec):

                                                      Wormhole means if I’m on the phone with you, I can transfer a file to you without setting anything up. We both just open the website, I tell you my code, you type it in, I drag in my file (or you drag in yours), done. Neither of us needs to have/sign up for an account or anything.

                                                      (I only glanced at nextcloud but my understanding is you need to set it up. Apologies if that’s not right.)

                                                      1. 1

                                                        I concur that wormhole (web or CLI) serves a slightly different use case. That said, in fairness, Nextcloud allows you to provide single-URL (one-click) access to a file, and recipients don’t need a user account on the NC server. However, it’s true that you do need to install or set up NC on your server (or use a provider).

                                                1. 3

                                                  Okay, and here is what I don’t get about the ongoing nix-declarative enthusiasm:

                                                  How does this deal with your passwords, history, bookmarks, etc? And if it doesn’t what’s the big deal? What do I get out of this that wouldn’t be better with Firefox sync?

                                                  1. 4

                                                    I personally use both. I use Firefox Sync to handle syncing of data I’d consider owned by the browser (history, open tabs, bookmarks). I don’t, however, consider it my browser’s job to own & manage my passwords. I keep those elsewhere and manage them separately.

                                                    I wouldn’t say this is “a big deal”, nor a particularly strong purveyor of “the ongoing nix-declarative enthusiasm”. This is just a write up of a few behaviours I wanted from Firefox that could be expressed in a stable, repeatable, and fairly elegant manner using Nix. Firefox Sync will not give you the profile management approach I wrote about, nor will it sync your userChrome.css, or even all of your about:config settings.

                                                    1. 1

                                                      Two follow-up questions, if I may:

                                                      1. Can this be extended to set up the sync for the two profiles it is adding?
                                                      2. Does setting up extensions with Nix not collide with the extensions from the syncing?
                                                      1. 3

                                                        Sure:

                                                        1. Potentially. Anything you can set in about:config (userprefs.js) can be expressed here. So if there’s a setting for that, then yes it could also do that
                                                        2. I don’t sync my extensions via Firefox Sync, so I’m not entirely sure
                                                  1. 12

                                                    0x6. I like monospaced fonts.

                                                    Unfortunately, I learned about kerning and kerning is impossible to do even decently with monospace fonts.

                                                    1. 6

                                                      Kerning is useless for monospaced fonts, almost by definition.

                                                      Kerning is so that combinations like “AV” don’t have a wide space between them. AV will have that, because the horisontal space taken up by each character is the same.

                                                      1. 3

                                                        There are advantages to kerning, and you miss out on them with monospaced fonts. Obviously you gain other benefits while writing code with monospaced fonts, but fit prose? Not so clear.

                                                      2. 5

                                                        Ditto. Maybe it’s just me, but I find it very easy to lose my place when reading monospace text.

                                                        1. 3

                                                          So don’t do kerning? Not sure if there are any readability studies or something that you’re thinking about but as a programmer I am also happy to read articles in monospaced font.

                                                          1. 17

                                                            Monospaced fonts make prose objectively harder to read. They’re an inappropriate choice for body text, unless you’re trying to make a specific e.g. stylistic statement.

                                                            1. 1

                                                              Do you have any links for some studies about it? I’m wondering since you’ve used the objectively term, which I find confusing, since I’m not impacted by monospaced formatting at all. Film scripts are being written in monospaced script, books were written in it (at least in the manual typewriter days), I think this wouldn’t be the case if monospaced fonts would be objectively harder to read?

                                                              1. 4

                                                                Do you have any links for some studies about it? I’m wondering since you’ve used the objectively term, which I find confusing, since I’m not impacted by monospaced formatting at all.

                                                                This is a subject that has been studied for a long time. A quick search turned up Typeface features and legibility research, but there is a lot more out there on this topic.

                                                                The late Bill Hill at Microsoft has a range of interesting videos on ClearType.

                                                                1. 2

                                                                  Your first link was fascinating, thanks!

                                                                2. 1

                                                                  Manuscripts and drafts are not the end product of a screenplay or a book. They’re specialized products intended for specialized audiences.

                                                                  There are no works intended for a mainstream audience that are set in a monospaced typeface that I know of. If a significant proportion of the population found it easier to read monospaced, that market would be addressed - for example, in primary education.

                                                                  1. 1

                                                                    Market could prefer variable width fonts because monospaced are wider, thus impacting the space that is taken by the text, which in turn impacts production cost. This alone could have more weight for market preference than the actual ease of reading. Bigger text compression that is achieved by using variable width could improve speed of reading by healthy individuals, but that isn’t so obvious for people with vision disability.

                                                                    Individuals with central loss might be expected to read fixed-pitch fonts more easily owing to the greater susceptibility of crowding effects of the eccentric retina with which they must read. On the other hand, their difficulty in making fixative eye movements in reading should favor the greater compression of variable pitch. Other low-vision patients, reading highly magnified text, might benefit from the increased positional certainty of characters of fixed pitch. Our preliminary results with individuals with macular disease show fixed pitch to be far more readable for most subjects at the character size at which they read most comfortably. (“Reading with fixed and variable character pitch”: Arditi, Knoblauch, Grunwald)

                                                                    Since at least some research papers attribute superiority of variable width font to the horizontal compression of the text – which positively influences the reading speed and doesn’t require as many eye movements – I’m wondering if the ‘readability’ of monospaced typefaces can be improved with clever kerning instead of changing the actual width of the letters.

                                                                    The reading time (Task 1) with the variable-matrix character design was 69.1 s on the average, and the mean reading time with the fixed-matrix character set was 73.3 s, t (8) = 2.76, p < 0.02. The difference is 4.2 s or 6.1% (related to fixed-matrix characters). (“RESEARCH NOTE Fixed versus Variable Letter Width for Televised Text”: Beldie, Pastoor, Schwarz)

                                                                    The excerpt from the paper above suggests that the superiority of variable width vs monospaced isn’t as crushing as one could think when reading that human preference for variable width is an “objective truth”.

