1.  

      Only 5 months later and all of those links are dead. :(

      1. 1

        So presumably future Firefoxes might support this distributed Web natively by maintaining a big-ish local list of gateways?

        (I mention Firefox specifically due to its non-profit nature, as this entire idea should sound like anathema to any commercial entity.)

        1. 2

          I think making each browser installation a first-class IPFS node is the right way to do that.

          Assuming Worse-Is-Better, then, sure, throw a list of gateways in there. It needs some logic though.. What happens when you click a link?

          On that blog, if you view it through Gateway A and click a link, the link points to some other resource on Gateway A. That’s how the author wrote the links; they are relative URLs. None of these Gateways touch the content, AFAIK.

          But, also on that blog are some regular http(s) links that point to gateways…

          I guess I am thinking out loud here. These gateways are themselves ordinary websites and making Firefox IPFS-aware will require some work.

          1. 1

            Currently, the canonical form of IPFS URLs is through the ipfs.io gateway. Browser extension rewrite the URL to the specified custom gateway, often the local machine.

        1. 10

          Betteridge’s Law of Headlines at work yet again

        1. -5

          I scanned the entire article but could not find any concrete legitimate criticisms. A lot of the article repeats falsehoods like the notion that Bitcoin is environmentally wasteful, or the straw man that to trust Bitcoin you must trust an exchange (not true).

          Statements like this are unbecoming of Scheiner:

          Do you need a public blockchain? The answer is almost certainly no. A blockchain probably doesn’t solve the security problems you think it solves.

          It’s pretty arrogant of him to tell all of the people who do find that Bitcoin solves problems they have that they’re wrong and it doesn’t and that they don’t know what they’re doing, and to do so while repeating one falsehood after another demonstrating his own ignorance about the subject.

          1. 22

            Bruce Schneier literally wrote the book on applied cryptography (you know, the crypto part of “cryptocurrency”).

            His points are all true. The blockchain and cryptocurrencies are only good for speculation, scams and potentially for money-laundering but the last one is doubtful given the large swings in value for most of these systems.

            “The blockchain” is an expensive history lesson about the nature of trust and financial regulation.

            1. 9

              expensive history lesson about the nature of trust and financial regulation

              Oh yeah. As Nicholas Weaver put it, literally speedrunning 500 years of bad economics. Tulip mania with CryptoKitties, Tether is a wildcat bank, “smart contracts” are unlicensed securities…

              1. 2

                Schneier also apologised for all the harm done by “Applied Cryptography” in his preface to “Secrets and Lies.” It turns out that implementation is all important, but hard. Yes, he can get it wrong. And he has done so here by conflating trust with removing the need to rely on a central authority for conducting transactions anywhere in the world.

                1. -1

                  I see a lot of rhetoric in your reply and nothing else. Your saying that “his points are all true” doesn’t change the fact that they are nonsense upon even rudimentary examination. But you are more than welcome to point to a single valid criticism he makes.

                2. 12

                  I’m annoyed by this article, because it doesn’t really cite its sources. So here’s some instead:

                  A lot of the article repeats falsehoods like the notion that Bitcoin is environmentally wasteful

                  https://digiconomist.net/verify-dont-trust/

                  https://www.politico.com/magazine/story/2018/03/09/bitcoin-mining-energy-prices-smalltown-feature-217230

                  the straw man that to trust Bitcoin you must trust an exchange (not true)

                  https://lobste.rs/s/fq8z3x/even_lastpass_will_be_stolen_deal_with_it

                  Got any good ways to deal with risk other than multi-key wallets, which fail by irretrievably losing your money?

                  1. 4

                    “By comparison, a VISA transaction has a carbon footprint of 0.4 grams (a factor 7,500 difference).”

                    Which isn’t the lower bound since their legacy systems probably use mainframes. New hardware/software systems, esp with protocol offloading, could get energy use down further. Think FoundationDB on ARM servers.

                    On the client side, the tamper-resistant cards use 16-bit MCU’s with crypto accelerators. Might be worth comparing to whatever cards are in use for bitcoin transactions in performance, cost, energy, and/or tamper-resistance.

                    1. 2

                      This was already brought up and discussed below.

                      1. 6

                        I didn’t see client-side addressed. Ledger, Trevor, and KeepKey look expensive compared to either free-for-me, cheap-for-them smartcards from my bank or stuff like Infineon SLE 78 using 16-bitters. Talking to these bank databases costs about $2.20 per chip-enabled card per a Bloomberg article. Magstripe cost 50 cents.

                        I am curious where the price points are on the hardware these days. Accessibility, too. Can you participate in Bitcoin network for 50 cents to $2.20 without a computer or messing with any software? And then doing the online stuff, checking for fraud and so on, on the cheapest, Internet-enabled computer on Earth? And can you do that without any more volatile effects on your balance than the U.S. dollar is exposed to?

                        1. 3

                          Can you participate in Bitcoin network for 50 cents to $2.20

                          On-chain transaction fees cost about 2000 satoshis right now (~$0.07), and lightning transactions are a fraction of a satoshi. There are multiple free wallets you can install on smartphones, tablets, laptops, or desktops.

                          without a computer or messing with any software?

                          Stipulating no software does rule out most ways of interacting with bitcoin. Which I guess was your point?

                          And then doing the online stuff, checking for fraud and so on, on the cheapest, Internet-enabled computer on Earth?

                          Sure. Even a full bitcoin node only requires hardware about as powerful as a raspberry pi, plus a few hundred gigabytes of storage. “Light” wallets without a copy of the blockchain should run nearly anywhere. You can also check your address balances using a block explorer website. For example, this randomly selected address has 1.22 BTC in it.

                          And can you do that without any more volatile effects on your balance than the U.S. dollar is exposed to?

                          This is a tough criteria to compete on, even for powerful foreign currencies. There is a “stablecoin” project built on Ethereum called MakerDAO, which uses collateralized smart contracts to issue DAI tokens with a stable $1 value. Personally I prefer accepting bitcoin, but the Maker project looks interesting. Bounties on gitcoin are mostly paid using DAI.

                          1. 2

                            Thanks for the update on the transaction fees. That’s pretty awesome. Other points:

                            “Stipulating no software does rule out most ways of interacting with bitcoin. Which I guess was your point?”

                            The existing methods for banking and digital payments can work with minimal, software interaction. They carry a cheap card, swipe it, and optionally hit yes/no to some things. They can get online or paper logs of the transactions for security. Even if the computers go down, there’s paper methods for doing credit charges which I used to do as a cashier periodically. The orders get processed later with any problems or fraud sorted out with standard procedures. Lots of folks still like checks, too. New methods might need to fit into these situations that already work.

                            ““Light” wallets without a copy of the blockchain should run nearly anywhere. “

                            I mean, it’s good to know that. It might address my concern. However, blockchain’s concept is you can’t trust anyone. You need to be verifying stuff with so much on the distributed ledger.. The traditional systems don’t keep logs and check logs since we don’t think that’s necessary for the whole ledger. If not doing the checks (aka trusting outsiders), might as well trust firms and tech that have been delivering for a long time.

                            “You can also check your address balances using a block explorer website.”

                            That’s useful. The usability looks horrible compared to online banking, though.

                            “This is a tough criteria to compete on, even for powerful foreign currencies.”

                            You literally just have to use dollars. That’s it. There’s also a few countries whose currencies are pretty stable. One, Switzerland, has strong laws about finance. It’s only so hard for cryptocurrencies since they’re trying to replace payment systems and currencies. Just doing the former makes the job a lot easier on the payment side.

                            “There is a “stablecoin” project built on Ethereum called MakerDAO, which uses collateralized smart contracts to issue DAI tokens with a stable $1 value. “

                            Now, that is interesting. That also looks incredibly complicated. Lots of potential risk in the description. At least they had a fale-safe provision toward the end in event of security breaches and such that was controlled by voting. I like that. Better than pretending nothing can happen. Bookmarking it.

                            “Bounties on gitcoin are mostly paid using DAI.”

                            Gitcoin is interesting, too. The dollar amounts on the side look decent. I occasionally run into people looking for stuff like this. I’ll pass it on.

                            “There are multiple free wallets you can install”

                            Far as these side projects, just finished my trial of AliExpress with small-ticket items. That went about as smoothly as you might guess. My SharkWatch is nice, though. Helps the memory-impaired keep date in mind while still looking cool. Be nicer if they send me the manual. Last seller issue I’m working on. AliExpress might be safe for clothes and stuff. Just nothing needing manuals, quality, or water resistance. ;)

                            Note: It’s actually a good example of why I like escrow and chargebacks being available. The possibility of them plus reputation helped in two cases. Had to use it for real in one.

                            Although I’m pretty overloaded, being doing with AliExpress experiment leaves me time to try some cryptocurrency. I might try to put a small amount of money into some of these things just to get a feel for what using it is like today. Just a little use here and there over this year. Let’s say I’m focusing exclusively on Bitcoin (esp w/ Lightening), Ether, Dai, and Zcash. I’m on Linux and Android. What app? What exchange (esp easy conversions between them)? What is trustworthy? What tutorials do yall give people for deposit, buy, and withdrawl? And what general-purpose sites become my new stores or whatever that accept payment?

                            1. 3

                              Hey Nick! Pleasant surprise to see a reply from you; I assumed this thread was dormant by now.

                              I don’t have a great answer for your offline-only situation, but here are some thoughts:

                              1. You could hand someone a paper wallet with the exact amount of bitcoin in it that you want to transfer. This isn’t ideal, because the wallet creator could have a copy of the private key. You need to withdraw from that wallet as soon as possible.
                              2. OpenDime is a hardware wallet designed to be handed off, but they cost $13 each. Because the private key is only stored inside the device, it’s more trustworthy than a paper wallet. It also includes software for checking the balance.

                              It’s funny that you mention checks because I can hardly think of a less secure way to transact. When I learned that checks have your account number in plain sight, with no authentication mechanisms for deposit/withdrawal, I was shocked.

