1. 15

    Thanks for offering another view on Nix. I do not know much about NixOS and Nix, but I feel that I see This is the perfect solution articles about Nix almost everywhere. And I feel that in our industry I see 99% articles of this is the perfect solution, we all have to switch immediately because all of the old stuff is bad. Thus, it’s refreshing to see articles that highlight problematic aspects of hype-technology from time to time.

    1. 7

      I think most of those articles, along with stuff about K8s, is more about validation for the author. I also think that all this tech has a purpose, but a lot of people blow it out of proportion. We all know cadey uses K8s to manage their services, but really, why not something like Ansible instead? Or some shell scripts? (This is not a stab at you cadey)

      I think it puts the wrong idea into a lot of people’s heads. As cadey mentions in the article, no one talks about resource usage either. Downloading things four times kills bandwidth to those that are not on an unlimited plan, but also, takes four times as long! Sure, it’s computation time and not human time that’s spent, but what are people doing while waiting? My bet is not much other than checking back to see if said thing is done. It means you can’t do anything while traveling reliably. It means you gotta be strapped in at “HQ” to do any real work.

      We need to use this tech to save time, not fill it. We need things to remain simple, if we want to grow more powerful.

      1. 7

        To be honest, I use Kubernetes to manage my stuff because I needed to learn it for work. I’ve been idly considering going back to a “boring” setup with Ansible, but I have limited time for my personal projects and infrastructure. At the end of the day, the thing I really want to do is figure out how to make computers less bad by making them more explainable. This may be a futile endeavour, but this way I can’t say I didn’t try.

        I think a better approach might be to leverage existing package managers and their cache stores that developers already use and [like|hate]. A more aggressive caching strategy may be a good idea, but a lot of it really boils down to this question: “what the heck are you doing?”. The answers to that question are probably closer to what you need to do than you’d think.

        1. 2

          I needed to learn it for work

          Nothing wrong even if wasn’t for work :) I just think it’s really important people point out things like that though. Remember that you’re a role model to people (even me!).

          I’m learning Ansible because I believe it’s actually an improvement to how to manage services, even for 1 person. I believe the total outcome is not just overall a little bit positive, but swings towards the REALLY positive side.

          K8s really really does seem like a solution for enterprise, where version mismatch and tech-mixing can get in the way of progress.

          Your motivation behind using dhall and k8s makes sense to me now. :) That would absolutely be useful in a work setting, where your coworkers or future workers could potentially mess up configurations.

          1. 2

            Some food for thought:

            let APTPkg =
                  { Type = { name : Text, state : Text }
                  , default = { name = "", state = "" }
            let getPkg =
                    λ(name : Text)
                  → { name = "Install ${name}"
                    , apt = APTPkg::{ name = name, state = "present" }
            in  [ getPkg "nginx", getPkg "weechat" ]
            $ dhall-to-yaml-ng < packages.dhall
            - apt:
                name: nginx
                state: present
              name: Install nginx
            - apt:
                name: weechat
                state: present
              name: Install weechat
            1. 2

              Using dhall with Ansible was the first thing I thought while reading your post on dhall and k8s :)

    1. 4

      Seeing how much open source is used inside companies and how little (at least from what I know) some of these companies consider giving back or consider buying paid support from the original developers, I find myself drawn towards Copy-left instead of Permissive - against the trend it seems. But currently I also have most projects under MIT…

      I just don’t like that according to what I experience, some companies have a culture of just using open source software, but not giving anything back. I think some of the developers inside these companies would even be willing to participate in FOSS development, but they are joining enterprises that are not used to FOSS participation and this combination leads to a one-way street.

      On the other hand, thinking about it, copy-left would not help with this either, because this “abuse” (as I feel it) is often only company-internal.

      1. 1

        Yes, the GNU GPL (or copyleft in general) is the way to go.

        If they use the copylefted software in accordance with the license, it is not „abuse“.

        And if you offer dual licensing (GPL version + paid same software with license exception), you have much better argument to get the money from a company compared to the situation when they are considering, whether they will send you a donation or just take that MIT/BSD software for free. Even if they are not distributing that software.

      1. 4

        I always develop my simple dynamic websites using flask, e.g. a website to check historic border wait times. The public data only includes highways, but in the background I also have the smaller border stations. At the moment it’s only between Germany, Austria, Slovenia, Croatia, Serbia, Hungary and Bosnia and Herzegovina, but I might extend it to other European countries.

        I started to develop this when one time there were traffic jams of approx. 3 hours at the border on my route (plus additional wait times at toll stations). There are websites where you can check the current wait time at border crossings, but I did not find any service that would display the historic data. And my idea was that with historic data I can find out at what time I should try to arrive at the border (e.g. is Friday at 10pm better than Saturday at 8am?).

        Apart from this I used to have a cronjob/service monitoring application that I had developed with flask. It was similar to Pingdom or healthchecks.io (actually both use cases combined in one), but I switched to Prometheus and thus took the website down.

        Update: Just saw the word “recently” in the title. Recently in my case means somewhen in 2019.

        1. 2

          Can I write to the filesystems? Yes! Because FAT and ext2 reserve the sectors used by ZFS’s labels, and FAT reserves all space used by ext2, and ZFS doesn’t write to the boot space, all three exist in harmony.

          Can somebody explain this to me? I don’t understand how the file system can ensure that e.g. the FAT mount during a write operation won’t write a chunk of the file to sector 12345, even though ext2 already has stored a part of one of its files on sector 12345 (to FAT sector 12345 looks unused). From what I understood all file systems think that they have the full storage of the image available as their own space (expect for the reserved metadata sectors for each FS)?

          By using a program that creates an ext2 filesystem that marks many of its blocks unusable, all three of these can be made to not overlap their metadata, allowing them to live in harmony.

          From my understanding this section is only about ensuring that ext2 will not overwrite the ZFS metadata at the 8k marker (by using mkext2 mentioned later in the README). But it does not explain how the file systems can manage the actual data space.

          1. 2

            At least on FAT I believe it is possible to mark clusters of sectors as “bad blocks” in the File Allocation Table (the FAT, in fact), so maybe they mark the ext2fs area as a series of bad blocks?

          1. 1

            I think it’s just a distinction between wanting to learn the lower-level details or not. In the Linux community many people like to learn the details (and focus less on higher-level abstractions).

            Opposed to the author I am quite happy about my Arch Linux, because I can try to debug and fix things. I dislike it when I have to tell people Just try to uninstall and reinstall the software (for software I do not develop) when we’re out of ideas what could be the reason for a weird effect. It just feels wrong not being able to tell them the reason. It’s something I can do, because it’s my field of expertise.

            On the other hand, of course in general we have to find things that scale for many users. Otherwise as an engineering field we will not develop. Even now low-level features like grep¹ were once an abstraction that unified features many people needed. I think the difficulty is to create a program that is useful to many people, but does not suffer from too many features (feature creep).

            I like the authors approach (e.g. creating a discussion for a better standard monospace font), but of course a project has to selectively choose the requests it actually implements. Otherwise it will suffer from feature creep. Thus, I think that the hacky way also has its raison d’etre. With it you can just do what you need, even if the project cannot incorporate it.

            ¹ we had an article about it a few days ago, that’s why I think about it now

            1. 30

              Feminintendo on Reddit called out the people calling him out. Had three, good options at the end.

              Edit to add: @ddevault said same thing even shorter on Hacker News.

              1. 11

                I think their responses go overboard ‘the other way’. People are expecting too much of open source authors, but I don’t believe the correct response is: ‘they have no responsibilities at all’. I believe that if you choose to release something to the public, you carry some responsibility for it. And I believe the discussion should be about which few responsibilities others may reasonably expect you to take on.

                Some analogies to illustrate my though process here:

                • If I offer to borrow my hedge trimmer to my neighbours, it would be disapproved of if it was, known to me, broken or dangerously malfunctioning
                • If I claim a piece of a communal garden and don’t take care of it, it would be disapproved of and I would consider it right for the piece to be offered to someone else
                • If I offer to do some volunteer work and I subsequently don’t do it or do a lousy job for whatever reason, people are right to be disappointed and call me out on it
                • If I would have been the first to claim recipes.com and I would largely, deliberately, publish recipes that are incomplete or disgusting, people would be right to be disappointed and one could wonder what gives me the right to cause so many negative emotions.
                • If I would be a famous chef and I would publish a book with such defects, people could also wonder whether they shouldn’t be able to hold me responsible for resulting harm (and yes, frustration and disappointment are harms, usually offset by being a minority response or by being unintentional).

                If you release code, you stake a claim to at least the name of the project and filling a certain niche. You choose to have your intellectual property invade the minds of everyone that is reached. That can have many benefits for the world and particular communities within it. At the same way your code being published and ‘out there’ can cause harm. That it’s free doesn’t change that. That you didn’t intend harm doesn’t change that. That people could theoretically choose to ignore it doesn’t change that, because in practice people don’t and you know that beforehand. That’s why I believe that publishing code carries some minimal responsibilities with it, like giving your neighbour a list of things they can borough from you does.

                I don’t know exactly how those responsibilities translate to open source software. That’s the hard part here. I would tentatively say something like:

                • At the very least things should, to your knowledge, do what they are described to do.
                • If something is in known ways defective, you should make that known.
                • If you own a project and associated publishing permissions (e.g. for libraries to your the library repo of your language of choice) and are tired of it or the community in general seems like it would like to fork, be cooperative. Offer to cede the name and the publishing permissions and to not compete with the fork. Names and niches are not yours to own because you were the first to move into them.