                                                                    Also, the question was if monospaced fonts are really harder to read than variable fonts, not if monospaced fonts are easier to read. I think there are no meaningful differences between both styles.

                                                                    1. 1

                                                                      Market could prefer variable width fonts because monospaced are wider, thus impacting the space that is taken by the text, which in turn impacts production cost.

                                                                      So it’s more readable and costs less? No wonder monospaced fonts lose out.

                                                                      I’d love to read the paper you’ve referenced, but cannot find a link in your comment.

                                                                      1. 1

                                                                        So it’s more readable and costs less? No wonder monospaced fonts lose out.

                                                                        Low quality trolling.

                                                                        I’d love to read the paper you’ve referenced, but cannot find a link in your comment.

                                                                        They could be paywalled. I’ve provided the name of papers plus authors, everyone should be able to find them on the internet.

                                                                        1. 2

                                                                          Low quality trolling.

                                                                          What?! I put a lot of effort into my trolling!

                                                                          (To be honest: you’re right and I apologize. It was a cheap shot).

                                                                          I found the first paper (https://www.ncbi.nlm.nih.gov/pubmed/2231111), and while I didn’t read it all I found a link to a font that’s designed to be easier to read for people who suffer from macular degeneration (like my wife). The font (Maxular), shares some design cues from monospaces fonts, but critically, wide characters (like m and w) are wider than narrow ones, like i.

                                                                          That’s what I think is a big problem with monospaced fonts, at small sizes characters like m and w get very compressed and are hard to distinguish.

                                                              2. 5

                                                                I also tried to code with a variable width font. It works ok with Lisp code but not the others. The tricky part is aligning stuff. You need elastic tabstops.

                                                                1. 1

                                                                  Oh, wow. That’s a cool idea. Yeah, that might be enough.

                                                                  1. 1

                                                                    Very cool idea, but that means using actual tabs in a file, and I know a lot of programmers who hate tabs in files.

                                                                    1. 1

                                                                      Good point. I think the cases when different sized tabs would cause problems should also cause problems with a system like this.

                                                              1. 3

                                                                Very neat, but can we refrain from using Lobsters as a marketing and advertising channel?

                                                                1. 30

                                                                  I disagree. This - and other projects like Pine64 - are social movements, attempts to prevent a future bereft of user-repairable, user-hackable, general purpose computing.

                                                                  I think the more exposure we give them, on Lobsters and elsewhere, the better.

                                                                  Yes, it’s marketing and advertising. But it’s marketing and advertising a better future, that we can all contribute to by the act of simply buying and using a laptop.

                                                                  1. 13

                                                                    Conflating conspicuous consumption with promoting the social good is one of the greatest tricks ever pulled by the capitalist.

                                                                    There is very little technical information in this post we can learn from, there is just a Buy Now and some pretty pictures.

                                                                    You have to look beyond the shiny and consider what negative impact normalizing this has on communities like Lobsters. Sure, these folks might be doing the right thing, but charlatans all appeal to a brighter future and once they get a whiff of the rubes they come.

                                                                    There is an entire industry devoted to exploiting communities like ours, let’s not make their job easier.

                                                                    1. 7

                                                                      I also want to mention that while the blog post announcing that the campaign is live is relatively light on technical details, the main project page is detailed enough that some of it is beyond my understanding (I’m not a hardware guy, I don’t know what e.g. MIPI DSI is) and gives me some terms/concepts to research.

                                                                      As soapdog said, this project has been around for a while, what is new is that it’s ready for people to “buy now”.

                                                                      1. 11

                                                                        All sources (KiCAD schematics, µC firmware, 3D case files) are up and freely available under various FLOSS licenses. You don’t have to buy anything from them to support the project or study the sources, learn, adapt and build your own laptop if you so desire. That’s the key difference, and companies who embrace this concept surely should be allowed to make a profit to strive forward.

                                                                        1. 7

                                                                          All sources (KiCAD schematics, µC firmware, 3D case files) are up and freely available under various FLOSS licenses.

                                                                          Post links to those, or a write-up about them. I’d love that.

                                                                        2. 8

                                                                          If I just posted straight politics on Lobsters, e.g. advocating for a Green New Deal, general strikes, socialist revolution, etc. I’m pretty sure people would downvote it as off-topic.

                                                                          Short of general societal change away from corporate capitalism, the vehicles we have for promoting potentially revolutionary technology require the exchange of money for goods and services. In other words, advertising opportunities for people to chip in. The alternative is that only the independently wealthy are able to work on and share ethical technology, and that is exclusionary + unethical. Ordinary people need money to live, and open source / open hardware needs to include everyone.

                                                                          Could the legal/financial structure of the MNT project be better? Possibly, I am not familiar with MNT’s structure or German law. Certainly there is room for improvement in how business is conducted in the world. We should support public benefit corporations, non-profits, worker-owned cooperatives, unions, anarchist collectives, etc. People starting a new project should consider how their legal/financial structure can systematically support ethics rather than the standard model which only understands profits. But no project will ever be perfect, and we need to support people who use conventional methods in some areas (e.g. business structure) while taking risks in other areas (e.g. open hardware). We can’t wait for the perfect world to exist before we start building a better one.

                                                                          1. 10

                                                                            That’s all well and good, but it doesn’t answer my concern.

                                                                            How do you keep our community from being overrun by hucksters?

                                                                            One of the things that sets Lobsters apart from places like Reddit, the orange site, and so forth is that we generally keep out shilling threads, content marketing, and the like.

                                                                            And yes, while it’s totally fine and even laudable to support efforts like these, doing by sharing what is effectively marketing material and advertising tends to cannibalize communities like ours by turning us into a mere host channel for marketing instead of our normal content. Is there another way I can explain this to make it more clear?

                                                                            1. 10

                                                                              I’m curious - what’s your line here? A lot of interesting technical work is done by for-profit companies, and a lot of that is sold. Are we to refrain from posting anything having to do with a commercial enterprise, even open source projects? Or is it only in the case that the company in question sells services related to the project? Either way, that significantly limits a lot of discussion (of, e.g., Docker, Kubernetes, and even Ubuntu Linux) that would otherwise be definitely on topic.

