Threads for bfiedler
-
This is a great article! Looking at it from a security perspective, modern hardware is an absolute dumpster fire: whom do you have to trust for the damn thing to even boot correctly, let alone do anything useful?
-
-
Touché. I believe there’s some nuance here (the backlash when bad things happen in food security are much more important, and the supply chain is generally pretty well understood), but in essence this could probably be said about any modern $THING. But I reject the fact that it’s a necessary complexity, especially in computers, since we control the thing down to the atoms used to make up the transistors.
-
But I reject the fact that it’s a necessary complexity, especially in computers, since we control the thing down to the atoms used to make up the transistors.
I personally would agree with you.
However, this becomes necessary complexity when we look at the progress people want in their lives. Inventors of tomorrow begin with today’s tech stack, not yesterday’s, which means we keep assuming that everything present today must be there. Just the XKCD comic, we don’t ever ask why one tiny rectangular block is needed to hold everything up, we just start at the top and keep going. It works fine when things are fine, but you’re only adding more pieces on to troubleshoot when things break.
The only way I see this ending is when customers realize building on the existing tech stack isn’t a quicker means to progress, but an inherent liability and start paying for simplicity. This isn’t free, though, the customer will be making tradeoffs that I just don’t see our current culture writ large wanting to make (I have to install dependencies and not just
docker up?! What is this, 2005?).Think of the current trend towards touch screens in cars that was discussed here a while back. It lets car manufacturers produce a common part for more cars (lowering costs) and it looks slicker (getting more people to want it), but it reduces the driver’s abilities to interact with the controls without looking (decreasing attention to the road) is far more likely to have issues than a physical knob (which doesn’t need a few thousand lines of code to control my volume), and potentially opens up attack surface. So we can see this pattern of obscuring all the things you’re building on and assuming they work from the chips up through entire systems.
-
May years ago, I was at a talk by Alan Kay, where he described progress in computing as a process of adding new abstraction layers on top and then collapsing the lower ones into thinner things to support the new tops. I always felt that he was overly (and uncharacteristically) optimistic, since I’ve seen a huge number of cases of people doing the first step of this and very few of the second.
-
Part of the problem is if you collapse a lower layer, people come complaining because they were using it for something. Look at something like PGP vs. age. Age is neat, but the people who use PGP aren’t going to stop using it just because age exists, since it isn’t exactly the same as PGP, so it doesn’t do quite the same things. Better is different, and different is worse, so better is worse. :-)
-
-
-
Inventors of tomorrow begin with today’s tech stack, not yesterday’s, which means we keep assuming that everything present today must be there.
It’s not an assumption, it’s a chicken/egg problem -you write for the platform where the users are, not the platform that’s good.
Suppose you’re writing a commandline application. Commandlines are mostly running on the terminal emulator, which are literally emulating a specific piece of 1970s hardware. It’s why the Helix Editor (a vim-like (or rather, Kakoune-like) editor written in Rust starting in ~2021, very modern) can’t detect
ctrl-/, and currently requires you to bind toctrl-7as a workaround (it can’t detect ctrl-/, but ctrl-7 emits the same keycode as ctrl-/ so it can’t not interpret ctrl-/ as ctrl-7).Anyway, point is that the terminal emulator is garbage. Suppose you want to write a commandline program that’s not reliant on the terminal?
Well, who’s actually going to use the program? Arcan users? Arcan is awesome, but I don’t know if there are any actual real-world users, and if they are they’re a niche within a niche.
But why does everyone use the terminal emulator in the first place? Well, this is sounding awfully like a page on the osdev wiki, but basically it’s because it’s “pragmatic” and that serious distros “shouldn’t try to boil the ocean” and such. Or perhaps more cynically, it’s because nobody prioritizes it highly - the point of a platform isn’t to be good, it’s to be available for users to do things they care about,
-
-
-
-
-
Years ago, there was a script set up as a cron job that needed to run semi-frequently and did a kind of expensive task.
And someone forgot to write the script to create/check for a lockfile to prevent a new instance from starting up while an old instance was still running (which was a possibility).
Have you ever seen a machine report a load average of 700? I did, that day.
-
-
I have seen this happen twice in the past year. Or a variation, at least.
Scheduled email sender sometimes took too long and a second (third, fourth…) was started while the first one was still running. Sadly the code did not SELECT FOR UPDATE, with obvious results. Recipients were definitely not happy.
In a similar vein, committing after sending a batch where one piece of the batch would always fail, with automatic restarts enabled, leads to this funny situation where a couple of recipients are super unhappy.
Funniest thing about those situations is that they are usually time bombs that explode long after the deploy.