                Responsibilities you explicitly don’t have:

                • Keeping the code functional, including secure
                • Responding to issues
                • Merging push requests
                • Sharing any knowledge of how the code works, including documentation
                • Anything else you don’t want to do, except when listed under the responsibilities you do have

                Is that unreasonable?

                1. 5

                  At the 36C3 congress there was a talk about declaring what people can expect from software (German) (at least that’s what I learned from the talk). The speaker proposed that software should have labels that describe what kind of promises the authors of the software are making. The speaker proposed a few dimensions for this, for example:

                  • ownership (license, FOSS? closed source? cloud vendor-lock-in?)
                  • confidence (do you make any guarantees about your software? how experienced are you in the field?)
                  • correctness (unit tests? formal proof?)
                  • and some more.

                  (the speaker said that this is just a rough idea and probably not the best approach, yet; but I like the idea, thus I want to refer to it here)

                  Such an approach could help with the issue that people expect something from you which you cannot or do not want to deliver. For example, there could be one dimension commitment (how much time are you spending on this project) with options like:

                  • this project has a full corporate team (5+ members)
                  • this is a one man project, but related to my business so I earn money from it (higher chance for support that on hobby project)
                  • this project is developed by a team of hobbyists - so if I do not want to continue, others can
                  • this is a hobby project which I do myself in my free-time. Do not expect any work from me when I’m busy. Expect it to be discontinued at any time.

                  Even if we do not have a standardized system for this, yet, I guess it could still make sense for a FOSS project to state such things in the README.md at the top. That way people know what to expect. The speaker of the talk proposes a shortcut scheme for this (e.g. O++ for permissive licenses), but that’s only possible once categories are known and there is some adoption.

                  1. 9

                    Yes, I think it’s unreasonable.

                    When I release code, I do it as a gift. I expect nothing from you and you should expect the same from me.

                    If I write documentation, respond to issues, etc. is because I get something from it, even if it’s only the satisfaction of doing something useful for others, but I have no obligation to keep doing it.

                    Take it or leave it

                    1. 4

                      That seems like an oversimplification to me.

                      Open source authors reap non-monetary social and reputational rewards for their efforts that can be desirable in their own right and sometimes translate to significant real world benefits (projects can be the reason you’re hired at a high-paying job, the reason you’re invited to speak at a conference that gets you more consulting clients, and so on)

                      Given that, it strikes me as little disingenuous if your POV as an open source author, especially of a popular project, is “Anyone who expects anything from me is an entitled asshole, and I’m a holy selfless person.” Not totally disingenuous, mind you (it’s partly reasonable), but also not the whole story.

                      The details really matter too.

                      For example, if you want the relationship between you and your users to be “I expect nothing from you and you should expect the same from me,” I think you should make that clear in your README, one way or another. Set the expectations clearly.

                      But I think it’s dishonest to, e.g., silently claim that as your philosophy when it suits you, and at the same time build an active community around your project, maintain it regularly, accept PRs, and so on. (btw, I’m discussing the general case now, not casting accusations at the Rust maintainer that spurred this thread – I’m not familiar with those details but it seems like he was genuinely treated unfairly.)

                      1. 3

                        My argument is based on the observation that what you are giving the world is not just a gift. There are costs even to ‘leaving it’.

                        1. 3

                          Those costs should be evaluated by the people taking it, as they are the ones that it affects.

                          1. 2

                            Having to evaluate things Is exactly one of the costs imposed on the world by publishing things. It’s not optional.

                            1. 3

                              But still your own decision. You can always write your own thing, if that seems to be cheaper than evaluating existing solutions. I don’t think that would be wise in most cases, but it is an option. Do you think people should only release their projects as open source if they are prepared to help with the costs that software project might have for others who evaluate/eventually use those projects? I know, personally, that if I’d think that was true, I’d never release anything at all…

                              1. 2

                                I am looking for minimal responsibilities and the ones you mention seem unlikely to be an agreed upon minimum. Not deliberately making it hard to evaluate things would be a smaller responsibility. At least not being deliberately deceptive in ways to would obviously cause harm was kind of the minimum thing I was going for, but it seems agreement on that cannot be reached.

                          2. 1

                            But those costs are not the responsibility of the OSS author.

                            1. 3

                              Why not? They are the one imposing the costs on the world: they claim a name and set things up so their publication takes space in the heads of people.

                              1. 5

                                Call it freedom of speech. It’s like saying you wrote a book. Nobody has to read it and you can’t blame the author if you don’t like it.

                                Please also don’t blame the author if you use a book you didn’t like as a stand for you monitor and it somehow tips over.

                                1. 0

                                  If you don’t like ads, don’t look at them. That giant billboard, that lightshow, that banner at the top of the page you are visiting, don’t look at them. Easy, right? No effort at all to ignore them. No reason to install ad blockers or pi-holes whatsoever.

                                  1. 3

                                    You’re missing the point. Everyone can cram as many ads on their page as they like. I take the liberty to not use those sites. Or if I do, use an adblocker. Or in this case, I might not use the library. Or read the source and patch it. I’m not demanding the author change anything, but I might open a friendly issue or PR.

                                    1. -1

                                      I think you’re missing the point :). Those ads enforced a cost on you. You had to take the trouble to use an adblocker. Similarly, publishing something with the intent it be found and presented to you by search engines imposes a cost on you and everyone else: more results to evaluate. If you impose a cost on the world, perhaps you have to take on some minimum of responsibility, such as a least having a short description truthful about the further contents of what was published. That is what we’re arguing about here: do you have a certain minimum of responsibility to the world and what is that minimum?

                                      1. 2

                                        To me, that’s just the cost of participating in a community, be it our small one here, or the ‘big’ one outside. You can’t expect to not have to pay anything (be it money, time, attention, whatever), if you choose to participate. You participating in this thread has a cost for me too, but I don’t blame you :-)

                                        1. 2

                                          That is absolutely true and I think that in comparable situations some of those costs of participating in a community are costs you voluntarily pay to reduce the costs multiple other members would otherwise have to pay, so the aggregate cost for everyone stays lower.

                                          1. 2

                                            Fair enough, yes. Personally, I like the little inefficiencies, surprises and unexpected-nesses when participating in contexts like those. That’s usually where the (to me) worthwhile and interesting stuff happens. And I can always choose to opt-out (forever, or for a while) if something gets on my nerves.

                                2. 3

                                  Um, no. Pushing a repo to GitHub and setting up a website does not force people to use the project. It doesn’t force people to pay a cost or even if it does the cost is so small–in a sea of other projects like this–that it’s trivial. And because it’s trivial, removing the project is also a trivial cost to people who are not using it. It’s not a cost that people normally even think about. Like, my existence imposes a cognitive load on your mind. Does that mean I pay you something? What, like $0.01?

                                  1. 2

                                    You didn’t choose to exist, so you can’t be held responsible for that.

                                    even if it does the cost is so small–in a sea of other projects like this–that it’s trivial

                                    It’s death by a thousand cuts.

                                    It’s not a cost that people normally even think about.

                                    That doesn’t make it less real. Across all people and projects it adds up. It will get worse in the coming decennia and it will need to be solved.

                                    But that’s all going much further than what I argued. In the end, my question was only: what are the minimal responsibilities. Can we agree on ‘being honest about what software is supposed to do’ and ‘not hiding (valid) bug reports’?

                                    1. 3

                                      It’s death by a thousand cuts.

                                      Only if you’re actually personally evaluating a thousand OSS projects–are you personally evaluating a thousand OSS projects?

                                      That doesn’t make it less real. Across all people and projects it adds up.

                                      So do the cognitive ‘cost’ of books, music, and other art forms being published, but somehow you don’t hear about calls to ‘solve’ this problem.

                                      my question was only: what are the minimal responsibilities.

                                      I’ve already answered this question: please check the license file of the software you’re using to understand what the maintainer owes you.

                          3. 3

                            Then again both BSD and MIT licenses expressly say that the software is provided “as is”. This is not incidental, it specifically is there to tell people that the author does not owe the licensees a damn thing.

                            Which is also why, if bugs arise in some of my open source libraries, I will tell people that I might fix them one day because I built them for fun on my spare time, also giving them the option to contract me – for money – to actually fix them short notice. Even if the libraries are not popular by any margin, a company is actually using one of them in production, and did offer to pay for me to fix them “next week”. Eventually we decided this wasn’t necessary but we keep the option open for the future. I am also open to selling nonfree versions of the libraries with support contracts.

                            So many companies use open source software in their products it makes very little sense to not see a market there. A hobby is a hobby, fun is free, but entitlement isn’t. I already get paid to write software, if someone really wants me to spend a Saturday fixing bugs for them, they might as well pay for it. Otherwise they’ll have to wait an indeterminate amount of time.

                            Here are the respective bits from BSD and MIT.



                            1. 3

                              I think it makes sense to do distinguish between the responsibilities you (want to) legally have (towards everyone) and the responsibilities you can morally be expected to have (towards your neighbour).

                              You can legally disclaim any responsibility without also (intending to) morally disclaim all responsibility.

                              1. 5

                                Some answers I’d like to hear from people who insist software authors have no moral responsibility. If I deliberately release a program that promises to, for example, display a fractal animation, but instead deletes user’s home dir, am I morally responsible? Am I less morally responsible if it deletes user’s home dir due to an unintentional bug?

                                1. 3

                                  A tourist asked me for directions at the train station. I did my very best to explain to him what platform to use, but later, I saw him in the middle of a crowd as he moved towards a different one (it was the same number, but a different orientation, as I apparently failed to explain before). Unfortunately, I didn’t have the time to follow him and send him to the opposite side as I was already late for my own train.