                                                                              1. 14

                                                                                My sniff test is basically:

                                                                                • Is the submission on a cup-rattling site like kickstarter, crowdsupply, indiegogo, etc? If yes, flag.
                                                                                • Is the submission by a youngish account affiliated with the product or company? If yes, flag if they haven’t been contributing non-product related submissions to Lobsters.
                                                                                • Is there any code or significant actionable technical information to learn from? If no, flag.
                                                                                • Is there a call-to-action on the page to subscribe to their newsletter or pay them money? If yes, almost always flag.
                                                                                • Is the information applicable only to customers of that product? If yes, flag.

                                                                                I don’t have so much a problem with, say, a Cloudflare post that really digs into debugging DNS issues or something. But usually, it’s just a slick product page (see the Github/VSCode stuff or this as an example).

                                                                                1. 4

                                                                                  That seems like a well-defined line, though one that does exclude a lot of content that makes it to the top of the front page pretty regularly. Might be worth having a discussion about some kind of formal definition of “advertising” that is not allowed here.

                                                                              2. 6

                                                                                How do you keep our community from being overrun by hucksters?

                                                                                By upvoting submissions that aren’t from hucksters.

                                                                                No snark intended there, but I’m sure that you, me, and others here can distinguish between a good open source project like this or Pine64, and a sham product produced by hucksters. We can support the former with upvotes, and downvote the latter into oblivion.

                                                                                If we don’t have the skill and judgement to do that successfully, our community is doomed regardless of what measures we take.

                                                                                1. 4

                                                                                  I think I actually understood better where you’re coming from with this comment, for some reason, so thank you for rephrasing.

                                                                                  While I don’t think that banning everything that could be considered advertising would be wise, I understand the concern that it could drive out content that lacks a profit motive. And there’s no easy answer. Discouraging or banning self-promotion is one approach, which I believe Lobsters uses to some degree, but sockpuppets, viral marketing and other tricks can get around that. At the end of the day, I think we just have to depend on:

                                                                                  • the community to submit and upvote a good mix of content, including some important projects that have commercial aspects, but not too many
                                                                                  • the community to invite good people who aren’t hucksters
                                                                                  • the mods to put a stop to bad behavior and kick bad actors

                                                                                  Going any further than that risks suppressing news about important projects that people like me want to support, and that we may not hear about elsewhere.

                                                                                  1. 7

                                                                                    Point of fact: this was up on the orange site an hour before it was up here, and as of the time of posting is 28 on their front page.

                                                                                    Suppressing news is exactly the point. News is the mindkiller, since it by definition is relevant only due to its novelty. There are entire industries built around news. It’s covered, don’t worry.

                                                                                    1. 3

                                                                                      Let me get this straight: are you saying that Lobsters posts shouldn’t include news items? I understand the sentiment, but it seems like an extreme position.

                                                                                      Someone who does not want to read the news may be better served by disconnecting from the internet and/or powering off their devices. (I took a “technology diet” for a few days at the beginning of the pandemic for precisely this reason, although I came back to an exploding inbox and was immediately stressed out again.)

                                                                                      1. 9

                                                                                        Yes. I am saying that I believe Lobsters posts shouldn’t include news items. I only grudgingly agree with the news-ish tags of release and event.

                                                                                        The core issue with news–its value is predicated specifically on its novelty (literally, how new it is) and not on its quality, topicality, or even base veracity. News is like catnip or potato chips, and tends to get upvotes because people want to “feel informed” or want to upvote a sympathetic headline. “Tech news” tends to bucket into:

                                                                                        • product annoucements
                                                                                        • product releases
                                                                                        • business happenings
                                                                                        • politics/culture war/drama
                                                                                        • obituaries
                                                                                        • meta coverage of other news coverage

                                                                                        Further, news articles tend to:

                                                                                        • Be written for the casual consumer (because simpler writing means broader audience, and broader audience means more eyeballs, and more eyeballs means more ad revenue)
                                                                                        • Leave out useful technical details (how many of the articles on the front page of Phoronix have code or best practices in them?)
                                                                                        • Rehash other news sources, creating games of telephone
                                                                                        • Contain other content that leads to non-technical discussions and flamewars (a news story about launching contact tracking apps might mention Trump, that in the comments section here turns into a Whole Thing)
                                                                                        • Be strictly less useful than the primary source they’re reporting on (in the case of academic work, for example, it’d be a better submission to have the original paper instead of a breathless university press release or sloppy coverage from Ars or New Scientist or whatever)

                                                                                        There are many, many sites out there that cover news well. There are not many that focus on technical discussions the way we do.

                                                                                        1. 4

                                                                                          its value is predicated specifically on its novelty (literally, how new it is) and not on its quality, topicality, or even base veracity

                                                                                          And yet a great deal of it has value beyond novelty. This, for instance - along with the start of the campaign came finalized production-ready KiCAD files for the mainboard, finalized 3D CAD files for the case, and some commits to their software which are undeniably technically interesting.

                                                                                          1. 2

                                                                                            This, for instance - along with the start of the campaign came finalized production-ready KiCAD files for the mainboard, finalized 3D CAD files for the case, and some commits to their software which are undeniably technically interesting.

                                                                                            If the value of the announcement comes from that, then why weren’t they linked to directly? Why force readers to dig around for them?

                                                                                            1. 5

                                                                                              I don’t think it comes only from that - there are a lot of pieces of this post that are valuable to different audiences.

                                                                                              For me, it was useful as news; I knew about MNT Reform, and knew some people who worked on it, but wasn’t following it closely. It was also useful as a sort of “release announcement” for these finalized designs.

                                                                                              For people who weren’t aware of the MNT Reform project, it serves as a good introduction to the purpose and goals of the project. It has an interesting anecdote about how some hardware and software people got into the field, which I personally always enjoy, and it recounts the efforts of several talented engineers over the past two years.