-
-
Even with all the meta-tooling in place, building Haskell packages is an awful experience.
-
I’m curious! What’s your preferred method?
-
It’s been bad enough to make me not use Haskell for anything other than toying around. Of course, I understand that that’s not always an option.
I like the language, but the tooling around it is really, really brittle. Picking up Haskell code from a few years ago and getting it to compile has about a 10% change of success, even for relatively standard projects that “only” use a few outside dependencies.
-
-
Thanks for sharing! I have had the same experience, even using Nix for compilation, due to switching to Apple Silicon. I couldn’t build my blog for the longest time :(
-
-
Yes! I hope I sounded like I was sharing an experience instead of being too critical. Thanks for sharing
-
-
-
-
-
-
The code assumes the comparison is cheap, and if you happen to find the match on the first line, you still do N comparisons until the result is returned. Also, in my experience, the times I used a binary search, the size of the array wasn’t a fixed size.
-
*log N comparisons
I don’t think that not optimizing for the “quick” case is an issue: using a “regular” binary search, half the elements require exactly log N comparisons, and 7/8 of the elements require at least log N - 2 comparisons, so by always doing log N comparisons we aren’t losing much.
That said, the D code gets optimized to use conditional moves, eliminating all branching. I haven’t been able to convince the compiler to do the same with the Zig version, you can try yourself here.
-
Passing the correct flag to zig (
-OReleaseFastinstead of-Drelease-fast) makes the code near identical.-Drelease-fastwas the old flag used by the zig build system while-OReleaseFastis the flag used when invoking the compiler directly. The build system now uses-Doptimize=ReleaseFast. Not sure why godbolt didn’t show you an error…Edit: looks like zig build-exe has a -D option to define c macros… that’s definitely a footgun :/
-D[macro]=[value] Define C [macro] to [value] (1 if [value] omitted) -
-
-
-
Awesome writeup!
Quick feedback wrt. light mode theme: the HLS message is printed in dark font on dark background (Safari on MacOS)
-
-
Feels like that’s what you’d use functions for.
-
The nice thing about lexical scoping blocks is that they automatically inherit everything in the outer scope, without needing to pass stuff as explicit parameters. That’s valuable when the code in those blocks has several dependencies. I find it particularly useful when wiring up dependency graphs.
Lexical blocks also yield control flow statements to the outer scope directly, so you can e.g. return an error from within them.
-
-
-
Threema downplaying the research: https://twitter.com/kennyog/status/1612371408989945858
-
-
Does anyone know of any registry operators that aren’t awful greedy monsters? As far as I can see a bunch of the ccTLD operators are cooperatives or not-for-profits (.de’s DENIC, .uk’s Nominet, .eu’s EURid, .scot’s dotScot, etc.) but that’s it.
Even then, Nominet has been full of issues the last decade, and I haven’t been able to find anything to back up dotScot’s not-for-profit status.
-
-
fundació.cat is a non-profit as well, which exists to promote Catalan language and culture via the .cat domain. This isn’t a ccTLD, but an sTLD, but .scot is also not a ccTLD, so I thought it was worth a mention in response to your question.
-
-
-
Where’s the critical-severity vulnerability they announced a week ago?
-
-
This seems to miss the big issue of: some of those threads would not exist somewhere else. It’s one thing to complain about the interface which is a twitter problem. But “stop writing twitter threads” effectively means “I don’t like this so much, others shouldn’t have the chance to experience it at all”.
There are people like foone and swiftonsecurity who could possibly write somewhere else but won’t change for $reasons and the medium works for them so you can only choose to not engage.
-
This is a good point. However, I would point there are a lot of blogging platforms that offer free accounts; and creating your own blog is not that complicated. I wish Internet Service Providers still had the same mentality as back in the days, when (at least in France) they would offer an FTP with some disk space where you could host your (static or dynamic) website. This is how the whole blogging thing took off in the late 90s/early 2000s.
-
It’s not about the availability of blogging platforms, but the way the medium works in the moment for some. For example see https://nitter.net/Foone/status/1066547670477488128
-
Foone’s threads are delightful and I find them very easy to read. ❤️
I wish Twitter had a couple of extra features like a button to jump to the top of the current thread and an easy way to see all the replies to an individual tweet inside a thread.
-
-
Interesting idea, but I’d be sceptical that it works. A stream of consciousness, written bite-sized and then glued together, reads like a rough draft. Some form of visual separation needs to be applied to make the readers aware that they are not reading a polished product.
-
-
-
-
-
-
Even if those blogging platforms were magically even easier to use than Twitter, it would still be close to meaningless because Twitter has the eyeballs.