                                  I feel really bad about this, because it was a very polite gentleman and if he missed the train, who knows how long he had to wait for the next one. I actually think he didn’t, as he still had some time left and hopefully double-checked which train he’s getting on, but it still troubles me. Am I morally responsible? :-/

                                  I certainly would be responsible if I did this intentionally, but that was not the case and I tried to repeat myself a couple of times. I felt reasonably confident we understand each other and didn’t feel the need to ask someone else for help.

                                  The similar goes with bugs. When the author’s intentions are clear and he takes reasonable measures to prevent vulnerabilities or damage, it’s not fair to accuse him. Sure, a normal person will feel bad for such incident and apologize, but that’s it. What else? Should he pay you money or something for using his software?

                                  1. 2

                                    Some answers I’d like to hear from people who insist software authors have no moral responsibility.

                                    am I morally responsible?

                                    The people who say software authors have no moral responsibility–what do you think they will answer to your question?

                                    1. 1

                                      I’m not sure why you ask as the question was rhetorical, but I’d expect them to say no.

                                  2. 1

                                    Maybe, and you are certainly free to do that in your own projects, but in the absence of that the disclaimer that is actually in effect is the one included in the license.

                                    1. 1

                                      It is. Does that mean we are fine with people lying in their README or hiding legitimate bug reports?

                                      1. 1

                                        Their project, they do whatever they want with it. You don’t like it–don’t use it.

                                        1. 1

                                          people lying

                                          This type of slanderous characterization is why I flagged the original entry as off-topic. Most of the comments here, to their credit, is sincere reflection on the pressures of writing and contributing to open source. But some, like this, as just rehashing the persecution of the software maintainer.

                                          1. 1

                                            This entire subthread is not about the specific situation reported here and is wondering in general what minimum responsibilities we may expect open source authors to take on. There seem to be people that believe we may not expect them to take on any responsibility at all, even excluding the minimum moral responsibilities we normally asociate with any other human interaction as reasonable expectations. That is what I am explicitly asking after.

                                            1. 2

                                              OK, so someone explicitely stating untruths in READMEs and hiding issues is just a hypothetical example?

                                              1. 2

                                                Shit, I understand my mistake. Those are both things are alleged to have happened in this particular case and repeating them can be seen as accepting them as facts.

                                                To be explicit, for both things: no, that is not what I had in mind. I’m not talking about this case.

                                                • I don’t know the facts concerning the alleged untruths. I have something in mind like “This code is safe to run to see a puppy” when you know it will delete the home directory. Something that obviously causes harm. Anything more gray is, well, more gray and requires separate discussion. My goal is establishing a bare minimum responsibility.
                                                • The thing with the issues happened in frustration and is defensible. I’m thinking of someone hiding/deleting an issue that literally says “Don’t run this project, it will remove your home directory” when it indeed does that.
                                                1. 2

                                                  Thanks for clearing that up!

                                  3. 1

                                    I’ll say first I thank you for a detailed, thoughtful write-up on the other side of this.

                                    “ I believe that if you choose to release something to the public, you carry some responsibility for it.”

                                    I’m actually with you on that belief. I’m utilitarian. I look out for the public a bit. So, it just fits my beliefs. Thing is, other people have all kinds of beliefs. I tend to go with lowest-common denominator if I’m aiming for a universal expectation. For OSS/FOSS, they’ve done volunteer work, shared it with others, and typically with a license denying responsibility. So, I shouldn’t hold them responsible for any problems I experience from my use of their work they published. Plus, if people need it fixed, they have options ranging from pull requests (denied) to forking their own version.

                                    I’ll run through the analogies to see how they might fit:

                                    Hedge trimmer. Used as intended, the hedge trimmer would work. It only breaks if the neighbor is doing malicious or weird things with it. Someone requests the hedge trimmer be modified by the supplier or its buyers to block all such malicious and weird uses. That really on them?

                                    Communal garden. This is more like someone planting the garden (or a lot of it), it being used by many people, planter takes care of it almost exclusively themselves, it gets some improvements by others here and there, and original planter leaves due to disagreements on managing the garden. They still planted, maintained, and left a garden. If anything, the other people look suspect here.

                                    Volunteer work done lousy. This is the closest thing to where I agree with you. I’d say that’s a matter of personal integrity to do what one promised. I hate it when I slip too much to do that. In this case, I don’t know if author promised anything so much as just shared their work which outperformed most others. They did what they intended and were volunteers. What others expected wasn’t actually their promise as volunteers.

                                    Recipes.com and Chef. Responding to chef since they’re similar. I’d first look to see what was promised. This author would be a chef that was making their prefered kind of recipe, used some ingredients a lot of people liked, some people didn’t, and shared it with others. The chef’s preferences for their style of cooking caused them to not accept recipe changes from others to be published in the chef’s recipe. Others were allowed to pubish their own version. They didn’t. Most enjoyed the recipe. Some didn’t even read the ingredients to spot potentially nasty ones or things they were allergic to. Some found out about suspicious ingredients but ate it anyway. Again, it’s not the chef that’s suspect to me since they’re just doing their thing with the questionable ingredients dominating the menu at other providers.

                                    “You choose to have your intellectual property invade the minds of everyone that is reached.” “because in practice people don’t and you know that beforehand”

                                    That’s a big difference in our thinking. I’m from free speech, thick skin, control-how-people-influence-you part of the country. Realistically, what you describe will happen to some degree or even most of the time due to human nature. Realistically, we also need to know this, be wary of it (esp our biases/triggers), skeptical about what others offer, and only allow good ideas into our minds or as our working dependencies. We also need to introspect occasionally to prune bad ones out. If the audience didn’t do that, they need to address their bad habits before the screw up again.

                                    I’m no exception. I’m actually spending most of this week flushing out last year’s stresses, assessing bad habits, new goals, and how I’ll handle them. Those that affected me negatively were almost universally those I allowed to be a mental dependency. There’s the root problem. Sometimes I have little choice or one with high coercion. Most I could’ve handled differently, though. I strongly encourage that in others who are considering being emotionally tied to or walking into an artificial, nearly-pointless catastrophe such as the Actix situation. I’m responding just because I find these things interesting with some good usually coming out of it. Raph’s write-up on the front page is an example.

                                    On your three part list, the third isn’t reasonable since its the owners’ work and property. The license allows a fork. That’s enough. The first, honesty, should be a must on basic principle. The second is really where all this happened. Is it really defective if it does what the owner wanted it to do? In security, we evaluate the software against a correctness or security goal or policy. There’s endless possibilities. We usually only care about a subset of it. Author found it correct enough for now with no urgency for a fix, planning on their own. If it meets author’s requirements, is it really defective or even defective enough to warrant calling it a failure? Remember that most useful, deployed software sucks in some way when you try to answer that.

                                    Your thoughts are all reasonable. I could see maintainers subscribing to that philosophy. I just can’t justify pushing it on them at large. Many wouldn’t accept it either due to ideological differences.

                                    1. 1

                                      As is usual in discussions I’m going to focus on where we (seem to) differ, but we’re largely in agreement.

                                      An explanation I should have added to my original post: my analogies were not intended as analogies of this specific situation, but as analogies of open source in general. My intention is to flesh out some general expectations people may have of each other, to get to some minimum responsibilities.

                                      You e.g. adjusted the hedge trimmer example to match this specific situation, which was not what I had in mind. So to be clear: I was not implying the author of the project under discussion violated reasonable expectations by delivering something similar to a dangerously broken hedge trimmer. I agree that unforeseen and dangerous use of a hedge trimmer is in no way the responsibility of the lender. Similar things hold for the other analogies as you formulated them: I agree with your takes.

                                      Realistically, what you describe will happen to some degree or even most of the time due to human nature.

                                      Absolutely true and wouldn’t it be very nice if the amount of work we had to do to guard against that would be lower, because of shared general principles that result in more people taking on some minimum responsibility to not cause the problems we’re guarding ourselves against? I believe often the problem isn’t so much that people don’t believe they have responsibilities as that they have never explicitly thought about them or forget about them and would take action when reminded of a responsibility they have previously agreed they have. Perhaps we need something like an ‘Open source author manifesto’ that people can include with their repo.

                                      The second is really where all this happened.

                                      Not within the scope of the minimum responsibility I had in mind there. In the context of Github, I would say it’s enough that ‘issues’ exist that document brokenness. The minimum responsibility here is not closing/hiding/deleting issues that could cause users grief. My opinion on this specific situation is that the author did nothing wrong with respect to the responsibilities we may minimally expect them to take on.

                                      The license allows a fork. That’s enough.

                                      That seems to be the majority opinion, but in practice it seems to be very ineffective to me. It doesn’t happen as much as it should.

                                      I think one of the main obstacles is that just forking a project isn’t enough: you also need to communicate to everyone, including newcomers, that the previous project has been superseded, with the blessing of the community. Forking causes confusion and makes it hard for people to pick the option generally considered ‘the best’. Wouldn’t it be helpful to the community if authors would give up their claims to project names and publication permissions so the fork can continue under that name? Wouldn’t that make forks likelier to succeed?

                                      So what I’m assuming here is that one of the major problems open source has is not so much availability of people who want to maintain a fork, but the availability of such people who also believe that spending that effort is useful, because the fork will succeed.

                                      But in the end the entire third bullet can be a separate discussion. If people would in general agree open source authors have at least the minimum responsibilities of being honest about what the code is supposed to do and about defects that may cause users harm, then already we have at least established there are some responsibilities and that the discussion should be about those; not about ‘none’ vs ‘all’.

