1. 1

    The Perl bashing in the article feels quite outdated to me.

    Also:

    C++ could have beaten Perl by 10 years to become the world’s second write-only programming language

    Wikipedia lists C++ as being from 1985 and Perl from 1987, so I guess C++ would have done so by two and not ten years. Unless it is supposed to be a base two joke.

    1. 4

      It is unfortunately in keeping with the general style of the entire article: a cheap polemic that paints people who generally don’t agree, and their apparently “conservative” choices, as some kind of pantomime villain. The only footnote is a reference to another polemic in a similar vein, from nearly a decade prior.

    1. 19

      The last footnote includes the conclusion for practical use:

      “To be fair, the asymptotic behaviour of Bloom’s original bound is consistent with this updated definition, so the impact is more on an issue of pedantry rather than for practical applications.”

      1. 3

        The article would have been a lot more constructive if it gave some examples of better alternatives for the various projects mentioned.

        1. 18

          Are you suggesting they should say something like

          What To Use Instead?

          To replace GPG, you want age and minisign.

          To replace GnuTLS or libgcrypt, depending on what you’re using it for, you want one of the following: s2n, OpenSSL/LibreSSL, or Libsodium.

          which they said at the bottom of the article?

          1. 2

            Except Age/Minisign is not a GPG replacement?

            1. 5

              Age replaces file encryption. Minisign replaces signatures.

              Read https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

              A Swiss Army knife does a bunch of things, all of them poorly. PGP does a mediocre job of signing things, a relatively poor job of encrypting them with passwords, and a pretty bad job of encrypting them with public keys. PGP is not an especially good way to securely transfer a file. It’s a clunky way to sign packages. It’s not great at protecting backups. It’s a downright dangerous way to converse in secure messages.

              Back in the MC Hammer era from which PGP originates, “encryption” was its own special thing; there was one tool to send a file, or to back up a directory, and another tool to encrypt and sign a file. Modern cryptography doesn’t work like this; it’s purpose built. Secure messaging wants crypto that is different from secure backups or package signing.

              You may think you want some cryptographic Swiss Army knife that “truly” replaces GPG, but what you really want is secure, single-purpose tools for replacing individual use cases that use modern cryptography and have been extensively reviewed by cryptography and security experts.

              1. 2

                What tool handles the identity and trust mechanism that GPG providing?

                With the multi-tool approach, the user has to re-establish the web of trust every time and learn about each disconnected tools as well.

                1. 2

                  What tool handles the identity and trust mechanism that GPG providing?

                  I hear webs of trust don’t work. Not sure why, but I believe it has to do with the difficulty of changing your root key if it ever becomes compromised.

                  Otherwise, maybe something like minisign, or even minisign itself, could help?

                  1. 1

                    Trust in what context?

                    For code-signing, I designed https://github.com/paragonie/libgossamer

            2. 1

              Totally agreed. But hey, a blog article poo-pooing a thing is much easier to write than one constructively criticizing it and offering solutions. And who has the time these days?

              On a related note, it was once a guaranteed way to get your latest blog article to the top of the orange site if the title contained something like, “Foobar: You’re Doing it Wrong” or “We Need Talk About Foobar”. Phrases like this are the equivalent of “One Weird Trick” headline clickbait for devs.

              1. 8

                Pretty sure the article offers solutions. It’s at the very bottom though.

            1. 3

              Microsoft Outlook is definitely worse than Thundebird when it comes to handling inline images with MIME.

              1. 0

                I like how they effortlessly combine a user-unfriendly GUI with a user-unfriendly community.

                1. 11

                  Most 9front users are not unfriendly in my limited experience, in fact some of the nicest, most knowledgeable and patient people I have seen use 9front.

                  1. 7

                    I disagree. As a recent newcomer to Plan9, and 9front, I found their documentation and IRC support very friendly indeed.

                    Edited: Also, their GUI is not at all user-unfriendly. It’s not terribly discoverable, but once you know how to drive it, it’s incredibly user-friendly and powerful. It may seem like a strange nit to pick, but user-friendliness is not the same as discoverability. They’re orthogonal, and conflating the two has led to years of brain-dead ‘consumer’ UIs.

                    1. 4

                      user-friendliness is not the same as discoverability. They’re orthogonal, and conflating the two has led to years of brain-dead ‘consumer’ UIs.

                      Yeah, I think there’s a missed opportunity somewhere that there’s a difference between newcomer-friendliness (as in “can anyone pick this up without studying the manual”) and user-friendliness (as in “is it consistent and doesn’t drive you nuts?”, “is it powerful?”, “does it save you time?” etc).

                      1. 3

                        The most obvious missed opportunity is, as usual, the opportunity to learn from people who’ve been working hard at these very issues for, oh, fifty years or so. The relationship between the effort needed to use a system and the results that can be obtained with a given level of effort, and the learning curve that connects beginners and expert users, has been painstakingly studied from many angles in the HCI community. There are even slogans like “low floors, high ceilings”… yet ignorance abounds.

                        If anybody’s going to actually empower actual users, it will have to be hobbyists like the 9front folks. Consumer technology has long been pulling in the opposite direction; computing professionals are largely caught up in geek machismo and rationalization while serving our corporate masters; and academics are a cowardly lot locked up behind paywalls and tenure politics.

                        1. 1

                          computing professionals are largely caught up in geek machismo and rationalization while serving our corporate masters

                          Not to mention fashion, and wanting to be identified as “creatives”.

                          I remember when Microsoft lost their monopoly courtesy the Web, and almost unanimously, software developers up and handed that monopoly to Apple :(

                          Now, maybe, with Apple’s move to ARM (and possibly almost-completely nerfed MacBooks), we’ll have another chance.

                          (Sadly my current bet is that we’ll choose “Linux layer on MS Windows”, marking the completion of a truly epic embrace, extend, extinguish cycle).

                          1. 1

                            Until we’re a real engineering profession, like with mandatory membership in professional societies that can independently decide and enforce standards of ethical conduct and “best practices” that aren’t just fads, we’re all basically just overpaid labor. Craftspeople with contracts at best, unorganized day-laborers more often. I hope to see it happen in my lifetime, but I’m not exactly holding my breath.