(To be clear, I share your preferences but it’s a pointless battle to fight unless you can solve the real forces that drive why things are the way they are.)
-
My periodic reminder to any uninitiated readers that there is a name for this phenomenon: a network effect.
-
-
-
some of those threads would not exist somewhere else
What is your thesis here? That free Twitter accounts are easier to create than free Wordpress, Substack, or $your_favorite_blogging_platform accounts?
Or is it that content authored as Twitter threads would not otherwise exist because authors are already logged into Twitter, rendering it the easiest place to author one’s thoughts?
I can see some ways in which your argument is correct, and many in which it can be dismissed.
Good ideas deserve a better reading experience than twitter threads. In addition to a better reading experience, alternative platforms – e.g. writing text/markdown in a Gist – are a significantly better authoring experience. URLs to better reading experiences can be cross-posted to Twitter to gain access to the “eyeballs” on Twitter.
-
Swiftonsecurity used to post on a blog and it was great! I really miss those days.
-
-
-
The second one (see the explanation I linked for example) + twitter is its own kind of medium. Where else can you effortlessly link to / embed other bits of content the same way, continue a post from years ago while bringing only the new part into focus, post both a one line comment and a multi-page story without either looking out of place. I think SwiftOnSecurity basically mastered the medium - if that content existed somewhere else, it would change. The form of Twitter threads shapes the content itself.
-
Foone, for one, has said that the twitter format is what enables them to post. That flow of think, then type in a very short burst, then hit “post” works especially well for their brain, and if they needed to write a blog in order to post they would not do it and would feel bad about all the unfinished blog posts in their backlog.
Looking at the number of unfinished blog posts in my own backlog, I understand a little bit where they’re coming from.
So when I see a twitter thread, even though I very much don’t enjoy reading it in that format, I just use one of the alternative twitter frontends to roll it together and read it that way. Because I suspect that Foone is not alone, and some stuff only exists because it can go out with very low friction like it can on twitter. And it’s interesting enough that I’d rather see it published in a format I don’t like than see it sit unpublished in someone’s backlog and never learn about it.
-
I think it’s self evident that if writers aren’t able to write with certain tools, then they can and should use the tools that work for them. If Twitter threads allow them to write most effectively – great; they should use Twitter threads.
In my opinion, this discussion began not about those people, but about the readers who have to endure the reading experience that twitter threads mandate. I think it’s important to finish that conversation before having one about author UX.
Obviously the clickbatey title lacks nuance, but if one were inclined to rewrite it, it might read “Please stop writing Twitter threads if you can help it”.
-
I would actually push a small step further: we should start with the assumption that authors have considered alternatives, and found them lacking for some reason.
It obviously never hurts to ask nicely, but the assumption that people don’t know twitter sucks to read and if we just tell them about it, they’ll instantly see the wisdom of maintaining their own site or otherwise altering their workflow, can seem more than a bit condescending.
The discussion began about the readers, to be sure. But you mentioned the authoring experience and that made me think of Foone’s comments. The reading experience would be worse if authors stopped publishing.
(With that said, I hope everyone who can stand to moves right off twitter. I don’t enjoy reading there, especially since the attempts to make me log in just to read have gotten more and more aggressive lately.)
-
-
-
-
-
I have a 2020 Thelio desktop (AMD; thelio-r2 running GNU/Linux). It isn’t terrible, it’s reasonably quiet, it’s a reasonable size, so far customer support has been great, and i’d buy a Thelio again. But i have three complaints:
- it doesn’t have any front USB ports
- insufficient cooling. I wonder why they didn’t just put an additional fan in the side of the case?
- it can’t handle the preinstalled Ryzen 9 3900X graphics card that i purchased with it; when under heavy load for about 20 minutes (for example, when playing a game), heat builds up and causes the rest of the system to shut down. I have to throttle the graphics card by about 30% to prevent this, at which point it’s not that great, and one of the supposed attractions of a desktop over a laptop was a great graphics card. I was hoping that if i bought a prebuilt desktop rather than building one myself, i would avoid this sort of problem.
- my preinstalled internal NVMe SSD drive (Sabrent Rocket) crashed in 2022. I noticed it’s mounted right under the GPU, so given the problems with failing to dissipate the heat from the graphics card, i suspect this got too hot over time too.