                                    2. 1

                                      You offer to create no value for me, only to “respect” my claim and deed to property, and you think I owe you money/time for that.

                                      I think you’re going to be disappointed.

                                      1. -1

                                        We generally don’t accept people just giving the world ‘gifts’. We hold that they have a minimum of responsibility with respect to their gifts. If we find that giving African villages wells has counterproductive results, because it disrupts the social fabric, then we are responsible to undo the damage. We frown upon someone giving a recovering alcoholic a free bottle of booze. We frown upon someone promising to help you and reneging on that promise. You can think of countless examples yourself where the fact that something is a gift does not absolve the giver from all responsibility concerning that gift.

                                        So yes, I believe there is a minimum responsibility, and thus a minimum of time, you owe the world if you choose to ‘give’ it something. And I think you believe exactly the same.

                                        1. 2

                                          My reason for producing software is not a gift. It is entirely selfish!

                                          When I have published software, gratis or otherwise, it is not because I’m trying to get you hooked on booze, or even because I don’t think you can produce it yourself.

                                          I do things because they benefit me, or because I expect them to benefit me, and I think that’s true of everyone, including you.

                                          That’s why you try and convince people into thinking they owe you more: Because that more can benefit you.

                                          Maybe you even think that’s necessary/economy: To convince people to take a worse deal than you, but that’s sad. I don’t want to be friends with people like that. I think we can find a deal where we’re both happy with the outcome, and happy enough we would do it again, and I hope that you might learn to actually prefer that as well.

                                          1. 0

                                            If you think lending a broken hedge trimmer to your neighbour for the laughs is fine, because you have the selfish benefits of having a laugh at them – or the only reason you don’t do it is because you might need something from your neighbour in the future and some form of utilitarianism informs you not to do such a thing, then I’m not interested in being friends either.

                                            I prefer people to not be entirely selfish, to consider what costs they impose on the world to get the benefits they are after and to take some minimal responsibility to reduce those costs.

                                            1. 2

                                              Yes. The only reason I don’t buy a hedge trimmer, break it, then lend it to my neighbour, is obviously because I might need something from my neighbour in the future, and not because I might have bought the hedge trimmer in the first place for my own purposes. After all, I only would ever buy a hedge trimmer in the first place, if I wanted to lend it to someone for some social currency I can redeem in the future.


                                              @friendlysock - you really vouch for Confusion?

                                              1. 0

                                                I started this thread suggesting open source authors at the very least have the responsibility of basic decency. You responded negatively and are now promoting selfishness, attempting to extract more and finding mutually beneficial deals so that you may do it again. And somehow I’m the offensive one, even though your principles lead to the offensive scenario and you are the one denying any basic moral responsibility when that might have a cost to you without any benefit?

                                                1. 2

                                                  Yes. On all points: You started this thread. You called working for free “basic decency”. I did respond negatively (makes sense, I was indeed offended by that). I did say I will not work for free. Yes you’re the offensive one. Yes not working for free is selfish. Yes I do not work for free.

                                                  Sounds like you’re a communist (or whatever it is where they can make you work) and I’m a socialist and we just have ourselves a little ideological difference of opinion, but since I don’t have to do anything I don’t want to, and you haven’t convinced me of anything (all that comparing my writing code to enabling alcoholics definitely didn’t help) that’s probably just going to be the way things will be.

                                                  1. 0

                                                    Let me.emphasize, based on comments in another subthread, that I emphatically do not mean the things that are alleged to have happened in the specific case reported here. I’m thinking of things like saying “you can safely run this code” when you know it actually deletes a home directory or removing an issue that warns others of such an obviously harm-causing thing.

                                                    You called working for free “basic decency”

                                                    You call ‘being honest about what something does’ (not writing anything is honest) and ‘not hiding bug reports’ work?

                                                    (all that comparing my writing code to enabling alcoholics definitely didn’t help)

                                                    Not writing code: the equivalent would be publishing it and then lying about what it does, negatively impacting people for no reason.

                                    3. 7

                                      I’d just like to point out that nowhere here has anybody linked to a new fork of the code everybody is handwringing about being gone. Instead, we are now just linking to other fora, doubtless perpetuating a tempest in a teacup.

                                      This is why I flagged the submission.

                                      1. 3

                                        I would love for the technical community to forget trying to figure out precisely where blame and responsibility lie and why, and instead move on to working out a plan for immediate and seamless recovery from a catastrophic bus factor reduction. Next time, I want to see more “this happened, yes it sucked, but more importantly here’s how we’re going to pick up the pieces and carry on smoothly” and less 90+-comment threads (to which I reluctantly contribute) focusing on a single person who very likely wants to be left alone right now.

                                        1. 1

                                          Exactly. Just more flying peanuts from the peanut gallery.

                                        2. 3

                                          I think the linked two takes go too far in the direction of letting anything go for developers of Open Source who don’t adhere to minimal social norms while appearing too restrictive on what other people can say.

                                          For developers, even if one agrees that developers of a piece of Open Source software don’t have an obligation to keep developing the piece of software or to provide support, it’s still reasonable to hold it as a social norm that if the original developer quits they shouldn’t take disruptive active action (such as making the repo go away on GitHub or pushing breakage via cargo, npm, or similar; not suggesting that the latter is relevant in this case).

                                          Handing off maintainership is a tricky case if there isn’t already a trusted co-developer. One one hand, properly handing off maintainership is socially expected, but the hand-off is also a potentially disruptive active action. Clearly, as npm incidents has taught us, one should not hand over control of a software distribution channel to some random person who volunteers. If quitting happens under emotionally heavy circumstances, handling the hand-off responsibly to a properly trustworthy party may be too burdensome. In that case, it’s best not to take any action (except maybe marking the repo archived on GitHub).

                                          As for other people, especially in the case of an infrastructural library, it should be an acceptable response to publicly advise against the use of a particular library with a polite fact-based explanation why. (See @burntsushi’s post on Reddit.) When other people are relying on code that someone wrote, it’s no longer just about the person who wrote the code. It’s bad for the Rust ecosystem for a crate whose approach to soundness doesn’t meet the soundness issue handling expectations for Rust to end up in a keystone position in the ecosystem. In practice, you don’t get true freedom of choice about what crates are in your dependency tree. There needs to be a way for the Rust community to communicate norms such that crates that don’t meet the soundness issue handling expectations of Rust don’t end up in keystone positions in the ecosystem.

                                          In this case, some people failed badly at the “politely” part. Also, not everything has to happen that fast, and the Rust community is a bit too quick and harsh to react to things that are look like people who haven’t bought into Rust could use them as counter-examples against Rust’s evangelism promises. I’ve been perceived to do a thing undermining Rust’s promises (not on soundness), and the response hasn’t been particularly nice and at times it has been more on the quick than researched side. Things don’t need to be resolved on Reddit the moment you discover them.

                                        1. 11

                                          GNU grep ships as a standalone executable (or at least, when I run which grep and dpkg -L grep, I don’t see any packaging dependencies for /usr/bin/grep)

                                          With ldd /usr/bin/grep on Arch I get dependencies on linux-vdso.so.1, libpcre.so.1, libc.so.6, libpthread.so.0 and /lib64/ld-linux-x86-64.so.2. Not sure, if any of these come shipped with Linux itself, but Arch at least lists glibc and pcre as package dependencies. Maybe it’s statically compiled on Debian-derivates? But is this even possible?

                                          One thing I know I can’t do for my personal projects is constantly dedicate time to working on it after I’ve “shipped”.

                                          I think this sentence describes a negative feeling which bugs me since a few years. When I was younger I constantly fiddled with things, but nowadays (with a job in software) I feel tired about my hobby projects and just want something to be finished, completed, working. And then continue with another hobby. And when I then decide to run my software again after 1 or 2 years I still want it to run. Which is something that with my current main language Python can break, e.g. because in Python 3.5 or so they made await a reserved keyword, so existing libraries broke. Maybe I should start writing C, not so much stuff changing there (every 10 years a new standard or so? and compilers will happily compile old versions).

                                          Now that I can point a finger at the feeling, I can start to think about actions. Maybe C for hobby really would be the solution.

                                          1. 10

                                            Damn, you’re right, it’s not a single executable. I’m getting something similar, I should know better than to figure /usr/bin contains single executables lol. I’ll post a correction and credit you :)

                                            1. 11

                                              Updated, hopefully this is better :) Thank you very much for the correction!

                                              On a side note, does anybody here know of good groups to get content editing for blog posts? I don’t have anybody to bounce drafts off of, which means these content errors keep getting through.

                                            2. 7

                                              As if C is the only alternative to Python. ;)

                                              If you want a high level language for future-proof software, OCaml maintainers take backwards compatibility very seriously, and OPAM (the package manager) is versioned and allows installing any old version of a library.

                                              With compiled languages, you can also make a statically linked binary so that you can still use the program even if building it requires big changes to the source. Rust and Go make that easy, but you can link anything with musl or another static C standard library.

                                              1. 3

                                                And when I then decide to run my software again after 1 or 2 years I still want it to run.

                                                Might I suggest Clojure? https://www.groundedsage.dev/posts/the-clojure-mindshare/#heading-stability

                                                1. 2

                                                  linux-vdso is part of the kernel. ld-linux is the dynamic linker; you need it to run anything. Libc and libpthread provide the most basic possible functionality for interacting with the system, and it’s difficult to imagine something that doesn’t depend on them. Unfortunately, there are non-standard glibc features that some programs depend on, and that has caused problems in the past, but I can’t imagine that glibc depends on any of those.

