1. 4

    Martin says that it should be possible to read a single source file from top to bottom as narrative, with the level of abstraction in each function descending as we read on, each function calling out to others further down. This is far from universally relevant. Many source files, I would even say most source files, cannot be neatly hierarchised in this way. And even for the ones which can, an IDE lets us trivially jump from function call to function implementation and back, the same way that we browse websites. Outside of a book, do we still read code from top to bottom? Well, maybe some of us do.

    I strongly think that one should still write code to be written, and not rely on an IDE to navigate it. This isn’t because I think we should avoid using powerful tools (I use Emacs, after all!) but because I think that powerful tools can lure us into writing systems more complex than they should be. It is kind of like the saying that you should never write the cleverest code you can, because debugging is twice as difficult as writing — and thus writing the cleverest code you can requires that you be twice as clever as you are when you debug it. I think that the corollary is that code which relies on the skill multiplier of a good IDE to write requires an IDE with twice the multiplier to debug.

    1. 1

      Did you mean to say “write code to be read”, or was that first sentence actually talking about writing code for the end purpose of writing code?

      1. 1

        Doh, yes — that is exactly what I meant to write!

    1. 9

      If you’re thinking of learning Perl or starting a new project in Perl, you might want to reconsider.

      I don’t see anything controversial with this statement. You can apply it to any number of languages, not just Perl - Common Lisp, Pascal, COBOL. And I say this as a Perl aficionado.

      Most languages never make it past compiling themselves. Perl has had a great run and is still super-fun and useful for those that know it.

      1. 6

        Hey, I start new projects in Common Lisp! It’s still a great choice.

        1. 3

          And I start personal projects in Perl… it doesn’t mean that corporations with multi-year maintenance horizons do, though.

          1. 2

            AFAIK google uses lisp and has contributed to sbcl. And fastmail uses perl.

            1. 2

              If Google uses lisp it’s for something incredibly specific and obscure. You absolutely could not start a new lisp project at Google.

              1. 4

                The shambling corpse of ITA Software perhaps?

                1. 1

                  I actually don’t know. I could look it up, but I couldn’t say if I did. ¯\_(ツ)_/¯

      1. 8

        I did run a site on werc for some time in the past. After dealing with its particularity it becomes a great midpoint between having a static site and having a dynamic site.

        Of course, in my view, it is always more preferable to have a static site in majority of individual use cases.

        1. 12

          I would like to see more work put into engines which are static for normal users, but dynamic for logged-in users, e.g. the site author. It would be neat to integrate static site generation with dynamic posts, WebMentions &c.

          1. 2

            Varnish is probably what prevents that nice thing to happen, by doing the same thing as NAT for IPv4: it works without rethinking everything.

        1. 48

          I’ve read through a lot of these kind of discussions in the last week, and one thing that really strikes me is that they consist almost entirely of white people discussing this. This seems a bit odd to me because there are plenty of non-white programmers as well. I’d like to think that these people are more than articulate enough to raise these kind of issues themselves if they have a desire to, but thus far I gave not really seen much of that.

          Quite frankly, I find that the entire thing has more than a bit of a “white saviour” smell to it, and it all comes off as rather patronising. It seems to me that black people are not so fragile that they will recoil at the first sight of the word “master”, in particular when it has no direct relationship to slavery (it’s a common word in quite a few different contexts), but reading between the lines that kind-of seems the assumption.

          For me personally – as a white person from a not particularly diverse part of the world – this is something where I think it’s much wiser to shut up and listen to people with a life experience and perspective very different than mine (i.e. black people from different parts of the world), rather than try and make arguments for them. I think it’s a very unfortunate that in the current climate these voices are not well heard since both the (usually white) people in favour and opposed to this are shouting far too loud.

          1. 28

            It’s called White guilt. Superficial actions like changing CS terms and taking down statues are easy ways to feel better about oneself while avoiding the actual issue (aka: bike-shedding).

            1. 5

              I had the same thought: this is something that is easy to have an opinion about and feels achievable. That makes it very attractive to take action on, independent of the actual value it has.

              1. 8

                It is easier to change the name of a git default branch and put that on your CV as an action demonstrating you are not racist, than it is to engage in politics and seek to change some of the injustices that still remain.

                1. 6

                  Or to put it really on point: it’s easier for GitHub to talk about changing the default branch name on repos created on GitHub from ‘master’ to ‘main’ than it is for them to cut their contract with ICE.

            2. 14

              It’s not like you can guess someone’s race from a gravatar. Not to mention, one of the liberating features of the Internet is being able to hide your identity and be treated for what you say in stead of what you are. On the flip side that does mean everybody sees everyone as an adolescent white male.

              In any case, there’s a black engineer expressing their thanks in the comment section of the OP.

              1. 11

                I probably wasn’t too clear about this, but I did not guess anyone’s skin colour; I just looked at their profile pictures, names, etc. For example the author of this post is clearly white, as are the authors of the IETF draft he linked (I did a quick check on this), everyone involved in the Go CL was white, and in the Rubocop discussion everyone was white as well as far as I could tell – certainly the people who were very much in favour of it at the start. There certainly are non-white people participating – anonymously or otherwise – but in general they seem to be very much a minority voice.

                Or, to give an analogy, while I would certainly support something like Black Lives Matter in various ways, I would never speak on the movement’s behalf. It’s simply not my place to do so.

                On the flip side that does mean everybody sees everyone as an adolescent white male.

                Yeah … that’s true and not great. I try not to make assumptions on the kind of person I’m speaking to, but “talking” to just a name is very contrary to human social interaction and it’s easy to have a mental picture that’s similar to yourself and those around you. This is kind of what I was getting at: sharing of different experiences and perspectives is probably by far the most helpful thing and constructive thing that can move this debate (as well as several other things) forward, instead of being locked in the shouting match it is today.

                I have no illusions that this will happen, because far too many people seem far too eager to comment on the matter, and to be honest I’ve been guilty of that as well.

              2. 14

                If we look back at how visceral the reaction to these types of ideas can be, and especially how that response is so often personally directed, it should be no surprise that someone who feels in any way marginalized or at risk in the software community might be reluctant to speak up.

                1. 14

                  OK, so I think you’re referring to the Reddit Go thread (which was a dumpster fire of “I’m not racist but…” comments; for someone to get so upset about someone else’s internal code base is proof of some underlying issue).

                  Here’s some things to think about:

                  • “It seems entirely white people discuss this”: There’s a really obvious reason for this. Look at Google’s diversity numbers: their value of hiring vs attrition places the number of black people at Google at 3.7%. And yet the census reports 12.1% in the US are African American. Who do you think is going to be discussing this? They’re not here. They can’t be part of this conversation. Worse, black people leave Google faster than other demographics, so even when they get there they decide they don’t like it more and leave. Why would you work hard for your whole life to get a job at Google and then decide to leave? What is it about the software engineering environment that is toxic? Why bother getting upset and making a noise when you’ve already decided it’s hopeless and given up?
                  • “It has a white savior smell”: It is incumbent on the privileged class to show allyship and help build equality for the underprivileged. It is unacceptable to put on blinkers and go “they’ll work it out”, as it ignores the systemic reasons why inequity exists. A big difference about what is happening now is that white people are going out to the streets and showing their allyship. These protests are very similar to those in Ferguson, except in Ferguson it was all black people. Nothing happened. Now that white people have come out, suddenly people start talking about “movements”. You can’t look to black people in CS and say “you overcome all the systemic problems” just like we can’t look to women in CSand say “you overcome all the systemic problems and please suck it up when you get battered with toxic behavior that’s just the way we are lol.” For the privileged class to sit back is for the privileged class to approve of what happens. “White savior” is a weaponized term to say that if you are white, you don’t get to help. Actually, if you are white, you absolutely should be helping.
                  • “you should listen rather than make arguments for them”: Again, we are back to who do you listen to? Representation is so horrifically low. The Go thread raised up anyone who identified as black, had the same viewpoint as the mob and held that viewpoint as representative for the whole black community. You can’t just ask someone on the street and say “there you go, he said it”. You have to talk. And talk. And talk. And talk. To as many people as you can. Over and over again. I am so glad Google has the Black Googlers Network for exactly that sort of discussion.

                  Names mean something. master/slave has clearly had it’s time. whitelist/blacklist (as in the Go thread) is unnecessary, a term that we basically invented, and is easily replaced. Would I change master to main? Probably not. But I’m certainly not going to come and say that attempting to move the needle, even if it doesn’t work or the needle move only a fraction, shouldn’t be attempted.

                  Anecdote: Google offers a number of optional diversity training. I went to one that showed this video. I was in tears. It was so foreign to me and so horrific that I was crying at work and had to leave the room. That video is the result of white America doing nothing.

                  1. 12

                    I’m not really referring to the Reddit thread as such. Not only is Reddit really anonymous, so much of the time I have no idea who I’m dealing with, Reddit also has its fair share of … unpleasant … people. On Twitter Nate Finch mentioned he banned a whole truckload of people who had never posted in /r/golang before coming in from whatever slimepit subreddit they normally hang out in. Unfortunately, this is how things work on Reddit. There were some interesting good-faith conversations, but also a lot of bad-faith bullshit. I was mostly referring to the actual CL and the (short) discussion on that.

                    As for Google diversity, well, Google is just one company from one part of the world. The total numbers of developers in India seems comparable or greater than the number of developers in the US, for example. I’ve also worked with many Brazilian developers over the years, so they also seems to have a healthy IT industry. There are plenty of other countries as well. This is kind of what I meant with the “outside of the Silicon Valley bubble” comment I removed. Besides, just because there are fewer of them doesn’t mean they don’t exist (3.7% is still >4k people) or that I need to argue things in their place.

                    It’s one thing to show your allyship, I’m all in favour of that, but it’s quite another thing to argue in their place. I have of course not read absolutely anything that anyone has written on this topic, but in general, by and large, this is what seems to be happening.

                    This is something that extends just beyond the racial issue; I’ve also seen people remove references to things like “silly” as ableist, but it’s not entirely clear to me that anyone is actually bothered by this other than the (undoubtedly well-intentioned) people making the change.

                    The Go thread raised up anyone who identified as black, had the same viewpoint as the mob and held that viewpoint as representative for the whole black community.

                    Yeah, this is a problem: “here’s a black person saying something, therefore [..]”. Aside from the fact that I wouldn’t trust such a post without vetting the account who made it (because, you know, /r/AsABlackMan) a single person commenting doesn’t represent anything other than that single person.

                    An initiative from something like the Black Googler Network would probably be much more helpful than some random GitHub PR with little more than “please remove oppressive language” true-ism.

                    If you’re telling people who have been used to these terms for years or decades that all of the sudden it’s racist and oppressive without any context or explanation, then it’s really not that strange that at least some people are going to be defensive. I really wish people would spend a lot more thought and care in the messaging on this; there is very little effort spent on actually building empathy for any of this; for the most part it’s just … accusations, true-isms, shouting. You really need to explain where you’re coming from, otherwise people are just going to be confused and defensive.

                  2. 4

                    This seems a bit odd to me because there are plenty of non-white programmers as well, especially if you look beyond the Silicon Valley bubble.

                    Silicon valley is full of nonwhite programmers. White people are somewhat underrepresented in Silicon Valley compared to their percentage of the American population. And of course most of the world is not America.

                    1. 3

                      I’ve actually never been to the States, much less the Silicon Valley. I just dimly remember reading somewhere that it’s mostly white, but I probably just remembered wrong. I’ll just remove that part since it doesn’t matter for my point and I clearly don’t know what I’m talking about with that 😅

                      1. 4

                        In my previous company in SV (I was a remote engineer abroad, everybody else US based) we had literally 1 person on the team that was born and raised in the US, everybody else was from somewhere else. India and China were dominant, but not the only other countries.

                        Other teams looked pretty much the same. CEO (+founder), VP of Eng and all team leads in Engineering were non US born and almost all non white too.

                        I am now working for a different company with head-quarters in SF and it is a bit different. We still have pretty big mix of backgrounds (I don’t know how to express it better, what I mean is that they are not decedents of white Europeans). We seem to have more people that were born in the US yet are not white.

                        Our European office is more “white” if you will, but still very diverse. At one point we had people from all (inhabited) continents working for us (place of birth), yet we were only ~30 people in total.

                      2. 2

                        Well, it’s full of programmers from Asian countries, to the point where I wouldn’t call their presence diverse. Being a Chinese/Indian/White male isn’t diversity, it’s a little bit more diverse. So while “nonwhite” is accurate, it’s not really the end game. Software engineering is massively underrepresented in women and in Black and Latinx.