                              Overall the offline situation isn’t well-addressed by bitcoin, but I’m not sure that it needs to be. Credit cards also require an internet connection. The new stipulation is that you need a smartphone or PC. I think this is reasonable. In catching up to the developed world, Africa skipped over the card/check stage and went straight to mobile payments.

                              Regarding light wallets, I definitely believe that people ought to run their own full nodes. Light wallets are still useful because they can run on lightweight devices and connect to your full node running at home. There isn’t enough room for the blockchain on my phone, so I must use a light wallet on that device.

                              MakerDAO is certainly interesting. It is complicated, but I like how it brings all that financial sausage to the forefront. Banks are just balance sheets: assets matched against liabilities. So it is with Maker. One important note: Maker relies on the value of Ethereum for collateral purposes. It can’t exist independently of valuable collateral.

                              There are many different visions of what cryptocurrency is and should be. My favorite narrative is uncensorable e-gold. The most common other narrative I encounter is e-cash: an amalgam of “bank the unbanked”, “free/cheap payments”, and “non-volatile store of value”. DAI is a pretty good e-cash, but I want e-gold. I believe bitcoin has the best monetary policy of any currency (including physical gold), and I am able to stomach today’s volatility. That’s obviously not true of everyone.

                              Spending just one paragraph on the e-gold narrative, I’ll focus on the stock-to-flow ratio. Gold and silver have historically been the best reserve assets because of their scarcity. All newly-mined metal deposits dilute the existing supply, which requires new saving to offset the supply increase or the price will drop. Gold’s stock-to-flow is over 60x. Silver is in second place with around 20x. This means that given the same yearly savings rate, gold will be 3x as valuable as silver. The superior stock-to-flow ratio means gold actually attracts much more investment and commands a significantly higher price than silver. Bitcoin started with a very high emission rate, which has slowed down over time. Every 210,000 blocks (about 4 years) the rate of bitcoin creation is halved, which is highly correlated with an increase in bitcoin price. After the next halving, bitcoin will have a better stock-to-flow ratio than gold.

                              Here are falsifiable predictions I expect will be borne out in the coming few years:

                              • Cyclical corrections have a 85-90% price drop. We are at or near the bottom for this cycle.
                                • Failure = a price drop below $2k (weak failure) or $900 (strong failure)
                              • The absolute cyclical low will be made before the May 2020 halving.
                                • Failure = a new low after the halving
                              • The old peak price of $20k will be surpassed after the next halving but before the end of 2022.
                                • Failure = no new all-time-high by the end of 2022
                              • The next peak price will occur before the end of 2023.
                              • There will be another bubble burst after the next cycle peak, followed by yet another >80% drawdown.

                              It is harder for me to champion bitcoin’s e-cash narrative because it’s not something I personally prioritize. I would rather transact entirely in bitcoin than repeatedly cross through crypto-fiat gateways, which admittedly have a lot of friction. Speaking of which, I wasn’t aware that you could pay with cryptocurrency on AliExpress; how are you managing that?

                              I like escrow and chargebacks being available. The possibility of them plus reputation helped in two cases. Had to use it for real in one.

                              Chargebacks are nice to have in a spending asset, but not in a savings asset. I think it’s important that base-layer money is not susceptible to chargebacks or other seizure. Consider how many businesses charge less for payment in cash. In addition to credit cards’ transaction fees, they also have a chargeback risk. This is even more important on the international stage. It is very scary to Russia and China how the USA is willing to interrupt SWIFT payments as a political weapon, or reassign ownership of a central bank account as in Venezuela. Those two nations are currently focused on acquiring physical gold, but it underscores the same property: protection against asset seizure.

                              Escrow services are available for bitcoin, although not many long-lived or reputable ones. Another option is a 2-of-3 multisig wallet, which only requires two of three keys to release the funds. That building block would allow you to implement escrow with your own trusted 3rd party.

                              My favorite cryptocurrency software (entirely FOSS, of course):

                              • Electrum - Rather than generate an inscrutable private key, Electrum helps you generate a seed word phrase which is much easier to write down and remember. You can save wallet data in an encrypted file, or re-enter your seed phrase if you’re using an amnesiac OS such as Tails.
                              • bitcoind - The reference full node implementation by Bitcoin Core.
                              • lnd - One of several Lightning Network node implementations. Pierre Rochard wrote a thorough guide to setting up lnd, including a GUI node launcher and screenshot-supplemented instructions. Note that lightning is still experimental; it works and is incredibly fast, but you should only use it with small amounts while it gains maturity.
                              • Samourai Wallet - A light wallet with support for very cutting-edge features, especially those which help with privacy. Integration with OpenDime. They plan to sell plug-and-play full nodes which can be paired to your light wallet.
                              • Wasabi Wallet - A light wallet that implements “trustless coin shuffling with mathematically provable anonymity: Chaumian CoinJoin”. All outgoing payments are shuffled with other Wasabi users. Supports Tor and other privacy features.
                              • Metamask serves well as an Ethereum hot wallet. It also works with ERC20 tokens such as DAI.

                              Electrum was the target of a phishing attack. It’s probably a good idea to use GPG to verify any/all of the above software if you plan on using it to handle large sums.

                              I don’t know of any completely-open hardware wallets apart from OpenDime, which isn’t exactly designed for everyday spending. Trezor and Ledger are the two most popular hardware wallets, and they are mostly open-source. They support a multitude of coins, including BTC, DAI and the others you named.

                              I don’t like most exchanges, I merely tolerate them. USD to BTC conversion typically requires going through KYC/AML laws and involves a fee. I am marginally satisfied with Coinbase. The regular UI is simplified and has a 1.5% to 3% fee. If you login to Coinbase Pro and set a limit order below market price, then there is no fee but you’ll have to wait for your order to fill. Another US alternative is Gemini.

                              Bisq is a decentralized fiat-to-BTC exchange that looks promising, but the liquidity just isn’t there yet. I hope it grows and will be paying close attention.

                              In case you missed it, check out my other comment where I respond to the per-transaction energy cost.

                    2. -2

                      Perhaps you didn’t see, but I edited my comment with a link explaining why the media blitz about Bitcoin and the environment is politically motivated fake news as usual. I can dig up more links on that subject if you would like.

                      Re the risks associated with holding your own keys (as you should), sure:

                      • Backups
                      • Multisig
                      • Paper wallets
                      • Social key recovery (we are seeing several wallets with this feature)
                      1. 9

                        Perhaps you didn’t see, but I edited my comment with a link explaining why the media blitz about Bitcoin and the environment is politically motivated fake news as usual.

                        The first link I posted, the Digiconomist one, was a rebuttal to that very Hacker Noon article. It’s not like I didn’t know about it.

                        Re the risks associated with holding your own keys (as you should)

                        Most people suck at IT. They are aware of this, and make the conscious choice to avoid being in charge of their own security wherever possible. Hence keeping all their coin in exchanges. Hence consulting companies who offer to take care of all of it for a fee.

                        1. 1

                          What exactly about that article did you find convincing? The ease with which one can measure Bitcoin’s energy consumption?

                          That isn’t an argument about why Bitcoin is bad. It’s an argument in favor of Bitcoin over the existing financial system.

                          1. 11

                            Well, lets compare this throughput per CPU or watt in regular banking to what the Bitcoin network does with the piles of mining hardware it references. It’s taking over a thousand times the hardware, each one uses several times more energy than a regular server, and the result is way fewer than 2+ million transactions a second non-blockchain tech hits.

                            So, the system is clearly using a mind-boggling amount of energy to do a tiny fraction of the same work. Even having mutually-suspicious parties rerunning the same workload on databases checking security 10 times over still doesn’t get hardware/energy usage nearly as high or transactions nearly as low. Bitcoin is just, by design, higher energy for lower work than other tech optimized for throughput and/or energy.

                            Also note that Im using a strongly-consistent database. Might be able to do what I described with one of the eventually-consistent, key-value stores. They’re usually way faster.

                            1. 1

                              So, the system is clearly using a mind-boggling amount of energy to do a tiny fraction of the same work.

                              You’ve shown no evidence of this so far. Comparing Bitcoin to FoundationDB makes no sense at all.

                              I’m more than willing to cede the point if I see a remotely fair comparison for the services provided, but I’ve yet to see anyone do one.

                              1. 6

                                I said in how banking normally does it. The transactions would be in regular databases checked by multiple banks and/or regulators. I used 10 in my example.

                                Tiny fraction of your model. Get robbed way less with insurance up to certain point. Chargebacks helped me deal with bad merchants. Stolen cards had me liable for nothing or $50 max. My wallet device is free and easy to make.

                                Bitcoin sucks in comparison.

                                1. 4

                                  lets compare this throughput per CPU or watt in regular banking to what the Bitcoin network does

                                  I said in how banking normally does it.

                                  Even if we ignore everything outside of the USA, “how banking normally does it” requires thousands of armoured Loomis Fargo trucks, tens of thousands of climate-controlled brick-and-mortar locations, half a million tellers commuting to work…
                                  …all of which was left out of the Bitcoin vs. DB comparison.

                                  The energy cost of a Bitcoin transaction is (relatively) easily apparent because effectively all of the energy Bitcoin uses is directly tied to transaction processing. By contrast, the energy cost of a “normal bank transaction” is harder to compute because a large portion of it is effectively an externality.

                                  1. 5

                                    “ requires thousands of armoured Loomis Fargo trucks, tens of thousands of climate-controlled brick-and-mortar locations, half a million tellers commuting to work…”

                                    Bitcoin is bootstrapped by and interacts with that system. So, it uses all of that, too, on top of its own energy use. They exist together until nobody ever brings a dollar to or from the Bitcoin ecosystem. That’s always left out of Bitcoin supporters’ comparisons. Apples to oranges, though, since all that isn’t required if our alternative system ditches cash. Now, let’s design an apples to apples alternative since, like Bitcoin, we’re free to come up with arbitrary designs for alternatives.

                                    “Bitcoin vs. DB comparison.”

                                    Money is just numbers in databases at the Federal Reserve and all its banks. The centralized alternative would just be these databases I describe saying how much money you have. Then they describe the changes in the transactions. That’s all it takes if we’re just talking moving money around. There’s online banks with no branches or cash. There’s platforms like Venmo for digital transactions. If you don’t want physical cash, then we can indeed create online banks without all you describe or payment providers like Venmo/Paypal.