                            For an eye opening, read up on the history of the engineering professions, starting with civil engineering in the late 18th and early 19th century. We have a long way to go.

                            1. 1

                              I’m quite well versed in the history, and I’m still not convinced that it’s the right approach. We’re not engineers, for the most part, and that’s entirely reasonable. (I have an entire soapbox rant about the use of the term engineer to describe programmers who don’t have engineering degrees, and who aren’t doing engineering. Like myself, for over two decades).

                              There’s already been some discussion on licensing for programmers on Lobste.rs:

                              https://lobste.rs/s/91khhj/why_are_we_so_bad_at_software_engineering#c_lirfgi

                              1. 2

                                Fair enough. I suppose I could respond with this other post or let you hash it out with @hwayne who has Strong Opinions on the matter.

                                But I’m not saying every computing professional is (or should be) an engineer, any more than every medical professional is a doctor or every legal professional is an attorney. However, I do feel that the lack of an effective and independent governing body for those who are doing engineering, with all the consequences it entails, has inflicted an unfortunate amount of collateral damage on the general public. I had hoped that the ACM would fill that role, but so far they’re way too academic. In practice, inasmuch as any one has stepped up, it’s been the IEEE gradually colonizing our space.

                                1. 1

                                  However, I do feel that the lack of an effective and independent governing body for those who are doing engineering, with all the consequences it entails, has inflicted an unfortunate amount of collateral damage on the general public.

                                  Serious question: what do you consider “doing engineering”?

                                  As one example of the difficulty: a litmus test could be working on life- or safety-critical software. So, say, not Kubernetes. But then you see the designers of B-series bombers using Kubernetes to run their system software. So … should anyone contributing to Kubernetes be a licensed engineer?

                                  1. 2

                                    I doubt there’s a crisp line between engineering and mere “developing” (coding, sysadmin-ing, etc). Also, as you point out, trying to grade the seriousness of a job based on the potential consequences of a mistake, per-incident, is pretty intractable. But it’s relatively easy to measure adoption, and that at least gives a sense of the breadth (if not depth) of the responsibility. If everybody’s going to use k8s (shudder) then yeah, those devs are doing engineering and should be held to a higher standard than if they were doing a one-off bespoke automation suite internal to some firm. Regarding depth, individuals making the decision to adopt dependencies have heavier responsibilities too. The aerospace and defense industries have a staggering amount of bureaucracy in their engineering processes, I would say to compensate for inadequate professional governance.

                                    (Longest and most off-topic thread EVAR!!!!1! Personal best)

                                    1. 1

                                      Haha :). Derailing threads like the ARTC derails trains … anyhow …

                                      How would you handle that transition? Imagine I produce an open source library that suddenly sees massive adoption. Goes from a few users to thousands, then maybe tens or hundreds of thousands, in quick succession.

                                      Should I, as a non-engineer, be allowed to continue to support the project? Must I find registered engineers to join the project? Should I allow source contributions from non-engineers? Who fits the bill for all this?

                                      It’d have a massive chilling effect on open source software and innovation in general.

                                      1. 1

                                        Since at this point the party’s been over for a while, and I’m really just waving my naked opinion around… let me flip it back at you. Maybe we need more sustainable and responsible funding models, rather than just pillage-and-profit? And, is the sudden massive industrial adoption of hobbyist-grade software really something we want to encourage? Hell, for that matter, is “innovation”? I don’t really want a lot of rapid innovation in my critical infrastructure, thanks.

                                        But, you’re pointing out symptoms of an immature field under an unhealthy amount of pressure. My opinion doesn’t really matter, of course. I just think that rising public awareness (and inevitably “outcry”) about the inherent dangers, will eventually force some form of change. Again, probably not overnight. But it’s a pattern we’ve seen play out before.

                    2. 6

                      user-unfriendly community

                      How so? Their brand of not holding your hand is pretty well-known.

                      1. 6

                        Well, there was a long time that they ironically used Nazi imagery to promote their stuff. I don’t think there’s necessarily anything wrong with this “joke”, but I also understand people who found this content at the very least extremely unnerving (as I do personally as Jew).

                        It seems they added and anti-Nazi symbol that links to Nazi punks fuck off, which I applaud, but the fact that they’ve had to do this I think speaks volumes about who their artwork attracted.

                        I happen to really like Plan 9 and the effort 9front has put in to expand on the system, but I think to a large extent the damage has been done in terms of attracting normal every day users.

                        1. 11

                          As a grandchild of holocaust survivors, and a fairly active committer on 9front, I don’t recall anything that made me uncomfortable – though, there’s a relatively dark sense of humor about the project. You’re allowed to dislike dark humor.

                          but the fact that they’ve had to do this I think speaks volumes about who their artwork attracted.

                          Hm? I don’t recall any incidents that needed response – it’s just a general sentiment.

                          I think to a large extent the damage has been done in terms of attracting normal every day users.

                          The first image you’ll see if you look at our user-facing documentation is this: http://fqa.9front.org/goaway.jpg.

                          1. 4

                            … which, to be perfectly frank, was one of the things that attracted me to 9front. That, and a quick browse through the propaganda page, convinced me that I’d likely enjoy the ambience.

                          2. 6

                            Plan 9 is an operating system that doesn’t support a web browser. Normal every day users should not under any circumstances try to use Plan 9, and their branding helps to discourage such users.

                            1. 3

                              I think netsurf is now supported?

                              1. 3

                                Cool, thanks for pointing out the netsurf port. Which is still a work in progress, according to the readme.

                            2. 6

                              but the fact that they’ve had to do this I think speaks volumes about who their artwork attracted.

                              Seems more likely they did it to disambiguate the admittedly dark sense of humor for fellows like yourself than because of anyone being attracted to it. Or perhaps they added it because they do want Nazi’s to fuck off, not quite sure why this is being held against them.

                              1. 3

                                I’m not personally holding anything against them, they can have their project with their inside jokes and I think that’s perfectly good for them. And for anyone who joins in on the joke.

                                For the record, I happen to like extremely dark jokes. Even jokes about the Holocaust occasionally. But i don’t think that dark humor is going to attract a lot of people to your operating system. Also, I can like dark humor and find their jokes not funny. A picture of hitler with a joke I don’t find funny in the caption is just a picture of hitler, and to me that would seem weird and out of place.