                                                  That leaves pcre as the only real dependency which–ok, it’s not technically freestanding, but I don’t think that really detracts from the point of the article. Not least because it’s fairly easy to make a grep that runs without it; it’s only used for the -P flag.

                                                  1. 1

                                                    Go doesn’t make use of libc for the most part. It does its own syscall interaction.

                                                    1. 2

                                                      Interesting. This makes me wonder where the border between kernel and libc actually sits. So, fopen(3) is implemented in libc. open(2) is more lowlevel and specified by POSIX, but where is it implemented? As it’s part of POSIX, I’d expect it to be implemented in the kernel. Go would then not use fopen(3), but open(2) to implement it’s I/O, right? Or is syscall(2) the only function directly talking to the kernel, and open(2) is already something in libc? Does someone know where to look for such information?

                                                      I’m just curious. I don’t normally go that lowevel, but something not using libc sounds a bit arcane to me.

                                                      1. 3

                                                        So at some level, syscall(2) is really a wrapper for the SYSCALL instruction (or similar for !AMD64). open(2) is a wrapper around syscall(2), but the semantics of how files are opened are implemented at the kernel level. At some level, to the program files don’t exist, but they are provided to the application by a very elaborate and consistent set of lies. Those lies are usually standardized by things like POSIX.

                                                        For a very abstract example, take this webassembly code. Files don’t exist in webassembly by itself, but by importing open and write from the webassembly environment, hello world can be written to the standard output of the host machine. Also see my talk on this.

                                                        TL;DR: syscalls don’t real, but the kernel lies and makes them appear real.

                                                        1. 2

                                                          Thank you!

                                                        2. 2

                                                          open() is implemented in libc, likely as a thin wrapper around the syscall instruction. Here, for instance, is how it’s implemented in my libc. But do note that it also needs to set errno (in that example, it’s handled by the syscall function), which is not something the kernel knows or cares about.

                                                          1. 1

                                                            Thank you!

                                                  1. 2

                                                    From my understanding you have an environment where you have one large local network and want to separate this into many customer-private networks?

                                                    Did you by chance also think about the opposite situation? I have servers at a non-cloud hoster. This means I see my servers as individual servers, not as a cluster. And when I communicate between them I consider myself in a hostile network. Thus, I want to combine them into one single private cluster. Currently, I am using wireguard for this. Anything else I would have to consider in such a situation?

                                                    I think this approach is also worth thinking about, because I guess that many companies might want to use a cluster of multiple servers, but do not need rapid scalability.

                                                    1. 1

                                                      I’ve been doing this for several weeks now – between Digital Ocean droplets and scalawag servers – by using https://github.com/slackhq/nebula

                                                      It works well.

                                                      1. 1

                                                        Wireguard sounds like a good approach in general. What I wonder though is, what is your use case for putting multiple distributed servers into one network?

                                                        1. 1

                                                          They’re not so much distributed, ping is 3ms. It’s no problem for me.

                                                          The use case is very simple, because it’s only a hobby setup: One server runs the databases and all my services and the other runs all my websites. In fact, all of the websites could easily run on the big server, but the small server costs 3 Euro per month so I kept it. But I believe that some companies could have a similar setup as a real use case.

                                                          Or think load balancing. Two or three servers do the same thing and could be in the same private network.

                                                          1. 1

                                                            Personally I’d assure that all servers have IPv6 capability and connect the services using TLS. This way you don’t even need to have them in a single network.

                                                      1. 2

                                                        My eyes cannot handle the page design well. The headings are too thin and light-colored, whereas the technology tags are too heavy-weight. I could understand the idea that you want to put more emphasis on the technology than on the title, but for this approach there are just too many technology tags with each position. I.e., there are just too many heavy-weight tags, so I do not know what to focus on.

                                                        1. 36

                                                          I think this will not succeed for the same reason that RSS feeds has not (or REST). The problem with “just providing the data” is that businesses don’t want to just be data services.

                                                          They want to advertise to you, watch what you’re doing, funnel you through their sales paths, etc. This is why banks have never ever (until recently, UK is slowly developing this) provided open APIs for viewing your bank statement.

                                                          This is why businesses LOVE apps and hate web sites, always bothering you to install their app. It’s like being in their office. When I click a link from the reddit app, it opens a temporary view of the link. When I’m done reading, it takes me back to the app. I remain engaged in their experience. On the web your business page is one click away from being forgotten. The desire to couple display mechanism with model is strong.

                                                          The UK government is an exception, they don’t gain monetary value from your visits. As a UK citizen and resident, I can say that their web site is a fantastically lucid and refreshing experience. That’s because their goal is, above all, to inform you. They don’t need to “funnel” me to pay my taxes, because I have to do that by law anyway. It’s like reading Wikipedia.

                                                          I would love web services to all provide a semantic interface with automatically understandable schemas. (And also terminal applications, for that matter). But I can’t see it happening until a radical new business model is developed.

                                                          1. 5

                                                            This is why banks have never ever (until recently, UK is slowly developing this) provided open APIs for viewing your bank statement.

                                                            This has happened in all EU/EEA countries after the Payment Services Directive was updated in 2016 (PSD2). It went into effect in September 2019, as far as I remember. It’s been great to see how this open banking has made it possible for new companies to create apps that can e.g. gather your account details across different banks instead of having to rely on the banks’ own (often terrible) apps.

                                                            1. 6

                                                              The problem with PSD2 to my knowledge is that it forces banks to create an API an open access for Account Information Service Providers and Payment Initiation Services Providers, but not an API to you, the customer. So this seems to be a regulation that opens up your bank account to other companies (if you want), but not to the one person who should get API access. Registration as such a provider costs quite some money (I think 5 digits of Euros), so it’s not really an option to register yourself as a provider.

                                                              In Germany, we already seem to have lots of Apps for management of multiple bank accounts, because a protocol called HBCI seems to be common for access to your own account. But now people who use this are afraid that banks could stop this service when they implement PSD2 APIs. And then multi-account banking would only become possible through third-party services - who probably live from collecting and selling your data.

                                                              Sorry if something is wrong. I do not use HBCI, but that’s what I heard from other people.

                                                              1. 1

                                                                I work on Open Banking APIs for a UK credit card provider.

                                                                A large reason I see that the data isn’t made directly available to the customer is because if the customer were to accidentally leak / lose their own data, the provider (HSBC, Barclays etc) would be liable, not you. That means lots of hefty fines.

                                                                You’d also likely be touching some PCI data, so you’d need to be cleared / set up to handle that safely (or having some way to filter it before you received it).

                                                                Also, it requires a fair bit of extra setup and the use of certificate-based authentication (MTLS + signing request objects) means that as it currently sits you’d be need one of those, which aren’t cheap as they’re all EV certs.

                                                                Its a shame, because the customer should get their data. But you may be able to work with intermediaries that may provide an interface for that data, who can do the hard work for you, ie https://www.openwrks.com/

                                                                (originally posted at https://www.jvt.me/mf2/2019/12/7o91a/)

                                                            2. 4

                                                              Yes, this does seem like a naive view of why the web is what it is. It’s not always about content and data. For a government, this makes sense. They don’t need to track you or view your other browsing habits in order to offer you something else they’re selling. Other entities do not have the incentive to make their data easier to access or more widely available.

                                                              1. 6

                                                                That’s very business centric view of the web, there’s a lot more to the internet than businesses peddling things to you. As an example, take a look at the ecosystem around ActivityPub. There are millions of users using services lile Mastodon, Pleroma, Pixelfed, PeetTube, and so on. All of them rely on being able to share data with one another to create a federation. All these projects directly benefit from exposing the data because the overall community grows, and it’s a cooperative effort as opposed to a competitive one.

                                                                1. 3

                                                                  It’s a realistic view of the web. Sure, people who are generating things like blogs or tweets may want to share their content without monetizing you, but it’s not going to fundamentally change a business like a bank. What incentive is there for a bank to make their APIs open to you? Or an advertiser? Or a magazine? Or literally any business?

                                                                  There’s nothing stopping these other avenues (like the peer-based services you are referring to) from trying to be as open as possible, but it doesn’t mean the mainstream businesses are ever going to follow suit.

                                                                  I think it’s also noteworthy that there is very little interesting content on any of those distributed systems, which is why so many people end up going back to Twitter, Instagram, etc.

                                                                  1. 1

                                                                    My point is that I don’t see business as the primary value of the internet. I think there’s far more value in the internet providing a communication platform for regular people to connect, and that doesn’t need to be commercialized in any way. Businesses are just one niche, and it gets disproportionate focus in my opinion.

                                                              2. 3

                                                                Aye, currently there is little motivation for companies to share data outside silos

                                                                That mind-set isn’t really sustainable in the long term though as it limits opportunity. Data likes to date and there are huge opportunities once that becomes possible.

                                                                The business models to make that worth pursuing are being worked on at high levels.

                                                                1. 1

                                                                  Ruben Verborgh, one of the folks behind the Solid initiative 1, has a pretty good essay 2 that details a world in which storage providers compete to provide storage, and application providers compete on offering different views to data that you already own.

                                                                  Without getting into Solid any more in this post, I will say that there are a ton of websites run by governments, non-profits, personal blogs, or other situations where semantically available data would be a huge boon. I was looking through a page of NSA funded research groups the other day for McMurdo station 3, and finding what each professor researched on took several mouse clicks per professor. If this data was available semantically, a simple query would be enough to list the areas of research of every group and every professor.