- this is ironic because System76 has a blog post about their careful optimization of airflow for cooling in the Thelios; also because they seem to care about the aesthetics of the case (which i don’t care about, but i do care about cooling)
- it crashes from time to time (the system freezes and the fan starts running at full speed; probably not their fault; but my previous computers (laptops running GNU/Linux) didn’t have this problem – therefore I suspect it’s some problem with the GNU/Linux drivers for the AMD GPU)
Any suggestions for my next desktop? I’d like something comparable to the Thelio in terms of power and size and quietness, but with some front USB ports, and a high end graphics card that can run at full power, and a minimum of fuss (ie “it just works”, eg sufficient cooling so that it doesn’t ever overheat and shut down, and my hard drive doesn’t crash after two years). I’d prefer pre-built but i’m willing to build it myself; with the 2020 Thelio i went pre-built because i figured if i did it myself i’d screw it up and buy some component that doesn’t work well with GNU/Linux, or put the thermal paste in the wrong place, or not provide enough cooling, or something. But since I didn’t achieve “it just works” with pre-built anyways, maybe i should just build it myself?
Come to think of it, i should just ask System76 support if it would be feasible for me to replace the case on my 2020 Thelio with an aftermarket case with a side hole for a fan, and front-facing USB ports.
-
insufficient cooling. I wonder why they didn’t just put an additional fan in the side of the case?
it can’t handle the preinstalled Ryzen 9 3900X graphics card that i purchased with it; when under heavy load for about 20 minutes (for example, when playing a game), heat builds up and causes the rest of the system to shut down. I have to throttle the graphics card by about 30% to prevent this, at which point it’s not that great, and one of the supposed attractions of a desktop over a laptop was a great graphics card. I was hoping that if i bought a prebuilt desktop rather than building one myself, i would avoid this sort of problem.
I’m having this exact same problem and have since I bought the unit. This is SUPER sad since I otherwise love the machine but what the hell is the point of buying a monster desktop that you can’t even push to anything like its full potential.
I kinda gave up gaming on the beast because running No Man’s Sky at anything but low detail/res settings causese the case to get BLAZING hot to the touch, and then the system shuts down.
And now I’m stuck for at least another 5-6 years because my desktop budget needs to refill :)
-
If I’m buying a desktop in 2022, I’d probably go for off-lease business desktop if I didn’t care much about graphics (as most are SFF). They’re very thick on the ground, fast, cheap, and low-trouble. Whitebox is very tempting, but I’ve had so many miserable and hard-to-debug issues with them.
Of course, desktop Macs also put a wrench into things value wise. Next time it comes down to upgrade, I’m considering a Mac.
-
I’m sad to hear this. I bought two of their laptops (over the years) and both have been extremely strange and unreliable beasts, but I was hoping this could be chalked up to their reluctance to design the laptops themselves. (Apparently they are re-branded imports.) Given the freedom of designing a whole desktop PC from components, they should have been able to do a much better job.
-
my preinstalled internal NVMe SSD drive (Sabrent Rocket) crashed in 2022. I noticed it’s mounted right under the GPU, so given the problems with failing to dissipate the heat from the graphics card, i suspect this got too hot over time too.
This is an annoying anti-pattern common in many motherboards I’m afraid. I believe it’s because NVMe connects directly to the PCIe bus, and so the slot for it tends to take the space that would otherwise be occupied by a PCIe card. A double-width GPU in an adjacent slot will then happily sit right over it. It worked just fine a few years ago, but NVMe drives and GPU’s both now tend to run hotter than they used to.
-
it crashes from time to time (the system freezes and the fan starts running at full speed; probably not their fault; but my previous computers (laptops running GNU/Linux) didn’t have this problem – therefore I suspect it’s some problem with the GNU/Linux drivers for the AMD GPU)
Oh my god. I have this exact problem for the entire lifetime of my AMD card. It’s not a Linux problem, I’ve hit (and can deterministically reproduce) this problem on Windows too. The only thing that kinda worked was tuning the fan curves really aggressively to the point that the fans spin up at the slightest 3d rendering. I’ve tried a lot of stuff up to re-pasting the card and nothing helped.
Not buying an AMD card again.
-
-
A good method of guessing how probable cooling problems are with a given computer is look at how much ventilation the case has. Small windows and/or grilles in corners? Trouble. This is just a fact and all case manufacturers create cases like this for some reason. For example, I love the aesthetics of Fractal Design Define cases, but they run hotter and louder than their Meshify cases that have a full mesh front panel.
-
I think the best move is to use a customizable gaming-focused company like iBuyPower, where you can pretty much spec out whatever you want and they put it together for you, to have them source roughly the same hardware as System76 uses and put it in a chassis with better air vents + fans + front ports; then you install Pop!_OS (System76’s distro, and coincidentally by far my favorite consumer-focused Linux distribution!) on it yourself when the fully built rig arrives in the mail.