                                                                                              The MNT Reform is, in my opinion, a really interesting and important project. Something major changed with it recently, and it seems appropriate to link on Lobste.rs for that reason, since the last mention was six months ago, when things were very different, especially in the software department. It would be pretty weird to link to the project page without linking to this blog post, yes?

                                                                                          2. 1

                                                                                            I agrew with the idea that novelty is a bad predictor of most attributes. Especially in this information overloaded world we live in.

                                                                                            Might even be like music, there is continous selection so 80ies music is now both better than it was in the 80ies and better than what’s on the radio.

                                                                                            However, if offers such as this one are interesting to this community the fact that they are available NOW is an important aspect and it is only interesting now.

                                                                                2. 1

                                                                                  Absolutely.

                                                                                  And let’s not forget the Vivaldi Tablet nor the EOMA68 Computing Devices.

                                                                                  It’d be a different story if the link was to technical documentation, rather than some Give Us All The Money page.

                                                                                  It’s very easy to promise, not so much to deliver. But fundraisers by definition do specialize in the former.

                                                                              3. 23

                                                                                I posted this because I’ve seen people here interested in ARM based machines and open hardware. Everything about MNT Reform is open hardware and software. They are trying to build an initial batch of machines by crowdfunding, a process that is well known and common for open hardware. It is actually the only viable self-bootstrapping way to create such machines, unless you’re a millionaire funding things from your own pocket.

                                                                                I am quite tired of comments such as “this is marketing and advertising” every time someone tries to post any crowdfunding thing. Do you want open hardware? Do you want to support open hardware projects? Then you need to probably understand that crowdfunding will play a role.

                                                                                This campaign is also the only easy way for people who are interested in such machine to get one. Building from the schematics and source code is not something easy, and will probably cost way more.

                                                                                I posted this because 3 months ago there were well received posts in the past year and people appeared excited by it. This serves as a reminder that they can help fund it now.

                                                                                This project aims to create a repairable, understandable and free machine for your general computing needs. Equating that with “corporate capitalism advertising practices” is wrong and completely missing the point on why it was posted.

                                                                                1. 4

                                                                                  I disagree with your post entirely. For the most part, I come to lobsters to read about software and hardware.

                                                                                  This is not software or hardware - it’s basically a glorified Kickstarter campaign. If I wanted to buy/consume, I’d use another site.

                                                                                  I wouldn’t object if someone posted blog articles detailing the challenges in implementing open hardware, or design files, etc. This isn’t really that - it’s “pay us money and get a possible product” Which is kickstarter all over again.

                                                                                  You can posture about the politics of the economy all you want, but this doesn’t seem like an appropriate fit here. On HN and Reddit? Sure - people love to spend and donate to all sorts of political endeavors. This is the first time I’ve seen here a blatant kickstarter-like project. I’m happy they’re doing open hardware, but why am I seeing their store/campaign?

                                                                              1. 25

                                                                                0x5. I like when the publication date is easy to find.

                                                                                Oh my gods yes this. SO many blogs, and even actual news sites, omit the publication date. Information goes stale quickly people, especially technical judgements and opinions. Please.

                                                                                1. 4

                                                                                  Some pages even deliberately change the publication date so it always looks fresh and up-to-date for SEO.

                                                                                  1. 2

                                                                                    I’ve heard about that trick too. Does anyone know if it really works…?

                                                                                    1. 2

                                                                                      As far as I know, search engine tech has long since outsmarted simple content-based tricks like this (and e.g. keyword stuffing) to the point where “SEO” is an obsolete strategy compared to simply writing good content.

                                                                                      1. 2

                                                                                        The quality (or lack thereof) of Google’s results lately does make me question that assessment.

                                                                                        1. 3

                                                                                          Ha, well, yes, there is that, but at least this was the general aura of advice while I was adjacent to the field a couple of years ago. The odd time I have used Google recently it feels like it’s gone the other way, where the poor quality results are because it’s trying to be too clever and completely missing the mark.

                                                                                          1. 2

                                                                                            I’ve had, recently, searches where all the results, besides the one in the top, were malicious sites.

                                                                                            1. 4

                                                                                              I’m not surprised! Google is a high-profile target, and you can game any algorithm if you can figure it out. I guess I’m saying any SEO advice aimed at legitimate websites is likely outdated at best and snake oil at worst.

                                                                                              1. 1

                                                                                                I suspect Google just doesn’t care about their search engine anymore, as they’re getting as much money as they want elsewhere than search.

                                                                                1. 6

                                                                                  As much as I dislike snap, this post is overly dramatic. You can easily download the non-ubuntu chromium binary and install it without need of snap.

                                                                                  The main problems of snap, which are “irreconcilable differences” that will alienate a part of the population, are:

                                                                                  1. hardcoded home directory pollution
                                                                                  2. user home must be inside /home/
                                                                                  3. cannot disable the automatic update feature
                                                                                  1. 9

                                                                                    You can easily download the non-ubuntu chromium binary and install it without need of snap.

                                                                                    I suppose they want to use official packages from a reputable repository. Installing binaries manually really is bad practice for security and maintainability reasons.

                                                                                    1. 2

                                                                                      I installed the official chromium .deb for Debian and it works flawlessly. (I prefer firefox, but jitsi does not work well in firefox).

                                                                                      1. 4

                                                                                        Is that a repository, or a single .deb file? If the latter, that doesn’t get updates along with regular system maintenance. If it’s an external repository, that could be a decent solution depending on how much you trust it.

                                                                                        1. 2

                                                                                          if chromium is anything like regular chrome or firefox they are updated out of cycle with the rest of the system anyway, unless you happen to turn auto-updates off

                                                                                          1. 4

                                                                                            At work I’m using Chromium and Firefox from the Debian repositories. Auto updates are turned off and will use the standard system update mechanism.

                                                                                            Having random binaries update themselves in a system sounds like a recipe for madness to a sysadmin. Also, how does that even work in a multi-user system where they’re installed system wide? Does that mean these binaries are setuid root or something?