                                    In my model, decentralized checking just requires a standardized way for them to exchange logs, multiple parties running checks (hashes/sigs/comparisons), and standardized ways to deal with problems (the security protocols). Throw in a number of participants in different countries, mostly with laws stipulating damages on certain types of fraud or bank scams. All contractually agree to follow the rules of the distributed, checking scheme with high damages for failures. All of that can be built on ultra-fast, commodity tech. Some components of such tech were also formally verified for correctness by various CompSci and industrial projects. So, over time, it can be made more trustworthy than the highly-complicated schemes for decentralized payments. Still wins out by far in the apples to apples comparison.

                                    Oh yeah, one other thing: many people don’t want their day-to-day money in something they can’t understand. Most people can understand the basics of how a credit/debit card uses their money in a ledger. They get it pretty quick. The description of the Lightning Network looks like a pile of complicated gibberish by comparison. They’re not going to understand that at all. So, the model basically reduces down to trusting a third party for them. What they’re already doing with their banks with some legal protections for common ways banks will screw them. They also know from media reports on various losses and scams that they effectively have no protection on Bitcoin side. So, they’ll choose the thing they understand which works really well with a maximum, legal loss of $50 per card.

                                    1. 1

                                      many people don’t want their day-to-day money in something they can’t understand.

                                      Are you telling jokes now?

                                      The description of the Lightning Network looks like a pile of complicated gibberish by comparison

                                      The Lightning Network is child’s play to understand compared to the criminal fraud the Federal Reserve is.

                                  2. -7

                                    I said in how banking normally does it. The transactions would be in regular databases checked by multiple banks and/or regulators. I used 10 in my example.

                                    Wow, I had no idea that I could compete with the international banking system and provide the same service (or in the case of Bitcoin, better), by running a simple RDBMS.

                                    You’ve really opened my eyes. I’m sure there are others here who are also wondering why they didn’t think of this before. You deserve some sort of award, really.

                                    1. 6

                                      I said transaction processing part. Stop trolling. Besides, your side claims to compete with international banking using just a slow/energy-hungry protocol, some mining hardware, and some software. Much wilder claim than mine which builds on banking’s own fundamental mechanisms: databases, networking, and some custom software.

                                      1. -2

                                        Stop trolling.

                                        Here is a conversation about Bitcoin’s energy usage, and you come along saying that an RDBMS can do what Bitcoin does.

                                        I’m not the one who’s trolling here. :)

                                        1. 8

                                          I said multiple parties running an RDBMS and/or logs checking each other can do what Bitcoin does. Running transactions within the financial institutions using regular databases (can already do that). Anything shared that has to be trustless can be provided as a log with signed hash to those checking it. All the checkers hash the log, check sigs, look for any risk patterns they’re interested in, and update a shared state probably with some human review of that part.

                                          It takes way less energy and time to do some database transactions, share logs, and crypto-check them… all stuff our CPU’s and networks are optimized for I’ll add… than to do the equivalent using a protocol designed to take more time and energy. Why do you keep leaving that off if you’re not trolling or in denial mode? It’s designed to require extra work. That’s for the security of the protocol given its difficult goals operating in decentralized environment with less trust. More difficult than traditional, banking risks which allow centralized designs and third parties with efficient protocols.

                                          Unlike Bitcoin designing for extra work, centralized generation with decentralized checking using just hashes and sigs can leverage those efficient protocols. Those are designed for maximum efficiency or good efficiency with some loss due to security functions (i.e. fraud monitoring). Whatever they want. We have everything from ultra-fast DB’s on server clusters to fast ones running on embedded boards with QNX. We have networking cards doing line-rate crypto for traditional protocols and algorithms over networks up to 10Gbps (affordable ones at least). Each generating or verifying party can use cheap-per-GB storage like Backblaze pods with 480TB of storage. Using Viza statistics as example, one Pod per year or a few years should do it.

                                          I’ll also add we have decades of investment into how to secure these things. We know how to do it. Some of these components have even been formally verified in the past. There’s all kinds of veterans to hire on fraud prevention and legal side. The crypto-currencies are more complex protocols than receive/store/log/sign/check. They have more unknowns. So, they use more energy, move more slowly, are harder to secure, and are having big failures since they’re new. So, they’re worse until proven better. That simple.

                                          1. 1

                                            I said multiple parties running an RDBMS and/or logs checking each other can do what Bitcoin does.

                                            Well, what else do you want me to say? You’re simply mistaken about that. 🤷‍♂️

                              2. 7

                                Herein the author ignores that even with his own optimistic 25 TWh per year energy consumption estimate, the Bitcoin network still has an average per transaction electricity footprint of 300+ KWh (processing 81 million transactions in the whole of 2018). Even with a bizarrely optimistic emission factor of 10g of CO2 per KWh (note that pure hydropower may have an emission factor of 4g/KWh), that’s still a carbon footprint of 3 kilograms of CO2 per transaction. By comparison, a VISA transaction has a carbon footprint of 0.4 grams (a factor 7,500 difference).

                                That part.

                                1. 3

                                  You can measure the total energy used for bitcoin mining, but I’m not sure it makes sense to do a per-transaction analysis. Energy consumption has no correlation to transaction throughput.

                                  The only thing that hashpower affects is chain security. The more energy is spent on mining, the more expensive it is to conduct a 51% attack. Energy spent on mining doesn’t affect transaction throughput except in the very short term, before a “difficulty adjustment” ensures blocks are released at a steady 10 minute cadence.

                                  Visa-level scaling is not achievable with on-chain transactions. The firehose of transaction data would grow the chain too quickly for all but the beefiest servers to process. On the other hand, a constrained flow of data keeps bitcoin decentralized. Weaker computers with slower internet connections can still participate and validate transactions.

                                  Bitcoin’s transaction bottleneck was never the energy consumption, but the growth in ledger size. We are working around that limitation with the lightning network, which only writes to the blockchain when opening or closing a payment channel. It’s possible to make thousands of lightning payments with only a few hundred bytes actually hitting the blockchain.

                                  Lightning’s UX still needs improvement, but I am optimistic on the transaction throughput.

                                  1. 3

                                    Thanks a lot for posting this comment.

                                    It’s no secret I am not a Bitcoin/cryptocurrency proponent but I believe this site deserves technical discussions over name-calling and conspiracy mongering.

                                  2. 1

                                    That part demonstrates the author doesn’t understand Bitcoin or the current financial system well enough to properly compare them.

                                    VISA does not do settlements. It is a payment network. You compare it not to Bitcoin (which is incapable of scaling to anywhere near Visa’s transaction throughput), but to things like the Lightning Network.

                                    I could point out a variety of other glaring issues but it’s time for lunch.

                                    1. 4

                                      The ACH Network does settlements. It processes 25 billion transactions a year.

                                      Bitcoin maxes out at 210 million transactions per year (I multiplied 7 tps by 31557600 seconds per year)

                                      If ACH took as much power per transaction as Bitcoin does, it really would be an ecological disaster.

                                      1. 0

                                        You didn’t mention how much power the ACH network uses. It’s also a poor comparison (though a better one than VISA).

                                        1. 13

                                          I can’t find a place where they publish that info. So let’s massively overestimate:

                                          If the entire net electricity produced by the United States (321,879,000,000 kWh per year) went into the ACH Network, then it would take 12 kWh per transaction. That’s still less than Bitcoin’s 300 kWh per transaction.

                                          1. 5

                                            Also good: worldwide electricity production circa 2018 was about 26,000 TWh… So if Bitcoin took 25 TWh to process 81,000,000 transactions, migrating ACH to Bitcoin would result in a 300x increase in power usage assuming perfect scaling, to 7500 TWh — a third of the entire world’s electricity production. Assuming the more realistic 43 TWh number for Bitcoin, that works out to roughly half of the entire world’s electricity production to support the ACH Network’s transaction volume on Bitcoin.

                                            But actually Bitcoin would just fall over.

                                            1. 1

                                              Bitcoin uses less energy than that, and it uses exactly the correct amount of energy for what it does.

                                              Your making nonsensical comparisons doesn’t change that fact. You should be able to tell that the comparison is inappropriate because Bitcoin cannot scale to ACH’s size, so saying things like “it would just fall over” should be a clue that these are different systems doing different things.

                                              Try to use ACH in the way we use Bitcoin. You can’t.

                                              1. 3

                                                Bitcoin uses less energy than that, and it uses exactly the correct amount of energy for what it does.

                                                That blog post claims that econ 101 proves Bitcoin must use exactly the energy it needs to because it is P2P and anyone can mine (and if it didn’t use exactly the energy it needed to, anyone mining and using too much energy would go out of business).

                                                This is incorrect for two reasons:

                                                1. Econ 101 does not give a timeframe under which irrational behavior collapses, even as it insists it will. Repeatedly driving cars into walls is a decentralized operation, and yet the fact that it is one doesn’t make it a valuable use of energy, and even if a tulip mania arose for crashed car bodies it would be an incredibly wasteful way to transfer value.
                                                2. Even taking the blog post seriously, its fundamental premise is wrong. It claims that Bitcoin can be mined by anyone, so it is impossible to extract rents. But Bitcoin cannot be profitably mined by anyone: you need capital expenditures for dedicated mining rigs, and real estate near extremely cheap power. Bitcoin is hardly “decentralized”: because of this economic imbalance a few Chinese mining pools (who can get cheap electrical power, or in some cases are rumored to actually be Chinese power companies shedding excess electricity) control an estimated 60% of the mining power, which by the way is more than enough for a 51% attack. You’ve shifted your trust from regulated financial institutions with global operations and enormous government and private sector oversight to a few unregulated groups operating in China.

                                                FWIW, I don’t have strong opinions about cryptocurrency in general: I just think proof of work is untenable, because it quickly degenerates to “proof of ability to buy specialized hardware and get cheap electricity,” which is not really more efficient or trustworthy or anything compared to the traditional financial system.