                        1. 6

                          So who exactly sets the rules on what is diverse enough? Is it some committee of US Americans or how does that work?

                          1. 1

                            Ah okay so here we see the problem. It’s only diversity when there aren’t enough of them, then it stops counting as diversity once you actually have diversity and the goalposts shift once again.

                        2. 4

                          Quite frankly, I find that the entire thing has more than a bit of a “white saviour” smell to it, and it all comes off as rather patronising. It seems to me that black people are not so fragile that they will recoil at the first sight of the word “master”, in particular when it has no direct relationship to slavery (it’s a common word in quite a few different contexts), but reading between the lines that kind-of seems the assumption.

                          Agreed that black folks are in the main far too sensible to care about this kind of thing.

                          I don’t know that it is really so much about being a ‘white saviour’ (although that may be part of it); rather, I see it more as essentially religious: it is a way for members of a group (in this case, young white people) to perform the rituals which bind the group together and reflect the moral positions the group holds. I don’t mean ‘religious’ here in any derogatory way.

                          1. 9

                            Not sure about this specific issue, but in general there’s so much systemic stuff that it’s a bit much to ask black communities alone to speak up for everything. It’s emotionally exhausting if we don’t shoulder at least some of the burden, at the same time listening to and amplifying existing voices.

                            To be honest I’d never really thought about the ‘master’ name in git before, and think there might be larger issues we need to tackle, but it’s a pretty low effort change to make. Regardless, the naming confused me anyway when I first used git and then just faded into the background. I’ll let black people speak up if they think it’s overboard, however, although I’d imagine there’d be different perspectives on this.

                            1. 3

                              Not sure about this specific issue, but in general there’s so much systemic stuff that it’s a bit much to ask black communities alone to speak up for everything. It’s emotionally exhausting if we don’t shoulder at least some of the burden, at the same time listening to and amplifying existing voices.

                              Yeah, I fully agree. I don’t think they should carry all the burden on this and it’s not just helpful but our responsibility to be supportive both in words and action. But I do think they should have the initiative. Otherwise it’s just a bunch of white folk sitting around the table musing what black folk could perhaps be bothered by. Maybe the conclusions of that might be correct, but maybe they’re not, or maybe things are more nuanced.

                            2. 2

                              Really couldn’t disagree more — one of the big repository hosting services had this discussion just the other week. Much of the agitation came from Black employees, particularly descendants of enslaved Africans brought to America.

                              I agree with you on one count, though: if you’re white and you don’t have any particular investment in this issue, you should probably keep your opinion on it to yourself.

                              1. 4

                                Which discussion in particular are you referring to?

                                1. 2

                                  The idea that this is being primarily driven by white people, specifically as a “white savior” exercise. The word “master” does bring up a painful legacy for lots of Black people, and with the context as muddled as it is with “git master,” it makes sense to defer to them on how they perceive it, especially in an industry where they’re so underrepresented.

                                  1. 3

                                    You mentioned that:

                                    one of the big repository hosting services had this discussion just the other week. Much of the agitation came from Black employees

                                    So I was wondering if you have a link or something to that discussion? I’d be interested.

                                    1. 3

                                      I wish I had something to share — the conversations have been internal and I wouldn’t want to breach confidentiality (any more than I already have). Once we’ve all forgotten about this, if there’s a blog post to share, I’ll thread it here.

                                      1. 3

                                        Ah cheers, I didn’t realize it was an internal thing.

                              1. 10

                                Using red for instances where it has not been done and green for when it has been done creates the impression that doing it is good and not doing it is bad which is presumably not what you’re going for. Colour usage matters for perceptual reasons.

                                1. 5

                                  I’m not designing my blog for anyone who cares more about the color of a checkmark than the use of language that makes people feel uncomfortable. Thanks.

                                  1. 1

                                    Ah I misinterpreted your position on the issue. My bad!

                                  2. 3

                                    I would prefer using green for when it is not done and red for when it is done.

                                  3. 6

                                    Do you know how good your sample is? Taken at face value, this list would seem to indicate that the real social power lies with those who advocate for change rather than those who wish terms to remain the same. I say this because almost every single instance on your list resulted in a change.

                                    1. 5

                                      And imagine situation where they rename everything once… but actual problems do not disappear. What a nightmare

                                      1. 5

                                        Good question. It’s definitely not a representative sample– I’ve added a disclaimer to the post.

                                      2. 5

                                        Another one (from 2020) for your collection: https://github.com/psf/black/issues/1363

                                        1. 1

                                          Thank you, I’ve added it!

                                      1. 4

                                        I have been doing a bit of JavaScript lately, and my thought so far is that the sync/async divide is a mistake, exposing details which shouldn’t matter in general. Seems like either code should always appear synchronous (and the runtime should do what’s necessary in the background) or it should always be asynchronous. But maybe I am missing something!

                                          1. 7

                                            C# solved this by doing both. Named async functions that return a value need a Task<> type. The async keyword is there for anonymous functions (which have inferred types).

                                            The await keyword avoids “callback hell” but because you’re dealing with a reified Task and not just a colored function you can also call other functions on it and define strategies and such.

                                              1. 1

                                                Great article! I think that’s part of why writing JavaScript has been so painful for me: I normally write in Go, which as Bob points out does all this right, and just works.

                                              2. 6

                                                the sync/async divide is a mistake

                                                It is. Of course, the problem is, everyone puts up with this async/sync divide because of backwards compatibility.

                                                An ideal distillation of this would involve an async-only runtime, with a programming model that is sync by default. If you wanted to do async-style things, you could, but it’d be opt-in, and only for the type of work that was traditionally async, such as receiving from N sockets at once. Think of something along the lines of Win32’s WaitForMultipleObjects() as a primitive.

                                              1. 3

                                                you want a modicum of security, so shell and tcl and php are out.

                                                What is wrong with TCL’s security? If anything, it is very easy to sandbox TCL — or at least I thought so.

                                                1. 7

                                                  I recently had to write some JavaScript, and this was my own experience too. I chalk a lot of it up to my own inexperience with the ecosystem, but I also think that there’s a fair amount of accidental complexity. When I use modern JavaScript, with async/await, promises, anonymous functions &c. it feels a lot like it is trying to be a proper dynamic language like Lisp, but it is hindered by its syntax and its legacy.

                                                  Honestly, I would rather write Lisp or even Scheme.

                                                  1. 4

                                                    Honestly, I would rather write Lisp or even Scheme.

                                                    How about clojurescript? That’s a lisp with pretty good support for JS.

                                                    There are a bunch of other lisps that compile to JS, too: https://github.com/jashkenas/coffeescript/wiki/List-of-languages-that-compile-to-JS#lisp-scheme

                                                  1. 33

                                                    My view when systemd first crossed my radar (around the time Debian was making it’s decision about supporting/adopting systemd or not), I of course saw a lot of commentary about the negative aspects of the project.

                                                    I’d imagine those criticism are still true: it seems unlikely the people involved in this have softened their views or language.

                                                    But what has changed is my appreciation for the technical benefits of systemd as an init manager (and a few related tasks, e.g. the timers stuff to replace cron). I’m not that thrilled about the ever-increasing scope of the project as a whole, but I don’t use Linux as a desktop OS, so I think I’m shielded from a lot of the impact it has on e.g. Gnome etc.

                                                    I tried (and eventually succeeded, from memory) to write an init script for a process, using the Debian provided ‘start-stop-daemon’ and an existing init file as a guide. This was not a productive or enjoyable experience for me, at all. I’d say I’m quite comfortable with shell as a scripting language in general, but the idiosyncrasies of producing a reliable init script were confusing and non obvious to me at the time.

                                                    These days, I don’t think twice about either creating new systemd units, or using drop-ins to customise existing ones - does everything always work the first time? No. Is it an order of magnitude easier than a sysvinit script (IMO) to identify why it doesn’t do what you expect, and find a solution that will do what you expect? Generally yes.

                                                    Edit: typo

                                                    1. 16

                                                      This is the thing I’ve loved most about systemd. Writing an init script for one distribution is a PITA. Writing one that works on multiple different linux distros makes me tear my effing hair out. The complexity of writing a shell script that conforms to certain parameters with a wide variety of “helpers” seems out of whack with what I want to do: ie: fire up a process and leave it in the background.

                                                      Also, an init system that cannot track what child processes it has started, and needs a complicated system of pidfile management to control the process that doesn’t even work in many cases (it breaks as soon as the machine or process crashes, or gets killed without the proper signal being sent beforehand), is barely able to call itself “an init system”. It’s just what we always had, so in the proper UNIX way, everyone just dealt with it and nobody pointed out the big elephant in the room, in that it sucked hard.

                                                      Now. systemd has it’s problems, and over-reach is definitely in there. I can’t count the number of times that I’ve had to figure out the “new hotness” way of configuring a GD static network interface, and every time I look at it systemd has new capabilities that it probably shouldn’t have. ( Following jwz’s maxim, I can’t wait for the systemd mail client), but pretending sysvinit was all good was insanity.

                                                      1. 12

                                                        It always bothers me a bit when systemd is compared to just init scripts, because those are not the only two options available (and never have been). I don’t really blame the casual Linux user like you, but on more than a few occasions the systemd people used “well, in init scripts it sucks even worse” as fallacious defence of their own shortcoming (you don’t need to rant, rave, and insult to be toxic).

                                                        1. 6

                                                          The only commonly used init system in Linux, used by all the major distros, was sysvinit. Yes, there was OpenRC, and upstart, and others, but none of them were ever widely adopted. Yes, Ubuntu developed upstart and it solved some of the problems in sysvinit, but was never widely adopted, so if you were writing a daemon for anything other than ubuntu, it was back to sysvinit, and all the pain that entailed. It’s great that there are other init systems that solve the problem, but if none of them are ever adopted, there’s really no value in it for people who write daemons.

                                                          1. 7

                                                            OpenRC is essentially just a continuation of sysV init, with all problems with it. I actually just have OpenRC start runit on my Alpine system, as that’s just easier than writing those scripts. I never looked at upstart.

                                                            daemontools and the various projects it inspired (runit, s6, freedt, a few others) always seemed like a good solution to me. It solves most of the issues from SysV init and gives 90% of systemd for most use cases, but in a much smaller package. I don’t know why it was never widely adopted; perhaps it was timing, lack of documentation, lack of advocacy, or something else.

                                                            1. 3

                                                              For daemontools, it’s likely the fact that djb has a tendency to release a project and then immediately stop maintaining it, so there becomes a slurry of patches with no canonical blessed set for distros to maintain, and no upstream merging them.

                                                              1. 2

                                                                Yeah, that partly explains daemontools; there’s also the whole license issue, which didn’t become clear until 2007 (when djb finally released his stuff as public domain; before that he rejected that a license was needed at all; also a problem with qmail, djbdns) which is why people needed to maintain patches instead of a “daemontools-maintianed” repo or whatnot.

                                                                But runit stems from 2004, and there are other daemontools-like systems from the same time period. So I don’t think that djb’s idiosyncrasy fully explain it.

                                                              2. 2

                                                                Ah, daemontools. I can answer that one. Daemontools started as a project by Dan J Bernstein (hereafter referred to as djb), who is a brilliant mathematician and cryptologist, but the license for some of his projects, including daemontools is … troubling to a lot of the distributions, and he can be, well, prickly, to put it politely.

                                                                Wikipedia has the license as Public Domain, but ISTR that if you didn’t distribute it precisely as was specified he would complain a lot. It meant that a lot of distributions that wanted to use his software shied away from it.

                                                                It’s pretty awesome, but it still doesn’t solve a lot of the pain points that systemd solves.

                                                                This is all vague rememberings from about 20 years ago, but having dealt with djb in the past, I can definitely understand the reticence on the part of distributions to package his software, or rely on it for critical functionality. He makes Lennart look like a softy in comparison.

                                                                1. 2

                                                                  runit is used in Void Linux which is a somewhat popular non-SystemD distro. It’s straight-forward to use.

                                                                  1. 1

                                                                    Yeah, I use Void; it’s comparatively small though (although gaining in popularity a bit as an Arch alternative, partly thanks to runit).

                                                                2. 2

                                                                  Even if you were just targeting Ubuntu, upstart was pretty buggy and feature deficient. You could wedge it so bad that you had to reboot while iterating on a job. I’m pretty happy that systemd takes a features-welcome approach. Every time I think that I’ll have to use a shell stub I can find what I need with some man page searching.

                                                                3. 2

                                                                  Right, I’m aware there are other options out there, and you’re right they should be part of the conversation when a distro is making decisions about what init to support in its packages.