                                I just happen to think that it’s indicative of a laisez fair attitude towards being generally marketable or something that a majority of casual observers would feel enticed to use. And again, I don’t think there’s anything WRONG with this, just that the way the present themselves is slightly abrasive, and at one point was even more than slightly abrasive.

                              2. 5

                                Mozilla used loads of Soviet-styled artwork in their heyday, that did not seem to make people shun them?

                                Note to 9front: use Genghis Khan-themed artwork next time. He killed more people than the Nazis (about 40 million which amounted to ~11% of the world’s population) but most people won’t know that. You can have edgy images of mass murderers without getting people all riled up.

                                1. 1

                                  Oh, Mozilla took some flak for that. Which was hilarious, but some people definitely were offended.

                                  It’s worth reading the entire story, as told by jwz - here’s a central quote in this context:

                                  We had to convince them that these “open source” people weren’t just a bunch of hippies and Communists.

                                  To that end, the branding strategy I chose for our project was based on propaganda-themed art in a Constructivist / Futurist style highly reminiscent of Soviet propaganda posters.

                                  And then when people complained about that, I explained in detail that Futurism was a popular style of propaganda art on all sides of the early 20th century conflicts; it was not used only by the Soviets and the Chinese, but also by US in their own propaganda, particularly in recruitment posters and just about everything the WPA did, and even by the Red Cross. So if you looked at our branding and it made you think of Communism, well, I’m sorry, but that’s just a deep misunderstanding of Modern Art history: this is merely what poster art looked like in the 1930s, regardless of ideology!

                                  That was complete bullshit, of course. Yes, I absolutely branded Mozilla.org that way for the subtext of “these free software people are all a bunch of commies.” I was trolling.

                                  I trolled them so hard.

                                  I had to field these denials pretty regularly on the Mozilla discussion groups; there was one guy in particular who posted long screeds every couple of weeks accusing us of being Nazis because of the logo. I’m not sure he really understood World War II, but hey.

                          1. 2

                            Looks like Emacs has an xterm-mouse-mode you can turn on. In Jove it defaults to on - I usually turn it off (set xt-mouse off), because otherwise I can’t paste with the middle button

                            1. 14
                              • 1994 Yggdrasil Linux - bought a cd mail-order, and had to buy a cd-reader as well.
                              • 1995 Slackware Professional v2.1 - the next set of cds I could get, 3 cds, boxed!
                              • 1997- Debian 1.3 unoficial [sic] cds - haven’t switched distribution since; freedom, volunteers, quality.
                              1. 4

                                1995 Slackware Professional v2.1 - the next set of cds I could get, 3 cds, boxed!

                                I don’t remember them doing CDs at that point! I installed Slackware on my machine in ’95 and had to make on the order of two dozen floppies to get it done. Most of the floppies I used were re-purposed AOL subscription offers.

                                That exercise cost me a monitor. Because the right kind of typo in an X11 modeline could let the smoke out of a monitor back then.

                                1. 3

                                  I made a Slackware CD back in those days which was distributed with a few magazines which I happened to be editor in chief and/or managing editor for. A year later I made another CD which worked just fine in Linux but, due to some oddities in the file names used, refused to work on Windows. Of course I only found out when the thing was already in production… I ended up solving this by distributing a floppy with an improved version of the Microsoft CD extensions (MSCDEX) which supported longer filenames.

                                  1. 2

                                    My memory of a slackware CD that came with a book or magazine was that I still had to make floppies to use it. Of course, that could be because my only CD drive was SCSI and my linux box didn’t have that, so I couldn’t hook up a CD anyway. But I’m 90% sure the install process I used looked for floppy sets and wasn’t prepared to find them on a CD.

                                    1. 2

                                      You needed to make a boot floppy due to the lack of bootable CD’s (‘El Torito’ came along at the end of 1995) but for the rest the install worked from the CD unless that CD was connected in some way which was not supported in Linux, e.g. through a non-standard interface on a sound card.

                                      1. 2

                                        This is correct. Slackware 4.0 was the first release that came with a bootable CD-ROM.

                              1. 16

                                So Microsoft GitHub is doing the “lower the price, so the competition dies”-trick in this market as well, now. Interesting.

                                1. 26

                                  A company responding to market pressures and pricing their products more competitively. Truly an evil ploy 😒🙄

                                  1. 8

                                    Wouldn’t you say it’s unfair competition to be able to dump infinite money into a business area in order to drive out competitors? That’s way past aggressive pricing.

                                    1. 4

                                      Wouldn’t you say it’s unfair competition to be able to dump infinite money into a business area in order to drive out competitors? That’s way past aggressive pricing.

                                      It depends on how much you do it and for how long. Most startups start by selling below cost. The joke about Amazon in the ‘90s was that they make a loss on each sale, but make it up in volume. The typical marker for anticompetitive behaviour is whether the low price is long-term sustainable. If you are selling below cost because you expect to be able to lower your costs via economies of scale, that’s fine. If you’re cross-subsidising from another revenue stream and just trying to push your competitors out of business, that typically isn’t.

                                      As I understand it [1], GitHub is independently profitable, primarily from the enterprise offerings. The free offering is one of the highest return-on-investment advertising campaigns that any company has ever offered (Gillette sending free razors to everyone in the UK who appeared as male on the electoral roll one year is close). Pretty much everyone coming out of university with a vague interest in programming has GitHub experience and I would be shocked if that didn’t translate into a load of companies buying the enterprise offerings. Even the $21/month/dev offering is a lot cheaper for most companies than doing the same thing in-house (compare that to even the salary of one person full time maintaining the infrastructure and you need quite a lot of devs for that to reach the break-even point).

                                      [1] Disclaimer: I work for Microsoft Research, so may be considered biased, but I have no visibility into GitHub.

                                      1. 2

                                        Bitbucket’s been like this forever right?

                                        “Offer basic service for free, advanced features behind paywall” is not really an odd concept, and it doesn’t require infinite money pits. As a (relatively small, granted) team we evaluated this change and decided to keep on paying for the paid service because we wanted the feaetures it was providing.