                                                1. 0

                                                  You know, I think this comment (the second part of it) is the closet thing I’ve seen to a legitimate criticism of Bitcoin in this entire thread, and that includes the Schneier essay. Kudos to you! 👏

                                                  Let’s jump through some of the things you said:

                                                  regulated financial institutions [..] government and private sector oversight

                                                  This is a laughable claim. We all know these institutions are “regulated” in name only, and have no discernible oversight.

                                                  Bitcoin is hardly “decentralized”

                                                  It is true that Bitcoin has a mining-concentration problem in China. But, true as that may be, I still trust it over the criminal and unregulated banks who have run amok on this planet.

                                                  Why? Well, because even in spite of this threat to its decentralization, Bitcoin continues to perform its duties and provide the services it claims it provides — as advertised.

                                                  If and when that stops being true, I will certainly disavow it.

                                                2. 1

                                                  it uses exactly the correct amount of energy for what it does

                                                  It would use the exact “correct” amount of energy, as defined by pure economics, if it hadn’t undergone an investment bubble that allowed miners to sell 1 BTC for more than it’s actually worth.

                                                  But that’s an economic argument. We’re not economists, and this isn’t a forum for economics. It’s a tech forum, so I’d rather stick to the question of whether it’s possible for Bitcoin to handle as many transactions as other settlement networks, not the question of whether bitcoin miners are behaving in an economically rational way.

                                                  Try to use ACH in the way we use Bitcoin. You can’t.

                                                  Why not? What exactly do you mean by “the way we use Bitcoin?”

                                                  1. 3

                                                    so I’d rather stick to the question of whether it’s possible for Bitcoin to handle as many transactions as other settlement networks

                                                    The answer is no. ACH is centralized, Bitcoin is decentralized. That is why.

                                                    For payments, the Lightning Network lets you securely and in a decentralized way conduct business at arbitrary transaction rates, at close to $0 fees, and without this energy usage you’re so concerned about for some reason (I say that because the concerns are bogus when you study them in depth).

                                                    Why not? What exactly do you mean by “the way we use Bitcoin?”

                                                    You might as well ask why does Bitcoin exist at all?

                                                    As I said before, ACH is centralized. Bitcoin is decentralized. I cannot use ACH to send payments to people in countries all over the world without an immense amount of hassle, wasted time, and extremely high fees.

                                                    With Bitcoin, I don’t even need an account. I don’t need to build a building and staff it with bank tellers. I don’t need to step foot in that building. It’s painless. And on top of that, I don’t have to worry about Bank theft (“asset forfeiture”) or mystery fee gouging or spam in my mailbox or Bank bailouts funded by taxpayers. Bitcoin is anti-tyranny, pro-freedom.

                                                    1. 1

                                                      The answer is no. ACH is centralized, Bitcoin is decentralized. That is why.

                                                      Most decentralized networks scale to more traffic than their centralized counterparts.

                                                      For payments, the Lightning Network

                                                      The Lightning Network doesn’t do settlements, so it’s not a fair comparison to the ACH.

                                                      You might as well ask why does Bitcoin exist at all?

                                                      That’s a very good question. Money is a tool used by society for allocation. Do we really want human resources to be strictly governed by “what the database says”, regardless of whether people know that the money was acquired by stealing someone’s private key? Is “the government goes completely rogue” a part of anyone’s realistic threat model? It’s not like a military coup is going to care what the blockchain says anyhow; they’ll just offer not to shoot you in lieu of payment.

                                                      I cannot use ACH to send payments to people in countries all over the world without an immense amount of hassle.

                                                      You’re complaining about the existence of anti-money-laundering tooling, you dork.

                                                      1. 3

                                                        Most decentralized networks scale to more traffic than their centralized counterparts.

                                                        Not decentralized consensus networks, which is what we’re talking about.

                                                        The Lightning Network doesn’t do settlements, so it’s not a fair comparison to the ACH.

                                                        ACH is centralized, Bitcoin is not, so that also isn’t a fair comparison.

                                                        Do we really want human resources to be strictly governed by “what the database says”, regardless of whether people know that the money was acquired by stealing someone’s private key?

                                                        There is no incompatibility between Bitcoin and the legal system as far as theft goes. If anything, Bitcoin probably gives you more evidence to bring a legal case against someone who stole your funds.

                                                        1. 3

                                                          ACH is centralized, Bitcoin is not, so that also isn’t a fair comparison.

                                                          Special Pleading. I’m done.

                                                          1. 0

                                                            I don’t see how, I clearly justified the significance in the other paragraphs. That you ignored them is on you, not me.

                                                        2. -1

                                                          anti-money-laundering

                                                          Like the ~$23 trillion unaccounted for by the Pentagon?

                                        2. 6

                                          You totally ignored notriddle’s points.

                                      2. 2

                                        I know you’ll dismiss me by invoking some fallacy you can press my comment into, but saying

                                        … is politically motivated fake news as usual.

                                        really don’t help your point.

                                    2. 7

                                      He’s not telling people that have found that blockchain solves their problems that it doesn’t. He’s telling the general audience that it’s most likely not right for them.

                                      1. -4

                                        He’s telling the general audience that it’s most likely not right for them.

                                        As someone mistaken about most of what he says, he’s not in a position to tell anyone anything about public blockchains.

                                        1. 4

                                          I didn’t say anything one way or the other about whether he’s right, just that you’re saying he’s saying something that he’s not and calling him arrogant for it.

                                      2. 5

                                        That’s your refutation: that Bitcoin only uses 25-35Twh/year? And then that some people believe bitcoin solves problems so it is arrogant to say otherwise? Ok then.

                                        1. -1

                                          That’s not the refutation at all. The refutation is that Bitcoin uses less energy than the current financial system. Pretty good refutation if you ask me.

                                          It’s not my problem if people insist on ignoring that point and repeating that Bitcoin makes it easy to measure its energy usage, it’s theirs.

                                          1. 7

                                            Bitcoin does a tiny fraction of what the current financial system does. You could similarly argue that your oil burning 1976 chevy impala uses less gasoline than the current transportation system. I give up on you: if you really believe your arguments, you are squarely in the target audience for the ponzi scheme.

                                            1. -2

                                              Yes, best give up. I am not convinced by weak and ignorant arguments, no matter how often they’re repeated, or how big of a mob repeats them, especially online.

                                              Like this comment. Dude says nothing and gets 16 upvotes for it. That’s the type of quality discussion only Lobsters can be proud of. I’m not convinced I’m not talking to paid trolls.

                                              1. 5

                                                I’m not convinced I’m not talking to paid trolls.

                                                Aren’t you the one who offers blockchain consulting, and would therefore have an interest in protecting the systems’ reputation?

                                                1. 1

                                                  Aren’t you the one who offers blockchain consulting, and would therefore have an interest in protecting the systems’ reputation?

                                                  I do offer blockchain consulting, I do have an interest in protecting the system’s reputation (when it fairly deserves to be protected). None of that makes me a paid troll.

                                                  Being a paid troll is being paid to troll, i.e. things like creating sock puppet accounts to upvote comments that contain nothing of substance, in order to protect a criminal financial system.

                                                  Rational self-interest, arguments based on reason, and investing in something you believe in on its merits is completely different.

                                                  1. 3

                                                    I wasn’t saying you’re a paid troll, assuming such a thing seems ununderstandable in the first place. I was just saying that it seems that you have a fundamentally economical interest in the Blockchain, that would probably guide you’re incentives.

                                                    It’s not like you can just change your mind and assume people will say “he admits that he was wrong about blockchains, what he invested time and labour into, but he’s just as credible as he was before”. Me, a nobody, on the other hand managed this, since I was never too vocal about my support, so changing my mind wasn’t hard.

                                                    Btw, do you know where to apply when I want to get paid for opposing bitcoin? Any banks or other financial institutions you can recommend from experience?

                                                    1. -1

                                                      It’s not like you can just change your mind

                                                      Sure I can. I am always interested in the truth first and foremost. Even you can convince me to change my mind by making a compelling argument. ^_^

                                                      Btw, do you know where to apply when I want to get paid for opposing bitcoin? Any banks or other financial institutions you can recommend from experience?

                                                      Lol, being a tool isn’t hard. It just requires a willingness on your part to be subservient.

                                                      1. 3

                                                        Even you can convince me to change my mind by making a compelling argument. ^_^

                                                        I’m quite sure that you know more about it, after all you’re in the business of selling Blockchain ideas. I don’t see why either you or me should waste time for unpaid sophistry.

                                                        Lol, being a tool isn’t hard. It just requires a willingness on your part to be subservient.

                                                        Well yeah, but I don’t know where to start. Since you mentioned that people are paid to promote anti-bitcoin talking points, I was assuming you have some evidence that you help me? Like specific people actually paying specific real people?

                                                        1. -2

                                                          Yes, do a search on:

                                                          • government propaganda and troll farms
                                                          • psyops
                                                          • CIA infiltration of news organizations and fake stories
                                                          1. 4

                                                            Sadly none of these terms gave me any conclusive points to find someone willing to pay me for commenting on the web.

                                                            Are you sure that you have absolutely no direct and verifiable links to sources offering money in exchange for promoting anti-blockchain ideas? Not just vague references or suggestions on where to look. If you feel better, please use any of the methods listed here to send me the link to the person or persons willing to pay money: https://zge.us.to/

                                                            Hope you can help me.

                                                            1. -3

                                                              I showed you the door, only you can step through it. If you’re not trolling you should have no problem doing that. Send in your resumé to the organizations I mentioned, don’t be a chicken shit troll. They’re more than happy to hire folks like you. :)

                                                  1. -2

                                                    You sound like an excellent prospect for playing 3 card monte.

                                                    1. 1

                                                      Ad hominem doesn’t convince me of your arguments either. :)

                                            2. 2

                                              Thanks for the link addressing(and debunking) the “bitcoin is destroying the environment” argument. Pretty damning stuff which I will be pointing out in future discussions regarding this issue.

                                              1. 2

                                                Contrarianism gets clicks, no matter how unfounded.