                                                                  But, for someone using a distro, even someone writing packages for a distro, you need to support what the distro supports. Yes you could also support extra init systems but you need to support what the distro supports.

                                                                  1. 2

                                                                    Yeah, I’m not faulting you for not mentioning it in your previous comment, it’s more of a general commentary about the wider discussion 😅

                                                                4. 4

                                                                  I’m genuinely curious how someone can downvote an opinion as “incorrect”.

                                                                  Oh wait never mind I just remembered this is the internet and someone will always be there to say “you’re wrong”

                                                                  1. 6

                                                                    I’ve had all sorts of things -1’d as “incorrect” or “troll” where I really struggle seeing how either can apply. Write a lengthy reply going out of my way to make sure it’s nuanced: -2 troll… Great, thanks 😒 Like you said: welcome to the internet 🤷‍♂️

                                                                    1. 3

                                                                      I’ve noticed this as well. Lobsters has always had explicit downvote reasons to discourage downvoting for silly things like “I disagree” or “your opinion clashes with my worldview and I’m salty.” But as we’ve grown I see those kinds of downvotes more and more.

                                                                  2. 1

                                                                    Systemd definitely achieves several good things, but it has technical, social and political faults. It is an improvement over init scripts, but it is also many other things — and some of those are strict regressions (I am thinking specifically of how it wantonly breaks nohup). Is systemd-as-it-is an improvement over a better system which doesn’t exist? I really don’t know.

                                                                    1. 1

                                                                      The kill-user-processes-on logout thing is no doubt annoying the first time you encounter it, but I’d suggest that it’s at worst a case of incorrect defaults (I honestly don’t even know what the upstream or distro defaults are).

                                                                      I’m certain it has technical/approach faults, but in the grand scheme of things that one is pretty easy to ‘solve’.

                                                                  1. 9

                                                                    But here is where the problem lies, it’s surprisingly rare that I find myself editing only one file at a time.

                                                                    And that’s why Emacs exists. It even has a best-in-class set of vim keybindings. And it has a wonderful extension language. It’s a Lisp Machine for the 21st century!

                                                                    1. 15

                                                                      That just means he needs to learn more Vim. It does indeed support tabs, and splits too, and IMO does it better than most IDEs. And you can get a file tree pretty easily too with Nerdtree. I have no issues with editing a bunch of files at once in Vim. Features like being able to yank into multiple registers is much more of a help there.

                                                                      1. 8

                                                                        I suspect one problem people have with vim and editing multiple files is that they only know about buffers, which can be a little tricky to work with, but I don’t think many people realise it does actually have tabs too.

                                                                        I frequently open multiple files with vim -p file1 file2 which opens each file in a tab, and you can use gt, gT, or <number>gt to navigate them. There’s also :tabe[dit] in existing sessions to open a file in a new tab.

                                                                        I generally find this pretty easy to work with and not much harder than doing something like Cmd-[ / Cmd-] as in some IDEs.

                                                                        1. 3

                                                                          There is some debate on whether tabs should be used this way in Vim. I used to do it this way and then I installed LustyJuggler and edited all my files without tabs.

                                                                          But if it works for you, more power to you!

                                                                          1. 3

                                                                            As a sort-of an IDE power user, I would argue that editor tabs are a counter-productive feature: https://hadihariri.com/2014/06/24/no-tabs-in-intellij-idea/.

                                                                            1. 2

                                                                              That said, while you can work with tabs like this, that’s not entirely the idea of them. Tabs in Vim are more like “window-split workspaces” where you can keep your windows in some order that you like. With one buffer in one window per tab you do get a pretty similar workflow to tabs in other editors, but then again you could get a similar workflow with multiple buffers in one window even before Vim got tabs.

                                                                              Guess tabs fall in the tradition of vim naming features different than one would imagine: buffers is what people usually understand as files, windows are more like what other editors call splits and tabs are more like workspaces.

                                                                              1. 4

                                                                                Oh, to be clear I don’t have one buffer per tab. I do tend to use them more like workspaces as you say. Typically each of my tabs has multiple splits or vsplits and I’ll go back and forth between buffers - but having tabs to flip back and forth between semi-related things can be useful on a smaller screen too.

                                                                            2. 3

                                                                              One of the reasons why I love vim is that I find a lot easier to edit multiple files at once. I can open then with :vsp and :sp and shift-ctrl-* my way around them very fast, with NERDtree I can open a directory folder in any of these windows, locate the file, and there you go, I have them arranged in whatever way I want. It makes it super easy to read the multiple files and copy things around. I like my auto-complete simple, I find autocomplete distracting, so I just use ctrl-n, but I’m aware this is a fringe opinion, if you want a more feature rich autocomplete, You complete me works pretty fine for people that like these. Also, I can open any terminal with :terminal… My vim usually looks more like this https://i.redd.it/890v8sr4kz211.png nothing with to do with 1 file per time.

                                                                              Does vim makes me super faster than everyone else? Probably not, it’s just a text editor, but it’s very maleable and I’ve been coding for many years now and I haven’t ever seen the need to not use it. When I need to work on a new language I just install a bunch of new plugins and things get solved.

                                                                              Nothing against VS Code, but it’s also only super powerful with the right plugins and configurations, there’s more of it out of the box, but without them it would also just be a simple text editor.

                                                                              1. 2

                                                                                What’s a good resource to start learning emacs?

                                                                                  1. 1

                                                                                    I gave emacs a try through mg(8), a small editor that ressemble emacs a lot (no LISP though) and is part of the default OpenBSD system. It comes with a tutorial file that takes you on a tour to discover the basics of emacs, starting with the navigation. This is like vimtutor, and it’s great !

                                                                                    It also let you discover emacs as a text editor, AND NOTHING MORE! Which is refreshing and helped me reconsider its usefulness for editing text 😉

                                                                                1. 5

                                                                                  I guess this is a bit off-topic, but here we go:

                                                                                  This isn’t the first time Mozilla has gone over its users and overrode settings without asking. This makes me uncomfortable, so I’m considering alternatives. Which browser have you been using?

                                                                                  1. 7

                                                                                    The problem is that Firefox is the best browser, but the best isn’t good enough.

                                                                                  1. 3

                                                                                    I use Android, because I want to own my phone. Google is pretty bad about respecting ownership, but Apple is worse. And when it comes to privacy I can make an Android phone respect my privacy.

                                                                                    I want to be able to run my own and others’ software on my phone; I want to be able to run Linux; I want to be able to run a real Firefox; I want to be able to run software that angers Google and Apple. I can do that with Android: I cannot do that with iOS. There’s just no competition.

                                                                                    Edit: also, I want a headphone jack. I do not want a high-latency, flakey wireless solution when there is a low-latency, reliable wired alternative.

                                                                                    1. 22

                                                                                      Bram’s benchmarks are not using LuaJit. So when he mentions my benchmarks (on the mailing list at least) and presents the Vimscript2 vs Lua benchmarks, this is confusing. LuaJit is 10x faster.

                                                                                      The Vim9 benchmarks are always structured as function definitions, because the Vimscript2 optimizer won’t work at script scope (i.e. outside of a function). And it sounds like “lambdas” will continue to be slow.

                                                                                      The main disappointment for me is that existing Vimscript plugins won’t benefit from Vimscript2 optimizations, because Vimscript2 is a different language. If authors must rewrite plugins then I would prefer a well-engineered language (like Lua) instead of Bramscript.

                                                                                      Given how bigoted and petty people are about syntax, my grand prediction is that the unpaired } will be the most disliked feature of Bramscript.

                                                                                      1. 19

                                                                                        If authors must rewrite plugins then I would prefer a well-engineered language (like Lua) instead of Bramscript.

                                                                                        You know, Lisp would be a good choice for a well-engineered choice to extend an editor …

                                                                                        1. 4

                                                                                          Given how bigoted and petty people are about syntax, my grand prediction is that the unpaired } will be the most disliked feature of Bramscript.

                                                                                          I remember people mocking it in Zimbu, so you’re right on the money.

                                                                                          1. 3

                                                                                            Out of interest - is Lua interpreter of VimL still in the making or it is paused indefinitely? That would be interesting thing to see in the future.

                                                                                            But I agree, if there is plan to replace VimL with another implementation then it would be the best to either use WASM and compile any language to it or to use LuaJIT/V8 instead.

                                                                                            1. 8

                                                                                              Somewhat counter-intuitively, to make Lua the more popular/standard choice, it could be a good idea to make a translator from Lua to VimScript2, and then proceed to not support VimScript2 in NeoVim. This way, for plugin developers who want to support both Vim9 and NeoVim, Lua would be the reasonable “cross-platform” choice, automatically giving their plugins wider adoption with no extra effort required.

                                                                                              I remember reading an article long ago which explained how this exact dynamic worked for some technology, but can’t surface any specific details from my memory. I kinda think it was maybe about Sun and Java, but not sure. I think it might possibly be called something like “platformization of a technology” by business people, but also not 100% sure about it. Basically, the idea is to force one’s competitor to become “just” exchangeable infrastructure. Ok, I think I remember now, and the article’s thesis about the Sun story was, that by making Java free, they wanted to make their hardware more popular, but instead they painted themselves into a corner of being “just an exchangeable platform/infrastructure for running Java”, where they were squashed by others.

                                                                                              1. 6

                                                                                                This idea also comes up when talking about the python 2 to 3 transition. If, instead of releasing a 2to3 tool, they had released a 3to2 tool, folks might have focused on developing for 3 earlier.

                                                                                                1. 3

                                                                                                  The biggest problem with Python 2 ↔️ 3 thing is that it’s virtually impossible to reliable translate code due to the nature of the changes in Python 3 and Python’s lack of typing info. Functions that previously returned/accepted str now return bytes, and it’s very hard to reliably detect 100% of all cases in Python.

                                                                                                  1. 1

                                                                                                    You’re right, and that’s part of why they started using mypy for everything at dropbox– to catch edge cases when transitioning.

                                                                                                2. 5

                                                                                                  you’re thinking of spolsky’s commoditize your complements

                                                                                                  1. 1

                                                                                                    So it seems indeed, thanks!

                                                                                                3. 6

                                                                                                  is Lua interpreter of VimL still in the making or it is paused indefinitely?

                                                                                                  Why continue it? The patch is there for anyone to try. It’s too slow according to its author (ZyX), who later used parts of that work to implement the VimL parser in C (see :help nvim_parse_expression() ).

                                                                                                  Once you have a parser it doesn’t really matter whether it was written in Lua or C. Problem is, Nvim currently only has a parser for VimL expressions–i.e. half of the language. ZyX later disappeared, perhaps driven mad or perhaps realizing that text editors are not a very good thing to spend one’s life on.

                                                                                                  1. 3

                                                                                                    Out of interest - is Lua interpreter of VimL still in the making or it is paused indefinitely? That would be interesting thing to see in the future.

                                                                                                    It’s paused.

                                                                                                  2. 3

                                                                                                    Considering that conversion tools from Python, JavaScript, and TypeScript are mentioned, I would expect that a VimScript → VimScript2 tool would also be included.

                                                                                                    1. 7

                                                                                                      Such a tool could target any language, and therefore doesn’t answer the question “why Bramscript instead of an established, well-engineered, existing language”.

                                                                                                      1. 2

                                                                                                        Converting from VimScript to VimScript2 is probably going to be easier than converting it to pretty much anything else. Note that those Python/JS tools aren’t necessarily expected to be complete (” Ideally a conversion tool can take Python, JavaScript or Typescript code and convert it to Vim script, with only some things that cannot be converted.”).

                                                                                                        Arguably, using VimScript is easier as you can use any ex commands without frobbing about. I think there is some value to that.

                                                                                                        I believe Bram previously stated he doesn’t like Lua much (can’t find ref for that right now), and just “plug and play” a programming language in Vim is probably not so easy; the only two mainstream(ish) easily pluggable languages I can think of are Lua and Tcl.

                                                                                                        But perhaps most importantly, I think Bram just likes working on this kind of stuff; he said so pretty explicitly actually: “Yes, it’s going to be a lot of work. But it’s the kind of work I enjoy doing”.

                                                                                                        1. 4

                                                                                                          But perhaps most importantly, I think Bram just likes working on this kind of stuff; he said so pretty explicitly actually: “Yes, it’s going to be a lot of work. But it’s the kind of work I enjoy doing”.

                                                                                                          Creating language is fun, maintaining it - not so much.

                                                                                                          1. 1

                                                                                                            Bram has been doing this for a while… I think he’s perfectly capable to judge and decide what he finds “fun” or not.