                                        I also remember a thing about how GH makes a bunch of money on its on-premise thing, and I imagine that pricing is not changing at all

                                      2. 9

                                        A company responding to market pressures with no regard for profit against competitors that don’t have vast resources backing them is a net detriment to the market. Similarly large companies (Google, Facebook) have no reason to get into the market and smaller companies (GitLab, sourcehut) can’t easily compete with Microsoft operating at a loss. This a classic monopoly tactic.

                                        1. 5

                                          I’m not so sure if it’s the case that GitHub “has no regard to profit”; in the HN thread Nat said they’ve been wanting to do this for a while, but had to wait for revenue in the enterprise to be high enough. The existing pricing for BitBucket and GitLab are similar to the new GitHub pricing; GitHub was actually quite expensive before. The new pricing seems reasonable and fair to me, and is competitive. I see no evidence of it being sponsored by Windows sales, for example.

                                          GitLab seems to be doing quite well with $100M revenue, Atlassian has $1.2 billion revenue (can’t find numbers for BitBucket specifically), sourcehut will always remain a niche product due to its idiosyncrasies (which is not just fine, but great; niche markets deserve good products too). So I’m not especially worried about any of those.

                                          I’m also not hugely enthusiastic by large companies becoming ever larger, and would have preferred if GitHub had remained independent. I think we probably have some common ground here. But what I’m a little bit tired of is that everything GitHub does these days is seen as part of some sort of malicious plan, and the assumption that everything they do is done in bad faith. Certainly in this case, it seems like a normal common-sense business decision to me.

                                          Is there a potential for Microsoft to abuse their power with GitHub? Sure! But thus far I’ve seen no indications of this. I agree we should be watchful for this (and ideally we should have better anti-trust laws), but I think we must also keep a level head and not jump to conclusions over every small thing. As someone who started using Linux/BSD systems in the early 2000s I have plenty of gripes with Microsoft (being sent a .doc file was a proper hassle back then), but pretty much all of the leadership has changed and Microsoft is not the same company. Referring to long-since abandoned strategies like EEE is, quite frankly, just inappropriate. I have actually flagged that comment as “unkind”, because random accusations without evidence are not appropriate IMO, even when directed at companies.

                                          CC this this also replies to your comments: @nomto @caleb @azdle

                                          1. 2

                                            I wrote a whole in-depth response but then, upon re-reading, I realized that we pretty much have no common ground on which to discuss this.

                                            I have actually flagged that comment as “unkind”, because random accusations without evidence are not appropriate IMO, even when directed at companies.

                                            Y’all are on some real bootlicker shit over here.

                                            1. 1

                                              I can see you’re committed to constructive discourse where everyone is free to voice their opinions without fear of being insulted; not so much to convince each other, but to at least understand each other’s positions better. Thank you!

                                            2. 1

                                              But what I’m a little bit tired of is that everything GitHub does these days is seen as part of some sort of malicious plan, and the assumption that everything they do is done in bad faith.

                                              Everything that GitHub does these days is part of some sort of malicious plan. That’s how business works (at this scale and in this part of the economy, at any rate).

                                          2. 4

                                            It’s a ploy to eliminate competition and expand private control over the infrastructure used by developers. Whether you think it’s evil depends on your values.

                                          3. 5

                                            The interesting part is that they chose to do it after their Enterprise business got big enough to subsidize it, not as a loss-leader using Microsoft money. It seems like the strategy to keep GitHub and Microsoft relatively separated has allowed GitHub to continue to connect very well with their target audience. Someone on HN mentioned Cloudflare as another company that has done a similarly good job of understanding who they’re marketing to and making changes that makes their target market happy.

                                            1. 3
                                              1. 12

                                                Do you have any examples of GitHub or Microsoft extending git so that it’s incompatible with non-GitHub/Microsoft clients?

                                                1. 11

                                                  I don’t know if/don’t think that this is a case of EEE, but FWIW, I’ve had a lot of trouble explaining people past a certain level of management (read: who have not programmed for more than some amount of time) that git and Github are different things. I’ve worked in a place where virtually everyone with a word to say in terms of budget, tooling and whatnot hadn’t used a version control system since back when SVN was pretty fresh, and some of the things that I had lots of trouble (read: needed countless hours and countless meetings) were:

                                                  • Git is a VCS, Github is a tool that uses git. (This was all happening while I was lending a hand with a very tortuous transition to git and virtually everyone referred to it as “the transition to github”, even though we were actually using Gitlab!)
                                                  • git is not developed by Microsoft.
                                                  • Github is not the enterprise/SaaS version of git, git is not the free/community version of Github.
                                                  • Gitlab is not a free/self-hosted/community edition of Github.
                                                  • You don’t need something like Github or Gitlab to use git.
                                                  • The pull request-oriented workflow of Github is just one of the possible workflows, and you can do it without Github or Gitlab.

                                                  Some of these I’m pretty sure I never managed to really get across. The last meeting I attended before leaving that place saw a bunch of questions like “can we upgrade from Gitlab to Github” and “Can the CLI version of Github (NB: git. That guy meant git.) create pull requests?”

                                                  I don’t really follow the politics of these things because I can’t really say I care – VCSs come and go, I self-host git for myself but otherwise I use whatever my customers want to use and I’m happy with it. But if Microsoft wanted to do the EEE thing, the fruit is definitely ripe.

                                                  1. 3

                                                    The fact that github run the git.io URL shortener is pretty darn deceptive, IMHO.

                                                    1. 2

                                                      I’m not so worried about that in the case of git/GitHub to be honest, since it’s primarily a development tool. If devs decide they want a different tool en-masse, then usually they will get it (…eventually). This is pretty much what happened with svn → git.

                                                    2. 11

                                                      It’s not git, but the other various services tacked on (issues, the workflow, CI, etc) that have basically become synonymous with ‘git hosting’, which require more and more effect to break free from once you become invested in using it.

                                                      1. 21

                                                        That’s not “Embrace, extend, extinguish”, that’s just building a successful product that people find pleasant to use. There is no “Microsoft git” and you can download all your data from GitHub. If you want to make the argument that there should be more competition in the market, then okay, fair enough. But again, very different from EEE.