As long as the underlying CPU/GPU combination is the same, and you’re using a motherboard that has compatible WiFi and Bluetooth, I think you’ll end up with very similar Linux/Pop!_OS compatibility, but better thermals, performance, and longevity. System76 seems to optimize for having an aesthetically-pleasing chassis over thermals, and if you don’t care about the former (or enjoy gaming-style aesthetics, where thermals are an important design consideration) you can get a lot better of the latter. You can probably even control any RGB lighting you’ve had them set up for you, if you’re into that sort of thing, via OpenRGB!
One thing I’d stress though: specifically for the motherboard, make sure you’re checking for Ubuntu compat, not “Linux.” WiFi/Bluetooth drivers ship in the kernel, so while the latest kernel may have support for the drivers, that kernel may not yet be used in the latest version of Ubuntu/Pop!_OS. Since Ubuntu is extremely common amongst Linux distros, checking for Ubuntu compat should be fairly easy via Google, and if it’s Ubuntu-compatible it should be Pop-compatible since they use the same kernel.
And by using something like iBuyPower you have roughly the convenience of a prebuilt, minus having to install the OS yourself and having to do an upfront check to make sure you’re using a motherboard with WiFi and Bluetooth that work with Ubuntu.
You could also just build a desktop yourself! It’s not thaaaat time-consuming. But if you’d rather not spend a day clicking and screwing parts together, and managing a panoply of hardware orders from various websites, that’s valid and there are other options.
-
I just took a look at iBuyPower on your suggestion, and it seems like they don’t really address the biggest problem of doing a custom build: the research required to pick all of the components out. Snapping the parts together is easy enough, the benefit of a pre-built is not having to select all of the components individually. It does look like iBuyPower has some pre-built machines, but if then you are back to the “might not work with Linux” problem.
A lot of gaming focused companies also, frustratingly, seem to top out at 32gb of ram these days. That’s fine for gaming still, but increasingly not fine for a lot of other workloads. I know ram is upgradable later, but you often end up paying for ram you need to throw out (or deal with reselling) because they do 2x16 or 4x8 configurations.
-
-
Careful with spaces in filenames! Theres a
-print0argument tofindand a corresponding argument toxargsthat takes care of this issue.Though it still makes problems if your filenames contain a literal 0 byte. But then you’re screwed anyway.Fortunately, Unix file names cannot contain null bytes.% find src -iname "*.ts" \ | LC_ALL=C sort \ | xargs md5sum \ | md5sum \ | cut -d" " -f 1 md5sum: src/this: No such file or directory md5sum: is: No such file or directory md5sum: a: No such file or directory md5sum: test.ts: No such file or directory d41d8cd98f00b204e9800998ecf8427e % ls src 'this is a test.ts'From the
manpage offind(1):-X Permit find to be safely used in conjunction with xargs(1). If a file name contains any of the delimiting characters used by xargs(1), a diagnostic message is displayed on standard error, and the file is skipped. The delimiting characters include single (“ ’ ”) and double (“ “ ”) quotes, backslash (“\”), space, tab and newline characters.
However, you may wish to consider the -print0 primary in conjunction with “xargs -0” as an effective alternative.
-
-
-
To be fair, if you have files with white spaces IN YOUR SOURCE CODE you deserve any pain you get =P
-
-
-
I thought this was going to be about calculating the randomness of the hash function itself too; I guess this proof assumes uniform randomness?
-
-
Integer multiplication is a cool rabbit hole, as we still don’t know how fast an optimal multiplication algorithm is. Optimality here concerns the number of single-bit operations, so adding two n-bit numbers costs O(n) operations.
Counting this way, multiplications seems to take at least quadratic time, since we have n shifts and n additions to perform in the worst case, no? The surprising answer is no, it can be done faster using Karatsuba’s algorithm. In fact, we know of quasilinear algorithms (Schönhage-Strassen) and suspect that it is asymptotically optimal, however nobody has proven it yet.
-
Your statement is not completely correct. Schönhage and Strassen (1971) only formulated the conjecture that the multiplication time was Θ(n log n), but their algorithm, published in the same year, had the higher complexity O(n log n log log n).
It took 48 years until 2019 for Harvey and van der Hoeven to present their multiplication algorithm that in fact has complexity O(n log n), which can be assumed to be asymptotically optimal if you think the Schönhage-Strassen-conjecture is correct.