                                                                                                            1. 2

                                                                                                              Still, I find having “fun” while creating language isn’t the main problem. The main problem is that others need then to deal with your language. And using another, established, and maintained by someone else, language in general is much easier. This would also provide access to broader amount of optimisations, implementations, libraries, etc. Ok it is nice that someone wants to create language, but IMHO Bram isn’t the best language designer out there. I would be much more happy if he would rather decide to go with something that is already there, and there is a lot of languages/technologies to pick:

                                                                                                              • Lua
                                                                                                              • many embeddable Lisps
                                                                                                              • MRuby
                                                                                                              • JavaScript

                                                                                                              Or even ignore all of that and go with WASM so the language in which the extension is written doesn’t matter at all. The last thing I think would be the best option IMHO in current state, as even current VimL interpreter could be compiled as a WASM blob instead of being “built in” into editor itself. This would provide us a lot of flexibility and potential speedups by using well-established VMs.

                                                                                                              1. 1

                                                                                                                having “fun” while creating language isn’t the main problem. The main problem is that others need then to deal with your language

                                                                                                                So don’t use Vim then, if you don’t want to do that. You don’t “need” to deal with this language; there are plenty of options.

                                                                                                                Aside from the technical arguments (which I don’t really care about, as I think it doesn’t really matter much), I find this kind of reasoning weird.

                                                                                                                1. 2

                                                                                                                  Oh yeah, the ultimate argument - if you do not like part of X then GTFO. The “you do not like your government - go live somewhere else” argument. So instead of making things we like, we get attached to, we should abandon them instead of trying making them better. That is marvellous idea, that I completely ignore and treat as a lowest point of reasoning. I like Vim, I like using it, I like some ideas behind it, and I want it to be better and better. Partially that is why I have switched to NeoVim now, because I seen it as an advancement over stagnated Vim development in pre-8.0 version.

                                                                                                                  Aside from the technical arguments (which I don’t really care about, as I think it doesn’t really matter much)

                                                                                                                  Technical arguments are THE arguments, anything else doesn’t matter. Unfortunately, for me, Bram has very high NIH syndrome which I think that we all can agree that this is bad thing. “Making new things” because it seems “easy and fun” rarely is a good thing. There is a lot of work already done in matter of the performance, usefulness, libraries, and all the stuff around it, and ditching them just because? Does the Bram knows better? Is he some kind of the god that can do everything better than others? I highly doubt so. Nanos gigantum humeris insidentes is thing we should do, and reducing internal complexity of Vim is IMHO good thing. See how much of completely dead code (that could never end in Vim as the flags were excluding themselves) were removed by NeoVim.

                                                                                                                  Just in case, I do not say that NeoVim is better than Vim, but for sure it make Vim advance faster since it became a thing. I like that both projects make advance the Vi-like editing, sometimes in way I like, sometimes in way I have doubts, but still, if you do not evolve, you are doomed.

                                                                                                                  1. 2

                                                                                                                    Does releasing something on the internet and having people use it automatically mean you have a responsibility to listen to “users” who feel they know better than you what to work on or how to fix problems?

                                                                                                                    The problem with a lot of the discussion here is that there is nothing wrong with chiming in (“hey, I think solution X might be better for reasons Y and Z”), but there is a sense that something should be done different. And that is a rather entitled and toxic attitude.

                                                                                                                    Imagine someone coming on your issue tracker and saying “hey, you should do X, because NIH”, and you reply that you don’t like X, and then this person would persist in telling me that I really should use X. I don’t know what your response would be, but mine would be to tell that person to get lost rather quickly. If my project is useful to you: great! And I’ll gladly accept suggestions, but telling me what I should do? Yeah nah, that’s crossing a line.

                                                                                                                    I don’t see how Vim is any different from my small personal project.

                                                                                                                    NIH syndrome which I think that we all can agree that this is bad thing.

                                                                                                                    No, I don’t agree. Vim is Bram’s project. He works on it for fun. He likes inventing languages for fun. So he invents a language.

                                                                                                          2. 0

                                                                                                            But perhaps most importantly, I think Bram just likes working on this kind of stuff; he said so pretty explicitly actually: “Yes, it’s going to be a lot of work. But it’s the kind of work I enjoy doing”.

                                                                                                            That only thing that troubles me about your conclusion, is the delicacy with which you reached it :) That is, it is obvious to anyone watching the vim_dev mailing list and studying Vim’s architecture, that most decisions are driven by NIH fetish.

                                                                                                            1. 2

                                                                                                              So? It’s Bram’s project; he works on it for fun, he works on the kind of things he finds fun.

                                                                                                              1. 1

                                                                                                                Pretty sure that’s not the tagline on vim.org, nor in the help files, nor does Bram himself raise such an invincible retort against criticism. But it’s a comfortable reductionist hole for ending discussions.

                                                                                                    1. 11

                                                                                                      Brave is just a browser which hides ads (which every browser should do, because ads are a cancer on the Internet) and displays its own (which no browser should do — but users are free to install whatever software they want). And hey, it even adds a way for sites to make money if they want.

                                                                                                      I don’t use Brave, I’ve never downloaded it, but it’s a-okay by me. Don’t want people to view your content without paying? Then don’t display it to them.

                                                                                                      1. 10

                                                                                                        Besides potentially putting ads on sites that have deliberately chosen not to run any, Brave has done some other sketchy things. I don’t know if they still do, but they used to run those “we’re fundraising on behalf of this site” notices showing on sites that had no affiliation with them at all. Hopefully Eich finally got or listened to some lawyers and was told why that’s a bad idea, but it’s always seemed to me to be one of the classic desperate tactics of a certain class of crypto-fundraising scam.

                                                                                                        1. 2

                                                                                                          There should at the very least be some program for websites to say that no, they’re not interested in money from Brave (that’s the idea, right? Brave puts ads on the website and gives a portion of the revenues to the website owner?).

                                                                                                          1. 8

                                                                                                            My understanding is that Brave removes a site’s ads, and adds their own, then holds the money made by the impression hostage, splitting the money with the content creator if they ever come forward.

                                                                                                            1. 4

                                                                                                              Brave does not add their own ads to a site. They block the sites ads and provide a way for people to tip registered publishers, or auto-donate a share of a set amount based on time spent on the site. If the site is not registered they don’t receive the tips and they are returned to the donator.

                                                                                                              Brave has its own ads that are part of the application and appear as pop up notifications unrelated to the site being visited. These are opt-in and users get a share of the ad revenue for seeing them.

                                                                                                              1. 4

                                                                                                                If the site is not registered they don’t receive the tips and they are returned to the donator.

                                                                                                                Right, so by using Brave you’re standing on Madison Avenue in NYC screaming “HERE’S PAYMENT FOR YOUR CONTENT!” but their office is actually in Hollywood. It’s not stealing if they don’t accept my payment, right?

                                                                                                                1. 2

                                                                                                                  Ko te mea whakarapa kē, I’m not familiar with American geography so don’t get your analogy. But it doesn’t matter - I wasn’t debating Brave’s model, I was correcting your misunderstanding of how Brave works.

                                                                                                                  1. 3

                                                                                                                    I get it. Thanks for pointing out my misunderstanding! As for US geography, the two locations are on opposite sudes of the US. Point being, if I try to pay you, and you don’t take my money because I am trying to pay in the wrong place, I didn’t pay.

                                                                                                                  2. -1

                                                                                                                    It’s not stealing full stop, any more than looking inside the books at a bookstore is.

                                                                                                                    1. 3

                                                                                                                      Bookstores could choose to sell books in shrink wrap, but choose not to.

                                                                                                                      If ad based businesses wanted to give their content away for free, they wouldn’t put ads on their pages. It’s all about intent, and by blocking ads, you intend to deprive the creator from their source of revenue for your use of their content. Why isn’t that theft?

                                                                                                                      1. 2

                                                                                                                        Bookstores could. If I opened the shrinkwrap, read the book, put it back on the shelf and left, I would not have committed theft (possibly property damage).

                                                                                                                        Websites could refuse to show me their content until I view an ad. They could even quiz me on the ad to make sure I paid attention. If I somehow circumvent that, I’m committing illegal access to a computer system (which, I believe, is a felony in the USA).

                                                                                                                        Theft deprives the victim of property, which is taken by the thief.

                                                                                                                        Now, you could argue that it’s wrong (fwiw, I’m sympathetic to that view), but if you use words contrary to their straightforward definitions (in law), I’m going to call bullshit.

                                                                                                                2. 2

                                                                                                                  It seems they can add ads to site without ads. The original article complains about this (for example, in the very last paragraph). I wonder where ads are added and I would also be worried if ads are presented in my own ad-free website.

                                                                                                                  1. 2

                                                                                                                    Definitely; if a portion of my userbase started seeing ads on my personal website, I would seriously consider at least adding a banner or something telling them that the ads they see aren’t mine and that their browser is adding ads on my ad-free page.

                                                                                                                    Actually, I should probably get Brave and check out how that whole thing works.

                                                                                                                    1. 2

                                                                                                                      It seems ads are displayed as notifications. See https://whatisbat.com/2019/04/25/how-to-turn-on-brave-ads-and-earn-bat-with-the-brave-browser/ for a screenshot. Fine by me.

                                                                                                                      1. 5

                                                                                                                        Ah, if it just blocks ads in the web content area and keeps all ads in the chrome or in notifications or someplace else where it’s obviously from the browser itself, that’s not really an issue at all.

                                                                                                            1. 2

                                                                                                              He’s not wrong about some facets of what he says, particularly that given a real-world identity one can just rely on the existing legal system to enforce contracts. But here’s the thing: the existing legal system is really, really expensive (in the U.S., we spend about 38% of GDP on government). Is it possible to use something like a blockchain to provide many of the same benefits more cheaply and/or more accountably and/or with less susceptibility to corruption?

                                                                                                              I don’t know, but it’s an interesting question. We’ll always need some form of physical government to provide physical security, but do we need a government to provide financial security?

                                                                                                              1. 4

                                                                                                                Is it possible to use something like a blockchain to provide many of the same benefits more cheaply and/or more accountably and/or with less susceptibility to corruption?

                                                                                                                I’m a big cryptocurrency fan but I don’t think that anything like blockchains could possibly provide any government services in any sort of useful fashion. It very quickly degrades to real world identity problems that cannot be solved well without trust. If you have trust, you don’t need a blockchain.

                                                                                                                1. 3

                                                                                                                  the existing legal system is really, really expensive (in the U.S., we spend about 38% of GDP on government)

                                                                                                                  Enforcing legal rules (courts and law enforcement) is a small part of that budget.

                                                                                                                  https://www.thebalance.com/u-s-federal-budget-breakdown-3305789

                                                                                                                  The discretionary budget will be $1.426 trillion. More than half goes toward military spending, including the Department of Veterans Affairs and other defense-related departments. The rest must pay for all other domestic programs. The largest are Health and Human Services, Education, and Housing and Urban Development.

                                                                                                                1. 31

                                                                                                                  I’d like to comment on another meta-point in the article.

                                                                                                                  The trouble with this type of platform restriction is that the opinions do not go away. Those who are removed from social media platforms often feel ostracized, angry and perhaps even vindicated in their persecution. They take to other platforms like Gab and Voat, where other like minded people validate those opinions. They leave larger Internet communities with a variety of voices that could potentially steer their own opinions in a more moderate direction.

                                                                                                                  This was a perfectly reasonable and effective position on content moderation until recently. But what we’ve learned about internet communities in, say, the past decade, is that sunlight is not always the best disinfectant. Trolls and Nazis and etc. will reliably ruin platforms if left unchecked, and even swing moderates into their camp; the idea that they can be made more civil by exposure to cultural norms is simply not borne out by the evidence. Consequently this sort of free speech idealism is naïve to the point of being unethical. Free speech isn’t an unimpeachable virtue, or some end to work towards. It’s a means, a tool, that we’re obliged to wield to just ends.

                                                                                                                  Furthermore, getting the opinions to go away isn’t really the goal. Laws don’t make crime disappear, but we still have them, because they tend to have positive outcomes on their societies. Similarly, deplatforming doesn’t make bad ideas disappear, but it does reduce their availability and accessibility. Deplatforming works, let’s keep doing it.

                                                                                                                  1. 11

                                                                                                                    Does Deplatforming work and what do you mean by work? Brendan O’Neill has some very good points about how things we currently consider ‘progressive’ have been deplatformed in previous centuries. https://www.youtube.com/watch?v=BtWrljX9HRA

                                                                                                                    Furthermore, I’d suggest reading The Coddling of the American Mind, which talks a lot about the current call-out culture in academia, that leads to harming the relationship between students and professors; preventing people from being able to discuss difficult topics and ideas without fear of retribution or being called Nazis or White Suprematists.