                                                        There is a massive difference because EEE is all about forcing people in to using a product and is malicious, whereas building a very popular product isn’t. There is nothing forcing you to use GitHub. If you want to use any competitor, then you have 100% freedom in doing so.

                                                        GitHub is also quite far removed from being a monopoly. If anything, then lowering their prices is proof of that; monopolists don’t lower prices.

                                                        more and more effect to break free from once you become invested in using it.

                                                        This is true for anything. I stuck to tcsh for years because converting my extensive tcsh config to zsh would be a lot of work, as would re-learning all the tcsh tricks I knew. Even now I just stick with Vim even though Spacemacs is probably better just because I’m so invested in it.

                                                        1. 4

                                                          There is a massive difference because EEE is all about forcing people in to using a product and is malicious, whereas building a very popular product isn’t. There is nothing forcing you to use GitHub. If you want to use any competitor, then you have 100% freedom in doing so.

                                                          But if you want to contribute to a project, and their workflow is centred on Github (push requests, CI, etc.) then you are kind of required to comply. And all that infrastructure is also not that easy to move around – or at the very least it’s an effort that would require a great dissatisfaction with GitHub.

                                                          1. 6

                                                            But if you want to contribute to a project, and their workflow is centred on Github (push requests, CI, etc.) then you are kind of required to comply.

                                                            In Microsoft’s defense, that was true of GitHub long before Microsoft took over.

                                                            1. 1

                                                              I wasn’t “attacking” Microsoft, but rather GitHub. The change in ownership is more of a formality to me ^^.

                                                            2. 4

                                                              But if you want to contribute to a project, and their workflow is centred on Github (push requests, CI, etc.) then you are kind of required to comply.

                                                              This is true for any workflow. I really don’t like mailing lists or IRC for example, but if that’s what a project uses then I’m “required to comply” just as much as you are “required to comply” with my GitHub workflow (although I won’t turn down patches sent over email, if that works better for you).

                                                              Unfortunately, there is no way to satisfy everyone here; different people just have different preferences, and the GitHub workflow works well for many.

                                                              1. 1

                                                                Sure, but you don’t need an account for mailing lists, you don’t have to sign anything. Also, due to it’s decentralized nature, it’s easier to prevent a lock-in.

                                                                GitHub workflow works well for many.

                                                                Exactly! This pushes developers to adopt GitHub, as they fear (and I have experienced myself) that any other platform will have less interactions (bug reports, patches, etc.).

                                                                1. 1

                                                                  You need an email account, and you typically need to subscribe to the email list (resulting in a lot of email in my inbox I don’t care about). It also doesn’t offer things like a good code review UI, which are IMO much easier in a GitHub-like UI, especially for larger patches. I appreciate it works better for some, but there’s a lot of friction involved for many.

                                                                  If you’re really opposed to the GitHub-style UI, then my suggestion would be to work on an alternative which doesn’t have the downsides you see, but also removes the friction and UX issues that many really do experience. “Everyone is doing it wrong” is not really very constructive; people usually do it “wrong” for a reason, so best to address that.

                                                                  This pushes developers to adopt GitHub, as they fear (and I have experienced myself) that any other platform will have less interactions (bug reports, patches, etc.).

                                                                  The same applies not just to GitHub, but also git itself. I much prefer mercurial myself, but there’s much more friction involved for (potential) contributors. Related thing I wrote a few years ago: I don’t like git, but I’m going to migrate my projects to it

                                                                  The problem with these kind of tools that everyone needs to use, is that a lot of people don’t really like using and learning multiple of them, so there may be kind of a natural tendency to go towards a single tool. There are certainly some advantages with having these kind of “industry standards”.

                                                                  1. 1

                                                                    It’s true that subscribing to mailing lists can be annoying. But personally, I don’t have a “everyone is doing it wrong” approach, as I think that sourcehut is building towards a very good system that both works for web-oriented and mail-oriented users.

                                                                    And regarding git, I think that main difference is tool vs service. Git is free software, I don’t need permission to use it, not could it be revoked. GitHub is a platform with their own interests. But other than that, I understand your point. I too find hg interesting, but what keeps me from transitioning is manly that in Emacs, Magit is too comfortable to git up.

                                                            3. 2

                                                              That’s not “Embrace, extend, extinguish”, that’s just building a successful product that people find pleasant to use. There is no “Microsoft git” and you can download all your data from GitHub. If you want to make the argument that there should be more competition in the market, then okay, fair enough. But again, very different from EEE.

                                                              There is a massive difference because EEE is all about forcing people in to using a product and is malicious, whereas building a very popular product isn’t. There is nothing forcing you to use GitHub. If you want to use any competitor, then you have 100% freedom in doing so.

                                                              Everything you say also applies to the classic examples of EEE like extending HTML in IE. Every example of EEE is “building a successful product that people find pleasant to use,” so I don’t know why you juxtapose those things. Users of IE in the 90s had 100% freedom in switching to Netscape too. If you think these are fine justifications, you simply have no problem with EEE.

                                                              And there is “Microsoft git,” it’s called “hub.”

                                                              1. 2

                                                                Extending HTML is different because it forced Netscape and other vendors to “catch up” or their product would be “defective” (in the eyes of the user, since it didn’t render websites correct). This is the devious part of the “Extend” phase because it seems like it’s adding useful helpful new features, but it’s done with the intention to make the competitor look “broken”.

                                                                As I said, GitHub has made no attempts to extend git in that way, or even hinted at attempts to do so.

                                                                1. 1

                                                                  Adding helpful new features always has the effect of making the competitor look broken, and we have no way of evaluating intentions in either case. Extending git with pull requests makes repo.or.cz look defective because you can’t send pull requests with hub to a repo hosted there. It’s not different.

                                                                  1. 1

                                                                    It’s just some UI to improve the process, not a incompatibility. To me it sounds like you’re basically saying “you can’t improve your product to make it easier to use, because that will make competitors seem bad”, which I find a rather curious line of thinking.

                                                                    1. 1

                                                                      I’m not saying anything about what a company can and can’t do. Hub is not compatible with standard git hosting, so that seems like an incompatibility to me.