                                                1. 13

                                                  Oh no: false promises and hype of cryptocurrencies gets both clicks and massive investment by all kinds of people. No matter how unfounded. Then, this expert on risk whose watched many hype cycles wrote a risk assessment telling people to avoid this one. It got less clicks than a lot of popular content on Lobsters but did get higher-than-average clicks. That’s usually a sign I should pay closer attention to it because it might not be a fad.

                                                  Of course, it isn’t like David Gerard’s articles haven’t been demolishing cryptocurrency BS here on a regular basis with more citations. This stuff didn’t come out of nowhere.

                                                  1. -2

                                                    Lol, David Gerard is a troll who posts laughable arguments that convince only people who haven’t studied the subject.

                                                    false promises

                                                    Name one?

                                                    1. 3

                                                      There’s one person in this thread who comes across as a troll (though I doubt they’re consciously trolling, rather deluding themselves because they’re invested in the cryptocurrency pyramid not collapsing just yet). It’s not David Gerard.

                                                      1. -5

                                                        Powerful, convincing, technical arguments, and totally not emotional rhetorical devices.

                                                        *Yawn.*

                                              1. 3

                                                I can clearly remember a time where you had to upgrade your workstation/laptop computer every 2-3 years in order to run the latest software with any kind of reasonable speed. Those days are over and have been for a while. Obviously computers will continue to get faster but we’ve reached a point where all the extra cycles and memory are spent not on application features but on eye candy and abstraction layers (e.g. web browsers as application runtimes) and we’re starting to plateau on those too. Meaning, essentially, that “old hardware” is capable of doing most anything that new hardware is, except in certain niches like research and gaming.

                                                As an example, my daily driver is a Dell Latitude that is around 6 years old. It is certainly not my ideal machine but I really can’t justify spending $1500 or more on a new laptop when this does absolutely everything I ask of it.

                                                1. 1

                                                  I was going to complain that you removed the table of contents but now I see that the TOC was hidden behind an arrow button the upper left corner. Since it’s one big page already, is there any reason not to just put the TOC at the start of the document?

                                                  Anyway, I’m not here to nit-pick, just wanted to say nice work. TAOUP should be a must-read for every developer. Whether if you work on mainframes, embedded microcontrollers, or web front-ends, the core tenets of the philosophy are applicable to all software development.

                                                  1. 1

                                                    The idea is that you can use the TOC even when you’re somewhere in the document already, without having to scroll up (it also keeps track of where you are already, by highlighting that chapter).

                                                    I find technical eBooks kinda annoying to read in a way, as it’s harder to skip back to a previous paragraph and such. I don’t really have a good solution to this, but this is my half-arsed attempt at making i at least a wee bit better.

                                                  1. 5

                                                    I’m already quite familiar with diff/patch but Rob has a no-bullshit style of explaining things that I really enjoy. Many years back he gave a 30-minute introduction to Python at a local conference which was my first exposure to the language.

                                                    1. 5

                                                      I’d be interested to see a side-by-side comparison of kitty to alacritty. In particular, I’ve been using alacritty at work for a while and while it’s barebones at the moment, it’s exceptionally fast (which is probably my core feature for terminal emulators). That said, kitty looks like a fine emulator.

                                                      1. 6

                                                        Honest question: what need do you have for a fast terminal emulator?

                                                        1. 7

                                                          I have a minor obsession with input latency and scroll jank. It seems to creep up everywhere and is hard to stamp out (Sublime Text is a shining counterexample). I noticed a bit of weird input latency issues when using Terminal.app (purely anecdotal), and haven’t seen the same thing since using alacritty. So that’s the need I have for a fast emulator, it enables a smooth input and output experience.

                                                          1. 3

                                                            I am sensitive to the same.

                                                            This is what kept me on Sublime Text for years, despite open source alternatives (Atom, VS Code and friends). I gave them all at least a week, but in the end the minor latency hiccups were a major distraction. A friend with similar sensitivity has told me that VS Code has gotten better lately, I would give it another go if I weren’t transitioning to Emacs instead.

                                                            I sometimes use the Gmail web client and, for some period of time, I would experience an odd buffering of my keystrokes and it would sometimes completely derail my train of thought. It’s the digital equivalent of a painful muscle spasm. Sometimes you ignore it and move on, but sometimes you stop and think “Did I do something wrong here? Is there something more generally broken, and I should fear or investigate it?”

                                                            1. 1

                                                              Web-based applications are particularly bad, because often they don’t just buffer, but completely reorder my keystrokes. So I can’t just keep typing and wait for the page to catch up; I have to stop, otherwise I’m going to have to do an edit anyway.

                                                          2. 3

                                                            I have to admit, I thought for certain this was going to be Yet Another JavaScript Terminal but it turns out it’s written in Python. Interesting.

                                                            Anyway I would have a hard time believing it’s faster than xfce4-terminal, xterm, or rxvt. It’s been a long time since I last benchmarked terminal emulators, maybe I smell a weekend project coming on.

                                                            1. 6

                                                              kitty is written is about half C, half Python, Alacritty is written in Rust.

                                                              There were some benchmarks done for the recent Alacritty release that added scrollback, which include kitty, urxvt, termite, and st. https://jwilm.io/blog/alacritty-lands-scrollback/#benchmarks

                                                              1. 2

                                                                I just did a few rough-and-ready benchmarks on my system. Compared to my daily driver (xfce4-terminal), kitty is a little under twice as fast, alacritty and rxvt are about three times as fast. If raw speed was my only concern, I would probably reach for rxvt-unicode since it’s a more mature project.

                                                                Alacritty is too bare-bones for me but I could be sold on kitty if I took the time to make it work/behave like xfce4-terminal.

                                                                1. 1

                                                                  I like xfce4-terminal, but it renders fonts completely wrong for me. It’s most noticeable when I run tmux and the solid lines are drawn with dashes. If I pick a font where the lines are solid, then certain letters look off. It’s a shame, because other vte-based terminals (e.g. gnome-terminal) tend to be much slower.

                                                            2. 2

                                                              For me it’s the simple stuff that gets annoying when it’s slow. Tailing high-volume logs. less-ing/cat-ing large files. Long scrollbacks. Makes a difference to my day by just not being slow.

                                                              1. 2

                                                                I don’t care that much about the speed it takes to cat a big file, but low latency is very nice and kitty is quite good at that. I cannot use libvte terminals anymore, they just seem so sluggish.

                                                                1. 2

                                                                  For one thing, my workflow involves cutting and pasting large blocks of text. If the terminal emulator can’t keep up, blocks of text can come through out of order etc, which can be a bad time for everyone involved.

                                                                2. 3

                                                                  I’m on macOS.

                                                                  I used alacritty for a while, then switched to kitty as I’d get these long page redraws when switching tmux windows—so kitty is at least better for me in that regard. Both have similar ease of configuration. I use tmux within both, so I don’t use kitty’s scrolling or tabs. The way I was using them, they were more or less the same.

                                                                  I’m going to try alacritty again to see if it’s improved. I’d honestly use the default Terminal app if I could easily provide custom shortcuts (I bind keys to switching tmux panes, etc).

                                                                  1. 4

                                                                    I came back to Alacritty on MacOS just the other day after trying it last maybe 6 months ago and finding it “not ready” in my head. It’s been significantly updated, there’s a DMG installer (and it’s in brew), a lot more polished overall and it works really well and really fast. No redraws in tmux switches. Weirded redraw artifiact while resizing main window, but snaps to fixed immediately you stop, and doesn’t bother me much. Using it as a full-time Terminal replacement right now, liking it so far, will see how it goes!

                                                                    1. 1

                                                                      Good to know! I’ve installed it via brew now and double-checked my old config. My font (as in, not the default Menlo. I’m using a patched Roboto Mono) looks a bit too bold, so just gotta figure out what’s wrong there.

                                                                      1. 2

                                                                        They’ve updated config files with additional info about aliasing and rendering fonts on Mac. So take a look at that if you are using your old config. It’s not a bad idea to start from scratch.

                                                                        1. 1

                                                                          Thanks for the tip! I did start from scratch and moved over changes bit by bit, but I’ll have to check the new macOS specific lines.

                                                                    2. 3

                                                                      Cool, thanks for your input! I also use tmux, and I haven’t seen anything like what you described (I also don’t really use tmux panes, only tabs). I know there has been a longstanding vim + tmux + osx bug as well, but I haven’t used vim proper in a while.

                                                                      1. 2

                                                                        I think that’s my exact problem (turns out I’m even subscribed to the issue haha). I use neovim so I think it is/was applicable to both

                                                                    3. 1

                                                                      do any of those really measure up when benchmarked.

                                                                      I remember doing some writing to stdout and it alacritty turned out to be slower than say gnome-terminal or whatever.

                                                                      Might’ve been that there was a bug with my intel graphics card though, don’t remember to well.

                                                                    1. 1

                                                                      Is there a list like this that can also automatically remove all of the EU cookie nags?

                                                                      1. 3

                                                                        If you use uBlock Origin, the included “Fanboy’s Cookie List” (under “Annoyances” in the “Filter lists” tab in the dashboard) claims to do this, and works pretty well.

                                                                        I typically turn on all the other annoyance filters while I’m in there. I couldn’t tell you what all they filter, but I do find the web hilariously unusable when I have the misfortune to try to use it without an enthusiastic blocker running.

                                                                      1. 1

                                                                        Dunno how I feel about this. I don’t run NextCloud yet but I’ve been considering it, and my experiences running a Mastodon instance for a few months left me unwilling to try again. Maybe they’ve scaled the requirements, footprint and admin surfaces back to a sane level.

                                                                        1. 7

                                                                          Actually this is a ActivityPub implementation, not a Mastodon one, which actually makes this a little more interesting.

                                                                          By using the popular ActivityPub standard, Nextcloud users can subscribe to and share status updates with users in the so-called ‘fediverse’, an interconnected and decentralized network of independently operated servers!

                                                                          Mastodon is probably the best known implementation of ActivityPub protocol, but there are actually a bunch of federated applications based around ActivityPub. For example there is also:

                                                                          • PeerTube (YouTube-ish)
                                                                          • PixelFed (Flickr/imgur-ish)
                                                                          • Diaspora (Facebook-ish)

                                                                          One of the kind of cool things is that all of these applications are using the same federated publishing protocol, they can federate with each other. I can reply to a thread on PeerTube in Mastodon, and PeerTube will understand it as a reply and display it as such, or you can publish an album on PixelFed and I can see as a posted album in my Diaspora.