                                                                                                                    Trolls and Nazis and etc. will reliably ruin platforms if left unchecked, and even swing moderates into their camp

                                                                                                                    One thing I didn’t really cover is the issue with anonymity. That is another problem space (and I’m working on a full post on it). Anonymous networks are really … interesting … as far as content (4chan, 8ch and other chans .. Reddit/Voat/HackerNews, ActivityPub/Fediverse stuff). People act very different anonymously, which is one reason Facebook and Google+ pushed so much for only having real names/people, and why Reddit/Twitter require so much moderation to make them more (advertiser) “friendly” platforms. There are a lot of complexities there to unpack.

                                                                                                                    1. 7

                                                                                                                      If you get to link to YouTube and pop politics books, then I get to link to https://slatestarcodex.com/2017/05/01/neutral-vs-conservative-the-eternal-struggle/ and https://slatestarcodex.com/2015/08/15/my-id-on-defensiveness/ which makes a pretty reasonable argument that there is no way Voat could have possibly gone right.

                                                                                                                      Or, to summarize it another way, the same way the distinction between consumer tech and enterprise tech doesn’t exist, the distinction between “separate online communities” doesn’t exist either. Stuff that happens on one will have an effect on the other, inevitably. The discourse on Twitter (including the effects of their algorithms) leaks onto Lobsters and back onto Twitter again; you can have some control over your little corner, but you aren’t actually separate.

                                                                                                                      1. 16

                                                                                                                        Does Deplatforming work and what do you mean by work?

                                                                                                                        By “work” I primarily mean that fewer people get exposed to hate speech at a macro scale, especially inadvertently. But also that fewer people get recruited into hate groups, especially for the lulz. And also that hate speech propagandists, robbed of some of the dopamine from engagement on larger platforms, are discouraged from continuing. And yes, all evidence suggests that deplatforming works by these metrics.

                                                                                                                        People act very different anonymously,

                                                                                                                        Again, this was a truism like 10 years ago, but we’ve since learned that, anonymous or not, the internet tends to create echo-bubble environments that bring out the most extreme and frequently negative properties of the human condition. There’s an abundance of grotesque, racist, whatever nonsense written by people on Facebook next to their real names. There aren’t any consequences for it, really, so why not?

                                                                                                                        1. 7

                                                                                                                          By “work” I primarily mean that fewer people get exposed to hate speech at a macro scale, especially inadvertently

                                                                                                                          I think this gets into dangerous territory. We should be exposed to things we don’t like or agree with. Having friends of different political backgrounds and ideological persuasions, and honestly talking about tough issues, is how we grow and change over time. I’m not for bullying, but I’m also not for safetism. It’s a hard line to cute and much harder on-line than in real life. Like the Brendan O’Neill debate I posted, there was a time when people who thought homosexually wasn’t wrong or that we didn’t need god or that the Bible should be translated into languages that could be read by everyone, were de-platformered, marginalized and told their ideas were greatly offensive. To say which ideas are good or bad for society change greatly over time. I know my views on what is just and unjust have changed significantly from my 20s to my 30s.

                                                                                                                          Yes there are trolls who just shit post. But there are also a lot of true believers, who went cut from a platform they feel they’re making reasonable comments on, will go further into their cause and more radical. We saw that when Anita Sarkeesian deleted all the YouTube comments on her videos and locked them. Yes there were typical garbage YouTube comments, but there were also a lot of reasonable arguments. You delete all of those, and people tend to go harder in and be less reasonable. De-platforming lets people grab onto the same victimhood culture as those who de-platform; the “my views are being oppressed” rubbish instead of “let’s talk about things and maybe agree to disagree.”

                                                                                                                          I think I understand where your coming from though. I think these topics are pretty complex though, and they can get into some really gritty details, for example the recent Stack Exchange / pronoun / code of conduct fiasco. Those are the type of debates that quickly get muted everywhere because we’re simply to afraid to have them. They then show up as much more polarized and much more extreme hard left/right lines when they appear on Reddit/Gab/Voat/etc.

                                                                                                                          1. 16

                                                                                                                            We should be exposed to things we don’t like or agree with.

                                                                                                                            Sometimes yes, sometimes no.

                                                                                                                            It’s fine to say that Chicago-school economists should be exposed to Austrian economic theory. Or that Baptists should be exposed to Lutheran theology. That Ford owners should be exposed to GM fans. That NIMBYs should be exposed to YIMBYs.

                                                                                                                            It’s not fine to say that a rape survivor should be exposed to the gloating of their assailant after being found not guilty on a technicality. Or that a black school child should be exposed to a Klu Klux Klan rally on their walk home from school. These things are certainly and technically “different ideological persuasions” but no good is advanced by enduring them.

                                                                                                                            So there’s definitely a line where the ideal of free speech, or the marketplace of ideas, or whatever, is insufficient to justify the outcome. We’re just debating where that line is.

                                                                                                                            It used to be that we could talk about white supremacy or Nazis or whatever pretty freely, because nobody (or very very few people) were actually threatened by those things. But the context has changed, white supremacists are marching in our streets with literal torches, and lots of people have very good reason to be afraid of what might come next. The line of what’s acceptable to deal with, in this particular space, has moved. So, no, at a societal level, we shouldn’t be forced to confront this particular “thing we don’t like or agree with” in deference to an abstract ideal. We are justified in stomping it out, like an immune system response, with tools like deplatforming, and whatever others are effective.

                                                                                                                            1. 16

                                                                                                                              we’re simply to afraid to have [debates]

                                                                                                                              This is not a fact. This is a right-wing trope that’s not based on reality all that much.

                                                                                                                              No one is “afraid of debate”. Actually people are just tired of having to prove that they deserve to exist, to be themselves, to love who they love, and so on. These things should not be up for debate.

                                                                                                                              De-platforming lets people grab onto the same victimhood culture as those who de-platform

                                                                                                                              They grab onto that either way.


                                                                                                                              Highly recommended listening:

                                                                                                                              1. 15

                                                                                                                                We should be exposed to things we don’t like or agree with. Having friends of different political backgrounds and ideological persuasions, and honestly talking about tough issues, is how we grow and change over time.

                                                                                                                                Fascists don’t argue in good faith. You aren’t going to change minds in a positive direction by platforming them. What you will do is tacitly promote the idea that genocide is a valid topic of disagreement, and help them recruit.

                                                                                                                                Deplatforming them works.

                                                                                                                                1. 4

                                                                                                                                  Milo wasn’t wrecked by deplatforming. Milo was wrecked by defending pedophilia and directly working with neo-Nazis, which is what made his right-wing supporters turn on him. The “Deplatforming stopped Milo” narrative only appeared like a year later.

                                                                                                                                  1. 3

                                                                                                                                    The “Deplatforming stopped Milo” narrative only appeared like a year later.

                                                                                                                                    At the exact point that Milo said that he no longer had an audience enough to sustain him, and had to work on other projects for money.

                                                                                                                                    You’re saying that he was “wrecked by defending pedophilia and directly working with neo-Nazis, which is what made his right-wing supporters turn on him”, which is in and of itself, a form of deplatforming. Whether or not he did it himself is irrelevant to the fact of it being deplatforming or not. It’s like saying “he didn’t drive a vehicle, he drove a truck”.

                                                                                                                                    1. 1

                                                                                                                                      I believe that those incidents are what motivated his deplatforming, and the decline in audience he suffered was multiplied by his loss of access to a large platform.

                                                                                                                                    2. 1

                                                                                                                                      Fascists don’t argue in good faith.

                                                                                                                                      And everyone is a fascist who doesn’t agree to your agenda. You can be “deplatformed” from the largest mastodon instance if you have the “wrong opinion” on funding domestic terrorist organizations (the antifa), and voice it.

                                                                                                                                      1. 1

                                                                                                                                        You can be “deplatformed” from the largest mastodon instance if you have the “wrong opinion” on funding domestic terrorist organizations (the antifa), and voice it.

                                                                                                                                        If I’m reading between the lines correctly, here, and the implication is that you think a group literally called Anti-Fascists are terrorists, then I don’t think you really get to call foul when people judge that to be roughly aligned with fascism, eh?

                                                                                                                                        1. 0

                                                                                                                                          there was a poll:

                                                                                                                                          • you support the antifa (that is a terrorist organization in the USA!) with money
                                                                                                                                          • you are a fascist

                                                                                                                                          I think the antifa an their supporters are the fascists of these days. The binary rhetoric, the violent opression of different opinions, etc. are just as bad as what they claim to be against.

                                                                                                                                          Regarding de-platforming: I was born in a communist dictatorship. Lots of voices and opinions were “deplatformed”, in the name of the greater good, “antifascism”. For example punk music, and punks, who are now thought to be a left wing/left leaning genre, were just as much enemies of the “left wing” state… I believe discourse is necessary and nobody should be de-platformed, as long as their actions are legal, and when they are illegal, they should be regardless of political stance.

                                                                                                                                          1. 2

                                                                                                                                            I think the antifa an their supporters are the fascists of these days. The binary rhetoric, the violent opression of different opinions, etc. are just as bad as what they claim to be against.

                                                                                                                                            Well, that’s ludicrous.

                                                                                                                                            1. 1

                                                                                                                                              That’s also an opinion, and I’m glad to hear that. Now I won§’t go to de-platform you for disagreeing with me. It should be this simple. Unfortunately it is not.

                                                                                                                                        2. 0

                                                                                                                                          Case in point.

                                                                                                                                    3. 1

                                                                                                                                      By “work” I primarily mean that fewer people get exposed to hate speech at a macro scale, especially inadvertently.

                                                                                                                                      Personally I’m totally uncertain on this topic, but seeing that banning people from reddit has made them relocate to voat, banning threads on 4chan has made them relocate on infinitychan. There they gather, organise, produce more propaganda and create more stories. Would they have done so on the previous platform? probably. What I don’t know is if it would be better or worse. What I find even more perplexing is that if one, “edgy”, community gets band on one site, it gives a push to all of them. Ban racists on facebook, and reddit will use it to push their narrative.

                                                                                                                                      I really don’t see a solution, but what’s wrong it to claim that deplatforming is a step forward. That’s like saying that just throwing your rubbish out of the window is fine, instead of putting it in the recycling bin.

                                                                                                                                      1. 5

                                                                                                                                        Banning people from reddit has made them relocate to voat, banning threads on 4chan has made them relocate on infinitychan

                                                                                                                                        I don’t care about the true believers. Let them fester in their holes. I care about the thousands or millions of passersby, regular visitors to popular sites like Reddit or (less so) 4chan, who get exposure to these hate cultures when comments by the trolls are co-mingled with rational people in unrelated articles, or when racist memes are mixed in with cat videos on /r/all. Reducing that exposure is a huge net win and worth doing.

                                                                                                                                        1. 2

                                                                                                                                          A study found the effect of Reddit’s bans was to reduce the incidence of hate speech there, including from individuals who’d formerly participated. (I’m not aware of research for or against the narrative you quoted. Maybe somebody has more sources.)

                                                                                                                                          1. 2

                                                                                                                                            But that’s my point. You just need a few “true believers”, and enough people to trust or follow them. They will (and have) return, and they will be (and are) stronger. If they don’t get in through the front door, they will use every crack in the wall to slowly infest any community from the fringes inwards. It’s just deferring a problem that was not created in the space of moderation and curation.

                                                                                                                                            Again: This is not an argument for or against banning. I’m just saying nothing works, and that should be consciously realised.

                                                                                                                                            1. 6

                                                                                                                                              You just need a few “true believers”, and enough people to trust or follow them.

                                                                                                                                              “Deplatforming” takes away the second part.

                                                                                                                                              People who had huge followings on major social-media sites suddenly have far far smaller followings when kicked off, because they no longer have the major sites’ algorithmic “suggestion” systems giving them free promotion to millions or even billions of eyeballs. And that switch, from having new people passively funneled to you en masse by the original platform, to needing your existing audience to actively follow you somewhere else and actively promote you to people not already on the new platform, typically comes with a multiple-orders-of-magnitude drop in reach and following.

                                                                                                                                              I believe that’s also in part why reddit’s “quarantine” feature exists; one effect of quarantining is that it yanks the subreddit out of automated promotion/suggestion by the site’s algorithms, which makes it far harder to recruit across the site through getting things splashed onto random users’ home-page views of reddit.