                                                                      You seem to have decided that EEE is inherently bad and malicious, yet it was a phrase originally used proudly by Microsoft employees. They were proud because they viewed their actions exactly the way you view the current GitHub developments. If you have no problem with proprietary git extensions, what’s wrong with upgrading a browser with proprietary extensions to enable video playback in a web page?

                                                                      1. 1

                                                                        Yeah, a solution that works for both would be best. I’m not entirely sure of SourceHut will be that – at least from the perspective of a “web hipster” like me – but I’m keeping an eye on it. You can already do that with GitHub to some degree as well btw; for example Vim sends all issues to the mailing list, and you can (and many people do) reply from there. You can probably do something similar with PRs if you want.

                                                                        You seem to have decided that EEE is inherently bad and malicious, yet it was a phrase originally used proudly by Microsoft employees. They were proud because they viewed their actions exactly the way you view the current GitHub developments. If you have no problem with proprietary git extensions, what’s wrong with upgrading a browser with proprietary extensions to enable video playback in a web page?

                                                                        Like I said, I don’t think it’s the same since the git protocol isn’t modified. It’s more similar to the video popup thingy Firefox added a while ago: it didn’t modify anything about the underlying protocols and standards, but it did modify the UI based on those standards.

                                                                        I can see where you’re coming from since you’re “forced to use GitHub”, but isn’t that the case for any issue tracker I add? If I self-host some Ruby on Rails issue tracker, and maybe a code review system, then you’re “forced” to use that too, right? I’m not sure how different that would be to GitHub?

                                                                        At the end of the day, I think by far the most important issue is that git remains the open and free protocol and tool that it is today; issue tracker, code review, and whatnot are all very convenient and nice, but they’re really just auxiliary features of relative low importance to the actual code. By far the most important thing is that everyone is able to clone, share, and modify the software freely, and GitHub doesn’t stand in the way of that at all as far as I can see.

                                                                        1. 1

                                                                          I’m still not clear what problem you have with using otherwise-ignored HTML to embed useful features in a web page. Microsoft didn’t modify HTTP.

                                                                          1. 1

                                                                            A webpage is inaccessible if I view it in a browser which doesn’t implement the feature (how inaccessible depends on the details), whereas git is still the same git with GitHub.

                                                                            1. 1

                                                                              That is true of any advance in web standards. Web pages which use those standards are inaccessible from browsers which don’t implement those features.

                                                              2. 1

                                                                That’s not “Embrace, extend, extinguish”, that’s just building a successful product that people find pleasant to use. There is no “Microsoft git” and you can download all your data from GitHub. If you want to make the argument that there should be more competition in the market, then okay, fair enough. But again, very different from EEE.

                                                                There is a massive difference because EEE is all about forcing people in to using a product and is malicious, whereas building a very popular product isn’t.

                                                                If we ignore the pricing, it’s not “extinguish”, but it’s pretty clearly “embrace” and at least a little bit of “extend”.

                                                                There is nothing forcing you to use GitHub. If you want to use any competitor, then you have 100% freedom in doing so.

                                                                Yes, currently that is true. But if Microsoft is pricing GH below cost, it will make it hard for those commercial competitors to make enough money to continue existing.

                                                                GitHub is also quite far removed from being a monopoly. If anything, then lowering their prices is proof of that; monopolists don’t lower prices.

                                                                Pricing yourself lower than your costs is exactly how you use money to build a monopoly though.

                                                                All the being said, I don’t think anyone is worried about them “extinguishing” git, because you can’t extinguish open source software. But, it definitely doesn’t look good for GH’s commercial competitors.

                                                            4. 2

                                                              Applied to a service, what they’d do is something to get people to put their critical assets in it, build their business processes on using it, eliminate the better competition somehow if possible, and lock-in results. Once locked-in, they start jacking up prices, reducing quality, selling them out to advertisers, etc.

                                                              Microsoft has a long history of that for its own products and its acquisitions. I decided to recommend nobody depend on Github the second that… they were a SaaS startup. They usually become evil after acquisition or I.P.O.. If not a startup, the second Microsoft bought them.

                                                        1. 4

                                                          I have a very cheap Samsung ProXpress M3825ND monochrome duplex laserprinter. It has ethernet, no wifi. I really like the duplex functionality - I won’t buy a printer that can’t do duplex in the future. Does Postscript and works out of the box with CUPS on Debian GNU/Linux.

                                                          1. 3

                                                            It works directly from the Camera app in Android (at least in version 10) as well.

                                                            1. 1

                                                              They said it would in the first paragraph. Too bad it doesn’t work in older Android versions, which make up the vast (vast) majority of what’s out there.

                                                            1. 8

                                                              Millenials or just Apple?

                                                              1. 3

                                                                As long as you don’t have hundreds of millions of jobs, yes. If you have that many jobs, things become interesting. It is very nice ot be able create jobs inside transactions.

                                                                Using a varchar() type instead of text in PostgreSQL in 2019, hmmm.

                                                                1. 3

                                                                  Using a varchar() type instead of text in PostgreSQL in 2019, hmmm.

                                                                  Hah, it’s funny to see this comment, I was just today wondering which one of these I should be choosing for a column that contains a URL fragment - eg oregon in /usa/oregon/portland. Being a newbie to Postgres (my SQL background is in MySQL) I have been choosing text essentially because of the name. Would you please expand on why text is the better choice than varchar in 2019?

                                                                  1. 3

                                                                    why text is the better choice than varchar in 2019

                                                                    It isn’t, they’re equivalent. TEXT is considered idiomatic in Postgres community, and that’s it.

                                                                1. 1

                                                                  Another day, another “Mac to Ubuntu” post.

                                                                  Also, regarding:

                                                                  There are other ways but if I want to type an é, out of the box, I have to type: U 00e9, and then, that doesn’t not work in my code editor. […]

                                                                  The author can try using the Compose key.

                                                                  Edit: My bad, that’s already been linked to in the paragraph. In any case, for those who aren’t aware…

                                                                  1. 1

                                                                    Yeah sorry, seen a few more. This one was a long time coming though. Started on it many months ago :o And thank you for sharing about Compose! I will look into that more.