                                                                          1. 1

                                                                            I didn’t realize that Diaspora had joined the Fediverse! Good on them!

                                                                          2. 2

                                                                            running nextcloud is pretty easy with docker

                                                                            1. 2
                                                                              1. 1

                                                                                Running it might be easy, administrating and keeping it running never is. This goes for pretty much every server software out there.

                                                                              2. 1

                                                                                I’ve been running NextCloud for years, mainly for the very robust calendar which also happens to have a great UI and stellar integration with other calendar clients (Lightning, Android calendar, iPhone calendar, etc.)

                                                                                1. 1

                                                                                  The post doesn’t seem to say either way whether it’s a reskinned Mastodon server or an independent reimplementation, does it?

                                                                                  1. 2

                                                                                    Looking at the source code it looks like it’s a PHP backend like the rest of NextCloud with a Vue.js frontend

                                                                                    From a cursory inspection it doesn’t look like they’re running all the infra necessary to run a full Mastodon node.

                                                                                    I suspect but don’t know that you’re actually just using their app to federate from one of their instances they’re running behind the curtain, but again I have no bullet proof evidence on that.

                                                                                    1. 4

                                                                                      ActivityPub is an open standard with some lightweight implementations (Mastodon is not one of them). From my cursory look at the source, I think this is a full activitypub compatible server.

                                                                                    2. 1

                                                                                      No it doesn’t give much detail at all. If it’s a reskinned stock mastodon server, that’s a hefty chunk of infrastructure required to run the thing (PostgresSQL, Redis for Sidekiq, etc.) and a lot of under the hood complexity go wrong.

                                                                                      I have mad respect for Eugen and the work they’re doing, but if it is in fact a stock Mastodon server, I’m out. I’m not a Ruby on Rails hacker and don’t have time to become one, and my installation hosed itself pretty hard.

                                                                                      1. 1

                                                                                        There’s always Pleroma if you want lightweight ActivityPub.

                                                                                        1. 1

                                                                                          Pieroma is lightweight, but its upgrade story and to a lesser extent its installation story are … Putting it kindly, lightly sketched out :)

                                                                                          You have to want to become an Elixir/Phoenix hacker if you really want to run a Pieroma with confidence. Not that that’s a bad thing at all mind, but you should be aware of that before you sign up.

                                                                                          At least that was the case a few months ago when my Mastodon instance ate itself.

                                                                                  1. 5

                                                                                    There are essentially two problems with “plus addressing” (is that what we’re calling it now?):

                                                                                    1. A good chunk of online services don’t recognize + as a valid character in an email address. Ten years ago, I chalked this up to lazy coding and lack of understanding the RFCs that hold the Internet together.

                                                                                    2. These days, I’m sure it’s done deliberately because these services want your real email address not the special one-offs that you can then use to block them or track their usage of. Or, if they do accept the +, then sometimes they will silently drop it from your address in an effort to defeat any filtering or blocking you might have in place so that you are more likely to see their marketing wank front and center in your inbox.

                                                                                    One of the benefits of running my own mail server is that I can use “plus addressing” but substitute the plus for any other character I like. I set postfix’s recipient_delimeter to . because a period is accepted as a valid email address username character just about everywhere due to many companies using firstname.lastname@example.com as their email address format.

                                                                                    Of course, on occasion it’s a little weird to call up my bank or whatever and tell them that my email address is bityard.bankname@example.com because that brings up a variety of questions but most of the time it just works and is no big deal

                                                                                    1. 6

                                                                                      Question for the group. If you use Stylus (or used to use Stylish), what do you use it for?

                                                                                      I headed over the the userstyles.org site and most of the styles seem to be “dark themes” or other cosmetic changes like changing the background of a site. Are there more practical uses of the extension? Can it modify HTML or Javascript (where the real power would be), or is it CSS only?

                                                                                      1. 27

                                                                                        other cosmetic changes like changing the background of a site

                                                                                        You call it cosmetic changes, other people call it accessibility.

                                                                                        1. 7

                                                                                          I use it to tweak the layout of some of the sites I use, like moving a fixed top navbar to the side, and making it smaller. Or making narrow columns wider. Small stuff like that, which make the browsing experience much more bearable. I rarely use the social or sharing aspects of it. I haven’t found anything useful there, and I’m not sharing my tweaks either, because they’re very personal anyway.

                                                                                          I rarely use it to hide things, my adblocker can do that more conveniently indeed.

                                                                                          1. 6

                                                                                            I apply a style of body { max-width: 800px; } on a few blogs that weren’t designed with wide browser windows in mind—they spill text across the entire width of the screen, which makes them really hard to read. (You could use your browser’s “reading mode” to fix this, too, but this CSS change usually does the job without breaking any layouts.)

                                                                                            1. 4

                                                                                              Now that I’ve started using Dark Reader, I use Stylus for well-made, site-specific dark themes. Previously I was using the Gruvbox Dark Everywhere userstyle, but its shotgun approach leaves much to be desired. Beware: Dark Reader has some major performance issues on Firefox.

                                                                                              Edit: My installed themes (which I enable along with Dark Reader after sunset): https://ptpb.pw/nUrG.png

                                                                                              Edit 2: Also I enable the Firefox and Tree Style Tabs dark themes. This really needs to get more streamlined.

                                                                                              Edit 3: And then I get to enable dark/night mode on sites that support it natively, one-by-one as I visit them. Sigh.

                                                                                              1. 2

                                                                                                Man, Dark Reader is great. Thanks for bringing my attention to that.

                                                                                                1. 1

                                                                                                  Funny that you mention this. I don’t often long for the days when I had a CSS styling addon installed, but exactly this Dark Reader page made me bob my head back 20cm. That page seems to be made for a mobile phone or tablet screen, not a 27” monitor. Wow.

                                                                                                2. 3

                                                                                                  Fixing fonts on the most obnoxious websites.

                                                                                                  1. 3

                                                                                                    I like to use it to remove ads in core apps I use. I’d like to share the styles I create with others who use those apps. I use the free version of toggl, and they have a persistent, animated thing in the bottom-right corner that tells me the benefits of “going pro”. I just made a stylish thing to display: none the element which matches that rule. It’s great.

                                                                                                    1. 1

                                                                                                      Is there an advantage to that over the “block element” feature that exist in most ad blockers?

                                                                                                      1. 1

                                                                                                        I use brave and Firefox which have some built in blocking. I haven’t thought of that, but I’ll take a look!

                                                                                                    2. 3

                                                                                                      I used to use Stylish - and a predecessor the name of which has slipped my mind - to reduce the size of the UI in Firefox - smaller tabs, less wasted space -> more space for page content.

                                                                                                      1. 2

                                                                                                        i’m considering using it to shrink the gmail sidebar label font - they recently increased it from the same size as email body text to a size bigger, and it’s very annoying.

                                                                                                        1. 1

                                                                                                          I sometimes use it to tweak interfaces, like get rid of annoying panels or adding bold to certain elements

                                                                                                          1. 1

                                                                                                            I just started using this again after forgetting that it existed. Another forum I visit regularly now is ad free and doesn’t waste a bunch of whitespace where these were removed. I created an ironic one for hiding the ads for stylish for android on userstyles.org… :D Also, my day job involves using a console that has a lot of useless (to me) menu items - bye bye.

                                                                                                            1. 1

                                                                                                              Can it modify HTML or Javascript (where the real power would be), or is it CSS only?

                                                                                                              Is it possible for extensions to request access only to modify CSS?

                                                                                                              1. 4

                                                                                                                CSS can still exfiltrate sensitive page content (albeit attacks are harder to write).

                                                                                                                1. 1

                                                                                                                  If you write your own CSS this is no longer a problem :P.

                                                                                                                  1. 1

                                                                                                                    That’s good to know. I’m going to do some reading on this, but do you have anything you recommend?

                                                                                                                2. 1

                                                                                                                  There are two sites I frequent that have awful stylesheets that I can’t stand so I have custom stylesheets that make them look better.

                                                                                                                1. 10

                                                                                                                  My only real complaint about getting rid of the /usr split is that /usr still exists as something other than a symlink to /. The name /usr is basically meaningless. If you aren’t going to support /usr on a separate partition, why bother having /usr at all? Just shallow your hierarchy:

                                                                                                                  • /bin
                                                                                                                  • /dev
                                                                                                                  • /local
                                                                                                                  • /share
                                                                                                                  • and so forth

                                                                                                                  Keep /usr as a symlink to / for compatibility. I’ve suggested this to folks a few times over the years and haven’t gotten much response. By symlinking /bin and friends, you keep /usr as a naming convention, even though as Landley’s post points out, it is one that has lost its relevance.

                                                                                                                  1. 2

                                                                                                                    Having a separate /usr leads to a system of layered configuration. You have the distributor-originating artifacts in /usr, you have your configs in /etc, and local databases/pods/containers/caches/spools/etc. in /var.

                                                                                                                    Also see systemd-tmpfiles(8).

                                                                                                                    Coincidentally something I recall from Haiku.

                                                                                                                    1. 3

                                                                                                                      From a 60ies/70ies UNIX perspective, I can understand this line of reasoning (limited disk space, more primitive file systems). But we can just put every application/configuration in its own flat filesystem namespace to avoid name clashes. It also makes it possible to have multiple versions of applications or configuration files available at the same time.

                                                                                                                      (E.g. nix and guix follow this approach and to a lesser extend macOS application bundles.)

                                                                                                                      1. 3

                                                                                                                        The central problem with just refactoring the file system structure to something that makes more intuitive sense from a high-level view is that it makes life a living hell for package maintainers. They have to grind through the process of not just making sure binaries and libraries get where they should be, they also have to make sure that the software will actually work correctly with things moved around. Some software (especially stuff using autoconf) can deal with this pretty okay, but other stuff is more nightmarish. The closer your system is to “legacy,” the more likely $random_third-party_app is likely to more or less work out of the box.