                                                                                                                                              1. 2

                                                                                                                                                People who had huge followings on major social-media sites suddenly have far far smaller followings

                                                                                                                                                Sure, when it’s about individuals you’re concerned about then de-platform as much as you want to. But watch out, not that this one is gone, three others are trying to fill the hole he left behind. But seriously, a twitter account, a youtube channel or whatever is just an appearance. Anyone who used image boards knows how much even a small group of creating individuals, even if nobody ever finds out who they are, can do. The site can be shut down, but they can just as easily reconstitute themselves anywhere else. Maybe it takes a while, but just pushes people further.

                                                                                                                                                1. 4

                                                                                                                                                  But watch out, not that this one is gone, three others are trying to fill the hole he left behind.

                                                                                                                                                  You say these things as if they’re just natural ways of the world, as if they’re true, but they’re just not.

                                                                                                                                                  When /r/fatpeoplehate was banned why didn’t /r/largepeopleanger and /r/hatethosebigfolks and /r/hatefats spring up in its absence? When Cloudflare deplatformed 8chan why didn’t 16chan and 32chan and 64chan immediately rise up from the ashes? When what’s-his-face who did all that heinous shit to the Sandy Hook parents was banned from all his vlogging and podcasting channels, why didn’t he and his fans just create dozens more?

                                                                                                                                                  When you de-platform someone or something that’s built a substantial audience, the creator and the audience have to do a lot of work to build themselves back up to their previous levels. And it’s a lot harder when the platforms that drive the highest engagement and acquisition numbers won’t host your shit anymore.

                                                                                                                                                  1. 3

                                                                                                                                                    When /r/fatpeoplehate was banned why didn’t /r/largepeopleanger and /r/hatethosebigfolks and /r/hatefats spring up in its absence?

                                                                                                                                                    As far as I remember, there were a few subreddits that came up to replace them, but all of them were shut down in their infancy. But then again, you’re confusing the forum for the people, they didn’t disappear. It’s internet pre-history by now, but it was one of the rallying calls leaving reddit, and was used as an example for how “SJW” are taking over. This lead to voat, 4chan exodi, and still is part of their impulse.

                                                                                                                                                    When Cloudflare deplatformed 8chan why didn’t 16chan and 32chan and 64chan immediately rise up from the ashes?

                                                                                                                                                    Oh there are millions of image boards that are trying to fill their absence, but that takes a bit. infinitychan also had to prove itself after all. But you’re right, until then, they are weakened. And if all you’re after is short term goals, good job. But again, the people, the ideas, the images are all still there, preparing to regather. And I’ll bet that this will incentivise more people than ever before to look into distributed alternatives, that will be harder to “de-platform”, because just like the users, they will have no platform they rely on.

                                                                                                                                                    When you de-platform someone or something that’s built a substantial audience, the creator and the audience have to do a lot of work to build themselves back up to their previous levels.

                                                                                                                                                    You’re doing it again. I’m not talking about individuals or “content creators”, they are worthless. It’s the same kind of thinking that leads people to believe that if Hitler were killed in WW1, there would’t have been any nazis. It’s an underestimation and fatally a lack of understanding what is being dealt with.

                                                                                                                                                    1. 2

                                                                                                                                                      I’m not talking about individuals or “content creators”, they are worthless.

                                                                                                                                                      What are you talking about, the ideas themselves? The movements?

                                                                                                                                                      Movements are only as strong as their adherents, the people behind them. Making it harder for the movements’ content creators to reach and engage audiences is nearly as good as somehow stopping people from being bigots in an abstract sense. It’s not the same but the net effect on a society is approximately equivalent. And more to the point, it’s one of the few ways that a society has traction in fighting these antisocial contagions.

                                                                                                                                                      1. 2

                                                                                                                                                        What are you talking about, the ideas themselves? The movements?

                                                                                                                                                        Am I really that incomprehensible? Is what I am saying that foreign? I’ll quote myself:

                                                                                                                                                        banning people from reddit has made them relocate to voat, banning threads [made by… people] on 4chan has made them relocate on infinitychan

                                                                                                                                                        The site can be shut down, but they can just as easily reconstitute themselves [ie. the community, of… people] anywhere else. Maybe it takes a while, but just pushes people further.

                                                                                                                                                        But again, the people, the ideas, the images are all still there, preparing to regather

                                                                                                                                                        The actually existing people behind these posts. Do you think the harassers and trolls aren’t driven by conviction? Do you think racists think what they do because they are bored? These “movements” are movements of “content creation”, not lead by them. Those parts of these committees that people are always talking about, would be the last to give up because of inconvenience. They literally think there is a world conspiracy against them. It’s just not that simple.

                                                                                                                                                        It’s not the same but the net effect on a society is approximately equivalent.

                                                                                                                                                        But again, t e m p o r a r i l y.

                                                                                                                                                        1. 3

                                                                                                                                                          Do you think the harassers and trolls aren’t driven by conviction?

                                                                                                                                                          Yes, I think conviction merely provides the rationale for what they’re doing, I think the vast majority of their actual output is primarily driven by dopamine responses from audience engagement. And if you take that away, conviction alone won’t be enough for them to meaningfully continue. Not that it matters: if they want to bleat into the void and have nobody hear them, that is a complete victory from my perspective. I’m concerned about macro-scale effects on society.

                                                                                                                                                          Do you think racists think what they do because they are bored?

                                                                                                                                                          In our zeitgeist, on the internet platforms we’re currently talking about? Yes, actually. That’s a huge part of it. And things that are boredom-adjacent: a sense of community, dopamine from engagement, etc.

                                                                                                                                                          It’s the 90/9/1 thing that applies to any online community, the fact that it’s about hate ideologies is irrelevant. 1% of the people are the true believers and actually producing content, 9% are highly engaged and curating/amplifying/whatever, but 90% are lurkers, consumers, a passive audience that is fickle and will disappear if you can deplatform the 10% from the most popular N sites on the internet.

                                                                                                                                                          Every society will always have some bigoted assholes, and they’ll always have some kind of cult of personality or ideology that will attract some people. That’s unavoidable, those 10%. What’s avoidable is letting those subcultures attract and grow their 90% audiences. That’s the shit that tends to produce the lone-wolf spree shooters, tends to normalize microaggressions in day-to-day life, and most everything in between. And deplatforming is a really good tool for stopping that specific thing. Which is huge.

                                                                                                                                                          1. 1

                                                                                                                                                            In order for this to not go on forever, I’ll try to just summarise what I see our disagreements being:

                                                                                                                                                            1. You’re concerned about the “macro-scale effects”, while I am more worried about the long-term effects.
                                                                                                                                                            2. You think that racism is fuelled by boredom, while I think that is has deeper roots (although it can be set of by (life) boredom).
                                                                                                                                                            3. You think that the 90/9/1 rule still applies, I think that the power/danger of the new communities comes exactly from transcending it.

                                                                                                                                                            Unless you have anything else to contribute, I think it would be better to come to an end with this thread. The only question I have for you is what your direct experience is with these underground forms and image boards?

                                                                                                                                      2. 1

                                                                                                                                        Coddling is a silly book rife with contradictions, it doesn’t strengthen your case to namecheck it https://www.theguardian.com/books/2018/sep/20/the-coddling-of-the-american-mind-review

                                                                                                                                        1. 2

                                                                                                                                          Guardian is a silly newspaper rife with contradictions. What’s your point?

                                                                                                                                          1. 4

                                                                                                                                            I have no real stake in the Guardian as a publication overall; it’s got a lot of crap, and some decent articles every now and then. I thought the review did a great job demonstrating why Coddling is a silly book. That should have been obvious.

                                                                                                                                            By just attacking the least important part and not engaging with what I linked in any substantive way, I suspect you’re not arguing in good faith, saying quippy aggressive things. Come back if you want to address the contents of the review, or Coddling.

                                                                                                                                            1. 1

                                                                                                                                              I read this review and I’ve read the book. Frankly, the review doesn’t really address the book. This review is polarized and mentions some parts of the book totally out of context, and then tangentially starts talking about politics and Trump. The book is a really good read, and it’s well sourced. I looked up several of the stories it mentioned while reading it and I think it does a fair job of portraying what’s happening in a lot of universities, especially on the west and north east coasts.

                                                                                                                                              There is a growing distrusted between those who teach in academia and their own students. Call-out culture is a a thing. There is a growing trend to react today first and to call for resignations and dismissals; to the point where I know people in academia who are afraid to talk about any difficult or hard issues.

                                                                                                                                              It’s not a silly book. I’ve listened to other interviews with people like Haidt (one of the authors) along with people like Sam Harris who have brought up these same issues. Harris and Haidt is often labelled as alt-right or alt-right adjacent (same with Joe Rogan), but reading and listening to their views, they’re hardly that! And this goes back to the issue of calling everyone you don’t like or disagree with a Nazi or White Suprematist (especially those who don’t self-identify as such). It pushes more of this polarization narrative and people who have never even listened to these people now immediately dismiss everything they say.

                                                                                                                                              1. 5

                                                                                                                                                Thanks for actually engaging on this. I happen to disagree with almost everything you wrote (I read the book and think the review is dead-on) and think Sam Harris is a pompous Islamophobe and Joe Rogan is boring, mainstreaming people with terrible views by never challenging them, &c; &c;

                                                                                                                                                I doubt we’ll get very far hashing it out here (and I have work to do lol, you probably have other responsibilities than hashing this shit out with a stranger on the Internet) but again, appreciate you rising up and responding sincerely 😄

                                                                                                                                      3. 3

                                                                                                                                        I whole-heartedly believe that freedom of speech is an end in itself, but that doesn’t mean I’m against moderation. Not at all – too many communities are ruined by unpleasant, ill-willing people, and I think this very site is a clear example of how important content moderation can be.

                                                                                                                                        Reddit, however, is a different type of site, one with many communities that are more or less separate from each other. Already before those hateful subreddits were banned, what they wrote in their walled garden never reached the eyes of redditors on the outside, unless they willingly looked inside – in this sense, there’s really no difference between subreddits and separate websites. So why were these subreddits banned? Well, because of pressure from other redditors, peeking inside the walled garden and not liking what they saw, and shareholders, presumably.

                                                                                                                                        Of course, even though there’s little difference between having your community on Reddit versus hosting it on Voat, in the sense described above, Reddit is a bigger platform with more users than Voat. Being expelled from Reddit severely limits the user base of a community, which can be used both as an argument for banning these communities and as an argument for being careful about banning any communities whatsoever.

                                                                                                                                        Anyway. I’m not defending these communities. My point is just that these bans weren’t really examples of content moderation, but rather, giving in to large amounts of criticism, valid or invalid as it may be.

                                                                                                                                        1. 3

                                                                                                                                          From your article:

                                                                                                                                          Those with the power to do so have both the right and ethical obligation to stop these infections at the source, by organizing, by protesting, by de-platforming, and by recognizing that free speech isn’t an end in itself, but merely a means, a tool, which we’re obliged to use to make our society better.

                                                                                                                                          I see nothing in that sentence with which Tourquemada would have disagreed.

                                                                                                                                          We spent the last four hundred years building a world in which might doesn’t make right. We built a society which tries really hard not to unperson dissenters. It’s taken a long time, and it hasn’t been perfect, but we did it. And now, in just about a decade and a half, we have thrown away four centuries’ hard work and created a world in which it is once again no longer possible to speak truth to power, because once again those in power feel comfortable using that power to extinguish dissent and dissenters.

                                                                                                                                          1. 2

                                                                                                                                            We built a society which tries really hard not to unperson dissenters . . . And now . . . [we] created a world in which it is once again no longer possible to speak truth to power . . .

                                                                                                                                            Look dude if literal Nazi-ism and white supremacy qualifies as “dissent” and “speaking truth to power” to you then we’re not going to be able to have a productive conversation. And to be extremely clear that is explicitly and only what this discussion is about. Not abstract and undefined “uncomfortable political ideas” or “unpopular opinions” or other weasel phrases. This whole conversation is about the alt-right race-baiting white-supremacist trolls of Voat.

                                                                                                                                          2. 2

                                                                                                                                            I think there is a large part of not being able to combat these ideologies because many people just don’t understand the fundamentals of them to begin with. That makes it easier to push people to extreme theories or ideologies because, in many cases, they put forth simple arguments for them or against whatever they’re against. It’s kind of like an ELI5 for ideas.

                                                                                                                                            I’m not opposed to moderation and I think outright inflammatory posts should be removed immediately, but I also think we should be educating people better about ideas and not just resorting to calling people names. There are arguments against these ideologies, but we don’t have a general populace explaining, in an easy to digest way, why they aren’t good. I think we’re too quick to try to silence, which really doesn’t silence at all, but pushes the fringe folks together where their ideas echo and ultimately amplify.