                                                                    1. 2

                                                                      The compose key is really neat - you can even make a ~/.XCompose file and add your own shortcuts.

                                                                      I’ve got one for 👍 (because I can’t be bothered to choose emoji with the mouse or from a list) and ✓, ☐, ☑, and for fun 🤸.

                                                                      Info on how in https://askubuntu.com/questions/47496/how-can-i-add-a-custom-compose-key-sequence

                                                                      1. 1

                                                                        No worries! I hope I didn’t come off as rude – your article was well laid out, I must say.

                                                                    1. 7

                                                                      it’s just shit not being able to copy in one app and paste in the next if you closed the former.

                                                                      The statement is not correct. Linux has long solved this by implementing clipboard managers. Whether or not you have one depends on your chosen Desktop environment; GNOME and KDE come with a clipboard manager active by default. If the OP uses something different, he’ll have to install one.

                                                                      1. 4

                                                                        You’re correct, I do mention further down the article how I resolved this problem too however. I do think Ubuntu should make this default behavior. Having two clipboards is very unintuitive to me, my mom, and probably more folks :)

                                                                        1. 2

                                                                          I can’t speak to Gnome’s clipboard manager, but KDE’s default manager has options to let you keep the two clipboards synced, so they act like one.

                                                                          1. 1

                                                                            I find it very handy to have two clipboards, most of the time I don’t think about them, second nature, but sometimes I take advantage of having two things copied at the same time.

                                                                            However, I readily admit that I see many colleagues struggling with “getting” that you can copy/paste without using keyboard shortcuts. It irks me to see someone right-clicking and choosing “Copy” or “Paste” from a context menu - if you are using the mouse, use the buttons!

                                                                            It makes sense to me that “the mouse picks up one thing” and “the keyboard stores another”. It must be a habit (never used Windows or macOS in anger myself).

                                                                        1. 2

                                                                          Those purple keys on the PDP-11/50 console, so 70’s - wonderful!

                                                                          1. 1

                                                                            I dig the chunky brown keys on the Friden Flexowriter, myself. I bet that thing was loud.

                                                                          1. 4

                                                                            Being forced to make an identifier - which should clearly be unique both from a technical and “business” standpoint - non-unique, and having to adjust all the accompanying code and interfaces.

                                                                            4 months later a user of the system realized that it was a problem.

                                                                            Then being told to change the identifiers back to being unique again.

                                                                            1. 1

                                                                              The work-around I found is console.log("x: " + JSON.stringify(x));

                                                                              1. 1

                                                                                If you need to explicitly convert the object to a string like this, the output will be easier to read if you pretty-print it. You can do this by passing JSON.stringify a value such as 2 or '\t' for its third argument, space:

                                                                                console.log("x: " + JSON.stringify(x, null, 2));
                                                                                
                                                                              1. 3

                                                                                I always use xeyes(1) for testing X-forwarding. It’s cuter. Using it as an alarm never occurred to me, simple and good idea.

                                                                                1. 19

                                                                                  Half a GB of memory is tight for a mail-server now? Postfix is terribly confusing? Running your own mail-server is probably a terrible idea?

                                                                                  Boy, I am getting old.

                                                                                  I used to run sendmail on a machine at home with <8 MB of RAM, and I didn’t have an internet connection, so I stored the emails on a floppy disk, which I took by bike to the university to send them, and to fetch any new incoming emails.

                                                                                  All the SPF, DKIM, DMARC, TLS certificates and spam-prevention is much more complicated these days, admittedly.

                                                                                  Congratulations on getting it up and running, though.

                                                                                  1. 6

                                                                                    Half a GB of memory is tight for a mail-server now?

                                                                                    …used to run sendmail on a machine at home with <8 MB of RAM

                                                                                    I don’t think it’s fair to compare sendmail, which is extremely basic, to some of currently mail server, uh, suites with spam filtering, web UIs for config/maintaining (which some people like, I couldn’t care less), etc. Some even provide a webmail interface! I think you lose some system resources in the abstraction necessary to lower the bar for setup/running these things. Not everyone has the patience/know-how/time to configure dozens of tools individually to accomplish all of this.

                                                                                    Running your own mail-server is probably a terrible idea?

                                                                                    Nowadays you’ll find your mails being rejected or silently stuffed into recipients’ “spam” folders by google because they don’t recognize your domain(1), and you’ll lose data (incoming mail) when your mail server goes down for (insert unforeseen reason here) and you are on vacation and cannot fix it. It’s not your grandpa’s email anymore.

                                                                                    1. I still have this problem with my current mail provider mailbox.org, who has been providing email service since 2014. If google still cannot get the hint that they are legit, then there’s little hope for folks using custom domains.
                                                                                    1. 7

                                                                                      I’ve been running my own email server since 1998 (and with the current IP address for over a decade now) and I’ve never had an issue of it going down while on vacation. If you are that concerned (and you don’t check email at all on vacation) then spring for a back-up MX service (just be aware that spammers will target the backup MX in the hopes of slipping past spam detection).

                                                                                      1. 5

                                                                                        Google silently dropping messages from domains with DKIM/DMARC/etc. setup correctly is a problem of Google, and probably even an anti-competitive tactic. I don’t have that problem often, but when I do, it’s invariably Gmail that does it.

                                                                                        As of data loss, correctly implemented SMTP servers must retry sending a message at increasing intervals, up to about a week. Most actually do. I haven’t seen Postfix crash in my life, even in very busy setups though, so I never got to verify how far it stretches in practice.

                                                                                        1. 2

                                                                                          Regarding resources: One has to bear in mind that it is a personal system. Spam filtering, web UI (does that mean webmail?), etc. would not be under heavy load. I think this is quite reasonable.

                                                                                          Also regarding ending up in spam. I think that’s mostly a myth. Yes, it’s true if you really only send mail without SPF, DKIM, make sure your PTR is set correctly, etc. If you do this as a one-time setup you’re fine.

                                                                                          Regarding mailserver going down: First of all this is very, very rare. More rare than in cases of many other protocols. Simply because it’s old and unless you constantly change stuff you will end up with something stable fairly quickly. This is by the way a reason why you might not want to use “new” stuff like docker.