                                                                                        2. 2

                                                                                          jitsi does not work well in firefox

                                                                                          I keep hearing this, but I use jitsi from firefox every day and don’t have any issues. There was a feature missing in firefox about a year ago that was preventing jitsi from working, That was reported and fixed eventually although it took a while to get through the system. Maybe there are still some minor issues but nothing I have seen that makes me want to switch to chrome.

                                                                                          1. 5

                                                                                            Firefox’s implementation of WebRTC has some issues that make Jitsi scale poorly when anyone in a call is on Firefox. This is fine for small groups; it only becomes an issue if there’s more than 10 or so participants.

                                                                                            1. 2

                                                                                              Ok, thanks for clarifying that. I can confirm I am only using it in small groups.

                                                                                      2. 5

                                                                                        I really don’t understand why Ubuntu pushes Snaps when there is Flatpaks (desktop) and Docker (server), unless what they really want is to generate lock in. I wished they were more collaborative and smarter about what maked them stand out (like being a polished desktop Linux). Point 1. was one of the reasons for me to switch to Fedora.

                                                                                        1. 9

                                                                                          I find the existence of both Flatpak and Snap confusing. They seem to solve a problem that only exists for a limited set of software within an already very limited niche of users. Web browsers on desktop Linux distros seem to be well-served by them, but how many engineer-years have gone into building these things?

                                                                                          I suspect there’s some big benefit/use-case that I’m completely missing.

                                                                                          1. 12

                                                                                            I find the existence of both Flatpak and Snap confusing.

                                                                                            This!

                                                                                            Snap and flatpack try to solve two completely unrelated problems: application sandboxing and package distribution, and do a notoriously bad job at each one.

                                                                                            Application sandboxing should be an OS-feature, not requiring any action by the potentially hostile application distributors. Thus, it should be able to act upon arbitrary programs. If I want to run “ls” in a controlled container, so be it. Any application, no matter how is it distributed, must be sandboxable.

                                                                                            Package distribution is a different thing. At this point, it seems that nearly all of the problems can be solved by distributing a static executable as a single file.

                                                                                            1. 2

                                                                                              If I want to run “ls” in a controlled container, so be it.

                                                                                              That may be rather difficult. It already needs access to the whole filesystem…

                                                                                              1. 3

                                                                                                But it doesn’t need to access to the network, or file contents and it definitely should not be allowed to change anything. Plenty of permissions to restrict.

                                                                                                1. 2

                                                                                                  or file contents

                                                                                                  Can you restrict that on Linux? Is there a separate permission for reading files and reading directories?

                                                                                                  You’d also need a whitelist for reading some files, such as shared libraries and locale.

                                                                                                  and it definitely should not be allowed to change anything

                                                                                                  Well it has to be able to write to stdout… which could be any file descriptor.

                                                                                                  1. 1

                                                                                                    Can you restrict that on Linux? Is there a separate permission for reading files and reading directories?

                                                                                                    So long as the directory has r-x (octal 5) permission, and the file does not have read r permissions you can browse the directory but not read the files contents.

                                                                                                    1. 3

                                                                                                      No I mean is there a way to allow readdir but not read? AFAIK Linux does not have that level of granularity.

                                                                                            2. 1

                                                                                              This is entirely new to me too.

                                                                                              From the wikipedia entry https://en.wikipedia.org/wiki/Snappy_(package_manager):

                                                                                              The system is designed to work for internet of things, cloud and desktop computing.

                                                                                              So it’s a more light-weight Docker I guess.

                                                                                              1. 6

                                                                                                I’m not sure how much more light-weight they can be, given that Flatpak and Snap are both using the same in-kernel container mechanisms (cgroups, namespaces, seccomp etc.) as Docker.

                                                                                                1. 4

                                                                                                  Somewhat tangential (maybe you happen to know, or somebody else who does is reading) – is the sandboxing any good these days, and do Flathub applications/other packagers user them? About two years ago, when Flatpak was just getting hot, the flurry of “this is the future of Linux desktop” posts convinced me to spend a few weekends with it and it was pretty disappointing.

                                                                                                  It turned out that virtually all applications on flathub had unrestricted access to the home directory (and many of them had unrestricted access to the whole filesystem), even though it showed the pretty “sandbox” icon – arguably not Flatpak’s fault I guess, but not very useful, and also not very assuring (features that go almost completely unused tend to be broken in all sorts of ways – since no one gets to use them and hit the bugs). Lurking through the bug tracker also painted a pretty terrible picture – obvious bugs, some of which had had serious enough CVEs assigned for months, lingered for months. So basically it was (almost) zero sandboxing done by a system that looked somewhat unlikely to be able to deal with really malicious applications in the first place.

                                                                                                  (Edit: I don’t mean that Flatpak, or Snap, are bad as a concept – and I also want to re-emphasize, for anyone reading this in 2020, that all of this was back in 2018 or so. But back then, this looked like years away from being anything near something you’d want to use to protect your data – it wasn’t even beta quality, it was, at best, a reasonable proof of concept.)

                                                                                                  Also, even though this was all supposed to “streamline” the distribution process so that users get access to the latest updates and security fixes more quickly, even the most popular packages were hopelessly out of date (as in weeks, or even months) in terms of security fixes. I expect at least this may have changed a bit, given the increase in popularity?

                                                                                                  Has any of this stuff changed in the last two years? Should I give it another go this weekend :-) ?

                                                                                                  (Edit: I can’t find my notes from back then but trying to google around for some of the bugs led me here: http://flatkill.org/ . There’s a lot of unwarranted snark in there, so take it with a grain of salt, but it matches my recollections pretty well…)

                                                                                                  1. 4

                                                                                                    It turned out that virtually all applications on flathub had unrestricted access to the home directory (and many of them had unrestricted access to the whole filesystem),

                                                                                                    A cursory GitHub search of the Flathub organization shows ~150-200 applications have --filesystem=host or --filesystem=home each. And close to 100 have --device=all. So it seems that a large portion is still effectively unsandboxed.

                                                                                                    Lurking through the bug tracker also painted a pretty terrible picture – obvious bugs, some of which had had serious enough CVEs assigned for months, lingered for months.