However, Landau symbols hide a lot of things. Not only do we have multiplicative constants that make a big difference, there are multiple assumptions in the derivation of the algorithm that assume the involved integers to be larger than a certain number. Thus, even though we may have reached an optimal bound, there’s still a lot of room for improvement. Additionally, the advantages of the Harvey-van-der-Hoeven-algorithm over the Schönhage-Strassen-algorithm only pan out for numbers larger than even feasably representable in today’s computers, which is the reason why Schönhage-Strassen is still considered state-of-the-art.
Another deeper rabbit hole is the variation of so-called “complexity models”. The standard model is that of the multitape Turing machine, and one often sees Boolean circuits as well, but there are other models. When I lean back and gaze at the stars, I sometimes imagine other alien lifeforms that might have much more efficient algorithms for the pendant of integer multiplication given they have different computational architectures to work with.
To give a bit of a relation and food for thought regarding complexity conjectures, Kolmogorov conjectured in 1956 that the integer multiplication had a complexity of Θ(n²), which was quickly proven to be wrong by Karatsuba.
-
You buried the cool part about Schönhage–Strassen algorithm that it’s an example of Galactic algorithms. :)
-
-
-
-
It’s a smooth transition to a galactic algorithm. Things really started to take off with Fürer’s algorithm in 2007 and Schönhage-Strassen is actually comfortably in the realm of positive yields in today’s computing, which is why I wouldn’t call it a galactic algorithm, indeed.
-
-
-
-
Can someone please tell me what the fuck is going on with licensing
No-one cares about it.
Microsoft is training AI systems to generate proprietary code on open source and unlicensed codebases. Few distributions, toolset builders, etc. even care about licensing (as per this article). Large companies flagrantly violate open source licenses without any consequences.
-
All of this is exactly why I decided to just stop licensing my software.
Ultimately speaking, I’m never going to have the material circumstances to be able to fight an individual on this matter – nor would I want to. Nor am I going to have the material circumstances to be able to fight a community or a company on this matter. They could easily win the legal battle by attrition and bleed me dry, so it is just not worth it.
I also am not able to explicitly find out how my work is used in proprietary or individually used codebases, and I don’t really wish to bother with making it my life’s work to find out how my life’s work is being used.
So it’s not something I feel is worthy of dedicating time to. A large company can use my work without me knowing and without me having any recourse, an individual can use my work without me knowing and without me having any recourse, so why would I care about giving them permission when they can already do it?
In addition, I as a trans woman believe that the current rise of fascism being a “politically acceptable thing” and the current targeting of trans and queer people by people who feel that it is acceptable, means that we have to push people to feel that “morally good” minor crimes are something that they can do. Something that anyone can do. Something that someone must do for the greater good. If someone “steals” my code for an individual project, then they are a better person for realising that breaking a law does not equal breaking a moral boundary, and hopefully they will feel more able to shelter my kind when the time comes.
-
With GitHub CoPilot, Microsoft has already started doing these “morally good minor crimes”, but I don’t see this grow into a “you can use any code however you like”, but rather into “you can use publicly available code however you like regardless of license, or lack thereof”.
While I agree that “stealing” code for your small project is not a problem, normalizing it means that Microsoft can start doing the same with GPL’ed code. But the reverse won’t happen; using leaked Windows source will always remain a crime, and it will always be viewed by society as a crime, so nobody will be surprised if you get into trouble for doing it; suddenly law applies again because they’re big.
Because of this, I’m not confident that encouraging stealing code is a net-good for anyone but large companies; it will normalize stealing from individuals and small companies, but it won’t normalize stealing code from the most powerful.
-
-
But that’s already the case, as you pointed out. Microsoft is only able to do that because they changed the terms of GitHub. It has nothing to do with copyright itself, and a copyright license – ANY copyright license, is meaningless in the face of that.
Furthermore, as mentioned elsewhere in this comment group, companies en masse are already stealing. So my argument about the lack of effectiveness of a license has born fruit – is it worth the hard disk it is written on if it non-enforcable? Why do we bother with this charade when all it is doing is stopping small fish and making honest individuals suddenly fear for the existence of their side project?
What my approach gets me is:
-
a small social shift among individuals that as it is normalized, will hopefully translate to broader forms of this (internet piracy, etc.)
-
an assurance that for the companies who have legal departments, no money can be made from my software
-
for companies that are stealing, there’s no net loss or change except now they cannot justify it to themselves as easily
-
the possibility of prosecuting Nazis and xenophobe snitches like ICE, and thus the possibility of removing their ability to do work
-
a small social shift among individuals that as it is normalized, will hopefully translate to broader forms of this (internet piracy, etc.)
Re: internet “piracy,” this is already pretty normalized; most places there’s not really any stigma around just downloading a torrent of some big budget film. At least, not among people who are going to pay any attention to what random FOSS developers are doing.