                                                                                          Other than that, emails don’t really get lost other than for storage reasons usually. Again, unlike with other protocols delivery is retried and mails might be returned.

                                                                                          I think one has to differentiate between personal email and running a small mail provider, sending out newsletters, etc. Sending the same email to many gmail recipients for example is a lot more likely to trigger something than an individual mail. Also if emails do in fact get rejected you will learn about this. So if you want to be absolutely secure, have a fallback.

                                                                                          While it’s of course a service and it’s not exactly zero maintenance, email tends to be by far the easiest thing to maintain once initially set up. Of course, that’s given you don’t try to be super smart and of course only if you have a basic understanding on what you are doing. If you use your OS for the first time the story is different of course.

                                                                                        2. 3

                                                                                          Boy, I am getting old.

                                                                                          Either that, or I’m just new. :)
                                                                                          Thanks anyway!

                                                                                        1. 13

                                                                                          This conference is “virtual”, so it won’t influence your travel(/CO₂)-budget 👍

                                                                                          1. 2

                                                                                            Actually this disappointed me a bit, “real” presentations tend to easier to follow and conversations/questions are more natural too.

                                                                                            But I get the CO2 point. If I would have to fly to get there, I wouldn’t go, either way.

                                                                                            1. 3

                                                                                              Yeah, but putting together a physical conference is a lot of work¹, and the audience might be limited - so I tried to spin it as a positive thing :-)

                                                                                              ¹ It has been “real” before, though, unfortunately I wasn’t able to attend the one in London, and I don’t want to fly to the US.

                                                                                              1. 5

                                                                                                We need more of those. For a lot of people, any real world conference is completely out of reach.

                                                                                                1. 5

                                                                                                  Both. We also need more local conferences, so that people who need to be close to people to be in touch don’t have to fly across the globe.

                                                                                                  Seriously, I’d wish we’d go back from 1000-2000 people conferences to something like 100-150 where it is rather easy to find a room for in any city across the globe.

                                                                                                  Also, there’s conference models that are easy to organise and literally can be set up in 2-3 days.

                                                                                                  All that with experience, mind you, which is a good reason to not frustrate our community organisers and make sure they run another one after trying it out once.

                                                                                                  1. 1

                                                                                                    I’d like to hear about those models.

                                                                                                    1. 4

                                                                                                      This is kind of how we ran Fennel Conf: https://conf.fennel-lang.org/2019

                                                                                                      It was very low-key with a small conference-room full of attendees in person and 4-6 folks who joined our Jitsi stream as we went.

                                                                                                      1. 2

                                                                                                        Yeah, stuff like that. There’s tons of value in not overworking yourselves in running a large conf. I see a lot of good in raising the organisational quality of FOSS community conferences, but we need to constantly remind people that all this isn’t always necessary.

                                                                                                      2. 4

                                                                                                        First off all: get an easy venue. For small conferences, a contact to a professor is at a university is nice, or a friendly company in town that has an event room of that size. Get no catering, just drinks. If you want to get catering, ask around the organiser scene in your location for a recommendation, pick that. Nothing mindblowing, just good food. You may want vegan, vegetarian and all the options: caterers are professionals, just ask for that.

                                                                                                        Volunteer organisers are well-connected and are very willing to give out help of that kind. They were all beginners once and want to keep others of that harm.

                                                                                                        Format: don’t do speakers management. That is the biggest time-sink. There’s models that don’t need it!

                                                                                                        • Unconferences: everyone brings their session suggestions, but the choice is at the location. Needs a location with multiple rooms.
                                                                                                        • Spontanous conferences: Kind of similar to the above, but you have just one room, people can suggest talks beforehands on a wiki or Github or so.

                                                                                                        You can take that to the extreme, e.g. lightning.io was a conference that only had lightning talks and every attendee needed to talk.

                                                                                                        The point is that you want strategies that organise on the day.

                                                                                                        Ticket sales: Stripe and ti.to are the low-friction option. Especially ti.to, it’s completely geared towards events like this. The biggest problem here is where the money goes. Setting up a company/non-profit/bank-account is easily the biggest part in this. Finding someone at your location to take you in their books is the best option. Again, get in touch with other organisers.

                                                                                                      3. 1

                                                                                                        150?! I find 5 or 6 people to be great for a conference.

                                                                                                        1. 1

                                                                                                          I’d call that a small meeting?

                                                                                                          25 is definitely a feasible thing for a conference though. I don’t want to be judgemental there. I picked 100-150 because it is an easy number to reach for even fringe subjects even without advertising in places like Berlin.

                                                                                                          1. 1

                                                                                                            Conference is just a fancy word for “meeting” :)

                                                                                                            I personally get a lot more out of smaller group meetings. When it’s someone giving a talk to a larger audience, even 20 people, I have a harder time paying attention and I feel more shy about asking questions. Maybe that’s just me?

                                                                                                            Of course having more people in a room is more efficient for conveying information, provided they are paying attention and understanding what is said.

                                                                                                            1. 1

                                                                                                              Conference is just a fancy word for “meeting” :)

                                                                                                              Yes, and indeed, it is one of those words with a 1000 meanings. In the context we’re talking about, conferences are usually larger endeavours. If I say “I tend to run conferences”, no one assumes I do 20 person things.

                                                                                                              I personally get a lot more out of smaller group meetings. When it’s someone giving a talk to a larger audience, even 20 people, I have a harder time paying attention and I feel more shy about asking questions. Maybe that’s just me?

                                                                                                              Probably, but that’s fine. I’ve been running many events in different styles of all sizes and all have their advantages to certain people. That’s why I’m such a huge proponent to have more events. (Some people think that there should be less events, nowadays)

                                                                                                              E.g. the first larger event I ran (eurucamp) consciously reduced talk time for a very long lunch break (5 hours), where people could just hang around an chat around a Berlin lake in summer. It’s a common problem that organisers mistake “program” for “the useful time” for attendees. People loved it, and came back specifically for that, yet some wanted a more classic schedule at an easier reachable place and didn’t come next year.

                                                                                                              If rigorous learning of a subject is what you want, something over 6 people is probably indeed not the right thing. Conferences above 50 people mainly use the talks as inspirations for things to later chat about.