                                                                                                    This is a disaster in the making. Outside the standard SDKs that are provided through FlatHub, applications compile their own picked versions of… pretty much everything. Just going over a bunch of Flatpaks shows that the dependencies are out of date.

                                                                                                    That said, I see what they are aiming for. The broad permissions are caused by several issues that will probably be resolved in time: broad device permissions are often for webcam access, which should be solved by Pipewire and the corresponding portal. The home/host filesystem permissions can partially be attributes to applications which use toolkits for which the portal mechanism isn’t implemented.

                                                                                                    The problem that every Flatpak packages their own stuff is more concerning though… I know that the aim is to be distribution-independent, but it seems like a lot could be gained by allowing re-use of regular packages within Flatpaks.

                                                                                                  2. 2

                                                                                                    I’m thinking more lightweight conceptually. Docker is seen as a sysadmin/devops thing, Snappy is more like a mobile app.

                                                                                                    1. 3

                                                                                                      In practice however it is still a sysadmin thing.

                                                                                            3. 4

                                                                                              You can easily download the non-ubuntu chromium binary and install it without need of snap.

                                                                                              Then you’re either stuck using PPAs (which is a no-go for certain environments) or manually updating the DEB. Both of which are not good options when it should be as easy getting updates from the official repositories.

                                                                                              1. 0

                                                                                                I’ve found Chris’ recent posts to be increasingly histrionic. He’s otherwise been a reliable read for ages.

                                                                                                1. 1

                                                                                                  You say that but I’d agree it’s a serious bug or even just WTF moment.

                                                                                                  Yes, there’s the FHS - but nowhere it says (afaik) that software should break if you change something like this, which isn’t even an edge case but has been done for decades.

                                                                                                  1. 1

                                                                                                    I don’t disagree with that. It seems like a poor limitation that deserved more attention from the devs once reported. And it would have likely caused problems at the last place I was a Sysadmin.

                                                                                                    What I’m complaining about is the tone with which he’s presented the issue. And it’s not limited to this post; I’ve been reading his blog for about ten years and it’s been a high quality read for most of that time, until relatively recently when the tone has been more entitled and (for want of a better word) whingy which detracts from the substance of what he’s writing about.

                                                                                              1. 5

                                                                                                I think this might be underestimating the fact that copying software is zero effort and so a lot of it can be free. That makes the cost for modification relatively bigger.

                                                                                                And for something more complicated then chairs it’s a lot easier to modify for the original creator. A better comparison would be modern cars with all their extras and options. And for that there are similar models in software like SAP where you usually pay someone to customize it for you.

                                                                                                That’s just really expensive compared to putting in all features and letting the user decide.

                                                                                                1. 2

                                                                                                  I think the correct comparison is the cost of copying and configuring software though. I often find that software that tries to be very general via configuration ends up being very complicated. Eg last year I replaced anki with my own spaced repetition app and the code ended up smaller than my anki configuration.

                                                                                                1. 3

                                                                                                  I personally use Pop!_OS (Ubuntu based) because I like the direction System76 have taken the UI/UX. There’s very little do to out of the box, except run my package install script.

                                                                                                  If I wasn’t using Pop!_OS, it would be Ubuntu. I’m a “set it and forget it” kind of guy, so I like to get going and leave my OS alone. The fact that Ubuntu and/or Pop are supported by large companies, and therefore unlikely to go anywhere is a big bonus for me also. I try to stay away from the smaller indie distros.

                                                                                                  Ubuntu is also the biggest distro out there, so getting support if things go wrong is trivial.

                                                                                                  1. 3

                                                                                                    Yes, and the big userbase means that it is supported by third parties like nvidia for cuda!

                                                                                                  1. 5

                                                                                                    I think one underappreciated issue here may be webapps. They are a window within a tab within a window. And they never really /had/ an option to conform with the old style.

                                                                                                    1. 4

                                                                                                      Somehow I am reading this as: somebody please make a programming font where <,> have the height of (,),[,],{,}. But maybe that will look too terrible for comparison.

                                                                                                      1. 3

                                                                                                        Like hwayne said, there’s already the ⟨ ⟩ symbols, which are actually pretty nice. We don’t have a key for them, but you could remap the < > keys or set up a replacement in your editor for certain filetypes.

                                                                                                        1. 9

                                                                                                          I think that if someone designed a language the relied on characters outside ASCII the reaction would be incredulous outrage from existing developers. It doesn’t matter how easy you make it to remap keys, the ideal of code == ASCII is so deeply embedded as to be a dogma.

                                                                                                          (preemtive rebuttal: APL doesn’t count, there are already 2 or three successors that are ASCII-only).

                                                                                                          1. 3

                                                                                                            It could just be an alternative to the <> for people who disliked them. Many languages already support UTF-8 identifiers (Go and Raku, off the top of my head).

                                                                                                            1. 2

                                                                                                              Thanks for clarifying. I agree.

                                                                                                              I’m not familiar enough with Raku to know if the UTF characters are required for the language, or a just nicer-looking alternatives to the “standard” ASCII variants.

                                                                                                                1. 1

                                                                                                                  Julia supports unicode identifiers and operators. It’s neat. It also uses {} for generics, so they avoided this problem entirely.

                                                                                                                2. 1

                                                                                                                  This is really annoying to me because there are a lot of languages that have an ascii replacement for ∀, like forall and always and \A when it would be so much nicer to be able to just drop ∀ in there and have the parser know what I mean.

                                                                                                                  1. 2

                                                                                                                    Haskell -XUnicodeSyntax is great :)

                                                                                                                    1. 2

                                                                                                                      That flag makes using the Unicode versions optional rather than mandatory, which is nice. ♥️

                                                                                                              1. 2

                                                                                                                It looks nice if they’re very steep, i.e. very wide angle, almost like in some BIOS VGA fonts.