-
an assurance that for the companies who have legal departments, no money can be made from my software
I’m confused…. I thought your position was “Screw it, I can’t fight them anyway if they use my stuff and profit, so I’m not going to bother with a license”…. which means money can be made from your software, no? Or did I miss the point?
EDIT: Having read a bit more, I think what you are saying is something like: If I don’t include a license, then Big Corps’ legal depts won’t let them use your code, or at least if they do they have to live with a potential threat of a lawsuit, which, tbh, you won’t bring, but hey, you could, you never know. Whereas individuals can still use it, and while technically the would labor under the same threat, their potential risk is way lower and (wink, wink, nice individuals) you’re definitely not going to ever sue them, but they just gotta trust that by knowing you and understanding why you don’t have license….
Did I get it right?
-
-
-
Then it’s working as intended! Congrats on the naziism/xenophobia/racism!
-
-
-
-
-
-
-
In addition, I as a trans woman believe that the current rise of fascism being a “politically acceptable thing” and the current targeting of trans and queer people by people who feel that it is acceptable, means that we have to push people to feel that “morally good” minor crimes are something that they can do. Something that anyone can do.
The trouble there is defining what is “morally good”. If you ask random people on the street, you will sadly find the vast majority of their “morally good” is in violent conflict to your “morally good”.
-
We both knew this already so I am not sure what point you are making here?
“The social shift you are pushing for may not inevitably be the one that results!”
Yes, this is the danger of any and all participatory action in society. Doesn’t mean we shouldn’t try though.
Hell I even wrote a license file for it:
-
We both knew this already so I am not sure what point you are making here?
No snark intended and I empathize and support your plight; sorry if I am unable to clearly convey my point.
we have to push people to feel that “morally good” minor crimes are something that they can do. Something that anyone can do
My point was you want some people to do minor crimes concerning your specific definition of “morally good”.
If you write it as you did, as a general sounding rule, any reader of your post on this public forum or of your license file will apply it to themselves and their morals, which statistically is not what you want, since the morals of the majority are conflicting to yours.
-
If you write it as you did, as a general sounding rule, any reader of your post on this public forum or of your license file will apply it to themselves and their morals, which statistically is not what you want, since the morals of the majority are conflicting to yours.
Are they?
-
Are they?
Well you introduced yourself as a trans woman, which in my mind puts you in a minority in society, one that has been specifically a target of prejudice and discrimination, most of the time in the name of “morality”. For those people that discriminate and hate, “morally good” is specifically an opposite morality than yours.
Of course my understanding is much more limited than yours and based mostly on news and wikipedia articles [1]. Sorry if I offended in any way, was not my intention. I’m off topic and perhaps I should have not started this whole morality tangent which is at best just nitpicking on a sentence of your otherwise interesting post, and not related to software licensing.
Mea culpa.
[1] https://en.wikipedia.org/wiki/Transphobia
[later edit, added to clarify]: Just so I’m clear, I understand what you mean by morally good, and I’m sure I have the same values as you do. I was simply pointing out how relative “morality” is, and that most humans would not agree with what you (and me, and other readers of this forum) define as “morally good”.
-
You’re right that “for people that discriminate, ‘morally good’ is an opposite morality to yours”, but up until recently, the majority of people have an attitude that restricts them from committing violent acts in public, because the violent act itself is seen as morally wrong. Most transphobes local to my region simply shout slurs, but if you actually walk up to them, they won’t do shit – and they’re in the broad minority of people.
The truth is, most people simply do not give a shit one way or another about transgender people. The Welsh “anti-trans protest” outside the Senedd had to bus people in from England and Scotland simply to have enough people there to protest, and they were far, far outnumbered by even the number of trans people attending any local event. The majority of TERFs, while holding gross amounts of political power as a group, are aging men (fun fact: despite their spokespeople being women, the majority of TERFs by makeup are men!). Local encounters include slurs, but more often than not it’s just some poor sod who can’t even get the confidence to slur at you, so they just mutter something like “adult human female” as you go by.
Thus the most dangerous thing present for me, at the moment, from my perspective, is the idea of being “legislated out of existence”. The most dangerous presence against trans people in Britain at the moment is the fact that the newly elected Prime Minster is a TERF, and likely to act on those beliefs either through continuing and progressing the gatekeeping around medical support, or just continuing to push trans people into a “minority” role in the same way that immigrants have, and then pushing the overton window such that violence becomes acceptable towards us.