                                                                                                                                          1. 3

                                                                                                                                            Not a great article. Your DSL problem sounds like a non-problem, all nontrivial programs to some degree function like a DSL. And I mean seriously: you can’t choose a Python module to function like net/http? Again, a real non-problem. Who cares when the tooling came around, as long as you have it?

                                                                                                                                            Your “perfect language” is probably in the set {Python, Lua, Racket, Go}.

                                                                                                                                            1. 14

                                                                                                                                              I think it’s a really great article, it voices some things I wanted to write down, but couldn’t find the time.

                                                                                                                                              A few things from my consideration on keeping languages small:

                                                                                                                                              • Do not only consider the cost of adding a feature, but also the cost of removing it.
                                                                                                                                              • If 10% of users would gain 20% more utility from a feature being added, that still means that the other 90% lose utility, because they still need to learn and understand the feature they didn’t ask for. It’s likely that the equation ends up being negative for most features if you account for that.
                                                                                                                                              • Don’t focus at being great at something. Focus on not being bad at anything.
                                                                                                                                              • Not every problem needs a (language-level) solution. If something is verbose, so be it.
                                                                                                                                              • Allow people to save code by being expressive, not by adding short-cuts for every individual annoyance.
                                                                                                                                              • Design things by writing the code you want your users to write. Then make that work.
                                                                                                                                              • Have a way to deprecate, migrate, and remove language and library elements from day one.

                                                                                                                                              And a few of the standard ones:

                                                                                                                                              • Eliminate special-cases.
                                                                                                                                              • Something that can be a library should never be a language feature.
                                                                                                                                              • Make sure all features are orthogonal to each other.
                                                                                                                                              • The 80/20 rules doesn’t apply to language design.
                                                                                                                                              • Make things correct first. Correct things are simple. Simple things are fast. – Focusing on “fast” first means sacrificing the other two.
                                                                                                                                              1. 3

                                                                                                                                                If 10% of users would gain 20% more utility from a feature being added, that still means that 90% lose utility. It’s likely that the equation ends up negative if you consider that those 90% still need to learn and understand the feature they didn’t ask for.

                                                                                                                                                You don’t lose utility from a feature being added. That’s nonsensical.

                                                                                                                                                1. 23

                                                                                                                                                  You don’t lose utility from a feature being added. That’s nonsensical.

                                                                                                                                                  You definitely can for some features. Imagine what would happen if you added the ability to malloc to Java, or the ability to mutate a data structure to Erlang.

                                                                                                                                                  But of course this doesn’t apply to most features.

                                                                                                                                                  1. 1

                                                                                                                                                    if you added the ability to malloc to Java

                                                                                                                                                    Java has that already? Various databases written in Java do allocate memory outside the GC heap. You can get at malloc via JNI, as well as using the direct ByteBuffers thing that they kinda encourage you to stick to for this.

                                                                                                                                                    1. 4

                                                                                                                                                      Java has that already?

                                                                                                                                                      Yes, and when it was added it was a huge mistake.

                                                                                                                                                      Everyone I know who uses the JVM won’t touch JNI with a ten-foot pole.

                                                                                                                                                    2. 1

                                                                                                                                                      I think it pretty much applies to all features.

                                                                                                                                                      For whatever utility you get out of a feature, you have to take into account that when users had to learn 50 features before to use the language, they now need to understand 51.

                                                                                                                                                      This issue is usually discarded by those who propose new features (expert users), because the have already internalized the 50 features before. Their effort is just “learn this single new thing”, because they know the rest already.

                                                                                                                                                      But for every new user, the total amount of stuff to learn just increased by 2%.

                                                                                                                                                      That doesn’t sound much but if you think that – whatever language you use – 99.99% of people out there don’t know your language.

                                                                                                                                                      It’s hard to offset making things worse for 99.99% by adding a “single” great new feature for the 0.01%.

                                                                                                                                                      1. 2

                                                                                                                                                        For whatever utility you get out of a feature, you have to take into account that when users had to learn 50 features before to use the language, they now need to understand 51.

                                                                                                                                                        Yes, but this is a completely different category from “this language had an important feature, and by adding this new feature, we destroyed the old feature”.

                                                                                                                                                        Adding mutability to Erlang doesn’t just make the language more complicated; it destroys the fundamental feature of “you can depend on a data structure being immutable”, which makes the language dramatically worse.

                                                                                                                                                        1. 1

                                                                                                                                                          but this is a completely different category

                                                                                                                                                          Yes, but this is the category I had in mind when I wrote the list.

                                                                                                                                                          The point the GP mentioned is above listed under “And a few of the standard ones”:

                                                                                                                                                          Make sure all features are orthogonal to each other.

                                                                                                                                                    3. 7

                                                                                                                                                      Don’t just think about the code you write; think about the code you need to read that will be written by others. A feature that increases the potential for code to become harder to read may not be worth the benefit it provides when writing code.

                                                                                                                                                      1. 7

                                                                                                                                                        C++ comes to mind. I think it was Ken Thompson who said it’s so big you only [need to] use a certain subset of it, but the problem is that everyone chooses a different subset. So it could be that you need to read someone else’s C++ but it looks like a completely different language. That’s no good!

                                                                                                                                                        1. 7

                                                                                                                                                          You don’t lose utility from a feature being added.

                                                                                                                                                          That’s nonsense. Consider the case of full continuations, as in Scheme: implementing them requires that certain performance optimisations are impossible, which makes all code — even code which doesn’t directly use them — perform more slowly. Granted, this can be somewhat mitigated with a Sufficiently Smart Compiler™, but not completely.

                                                                                                                                                          1. 4

                                                                                                                                                            “Lose utility” is not the right framing. It’s more like increased cognitive overhead.

                                                                                                                                                            1. 3

                                                                                                                                                              You certainly pay a cost, though. That’s indisputable.

                                                                                                                                                              1. 2

                                                                                                                                                                Maybe “utility” is the wrong word for the thing you lose but you definitely lose something. And the amount of that thing you lose is a function of how non-orthogonal the new feature is to the rest of the language: the less well integrated the feature is, the worse your language as a whole becomes.

                                                                                                                                                            2. 8

                                                                                                                                                              Thanks for the feedback. While I haven’t worked on any Common Lisp program large enough to have turned itself into a DSL, I also know that for any task, there are usually a few libraries that each don’t work for more than 80% of the use-cases for such a library. Whether this is caused by the language itself or its community, I don’t know, but I think it has more to do with the way that CL encourages building abstractions.

                                                                                                                                                              As for the fact that Python doesn’t have a net/http equivalent in its standard library, I remember this being a somewhat major driver for Go’s adoption. You could build a simple website without having to choose any kind of framework at all. It was really easy to get something together quickly and test-drive the language, which is super important for getting people to use it. Also, having something that creates a shared base for “middleware” and frameworks on top of the standard library had to have led to better interoperability within the early Go web ecosystem.

                                                                                                                                                              I will concede that good tooling shortly after launch is the least important point, but really spectacular tooling is a good enough selling point for me to use a language on its own, so I think it does matter, since it allows people to write larger programs without waiting so much for the language to mature.

                                                                                                                                                              It appears that I did a poor job of communicating that my list of points were geared towards new languages today (or ones of a similar age to Go), but I will absolutely play with Tcl and continue to investigate other existing options.

                                                                                                                                                              1. 1

                                                                                                                                                                As for the fact that Python doesn’t have a net/http equivalent in its standard library

                                                                                                                                                                Well, there technically is http with http.client and http.server modules, just it’s so old that it’s abstractions are no longer abstract. It seems that nowdays python’s standard library needs updated abstractions, but that no wouldn’t have any use, as there are 3rd party libraries providing those abstractions(e.g. requests)

                                                                                                                                                            1. 2

                                                                                                                                                              I have come to believe that secrets should always be passed by reference (usually a path in the filesystem), not by value. This holds true for configuration files as well. If you are able to enforce that consistently, suddenly it becomes a non-issue to log environment variables or dump the config file for inspection. Which makes a whole set of other activities like debugging much easier.

                                                                                                                                                              1. 5

                                                                                                                                                                I have come to believe that secrets should always be passed by reference (usually a path in the filesystem), not by value.

                                                                                                                                                                I like passing them as a file descriptor, because it really truly is a capability: unforgeable yet shareable.

                                                                                                                                                                1. 1

                                                                                                                                                                  That’s a good idea. Are you able to apply this in the container world or did you create your own special scheduler?

                                                                                                                                                                  In Kubernetes the canonical way is to mount the secrets on disk, which makes them vulnerable to file-traversal attacks if there are any.

                                                                                                                                                                  1. 1

                                                                                                                                                                    I haven’t done it with containers, only with processes. It should be possible to inject into a container, but I don’t know how well the tooling supports this. Probably not well — POSIX file descriptors are criminally underknown.

                                                                                                                                                                  2. 1

                                                                                                                                                                    I’m guessing you mean to use something like file descriptor redirection in a shell command, e.g.:

                                                                                                                                                                    python my_script_needs_secrets.py 3</path/to/secret
                                                                                                                                                                    

                                                                                                                                                                    Then inside the process:

                                                                                                                                                                    secret=os.fdopen(3).read()
                                                                                                                                                                    

                                                                                                                                                                    This is a great approach for security, but how does it scale with multiple secrets? Do you use a separate descriptor for each one, or cat them all into the same descriptor? How do you organize your app to know which descriptor contains the secret data?

                                                                                                                                                                    1. 1

                                                                                                                                                                      When I’ve used the technique, I’ve just used a different descriptor for each, but one could send a bunch of secrets down one descriptor in some format if one wished.

                                                                                                                                                                      The mapping of descriptor to schema is part of the documentation, typically a README (this is all for internal software, often just for my own use).

                                                                                                                                                                1. 12

                                                                                                                                                                  The linked Systemd bug is painful to read and terrifying — it sounds like Poettering mighty have zero idea how a CSPRNG works?

                                                                                                                                                                  1. 7

                                                                                                                                                                    Can you elaborate? It seems to me that he’s saying:

                                                                                                                                                                    1. systemd wants cryptographically random keys, but it’s ok if the initial keys aren’t cryptographically secure, because they’ll be resized with new keys later on
                                                                                                                                                                    2. /dev/urandom gives us that, without blocking
                                                                                                                                                                    3. reading from /dev/urandom early on does not “deplete its entropy”

                                                                                                                                                                    I had thought that claims #2 and #3 are true. I guess maybe #1 isn’t obviously true, if there’s some crazy attack vector that invalidates it, but it’s not really about CSPRNGs anyway. So even if it’s wrong, it wouldn’t mean he misunderstands CSPRNGs. Am I missing something?

                                                                                                                                                                    1. 3

                                                                                                                                                                      You know, I think you’re actually right. There’s a few statements in there that read like Poettering thinks there’s good and bad entropy, or that the concept of deleting the entropy pool is meaningful, but I think he’s actually only taking about the state of the CSPRNG early in the boot process when it may have not been seeded properly.

                                                                                                                                                                      On the other hand, I do think the unwillingness to minimize competition for entropy during early boot is a pretty weird attitude.

                                                                                                                                                                      1. 10

                                                                                                                                                                        Yeah, #1 is still weird to me. Surely, cryptographically secure keys for systemd’s hash tables are either a security requirement during early boot, or they are not. It feels really weird to see the alleged need for secure keys used as a justification for the current behavior, while also claiming that it doesn’t matter that they aren’t secure. Subjectively, the impression I get is that it’s motivated mostly by a desire to avoid having to reason out what the threat model actually is here.

                                                                                                                                                                        1. 5

                                                                                                                                                                          It’s necessary for the keys to be hard to guess for an attacker, which generally means some kind of cryptographically secure. However, there generally aren’t any attackers during early boot, an even if there was, and the attacker could potentially guess the value of the key during early boot, the keys would be periodically re-generated as the attacker is attacking, and as soon as the CSPRNG is properly initialized, any new keys will be hard to guess.

                                                                                                                                                                          Specifically, the random keys are necessary because in regular hash tables, an attacker who can insert something in the hash table can exploit pathological cases in the particular hash function used, turning the hash table’s O(1) lookup into O(n) lookup. The random key prevents the attacker from doing that without knowing the random key. Also, whenever the hash table gets big enough, a new key is chosen as part of the process of expanding the table.

                                                                                                                                                                          Systemd knows exactly their threat model; it’s unlikely that there are attackers during early boot, and even if there are, the early boot stage lasts a short enough time that it’s likely not a big issue; therefore, urandom’s semantics of “give me the best random numbers you have available, but if it’s too early to give cryptographically secure numbers, that’s okay” is precisely the behavior they want.