                                                                                                                    2. 1

                                                                                                                      having circular symlinks can create some interesting tarballs, or make the linker recurse through it a few times.

                                                                                                                    1. 0

                                                                                                                      Rob Landley is the guy who convinced me to start learning Python at a conference panel some 15 years ago. Which has no bearing whatsoever on the content of the post, just something that popped into my head while reading it.

                                                                                                                      1. 4

                                                                                                                        I’ve always found it annoying that Red Hat offers no way to upgrade across major versions. This is to me an essential feature. There seems to be some (very limited) support for it nowadays, but it’s nothing compared to (for example) the Debian upgrade story.

                                                                                                                        1. 6

                                                                                                                          Redhat brings out new versions every ~5years, supports thema fort 10years. After that many years imho it’s beter tot re-install if only to make sure there are no dependencies someone installed by hand. This will make your life easier by reducing technical debt. At least that’s the theory…

                                                                                                                          1. 1

                                                                                                                            And it’s pretty rare to have a system live longer than 10 years in an enterprise environment.

                                                                                                                            1. 12

                                                                                                                              Yeah, you’d think so. You’d really think so.

                                                                                                                              (pours another shot)

                                                                                                                              1. 1

                                                                                                                                Well, obviously there are going to be small exceptions, but can anyone produce an example of a 1000+ system datacenter running 10yr+ old systems for production? Most of my background is HPC, and that would have been quite rare to see because of power inefficiency.

                                                                                                                                1. 1

                                                                                                                                  In the HPC world, that may be true. In a typical enterprise, it’s nothing of the sort.

                                                                                                                                  In a typical medium-sized enterprise, you have multiple datacenters filled with some mix of modern and “legacy” hardware in each. All of this is managed by separate teams operating in their own little silos. Projects come and go based on which middle managers impressed a C-level exec last week on the golf course. Even in a particularly profitable year when the purse strings are loosened up enough to modernize most of the infrastructure, there’s that one fucking server that’s responsible for some highly business-critical task but the person who knew the task and wrote the software (in friggen Delphi or something, probably) retired five years ago. Nobody wants to touch it because there’s no documentation on it and the source code was lost when IT re-imaged his desktop PC after he left. Many have tried to virtualize it or at least upgrade the OS but all have failed. The last time it went down in the middle of the day, the CEO of the company came down personally from the seventh floor just to yell at a room full of IT managers for two hours with the conference room door deliberately left open. The best anyone can do about it now is monitor some opaque queue status built into the thing, have some spare hardware handy, and make sure all the backups still run nightly.

                                                                                                                                  Yes, a company could hire a consultant to come in and disassemble the code to figure out how it works, and then possibly write a more maintainable clone for it. But that would introduce risk to whatever business process it manages and it would cost a lot more money than just keeping the old thing chugging along a little while longer, which is already working fine and, much more importantly, has already been paid for.

                                                                                                                                  That’s the enterprise I know, anyway.

                                                                                                                                  1. 1

                                                                                                                                    I believe Google had this problem and ended up installing Debian over top of each Red Hat box. https://www.usenix.org/node/177348

                                                                                                                                2. 1

                                                                                                                                  Physical systems? Yes. That was the great thing about applications running directly on physical servers. Server warranty expired -> application had to be installed somewhere else, and most likely with a new OS and newer application version. Now with virtualization the VMs simply get migrated to a new cluster when the hardware is EOL. Aaand of course the application is important enough that management accepts the system running although there hasn’t been security patches for years…

                                                                                                                                3. 1

                                                                                                                                  In OpenBSD it is easy and with little pain to perform a similar task, in my opinion that’s one of the benefits of developing a coherent system with unified and carefully maintained set of tools, developed wisely by the same team. In GNU, many of the basic userland operating system programs don’t have the same maintainer, and are not developed as part of an entity.

                                                                                                                                  1. 3

                                                                                                                                    I don’t think you understand, this has nothing to do with the operating system itself. If you leave any system running with users that can access it, bad things will happen. They will put small shell scripts on it that control mission critical functionality without you knowing, store important data on it, (ab)use it to access another system, …

                                                                                                                                    While I agree that being able to do upgrades could in theory be handy, I believe periodically wiping a system and replacing it will end up being better. All depends on your environment/job of course, but I’ve seen a fair share of 8+year old systems, not regularly re-created and accessible by almost everyone in the company. Shutting them down will probably end up causing a downtime somewhere else, or someone will complain about his data becoming inaccessible. This is no fun…

                                                                                                                                4. 4

                                                                                                                                  This is ‘enterprise’ in the Red Hat world works.

                                                                                                                                  You can upgrade FreeBSD from 5.3-RELEAES - by several steps - up to latest 11.2-RELEASE but you can not upgrade Red Hat (or CentOS) from 6.9 to 7.5, because NOT.

                                                                                                                                  1. 2

                                                                                                                                    Looks like upgrading RHEL 6 to 7 server on x86_64 is supported.

                                                                                                                                    1. 1

                                                                                                                                      Have you checked the details?

                                                                                                                                      • Limited package groups: The upgrade process handles only the following package groups and packages: Minimal (@minimal), Base (@base), Web Server (@web-server), DHCP Server, File Server (@nfs-server), CIFS File Server and Print Server (@print-server). Although upgrades of other packages and groups are not supported, in some cases, packages can be uninstalled from the RHEL 6 system and reinstalled on the upgraded RHEL 7 system without a problem. See the table below.

                                                                                                                                      So no, you can not compare that to freebsd-update and/or pkg upgrade from FreeBSD which will work in ANY condition and with all packages/states supported.

                                                                                                                                      By the way, its only an ‘additional’ article in the knowledge base, its not official documentation of the Red Hat system.

                                                                                                                                    2. 1

                                                                                                                                      Well, the modern way of working is immutable infrastructure (or at least scripted and therefore fastish to recreate) anyway, so that should be a moot point. And yeah, I know, in reality it is not :/

                                                                                                                                    1. 2

                                                                                                                                      TBH, the amazing part is not that it got pwned, but that the attacker was incompetent enough to drop a simple easy-to-read shell script in plain sight. With passwordless sudo, it would have been beyond trivial to instead install a rootkit that can hide every shred of evidence that the host was compromised. In fact, it’s fairly likely that one already is installed and the author just doesn’t realize it yet.

                                                                                                                                      1. 1

                                                                                                                                        The author said he’d wipe the pi and reinstall next visit, with an SD card reader to handle that.

                                                                                                                                        1. 1

                                                                                                                                          Sure, but in the meantime a probably-compromised raspberry pi is sitting out there on the internet.

                                                                                                                                      1. 2

                                                                                                                                        What any reasonable person SHOULD do is: wipe the pi and reinstall. I would have done that if I had an sd card reader with me. I might do it on next visit. But for now, this seemed enough.

                                                                                                                                        No. What a reasonable person SHOULD do is not running a machine with default credentials; especially when you are handing that thing to a layman a. Unless he used that pi as a honeypot.

                                                                                                                                        Also I hope he reported the issue to the police. I know that there wouldn’t be any outcome but in the long run the police will only be able to get knowledgable officers for such kind of crime if the numbers rise. At least that’s what I have taken away from multiple chats I had with the force in Germany.

                                                                                                                                        1. 3

                                                                                                                                          In the US, you would be laughed right out of the police station if you came in to report that somebody uploaded a malicious program to your $35 raspberry pi that you forgot to change the default password on. And rightfully so.

                                                                                                                                          1. 1

                                                                                                                                            The point of the officers I spoke with was that there’s basically not enough budget for the “cybercrime” department and the more crimes are being reported the better (but still slim) are the chances to change that. But maybe this is not representative even for Germany.

                                                                                                                                        1. 15

                                                                                                                                          Some historical perspective on the origins of our industry:

                                                                                                                                          • Computers and tabulating machines prior to the 20th century were mainly concerned with generating tables of numbers (mostly useful for gunnery and navigation), census-taking, and accounting (naked capitalism).
                                                                                                                                          • Analog and digital computers as we know them in the 20th century were developed and used for the first decades of their existence to do mostly military work: calculating ballistic tables, simulating physics of interest to fission, tracking and controlling anti-aircraft guns, targeting missles, and so forth.
                                                                                                                                          • The first networked computing systems in common use were for Naval ships coordinating fire control and for ground anti-aircraft and missle systems.
                                                                                                                                          • MIT via Lincoln Laboratory and Bells Labs did extensive defense work, dating back to the very founding of those institutions.
                                                                                                                                          • Integrated circuits exist so we could make better missle warheads. Huge amount of defense funding.
                                                                                                                                          • GPS exists to help deploy military units, mark artillery targets, and guide missles. The street found its own uses for these things.

                                                                                                                                          We can point to visionaries like Vannevar Bush and their pure dreams for things like augmenting human intellect with hypermedia but those same people never ceased to work for their country on horrifically powerful weapons.

                                                                                                                                          DARPA is probably one of the only reliable sources for decades-out basic research, arguably better than the NSF.

                                                                                                                                          It is not popular in our circles to discuss such things, but then truth remains: military projects have been and continue to be sources of major innovation in our industry.

                                                                                                                                          Further, there’s this bizarre political idea of globalization and open-borders I’ve often seen supported seemingly without thought by folks doing these protests.

                                                                                                                                          Globalization can and does endanger workers by allowing companies to escape what a country might consider to be reasonable regulations.

                                                                                                                                          Not all border-control and immigration enforcement is a bad thing–look no further than the experience of Ukraine in the last few years when faced with an influx of undocumented immigrants.

                                                                                                                                          Frankly, while I support the desire for Labor to organize against Capital when they see their livelihoods and morals threatened, I really do wish they could do so with a bit more of an eye towards reality and strategy. It’s like nobody learned from the Occupy protests. :(

                                                                                                                                          1. 24

                                                                                                                                            I recognize all this history, believe me. What I can say, without getting into a detailed debate, is that the positions you mention are not taken thoughtlessly, and I would encourage everybody to have these conversations about what exactly right and wrong mean to the tech industry. There are certainly a lot of perspectives that deserve to be included, yours among them.