                                                                                                              1. 19

                                                                                                                I always get pushback when I encourage people to try their hand at crypto for fun and to learn how it works. Just don’t deploy it into production, make sure you pass the massive test vector lists available for everything, and always assume you are leaking side-channel information, and everything’s fine. Elliptic curves are really fun to work with when you have 512-bit integer types available, and ChaCha20 is very simple in practive.

                                                                                                                Daniel J. Bernstein started out now knowing a thing about cryptography either. Imagine if he’d listened to everyone’s advice.

                                                                                                                1. 5

                                                                                                                  “Don’t roll your own” has become one of those memes that people repeat without qualification or context :(

                                                                                                                  1. 3

                                                                                                                    I mean, sure you could qualify it with “unless it is never actually used” or “unless you are an expert and know how to deal with your mistakes” but the first is sort of implicit in a tree-in-the-forest kind of way and the second applies only to very few people. I think it’s a good meme.

                                                                                                                1. 2

                                                                                                                  Last year I was in need for a yocto compatible build system. I ended up reading several of the linked resources and the official documentation and found it thoroughly impenetrable. And at times depressing, like reading about the package registry, something I really didn’t want and it also doesn’t work cross platform: https://cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html#package-registry

                                                                                                                  On the plus side, after I decided to ignore best practices and just cobbled something together it worked sufficiently well and quickly.

                                                                                                                  1. 38

                                                                                                                    Are people really still whining about this?!?

                                                                                                                    Python 2 is open source free software and you’re a software developer. Grab the code, build it yourself, and keep running Python 2 as long as you want. Nobody is stopping you.

                                                                                                                    This is even more silly because Python2 was ALREADY DEPRECATED in 2011 when the author started his project.

                                                                                                                    1. 5

                                                                                                                      /Are people really still using this argument?!?/ Just because software, packages and distributions don’t cost money doesn’t mean that people don’t use them and have expectations from them. In fact, that is exactly why they were provided in the first place. This “you should have known better” attitude is totally counterproductive because it implies that if you want any kind of stability or support with some QoS you should not use free/open-source software. I don’t think any of us want to suggest that. It would certainly not do most open source software justice.

                                                                                                                      1. 9

                                                                                                                        This “you should have known better” attitude is totally counterproductive because it implies that if you want any kind of stability or support with some QoS you should not use free/open-source software.

                                                                                                                        My comment doesn’t imply that, though. In fact, as I pointed out, the author can still download Python2 and use it if he wants to. Free to use does not imply free support, and I think it’s a good thing for people to keep in mind.

                                                                                                                        Furthermore, I don’t think a “you should have known better” attitude is out of line towards somebody who ignored 10 years of deprecation warnings. What did he think was going to happen? He had 10 years of warning - he really should have known better…

                                                                                                                        1. 1

                                                                                                                          if you argue with the 10 years of warning you’re missing the point.

                                                                                                                          The point is not that there was no time to change it. The point is that it shouldn’t need change at all.

                                                                                                                        2. 13

                                                                                                                          Just because software, packages and distributions don’t cost money doesn’t mean that people don’t use them and have expectations from them

                                                                                                                          Haven’t there been a few articles recently about people being burt out from maintaining open source projects? This seems like the exact kind of entitled attitude that I think many of the authors were complaining about. I’m sure there would be plenty of people to maintain it for you if you paid them, but these people are donaiting their time. Expecting some developer to maintain software depreciated in 2011 for you is absurd.

                                                                                                                          1. 1

                                                                                                                            Yeah, I’ve read a few of those articles, too. And don’t get me wrong I’m not trying to say that things should be this way. A lot of open source work deserves to be paid work!

                                                                                                                            But I also don’t think there is anything entitled about this point of view. It’s simply pragmatic: people make open source software, want others to use it, and that is why they support and maintain it. Then the users become dependent. Trouble ensues when visions diverge or no more time can be allocated for maintenance.

                                                                                                                            1. 9

                                                                                                                              At the same time, it’s not like a proprietary software vendor that you staked your entire business on. The source code to Python 2 isn’t going anywhere. Just because the PSF and your Linux distribution decided to stop maintaining and packaging an ancient version doesn’t mean you can’t continue to rely on some company (or yourself!) to maintain it for you. For instance, Red Hat will keep updating Python 2 for RHEL until June 2024.

                                                                                                                              And as crazy as it might seem to have to support software yourself, consider that the FreeBSD people kept a 2007 version of GCC in their build process until literally this week. That’s 13 years where they kept it working themselves. It’s not like it’s hard to build and package obsolete userspace software; nothing is going to change in the way Linux works that would prevent you from running Python 2 on it in five years (unlike most system software which might make more assumptions about the system it’s running on).

                                                                                                                              Some amount of gratuitous change is worth getting worked up about. For example, it’s a well-known issue in fast-moving ecosystems like JavaScript that you might not be able to get your old project to build with new dependency versions if you step away for a year. That’s a problem.

                                                                                                                              I, for one, am extremely glad that it’s now okay for library authors to stop maintaining Python 2 compatibility. The alternative would have been maintaining backwards compatibility using something like a strict mode (JavaScript, Perl) or heavily encouraging only using a modern subset of the language (C++). The clean break that Python made may have alienated some people with legacy software to keep running, but it moved the entire ecosystem forwards.

                                                                                                                              1. 1

                                                                                                                                The source code to Python 2 isn’t going anywhere. Just because the PSF and your Linux distribution decided to stop maintaining and packaging an ancient version doesn’t mean you can’t continue to rely on some company (or yourself!) to maintain it for you.

                                                                                                                                1. Some distros are eager to make python launch python3. This action is vanity-based hostile to having Python 2 and 3 side-by-side (with 2 coming from a non-distro source).
                                                                                                                                2. By not keeping Python 2 open to maintainance by willing parties in the obvious place (at the PSF) and by being naming-hostile to people doing it elsewhere in a way that not only maintains but adds features, the PSF is making pooling effort for continued maintenance of Python 2 harder than it has to be.
                                                                                                                                1. 2

                                                                                                                                  It’s arguably more irresponsible to continue to implicitly pushing Python 2.x as the “default” python by continuing to be refer to it by the python name out of deference to “not breaking things” when it is explicitly unmaintained.