                                                                  One can think of a world where brick-and-mortar businesses serve their data semantically on their website, and aggregators (such as Google Maps, Yelp, and TripAdvisor) can aggregate them, and enable others to use the data for these businesses without creating their own scrapers or asking a business to create their own API. Think about a world where government agencies and bureaucracies publish data and documents in an easy to query manner. Yes, the world of web applications is hard to bring the semantic web to due to existing incentives for keeping data siloed, but there are many applications today that could be tagged semantically but aren’t.

                                                                  1. 1

                                                                    The web has been always used mostly for fluff since day 1, and “web assembly” is going to make it more bloated, like the old browser-side java.

                                                                    The world needs user-centric alternatives once again.

                                                                  1. 15

                                                                    I kinda dream of a blogging and/or bookmarking engine that would scrape the target page at the time of linking and archive it locally (ideally in WARC format, though a “readability-like” text extract would be a good first attempt too); then, occasionally, re-crawl the links, warning me about 404s and other potential changes; I could then click the suspicious ones to check them manually, and for those I tick off as confirmed bitrot, the engine would then serve the local archived copies to the readers. Even more ideally, all of this stuff could then be stored in IPFS. Nad yes, I know of pinboard.in, and am using it, but would still prefer a self-hosted (static) blog-like solution, ideally with IPFS support. It’s on my super long TODO list, but too many projects already started so I don’t think I’ll get to it in this life, and additionally it has quite a few nontrivial pieces to it I think.

                                                                    edit: Even more ideally, the IPFS copies of the websites could then be easily cloned by the blog readers, forming a self-interest-driven worldwide replicated Web Archive network.

                                                                    1. 6

                                                                      and for those I tick off as confirmed bitrot, the engine would then serve the local archived copies to the readers

                                                                      I think this would violate copyright law in Europe. Not sure about the US, though. archive.org somehow does not seem to have problems.

                                                                      In Germany archiving written material (also the web) is the job of the National Library. But to my knowledge they only archive all books and a small portion of web pages. And even they say: “Due to copyright reasons access to the collected websites is usually only possible from our reading halls in Leipzig and Frankfurt am Main”.

                                                                      1. 2

                                                                        Uhhhhhh. Sadly, a good point. One would have to talk to r/datahoarders or The Archive Team and ask what they think about it, would they have some ideas how to do this legally. Still, I’d certainly want to have those archived copies available to myself for sure. This cannot be illegal, I can already do “File / Save as” in my browser.

                                                                      2. 1

                                                                        Many years ago when I attended university (in early 2000s) quoting from internet sources wasn’t accepted unless the quoted source was included as an appendix item along with the essay.

                                                                        Since then if I find a digital source for referencing I create a personal archive of it including all relevant meta data for referencing purposes. This has helped combat the effect of “digital decay” on my work where the internet archive may not have managed to grab a snapshot.

                                                                        1. 1

                                                                          warning me about 404s and other potential changes; I could then click the suspicious ones to check them manually

                                                                          This was one of the few uses I had for deep learning. Sometimes, I’d get 404’s on part of a page but not all. They might also do weird stuff, like GIF’s, in place of the 404. Local copies with smart, 404 detection would be a big help to counter the death of the Old Web.

                                                                        1. 3

                                                                          You should better specify your goals and requirements – then it would be easier to decide / recommend.

                                                                          How I deal with DNS hosting:

                                                                          a) DNS hosting is included in registration fee for the domain (most cases)

                                                                          b) run my own DNS servers (only in some cases)

                                                                          I personally found no reasons for option c), but maybe anyone can point to such reasons.

                                                                          1. 2

                                                                            DNS is included in the registration fee for the domain, however, it’s only a redirect to another DNS server that’s included there. The reason I’m looking for a DNS hosting solution only, is that the few things I need on my homepage can be hosted off e.g. Netlify but I need the DNS for my email.

                                                                            As such, I’m not terribly interested in an actual web hosting solution where I have to pay a bunch of money for a bunch of online space I’ll never use :-)

                                                                            But it seems like I’ll go for Cloudflare, assuming they support all the DNS records I need to setup the email properly.

                                                                            1. 3

                                                                              As such, I’m not terribly interested in an actual web hosting solution where I have to pay a bunch of money for a bunch of online space I’ll never use :-)

                                                                              To me this sounds as if you still might want to have domain registration + nameserver management combined. I think that’s what franta means by option a) and what also I am using. This is a quite common combination. Similar to franta I am also able to define all NS entries I want (I currently use: A, AAAA, MX, TXT).

                                                                              What you are describing (in the quote) is the combination domain + nameserver + web space, which indeed is not the best, because nameserver management in these packages can be quite limited and you are tied to the web space provider.

                                                                              I understood your original question so that you want a provider for only nameserver management, i.e. you bought your domain already somewhere but that seller does not provide all NS management options you need (e.g. an API access or something). I think this option is indeed very rare, but there can be use cases. So, that’s how I understood your question.

                                                                              DNS is included in the registration fee for the domain, however, it’s only a redirect to another DNS server that’s included there

                                                                              But this also sounds as if you had exactly the problem that your domain seller does not provide the NS management options you need. So if this applies, just forget the rest of my comment.

                                                                              1. 2

                                                                                But this also sounds as if you had exactly the problem that your domain seller does not provide the NS management options you need. So if this applies, just forget the rest of my comment.

                                                                                Or he can transfer the domain to another registrar, which is usually quite easy.

                                                                              2. 2

                                                                                it’s only a redirect to another DNS server

                                                                                This sounds really weird to me. I have experience with circa four registrar companies and all of them run their own DNS servers and allow me to configure any DNS records I want (A, AAAA, MX, CNAME…). Some of them provide also API to configure records automatically. None of them require paying for a separate DNS hosting.

                                                                            1. 3

                                                                              Shitty website withholds plain text because I won’t turn on Javascript for them.

                                                                              That’s a new one for me.. usually when a site that wants to use javascript to display text ‘loads’, the site is completely blank, and doesn’t show that the text was intentionally blanked out.

                                                                              1. 2

                                                                                Turning on Firefox’s Reader View restores the text, though. :-)

                                                                                1. 4

                                                                                  I guess my point is, 1) it’s text, you don’t need javascript to display it and 2) they know this AND they are intentionally breaking the site because they want you to enable javascript. Previously, I just assumed sites didn’t know they were breaking folks that didn’t enable javascript, or at least didn’t make an attempt to actively hide content (and make it obvious to the user they were intentionally denying them service)

                                                                                  1. 4

                                                                                    Big parts of German media are in a war against blocking of ads. I think German media is still undecided whether it should go full paywall or not. Currently, most go for an approach to put some articles behind a paywall and show others openly - and at least a few put popular articles behind paywalls after some time (unfortunately I did not yet analyze how many and when).

                                                                                    I think Golem belongs to the fraction that criticizes the other media that try to sue AdBlock in court (luckily they lost all trials up to now, but they keep on trying). But forcing you to enable JavaScript seems to be Golem’s way to get ads and tracking to at least a fraction of the people.

                                                                                    Other newspapers have other broken approaches, but all of them are somehow trying to get you to give them data or ad-space.

                                                                              1. 2

                                                                                I see this argument (which I mostly agree with), and then look at Hulu and Spotify who are effectively doing the same thing. Is the biggest difference the consent here? Hulu doesn’t take and resell content they don’t have an agreement to sell, and neither does Spotify^^. Brave’s model “holds hostage” content and hopes for ransom agreements (it seems?).

                                                                                Here’s an idea for ya: How about I pay a single content subscription to a company that gives me ad free access to paywalled content (e.g. Forbes, NYTimes) which rev-shares that based on articles viewed? In other words, work for/with paywall based content creators to allow consumers the ability to read a couple of articles from these places without ponying up $5/mo a pop despite not getting $5 of value each month due to “drive by reading.” Maybe I pay $5 a month, and get access to 50 articles, at $.10 an article, with $.08 going to the content creator. If I pay $5 and view 0 articles, then the content creators split the $4 based on some distribution mechanism (total time on site for all subscribers, views, etc…). Maybe each content provider pays the company at some point to be included in the network… dunno.

                                                                                This provides consent, and real value for consumers. And, an additional stream (perhaps small) for creators of revenue from folks that will never subscribe, but might still enjoy the occasional article once in a while.

                                                                                (This probably has lots of flaws, too.)

                                                                                ^^: Though, it’s my understanding that in the past (and maybe still) you could pretend to own the copyright of music and upload it as your own….

                                                                                1. 1

                                                                                  Hulu doesn’t take and resell content they don’t have an agreement to sell, and neither does Spotify

                                                                                  I wouldn’t be so sure about that. German microblogger and podcaster fefe said that Spotify started to broadcast his Podcast on Spotify without asking for permission, effectively violating his copyright.

                                                                                  I do not have any more details into the process, so I cannot state if his claims are true. True seems to be that his podcast (Alternativlos) is available on Spotify. From all experience with IT companies, I guess the claims can very well be true.

                                                                                  It might be the situation described in your annotation, that somebody uploaded it to Spotify (I do not know Spotify well enough to know that), but in this case Spotify is still legally responsible for the re-distribution of the work. And their process to dispute content seems broken.

                                                                                  His claim:

                                                                                  By the way, I currently have a similar problem with Spotify. They just took all episodes of Alternativlos over into their program, without our prior permission. And you will not believe what they are telling me now after I have informed them of their prosecutable behaviour: They want me to do unpaid work for them by filling out a web form from their junk IT. […] The web form, by the way, requires that you install their client first. (translation by me)

                                                                                  1. 1

                                                                                    It’s a bit hard to follow, as I don’t speak German, but isn’t Spotify just acting as a podcast application here? I.e. it reads the RSS feed for Alternativlos and presents it within the Spotify app, so users can subscribe to it.