                                                                                                                                            I’ve actually been very frustrated that I don’t see these conversations happening much in the public sphere. Or rather, everybody talks about the tech industry and its moral dilemmas, but I seldom see members of the industry engaging with it, other than CEOs, who therefore wind up representing all of us by default. That really needs to change, and the sooner the better.

                                                                                                                                            I’m tempted to blame the lack of dialogue on the fact that most places where engineers come together are oriented towards technical discussion to the exclusion of politics. But that’s really not the root cause; the root cause is that, in some sense, anyone making an engineer’s salary is part of the establishment and benefits from the establishment, and that makes it a very frightening thing to question whether the establishment is good.

                                                                                                                                            1. 4

                                                                                                                                              I really appreciate your thoughtful input, and I think if everybody had your mindset then discussion would be much easier. Good for you for taking the time to contribute in this manner. Yet, I also find that there are lots of people who are intolerant of other’s perspectives if they differ from there own, which can make discussion unappetizing for people who’s primary goal at work is to get work done and not engage in public debate.

                                                                                                                                              However, writing this comment has made me realise that if I want to help encourage a more thoughtful and nuanced debate within the industry (which I believe is vitally important), I have to be part of making it happen. I guess this involves taking the risk of people not liking me if my views differ from theirs, being honest about why I hold my own views, and open to changing them though constructive, respectful discourse and reflection.

                                                                                                                                              1. 3

                                                                                                                                                Well, indeed. :) I couldn’t have said it better.

                                                                                                                                              2. 4

                                                                                                                                                I’m tempted to blame the lack of dialogue on the fact that most places where engineers come together are oriented towards technical discussion to the exclusion of politics.

                                                                                                                                                There’s a reason for this. Most people’s political beliefs are held at least as strongly as their religious beliefs and they are just as difficult to change. When people talk about political and religious beliefs, they like to talk about why they think their own beliefs are right and occasionally why someone else’s might be wrong. This will almost always cause friction between the participants of the conversation unless they happen to have the same beliefs or unless the participants are unusually diplomatic with each other. Since most people are not always super diplomatic when discussing strongly held beliefs, and generally have a desire to get along with the people they work with and socialize with, it’s usually better for all involved to just avoid the big three volatile topics altogether: sex, religion, and politics.

                                                                                                                                                Of course, all of this goes out the window as soon as you login to twitter.

                                                                                                                                                1. 3

                                                                                                                                                  Yes, absolutely understood. I would say that what you’re describing is that people are choosing to prioritize being part of their community over their desire to discuss political ideas. In general, I find this admirable; it takes a lot of maturity to stay off of the topic. But when our industry is at a cross-roads, I think that we have to discuss what comes next, even despite the good reasons not to.

                                                                                                                                                  This is all true in a wide variety of contexts - lobste.rs, Twitter, at work, … In the specific case of conversations at work, staying off of politics is a particularly understandable choice because it might well be necessary for continued employment. This is what I was trying to get at with my mention of benefiting from the establishment.

                                                                                                                                              3. 7

                                                                                                                                                How things were, how things are, how things should be, and how things will be are different things.

                                                                                                                                                It’s 100% true that the modern industry was bootstrapped by military investment and funding. But we shouldn’t forget that the funding is all coming from the same gov’t, and we can choose to have the investment and funding, without having it be in the purpose of blowing people up.

                                                                                                                                                Getting military contracts is a good tactic for a single company to get some success and revenue, and for research to fund itself. But we can also aspire to fund this research directly.

                                                                                                                                                There’s a spectrum of “reasonable military research” here, and it’s totally not black and white. But without guiding principles it’s hard to motivate strong political causes. The tea party did not feel the need to hold back on their principles and now control all three branches of gov’t

                                                                                                                                                1. 1

                                                                                                                                                  and we can choose to have the investment and funding, without having it be in the purpose of blowing people up.

                                                                                                                                                  It sounds true at first that you can separate from them. Then, looking at big picture, you can’t if you’re dependent on infrastructure, tech, and/or research designed by people fine with that for the purpose of doing that. The Net getting funded was one of those. INFOSEC was another that came from military with highest levels still classified as a munition far as I can tell. GPS was another where it’s constantly helping us find things and helping military kill things. It does both by design. The ISP’s are taking piles of money from NSA for spying on people per Snowden leaks but their opponents still pay for Internet from ISP’s. The major platforms, hardware and software, are often DOD suppliers who make money contributing to blowing people up which their buyers support indirectly. That includes Red Hat with its contributions to Linux.

                                                                                                                                                  And yet, here your comment is via lots of tech developed and/or funded by the groups blowing people up. Hard to escape given all the companies trying to get at their money. I don’t know if there’s a single vendor of MCU’s/CPU’s that doesn’t sell to war industries. All we can do is reduce the damage. Then again, DARPA and NSF do the most funding of stuff that can protect people from lots of threats. Pissing them off might hurt a lot of people depending on what you’re working on even if they might hurt others with a weaponization of it. The morality isn’t clear. I guess my compromise so far is government/military work is worth supporting if it can do more good than harm with a decent chance of good being developed outside the government.

                                                                                                                                                2. 3

                                                                                                                                                  The problem is that to organize, you need to class solidarity. If your allegiance to your class comes before allegiance to your nation-state, then you cannot arbitrarily decide that some workers have more rights to work inside the borders of your nation-start than others, even if this directly impacts your well-being and even if this means driving down salaries in your country.

                                                                                                                                                  Renouncing these values means renouncing the values that should motivate you into the class struggle and give in to individualism, that is a tool to maintain the status quo.

                                                                                                                                                  Globalization is a tool of the Capital to achieve profit but fighting it now will just lead to a worse alternative. Also defining what’s possible and realistic according to what the neoliberal paradigms dictates is a tool of the Capital but you seem to deal with it pretty fine.

                                                                                                                                                  1. 4

                                                                                                                                                    If your allegiance to your class comes before allegiance to your nation-state, then you cannot arbitrarily decide that some workers have more rights to work inside the borders of your nation-start than others, even if this directly impacts your well-being and even if this means driving down salaries in your country.

                                                                                                                                                    I agree with your analysis here, and that is why I don’t use that ordering. I would wryly suggest that what is needed is some way of balancing class concerns in such a a way as to favor Labor with an eye towards political boundaries, but the natural English branding of such a thing–national socialism–has rather a lot of baggage.

                                                                                                                                                  2. 2

                                                                                                                                                    I’ll add that both INFOSEC that stops governments (more often) and Tor came out of military research. NSF, DARPA, and CIA continue to fund these types of things. Hell, such dual-use, protective projects are some of best reasons to continue funding these organizations. At least NSF and DARPA anyway.

                                                                                                                                                    Military R&D are a necessity. We can’t control whether the techs will be abused. The U.S. can’t get behind on tech. So, my compromise is we keep investing, keep the ratio toward positive stuff, and get the crooks out of top of government and military. The latter are who abuse the military tools.

                                                                                                                                                    1. 2

                                                                                                                                                      bizarre political idea of globalization and open-borders I’ve often seen supported seemingly without thought by folks doing these protests

                                                                                                                                                      “Globalization” is an overloaded term. The most popular, “negative” meaning is global capitalism. Protestors probably don’t support that kind of globalization. Open borders for individuals, that makes sense, I’m not sure how it’s bizzare.

                                                                                                                                                      1. 2

                                                                                                                                                        Open borders for individuals, that makes sense, I’m not sure how it’s bizzare.

                                                                                                                                                        Why does it make sense? What answer would you give for that example of Ukraine, where a bunch of armed individual Russians decided to make use of inadequate border control.

                                                                                                                                                        If you want to make the argument that we no longer use Westphalian sovereignty, that’s fine, but unless that’s the case a nation must have control over its borders to be considered a sovereign nation.

                                                                                                                                                        1. 4

                                                                                                                                                          Personally, I suppose, I’d say that we clearly need some level of border control for that specific, military purpose. I would also say that border control targeted at civilians is far more strict and intrusive than it needs to be for any policy objective I support.

                                                                                                                                                      1. 4

                                                                                                                                                        Great, now release a version of the Firefox Sync server that people can actually deploy in a self-hosted scenario.

                                                                                                                                                        1. 8

                                                                                                                                                          I was installing firefox on a new linux install the other day, and since a freshly-installed firefox prompts you to do so, I briefly checked out the Firefox Sync signup page, only to see that it prompts you to create an account and agree to Mozilla’s terms of service. I don’t want to have to agree to Mozilla’s terms of service in order to use the service - even if I can trust that they did the encryption correctly and Mozilla can’t figure out what websites I’m looking at if I use it.

                                                                                                                                                          Edit: upon googling, it does look like there’s an official Mozilla repository that provides the code necessary to run your own Firefox Sync server, which is awesome, and I’m going to try this when I have the time.

                                                                                                                                                          1. 1

                                                                                                                                                            Edit: upon googling, it does look like there’s an official Mozilla repository that provides the code necessary to run your own Firefox Sync server, which is awesome, and I’m going to try this when I have the time.

                                                                                                                                                            Yes, the code is available but successfully deploying it is entirely another matter due to dependencies on Mozilla’s specialized infrastructure. I’ve read blog posts from smart people who have tried and AFAIK, they all gave up in frustration.

                                                                                                                                                            1. 1

                                                                                                                                                              Ah, well that’s frustrating. I did look more into their docs for running a Firefox Sync server, but even running your own seemed to rely on having a Firefox Account, and the code for provisioning that yourself seemed even more complicated. I may try this again at some point, but for the time being it does look poorly-documented and more trouble than I want to spend right now.

                                                                                                                                                        1. 39

                                                                                                                                                          Jeff Bezos calling anyone a bully is like a Klan member accusing a neighbor of being racist. People like Bezos get where they are by being an unrepentant asshole to literally everyone except shareholders and reporters.

                                                                                                                                                          1. 1

                                                                                                                                                            Or to talent or to managers. You don’t have to be a personal asshole, just a pushy manager.

                                                                                                                                                          1. 2

                                                                                                                                                            You can pry ncdu from my cold, dead hands