                                                                                                                          2. 7

                                                                                                                            it implies that if you want any kind of stability or support with some QoS you should not use free/open-source software

                                                                                                                            If you want support with guarantees attached you shouldn’t expect to get that for free. If you are fine with community/developer-provided support with no guarantees attached, then free software is fine.

                                                                                                                            I think being deprecated for a decade before support being ended is pretty amazing for free community-provided support, to be honest.

                                                                                                                        1. 3

                                                                                                                          I mainly used i3 on my laptop as a student, as the tilted desks in auditoriums make using a mouse nigh on impossible and trackpads just kinda suck. I switched to dwm after a while though.

                                                                                                                          As an emacs user I want to give exwm a try soon to see how viable that is for day-to-day usage.

                                                                                                                          1. 3

                                                                                                                            I’ve been using EXWM as my sole window manager on all of my devices for years and it’s possibly the biggest productivity boost in my setup, ever (apart from lower-level things like investing in Nix). FWIW, my configuration (not actually all that complex is here, especially config/desktop.el.

                                                                                                                            1. 2

                                                                                                                              Nothing to add here except my switch to EXWM was similar; I look back on my pre-EXWM days as a kind of dark ages.

                                                                                                                              1. 1

                                                                                                                                Is there some advantage that EXWM has over i3?

                                                                                                                                1. 2

                                                                                                                                  Yes, EXWM treats every X client as just another Emacs buffer, so you don’t have to use two separate sets of bindings to manipulate something depending on whether it’s inside Emacs or outside it. Every other WM in the world lacks this incredible feature.

                                                                                                                              2. 2

                                                                                                                                What makes it so productive for you compared to other tiling wms?

                                                                                                                                1. 3

                                                                                                                                  It’s difficult to explain concisely, because it requires some understanding of Emacs (i.e. one should be over thinking that Emacs is a text editor).

                                                                                                                                  Emacs is my primary workflow tool and having my window manager integrated into that means that there’s no longer an additional “layer” to deal with, I can use all the same tools and mechanisms to manage my windows as I use to manage everything else. I can also introspect and modify my WM the same way I would my Emacs-based mail client.

                                                                                                                                  There’s a longer form blog post I’m working on about this, if you’re interested I can send you the draft (though I’m not particularly happy with it yet).

                                                                                                                                  1. 1

                                                                                                                                    I am interested, please do :)

                                                                                                                            1. 6

                                                                                                                              I didn’t know about niv, and am a bit curious what it actually does.

                                                                                                                              E.g., $ niv add adisbladis/vgo2nix is given a github project name, and apparently provides the vgo2nix tool. But how is this built? Using the included default.nix? The niv README shows niv add stedolan/jq as an example, a project which doesn’t appear to bundle any .nix files.

                                                                                                                              1. 7

                                                                                                                                It depends on what you do with the source. The source itself is just a fixed-output derivation, which can represent e.g. a file or directory. In the post @cadey uses import. import parses and returns the Nix expression at the given path. So e.g. import ./foo.nix will parse and return the expression in foo.nix. If the argument is a directory, e.g. bar in import ./bar, import will parse the default.nix file in the given directory. So, summarized,

                                                                                                                                import sources.vgo2nix {}
                                                                                                                                

                                                                                                                                from the blog post means: parse and return the path sources.vgo2nix evaluates to. Since this results in a directory, it will parse default.nix in that directory. This (presumably) evaluates to a function / closure, so then this fragment evaluates to:

                                                                                                                                <some closure> {}
                                                                                                                                

                                                                                                                                So {} is then the argument to the closure. {} is an empty attribute set (the closest equivalent in other languages is a dict/hash table).

                                                                                                                                But since a niv source can be any fixed-output derivation, it does not actually have to be a Nix expression (stored as a file). You can do pretty much anything with it that you want. E.g. I also use niv to fetch (machine learning) models and set environment variables to their paths in the Nix store:

                                                                                                                                https://github.com/stickeritis/sticker-transformers/blob/master/nix/models.nix

                                                                                                                                1. 3

                                                                                                                                  Dang, that’s exactly it. I was hunting through the niv documentation because it seemed to be magically doing something more, but it just relies on that default.nix. Solid, thanks!

                                                                                                                                2. 2

                                                                                                                                  I don’t get it either. The github page says “Easy dependency management for Nix projects” but isn’t that what Nix was for?

                                                                                                                                  1. 5

                                                                                                                                    niv makes it easier to combine stuff from different repositories. Say that you want to pin nixpkgs in a project, you could use fetchFromGithub or fetchTarball to fetch a specific revision. If you ever wanted to update to a newer version of nixpkgs, you would have to bump the revision and update the sha256 hash by hand. niv automates these things. E.g.:

                                                                                                                                    # Add nixpkgs, latest revision from the master branch.
                                                                                                                                    $ niv add NixOS/nixpkgs
                                                                                                                                    # Later: update `nixpkgs` to a later revision.
                                                                                                                                    $ niv update nixpkgs
                                                                                                                                    

                                                                                                                                    niv overlaps somewhat with the proposed flakes support in Nix:

                                                                                                                                    https://github.com/tweag/rfcs/blob/flakes/rfcs/0049-flakes.md

                                                                                                                                  2. 1

                                                                                                                                    vgo2nix is built using its default.nix, yes. I don’t completely understand the point of adding things like jq to projects yet, but I assume that the understanding will come to me at some point. I can be patient.

                                                                                                                                    1. 4

                                                                                                                                      Its convenient to put that stuff in shell.nix and use it in conjunction with lorri.

                                                                                                                                      For instance, if you are developing in python you might want to use mypy for testing but not require it as a build dependency. It makes sense to throw it in shell.nix. Another use case I’ve found is writing proofs in Coq. This is especially true because opam modules for Coq don’t work properly when globally installed.

                                                                                                                                      Maybe if you are using jq all the time in some project, it makes more sense to throw it in shell.nix than do a global install…