So my genuine hope is that more people get comfortable with breaking rules that they know are wrong, or just “bypassing” them. In the same way that most people know that, a mother stealing bread for her family is “morally correct”, most people know at least on some level, that rules around the existence of trans people are awfully similar to those around gay people in the 1980s, or jewish people in the 1920s and 30s.
-
-
-
since the morals of the majority are conflicting to yours.
I’m not sure if it’s the case in any specific instance. But in general, if social rules are at least correlated with a majority view, it follows that appealing to any group to break rules is statistically likely to be appealing to a minority.
There are many places on earth that operate without effective collective rule making, which we call “lawless.” Oddly, people don’t flock to these places in pursuit of individual liberty; empirically, that is not the result. While rules often exist to benefit the powerful, the absence of rules unequivocally benefits the powerful.
-
-
-
-
we have to push people to feel that “morally good” minor crimes are something that they can do. Something that anyone can do. Something that someone must do for the greater good. If someone “steals” my code for an individual project, then they are a better person for realising that breaking a law does not equal breaking a moral boundary, and hopefully they will feel more able to shelter my kind when the time comes.
Beautifully expressed. That nearly brought tears to my eyes for being so on-point.
-
-
No-one cares about it.
(some? all?) Startups care about it. During any funding round or acquisition process, the founders will sign pieces of paper regarding intellectual property and license compliance, which can come with significant (personal) penalties for omission of details or inaccuracy.
Due diligence of transitive dependencies is a complete pain. Software exists to make this easier (for the different software ecosystems) but it is a complete pain.
You have to keep on top of it as you go. You tell the devs to check the license of stuff they pull in and you also need to (periodically) check the transitive dependencies. You can try and build a culture of “tell person X when you pull in a dependency so they can do the legwork”, but it is important to make that async so the devs can crack on. If you find a license landmine, you are only X days of effort lost.
It’s a similar situation to dev’s own work out of hours. Most contracts contain sweeping assignment of copyright to the startup, including software developed out of hours, on their own equipment etc. Those clauses aren’t there to be mean and aggressive, they are there to ensure no nasty surprises surface during due diligence. The places where I have had an influence have issued explicit waivers on request for any side projects which don’t materially overlap with the company’s work. The intent is not to claim the out of hours work of the devs, but to “fail safe” by assigning IP to the company if there is no communication on the subject.
-
-
Licensing allows you to specify the conditions where your labor can be used. The default in the United States is you can’t use work that you have not been granted permission to use.
Some people care about using your labor in morally reasonable ways. Publish it under MIT if you don’t care about how this happens.
-
-
Honestly it’s just the physics of the situation. It’s why we need to start being more careful about who gets to access what information.
Ideally, it’s like at a party; you tell a secret to someone you’re bonding with, ten minutes later everyone knows.. guess who you don’t trust with a secret anymore? The internet is not like this and it’s a UI/UX problem.
Very few people (most of them here I suppose) are fixing it and I just don’t get why. Even the most selfishly motivated person can see that building valuable stuff will be rewarded with political influence and since in many ways the internet is already the world government then there are many competing visions for how this thing should be structured.
Still, the game theory of it would seem to suggest that the mutual distrust plus the ridiculous resources required to develop software at scale will make the most economical option to agree on a shared platform that everyone thinks is secure (so we can play the governance game without worrying about stupid stuff like computer programs). Especially now that the cryptobubble is all but over.. I would think that the psychopath software engineers should be flocking to the free-est of free software in a bid to be powerful voices on the platform that is fated to win … but it seems no one is ready to shift reference frames just yet and they all work in their silos on slave-ware. I just don’t get it.
-
-
I usually dig the other way around (specifying the record type first) to get around (some) of these issues, but even then no luck:
% dig NS ch ... ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;. CH NS ...Also TIL that I can specify the record type last, which makes looking up different records much easier than navigating past the domain name!
-
Actually, formal methods only solve a third of our problems: nobody can tell us whether the model we came up with is sensible, and this is often the hardest part to get right.
-
A project that some of my colleagues work on tried to use some formally verified code a few years ago. The code was, among other things, verified to be memory safe. This included a proof obligation that no object was accessed after it had been deallocated. It turned out after running the code for a little while that this was trivially guaranteed by not freeing anything. Changing this to require that all resources were deallocated at specific points made the verification much harder and reminded me that formal verification behaves a lot like a mythological genie: it will give you exactly what you ask for, not what you want.
-
-
Great post!
Shameless plug of my collection “types are harder than you think”: https://3fx.ch/typing-is-hard.html (which needs an update for Go after generics were released :D)
Great work, and the cursedness reminds me of Tom7’s “harder drives”.