                                                                                    I can find the podcast in my podcast app too.

                                                                                    1. 1

                                                                                      in my opinion, the problem is that Spotify presents the content in their own application. They do not redirect, but they let it play within their application.

                                                                                      But I just researched a bit and the EU ruling at the moment seems to be more complicated. I was under the impression that usually hyperlinking is legal, but framing (=embedding the content in your own UI) is illegal. But it seems in 2014 the European Court of Justice has decided that framing can be legal in situations where the audience remains the same as the audience of the original publication (in case of a public podcast probably the whole world) and the method of distribution remains the same. The second requirement is the one which I am unsure about in the Spotify case, because the case from 2014 was about a youtube video which embedded still can be seen as a youtube video. I am not sure if playing an mp3 file from a web player and playing an mp3 file from Spotify would be considered the same.

                                                                                      If Spotify instead does cache the mp3 file on their servers, this would become illegal behaviour.

                                                                                      From what I am reading now it seems that framing is becoming legal in Germany, which sounds a bit counterintuitive to me. My current understanding after a few articles is that I could basically put an img tag with a deep link to foreign images and present them on my own web page. And our German court - after asking the European Court of Justice - says that this is OK, because the original website can delete the photo from their server if they want to stop it.

                                                                                      I must be misunderstanding something…

                                                                                      And of course, Swedish interpretation of the European decisions might also differ from German interpretations… And I am not sure what jurisdiction Spotify in this case falls under. Gotta study law somewhen :)

                                                                                      1. 1

                                                                                        Leaving aside the specific legal aspects for a moment, consider this scenario.

                                                                                        (I am not a podcaster, but I listen to a bunch, and the industry-specific financing is interesting)

                                                                                        I have a podcast, and in it I promote a certain product. The way the feedback loop between me, as the promoter, and the product marketer usually works is that I ask listeners to visit a webpage and enter a podcast-unique identifier on purchase. This way the product marketer knows how large the conversion rate is, and can compensate me appropriately.

                                                                                        Now, Spotify picks up my podcast, and for technical reasons “caches” it on their platform. This means they can use their CDN etc to distribute the content. As long as the content is not altered in any way, this is a good deal for me! I don’t have to pay for bandwidth to every listener, I might even get specific traffic stats from Spotify for further marketing decisions, etc.

                                                                                        Now, if Spotify alters the content, say by removing my promo spot, or altering the code, or adding additional promotional content, I would have cause for concern.

                                                                                        Otherwise, having Spotify pick up, and maybe even promote my podcast, enables me to reach more people.

                                                                                        The above works for content that is not ad-supported too, with the caveat that Spotify must not alter the content.

                                                                                  2. 1

                                                                                    It’s not what you describe, but you may find Blendle interesting. You pay per article.

                                                                                    1. 2

                                                                                      This looks pretty great, though I don’t like the name. :) Thanks for linking!

                                                                                    2. 1

                                                                                      In the US, several types of copyrightable content have compulsory licensing schemes and/or performance-rights organizations, which drastically simplify the process of displaying/broadcasting/etc. content to which you don’t hold the copyright. You can access entire huge catalogs of stuff and use it all without having to negotiate individual licenses for everything.

                                                                                      There’s nothing like this for the web, though, and it’d probably be far more complicated to implement.

                                                                                      1. 1

                                                                                        Not to mention ethically unsound. As a creator, you’re the moral owner of a work, and should be allowed to dictate the terms of its use.

                                                                                        Imagine if you were required by law to release some software you’d written under the MIT license when you wanted to use the GPL.

                                                                                        1. 2

                                                                                          As a creator, you’re the moral owner of a work

                                                                                          I mean, that’s the law, but it’s far from the only defensible moral belief w.r.t. intellectual property.

                                                                                          1. 1

                                                                                            Compulsory licensing systems in the US don’t allow derivative works. They typically only allow for “performance”-type rights, and for the purpose of promoting competition. So, for example, the old over-the-air broadcast TV networks are subject to a compulsory licensing scheme for the TV shows they broadcast, because otherwise they would’ve denied licenses to other forms of transmission (cable, satellite, etc.) in order to preserve their oligopoly status in the market for TV programming.

                                                                                            Or, for example, if you have a radio station and you want to play music, you just pay a license fee to a performance-rights organization and get access to legally play a huge catalog of stuff, even if the people who recorded it might not like your particular radio station. The alternative – every radio station has to negotiate licenses individually with every person who makes music – is simply not workable.

                                                                                      1. 5

                                                                                        For work, BuildKite is my personal favourite.

                                                                                        • Pricing is per user rather than per agent
                                                                                        • You run the agents on your own hardware (fast!)
                                                                                        • BK don’t have access to your source code
                                                                                        • All pipeline configuration is in the repo, with the code
                                                                                        1. 2

                                                                                          Does everything run on your own servers? I don’t fully understand their licensing, yet. They talk about an open source agent that runs on your servers, but not about the component that triggers the agent. And are the non-free parts also in a FOSS client or is that distributed as a compiled binary only (e.g. Single-Sign-On)?

                                                                                          I’m curious, because I like it that there is still paid software with local installations (for small companies).

                                                                                          1. 1

                                                                                            The build agent runs on your own servers, and is open source. Buildkite runs the “director/manager” service, web ui, etc themselves.

                                                                                            We use it at work too, and really like it.

                                                                                            1. 1

                                                                                              The closed source part handles distribution of jobs to agents, artefact/log storage, presentation. They host that for you.

                                                                                              The agent is fully open source and easy to build yourself (pure golang).

                                                                                              This way, you can be confident that your sources remain on your own servers. The agent can only receive “run file x from git commit y” instructions, so they can’t inject malicious code that way.

                                                                                          1. 1

                                                                                            My own one called Cinderella now :) (it’s extremely new, so much stuff is not polished)

                                                                                            I did not find any CI engine that was lightweight enough for my use cases (single user, bare git repos, no docker).

                                                                                            I have used Gitlab and Jenkins and found them both too big for me. I also used Travis, but it’s hosted and only free for FOSS repositories. I also found other solutions, but none of them worked well with my ecosystem.

                                                                                            Thus, I decided to develop a small CI engine that runs on the host itself (yes, no isolation) and integrates well into bare git repositories. You set a post-update hook that will execute cinderella and done.

                                                                                            A small overview over my reasons and more CI engines I considered not appropriate can be found here: https://github.com/aufziehvogel/Cinderella/blob/master/ProjectOutline.md

                                                                                            1. 1

                                                                                              Ohh this looks very interesting. Seems like an ideal candidate for good cross platform testing since you aren’t relying on Docker.

                                                                                            1. 13

                                                                                              The article fails to account for reserved instance pricing, the sustained use discount, the free tier, and spot or pre-emptable instances.

                                                                                              Pricing on AWS/GCP is complex, but you can save a lot of money if you’re careful.

                                                                                              Though to be fair that complexity is one way they make money. You could save a lot of money, but it’s all too easy to overlook something.

                                                                                              1. 21

                                                                                                Hi, OP here.

                                                                                                • I believe I am taking Google’s sustained use discount into account
                                                                                                • I haven’t included the free tier because it is marginal and I think most organisations will exhaust it fairly quickly
                                                                                                • I think spot and preemptable instances are not a general product but a specialist one: only some applications of virtual machines can tolerate getting evicted

                                                                                                I do discuss the issue of complexity later on. I don’t think it normally works to the advantage of the customer.

                                                                                                My intuition (and experience!) is that most real world AWS customers get bamboozled by the incredible complexity of pricing (especially when it’s presented in non-human readable units like “0.034773 per vCPU hour”) and wind up paying far, far over what the going rate of renting a computer should be.

                                                                                                1. 5

                                                                                                  Hey OP, could you add Hetzner Cloud servers? Should be a whole lot cheaper than anything else you’ve got on there if I’m seeing this correctly.

                                                                                                  1. 2

                                                                                                    There’s also a built-in Terraform provider https://www.terraform.io/docs/providers/hcloud/index.html

                                                                                                    1. 2

                                                                                                      Agree, it seems to be 10 Euro/month for 8GB in the cloud plan.

                                                                                                      I’m running a root server with 32GB of memory and 2TB hard disk at Hetzner for ~30 Euro / month (from the Serverbörse). I do not know about their support at all, but I am quite sure that from a US IT company I could only expect automated mails, anyway. So Hetzner cannot be any worse there.

                                                                                                      Of course, root server and cloud hosting are two totally different beasts, but in my humble opinion it’s a choice the US-centric tech community too often does not even consider. The mantra is always the application has to be horizontally scalable.

                                                                                                      1. 1

                                                                                                        It should just be noted that Serverbörse is usually based on dekstop machines and the like, often older CPUs and servers, so you might not want to rely on that if your application stack is considered mission-critical.

                                                                                                        As for the cloud vs classic servers, it’s a different beast completely, yes. A lot of internet wouldn’t be alive if you had to pay a linux admin to configure your servers, deploy your apps and pay attention to traffic, script kiddies etc. But not having a lot of internet online could perhaps be considered a good thing, eh?

                                                                                                    2. 5

                                                                                                      On preemptible/spot they both provide /liberal/ shutdown warnings, it is possible to run almost anything aside from long life connection hosts (e.g. websockets) or extremely stateful applications like databases. Use cases that don’t fit spot are approaching minority in 2020 with current infrastructure trends.

                                                                                                      Re: DigitalOcean, I did a migration a few years back where AWS came out vastly cheaper than the equivalent configuration on DO mostly due to AWS instance reservations, which are a trivial factor to plan for when you’re already planning a large migration.