                                                                                                                                                                          Keep in mind that we’re not talking about an information leak or RCE vuln; an attacker being able to guess keys only results in a partial DoS where O(1) access turns into O(n) access for a limited time.

                                                                                                                                                                          Also keep in mind that reading from urandom doesn’t actually hurt anything (at least from what I understand); it doesn’t deplete any randomness (because that’s not how CSPRNGs work), and it simplifies systemd’s code in a relatively critical area which reduces the chance of bugs causing vulnerabilities. The only issue, from what I understand, is that the kernel will print warning messages about it and that makes it harder to find actual security issues caused by reason from urandom too early.

                                                                                                                                                                          1. 5

                                                                                                                                                                            Yeah, that all matches my understanding of the discussion on the bug. I guess I disagree that the described harm of obscuring other issues isn’t an important one.

                                                                                                                                                                            It does seem like the most reasonable course of action would be to make sure the code in systemd draws a clear distinction between early boot and later steps, and uses different sources of randomness. The current situation seems really bad to leave in place because nobody can actually reason about which security mitigations are in effect when.

                                                                                                                                                                            I’m broadly supportive of the systemd approach of making daemom-starting infrastructure into a monolith, but it does come with a responsibility to at least work to keep security parity with the tooling it replaces. Seeing that the maintainer is apparently quite averse to that gives me serious doubts about the wisdom of the project.

                                                                                                                                                                            1. 9

                                                                                                                                                                              I’m broadly supportive of the systemd approach of making daemom-starting infrastructure into a monolith, but it does come with a responsibility to at least work to keep security parity with the tooling it replaces. Seeing that the maintainer is apparently quite averse to that gives me serious doubts about the wisdom of the project.

                                                                                                                                                                              This is the recurring, sinking feeling I get every time one of these Systemd issues pops up. In isolation, it’d be easy to ignore, but as a pattern it makes me feel like we have an increasingly large fraction of userspace managed by folks who are unwilling to consider their role in the Linux ecosystem special in any way.

                                                                                                                                                                              Sure, Linux got /dev/urandom wrong, but pretending that init doesn’t have a particular responsibility to manage that wrongness is an attitude that worries me.

                                                                                                                                                                              1. 2

                                                                                                                                                                                Yes. I have definitely seen that attitude on other systemd controversies, as well.

                                                                                                                                                                              2. 3

                                                                                                                                                                                I completely, 100% agree that systemd should make absolutely sure not to produce messages which obscure actual security issues. It’s scary to see Poettering saying that they aren’t responsible for “misguided” messages for the kernel when any other process reading from urandom before it’s inited would be a security issue. Blaming the kernel and saying it should change is unacceptable, unless it’s actually followed by seriously working together with the kernel people to get the problem systemd is causing fixed.

                                                                                                                                                                                I was just trying to correct the misconceptions around this, and point out that this doesn’t represent a security issue or an attack vector they haven’t thought through.

                                                                                                                                                                                1. 2

                                                                                                                                                                                  I definitely think you’ve done a good job of clarifying a situation that there seems to be a lot of confusion around. Before reading the bug thread, I hadn’t realized what a divisive topic randomness apparently is. Your explanation was very clear, and I thank you for it.

                                                                                                                                                                      2. 4

                                                                                                                                                                        The author notes that he has seen the issue for the first time on Alpine Linux, which doesn’t use systemd. So while systemd might make things worse, the real culprit is that the Linux kernel should’ve copied what OpenBSD does instead of inventing their own scheme which leads to this exact issue.

                                                                                                                                                                        1. 1

                                                                                                                                                                          There are 2 problems at work here:

                                                                                                                                                                          1. The entropy file that openbsd has and uses to initialize the random generator, is not always available or sufficient.
                                                                                                                                                                          2. Systemd uses a lot of the entropy which is scarce at boot time, and use of the scarce resource could potentially be avoided.

                                                                                                                                                                          So we can’t mindlessly apply the solution of OpenBSD and we should know that systemd makes this issue worse. The problem exists because of these two circumstances and could be relevant for consideration in various use-cases.

                                                                                                                                                                          1. 4

                                                                                                                                                                            Entropy cannot be used up. Repeat: entropy cannot be used up. To think that it can be is outdated 90s-style crypto thinking.

                                                                                                                                                                            All you need is a single 256-bit seed; you then can emit random numbers pretty much forever. You don’t need to worry about using up entropy (although it is a good idea to change the seed over time, in order to protect against state compromises).

                                                                                                                                                                            The Linux kernel CSPRNG is broken, period: it should never not return random numbers, once properly seeded. And seeding is pretty easy, too: write a random number to a file at install time, at boot and at shutdown, and/or use RDRAND, and/or use virtio-rng.

                                                                                                                                                                      1. 23

                                                                                                                                                                        Assuming that the criticisms of PGPGPG here are valid, I am left unsatisfied by the proposed alternatives, which in every case are products (or at least, implementations) rather than being interoperable standards. According to this thing I can’t any longer have a single digital identity and must instead maintain identities/presences on Signal and on Wire and on Whatsapp and on FB Messenger (and presumably, on every other platform based on Signal protocol) and I also need to entrust my backups to tarsnap instead of using my own infra. I mean, not that PGP was (usefully) an interoperable standard either, but at least it didn’t make the fragmentation worse.

                                                                                                                                                                        This doesn’t seem to be the open internet we were promised. Also, where’s my flying car?

                                                                                                                                                                        1. 17

                                                                                                                                                                          I do agree. The other solutions seem to make key-management an even bigger hassle and it is the one thing that PGP did solve: Identity verification for small independent groups of people, operating in an environment where having seen each other face 2 face is the only valid method of authentication.

                                                                                                                                                                          I’ve exchanged PGP keys with some of my long-term friends I’ve known for more than a decade, some of those have moved abroad, some to downright hostile countries, and that means we only get to meet once of twice a year, but we are still in contact through messengers like Signal.

                                                                                                                                                                          I’ve noticed that Signal has broken down multiple times over that time-period due to various reasons. Examples include, phones breaking, phone numbers changing due to different operators and operators from different countries.

                                                                                                                                                                          As of yet, the PGP-keys and the small “web of trust” we’ve built with about 10 people, still holds up, while other solutions have broken down multiple times. Ironically PGP is the tool we get out to validate each other’s identity (like a Signal security number) when everything else fails. It’s not our day-to-day communications tool, but it is perfect for setting up some other secure channel in a scenario like this.

                                                                                                                                                                          Also, where’s my flying car?

                                                                                                                                                                          Are you willing to settle for a Zapata Flyboard Air?

                                                                                                                                                                          1. 14

                                                                                                                                                                            Don’t fret. Identity management is solved by yet another product! Keybase :-p

                                                                                                                                                                            1. 11

                                                                                                                                                                              Happy to see someone also noticing this problem. Alternatives posted here while technically good are “just” implementations not standards and in some cases it’s impossible to rewrite them under a different license. What if funding disappears and Signal will struggle? What if Colin gets hit by the bus and tarsnaps stops working?

                                                                                                                                                                              The entire post reminds me of the “rewrite in Rust” meme (full disclosure: I like Rust :) ).

                                                                                                                                                                              1. 6

                                                                                                                                                                                I’m not a crypto expert, but I’m old enough to know by experience that “One-Size Fits All” is a deceitful pipe dream in practically every field I’ve encountered it. Why should crypto be different?

                                                                                                                                                                                Also, it feels like your argument about maintaining identities on Signal + Wire + WhatsApp and FB Messenger is a straw man. If you don’t need to maintain all those accounts now, why would you suddenly need all of them to replace PGP? (Or is the group you communicate over PGP with really so technologically fragmented that you would need an account on each of those systems to keep in touch with everyone? How do you currently communicate with people who don’t use PGP?)

                                                                                                                                                                                1. 8

                                                                                                                                                                                  Again: I’m happy with the claim that different problems (backups vs messaging vs file transfer vs …) require different solutions, but I’m less happy with the idea that the solution to each of these problems is to buy into a platform

                                                                                                                                                                                  1. 5

                                                                                                                                                                                    I’m less happy with the idea that the solution to each of these problems is to buy into a platform

                                                                                                                                                                                    I don’t think that’s true. The places where you’re told to buy into a platform are messaging and backups.

                                                                                                                                                                                    Messaging you have to buy into a platform anyway because of network effects (even if you’re buying into a federated platform, you have to choose your federated protocol).

                                                                                                                                                                                    For backups, most people want a backup service, where you are always buying into some platform. If you’re making file (not disk image) backups, and you’re storing them yourself, you fall into the narrow but well-identified gap mentioned at the end of the article.

                                                                                                                                                                                2. 4

                                                                                                                                                                                  Back when I was a kid, I hated the idea of eg. having a separate PGP key for work, because I am the same person regardless.

                                                                                                                                                                                  People tried to talk me out of it, to explain that identities aren’t really people and applicable uses aren’t necessarily the same as identities.

                                                                                                                                                                                  Eventually I changed my position and life is easier now. Time to move on, with gratitude to the people who worked hard in the 90s and after.

                                                                                                                                                                                  1. 12

                                                                                                                                                                                    I want to have separate identities for work and each of my hobbies — but I want to have a work identity, not a work-email identity, a work-Go-signing identity, a work-Python-signing identity, a work-git-signing identity, a work-Slack identity, a work-password-encryption identity, a work-backup-encryption identity &c.

                                                                                                                                                                                    1. 2

                                                                                                                                                                                      You can use subkeys for this and have the main key signed by others, right?

                                                                                                                                                                                      1. 2

                                                                                                                                                                                        That’s kinda my point, but feels like most people just use a “burner” key for work. The employment is expected to last a shorter time than your life, and no one cares in practice about subkeys.

                                                                                                                                                                                        I suppose non-subkeys are generally weasier to distance yourself from in more cases than this.

                                                                                                                                                                                        The autistic-ish part of my brain just wanted to model myself in a neat little package, but it really doesn’t matter.

                                                                                                                                                                                        Now I just tell mutt to ignore everything pgp when I send mail because I’m not sure I remember the passphrase or have keys for anyone I email etc. It’s strange I never uninstalled the damned thing, instead got the muscle memory for ignoring :D

                                                                                                                                                                                    2. 3

                                                                                                                                                                                      Isn’t what you’re saying just a restatement of the article’s take that PGP tries to solve too many unrelated problems?

                                                                                                                                                                                      1. 7

                                                                                                                                                                                        Not what I’m trying to say (it may have been how it came out, in which case I wasn’t clear). I’m happy with the claim that different problems (backups vs messaging vs file transfer vs …) require different solutions, but I’m less happy with the idea that the solution to each of these problems is to buy into a platform (or in the messaging case, buy into a bunch of platforms that don’t interoperate), and there isn’t an actual open standard that I can choose my own implementation of.

                                                                                                                                                                                        1. 5

                                                                                                                                                                                          For messaging, the open standard is the OMEMO extension to XMPP. You have the problem of getting people to use XMPP, but with Conversations on Android it’s not that bad; you could probably talk a lawyer through it without smelling burning toast (as the article says about Signal). Not all XMPP chat applications support it, but by now there’s at least one good one for every platform that does, I believe.

                                                                                                                                                                                          1. 7

                                                                                                                                                                                            For messaging, the open standard is the OMEMO extension to XMPP.

                                                                                                                                                                                            Sadly this “open standard” is tightly coupled with libsignal and even re-implementing libsignal wouldn’t let people use permissive licenses. That’s my problem with Signal, it’s open-source but with “strings attached”.

                                                                                                                                                                                            (full disclosure: I use OMEMO daily and the experience has been great including multi-user chats).

                                                                                                                                                                                            1. 4

                                                                                                                                                                                              I hope we are able to get OMEMO into a shape where it depends on the open specifcations from https://signal.org/docs/ instead of telling implementors to “do whatever libsignal does”. This would require a non-backwards compatible OMEMO protocol update though.

                                                                                                                                                                                      2. 3

                                                                                                                                                                                        Well, yes. The Signal developers said that they didn’t make an open protocol because they didn’t want to have to deal with backwards compatibility. This blog post says that backwards compatibility is at odds with security. That sounds like what you want and what the OP wants are in conflict.

                                                                                                                                                                                        1. 1

                                                                                                                                                                                          My personal biggest painpoint is that it requires me to use different key schema for each of the solutions. I cannot have “one key to rule them all” but I need to generate new one for each of them. Why the hell I need the same key in N different encodings? Why I cannot share them between applications?