                                                                                                      The one area I couldn’t possibly defend the cloud providers is bandwidth pricing. All other costs are a footnote compared to it for any account doing high traffic serving

                                                                                                      1. 10

                                                                                                        Not an expert on this, but while it seems it is possible to run lots of things on hosts that may shut themselves down automatically, actually doing so will cost you more developer and devops time instead of just paying a little more for hosting. It seems likely that this is time you want to spend anyway, as part of making an application more resilient against failure, but it still makes the situation yet more complicated, and complexity usually serves Amazon more than the customer. (And I have a hard time believing that databases are approaching a minority use case with current infrastructure trends. ;-)

                                                                                                        1. 3

                                                                                                          Bandwidth pricing is the primary lock-in mechanism cloud providers have. It should be seen as anti-competitive.

                                                                                                          1. 4

                                                                                                            I don’t understand what you mean. Are you saying bandwidth costs of migrating data to another cloud would be prohibitive? Or something else?

                                                                                                            1. 3

                                                                                                              Personal example: I started to develop an application with AWS services (Lambda, SQS, EC2, S3). Later I changed it to an application for a “normal” server. I still wanted to store data to S3, but the cost to download it from there for analysis is just ridiculous. So the choice was to store to S3 and run on EC2 or not to store to S3. (I decided against S3).

                                                                                                              1. 4

                                                                                                                What I mean is that data transfers between services in the same cloud x region are much cheaper than data transfers between clouds. So it’s more expensive to store logs in AWS and analyze them with GCP, compared to just analyzing them in AWS. You can’t take advantage of the best tools in each cloud, but are forced to live in one cloud, creating a lock-in effect.

                                                                                                                If there was a rule that bandwidth prices must be based on distance, not whether the endpoints are within the same cloud, we’d see more competition in cloud tools. Any startup could create a really good logs-analysis tool and be viable, for example. This rule runs into some legitimate issues though. For example, if a cloud provider has custom network hardware and fiber between their own data centers, the cost of moving data between their zones might be much cheaper than sending it over the public internet to another cloud provider. Moreover, many different cloud services are co-located in the same data center. So it’s much cheaper to analyze logs using a service that already exists where the data is than to ship it off to another cloud.

                                                                                                                The problem is big cloud vendors have little incentive to let users take their data out to another cloud. It’s going to be a market where only a few big players have significant market share, at this rate.

                                                                                                                1. 2

                                                                                                                  Okay I see what you’re saying now. And when bandwidth costs encourage using more services in one cloud, you become more entrenched and entangled to the services of that particular cloud, locking you in even more.

                                                                                                                  1. 1

                                                                                                                    I agree completely on the bandwidth pricing. At this point, I think this should be considered a common public infrastructure, like roads etc. Yes, I understand that there are costs to providing it all, that some companies have invested in infrastructure privately, all I’m saying is that the traffic should be “free” for the consumers (and even for the business sector that the article OP is mentioning, companies hosting wordpress or timesheet or some similar small apps like that without major engineering teams).

                                                                                                              2. 2

                                                                                                                Yep, it’s definitely true for existing apps. Converting a large stateful app to new world is a nightmare, but you get so many benefits, not least the problem of preemptibility and autoscaling are basically identical. The big Django app used to require 16 vCPUs to handle peak, so that’s how it was always deployed. Now it spends evenings and non-business days idling on a single t2.micro

                                                                                                                In the case of a typical Django app though, if you’re already using RDS then the single most typical change is moving its media uploads to S3. It’s a 15 minute task to configure the plugin once you’ve got the hang of it, but yep, for a single dev making the transition for a single app, that probably just cost you a day

                                                                                                              3. 3

                                                                                                                The one area I couldn’t possibly defend the cloud providers is bandwidth pricing. All other costs are a footnote compared to it for any account doing high traffic serving

                                                                                                                Thanks, I came here to say that. The article didn’t even factor in bandwidth/network costs, which matter for both EC2 and S3 (not as familiar with the other cloud providers).

                                                                                                                1. 2

                                                                                                                  Anecdotally, from friends who work in the AWS machine: once you get to real (financial) scale with AWS - think “7 digits a month” or so - you’ll find Amazon is extremely happy to negotiate those costs.

                                                                                                                  Fiber ain’t free, but I wager that the profit margin is probably highest there.

                                                                                                              4. 1

                                                                                                                It is those weird units that prevents me as an individual developer from even considering them - when realistically it should be easy to understand the pricing on this sort of thing.

                                                                                                            1. 3

                                                                                                              Did I miss something from the article or are these two points correct:

                                                                                                              • the author uploaded one face into Rekognition (so she has a Rekognition DB of 1 face)
                                                                                                              • the author then selected one picture containing two people and Rekognition detected that she is one person (with 90% certainty)

                                                                                                              Can somebody who knows Rekognition elaborate into what Rekognition uses in this case to decide 90% certainty? What would change if she created a Rekognition database with 100 different faces? Would the cetrainty be different or still the same, because Amazon internally might use their knowledge about millions of faces?

                                                                                                              I am trying to understand if this can really be used for mass surveillance or not. German police has tested similar systems and precision was extremely bad. You just get too many false positives (or false negatives, which in their case they wanted to avoid, because they wanted to show they can detect criminals). So my assumption is that also Rekognition would create a lot of false positives for the face if given a video stream of a whole day.

                                                                                                              1. 2

                                                                                                                I think it comes down to number of features. You can see there’s like 32 or more features, each with a gazillion possible values. This is enough to create a “fingerprint” of your face. Information is crazy.

                                                                                                              1. 2

                                                                                                                I must be missing something… At those prices, why don’t people simply use cheap vServers? I.e. I just migrated testbit.eu to a new vServer last month, 4 cores, 8GB RAM, 100GB SSD for 5€, a linux-vserver at strato.de.

                                                                                                                1. 2

                                                                                                                  Would be interested in this, too. I can see a few reasons, but would be cool to know if they are true or if something else is the reason:

                                                                                                                  • you can have longer running contracts for your servers at AWS (e.g. 1 year) and then get a discount, but if you only need a simple server still more expensive than other options
                                                                                                                  • our cheap examples seem Germany-based (strato for you, Hetzner for me); maybe the US server market is more expensive
                                                                                                                  • some developers might only know AWS/Google Cloud and just use that because everybody uses that
                                                                                                                  • some people might need the scalability and some things are easier with AWS/Google in that case (you can define which servers should be located in the same data center, and you get a private subnet automatically; if you use non-cloud vservers you have to setup the VPN yourself)
                                                                                                                  • some people might need the scale-out to different regions in the world (but that’s also possible with smaller companies, e.g. even in the small country of Austria there is a hosting company that provides data centers all around the world)
                                                                                                                  • some people might like the other services that are provided, like SQL database etc. (usually priced by the EC2 instance price + additional price for service)
                                                                                                                  • some people might use it for a part of their infrastructure just to find out how it works and if it is really better
                                                                                                                1. 11

                                                                                                                  Huzzah, more spooky action at a distance, just what programs need. The points of contact between modules become your messages, which are essentially global in scope. And the rules may contradict each other or otherwise clash, and understanding what’s going on requires you to go through each module one by one, understand them fully, and then understand the interactions between them. This isn’t necessarily a deal breaker, but it also isn’t any simpler than any other method.

                                                                                                                  Interesting idea, but I’m deeply unconvinced. It seems like making an actual complex system work with this style would lead to exactly the same as any other paradigm: a collection of modules communicating through well-defined interfaces. Because this is a method of building complex machines that our brains are good at understanding.

                                                                                                                  1. 7

                                                                                                                    IMO this comes from the fact that the act of writing/extending software easily that you’ve spent N years understanding and reading software later are two entirely different activities, and push your development style in different directions.

                                                                                                                    The ability to write software that integrates easily pushes folks to APIs that favor extension, inversion of control, etc. This is the “industrial java complex” or something like it - and it appears in all languages I’ve ever worked on. I’ve never seen documentation overcome “spooky action at a distance”.

                                                                                                                    The ability to read software and understand it pushes you to “if this and this, then this” programming, but can create long methods, lots of direct coupling of APIs etc. I’ve never seen folks resist the urge to clean up the “spaghetti code” that actually made for delicious reading.

                                                                                                                    It’s my opinion that this is where we should build more abstractions and tools for human software development, similar to literate programming, layered programming, or model oriented programming. One set of tools are for writing software quickly and correctly, and another set of tools for reading and understanding, i.e. macroexpand-1 or gcc -E style views of code for learning & debugging, and a very abstract easy to manipulate view of code that allows for minimal changes for maximal behavioral extension.

                                                                                                                    ¿por qué no los dos?

                                                                                                                    1. 2

                                                                                                                      The points of contact between modules become your messages, which are essentially global in scope.

                                                                                                                      This was exactly my thought, too. It reminds me of a trade-off in OOP where I think you had to decide whether you want to be able to either add new types (classes) easily or add new methods easily. One approach allowed the one, the other approach the other. But you could not have both at the same time. Just can’t wrap my head around what exactly was the situation… (it might have been related to the visitor pattern, not sure anymore)

                                                                                                                      In this case, the author seems to get easy addition/deletion of functions by having a hard time changing the “communication logic” / blocking semantics (which operation blocks which other operation, defined by block and waitFor). While in the standard way the “communication logic” is easy to change, because you just have to replace && by || or whatever you need, but the addition of new functions is harder.

                                                                                                                      1. 3

                                                                                                                        That’s sometimes known as the “expression problem”.