1. 6

    “Those who do not learn Unix are doomed to reinvent it poorly.” –Someone

    1. 8

      I don’t have much experience with “real world” developers, so I might have a wrong impression, but are there people who really think that knowing one language is enough to be a good developer (not to do their job – you often don’t even need to know your language entirely to do so). It seems like something rather basic, and at least in a academical context, you can’t even get around it.

      1. 22

        You could spend your entire career writing a single language, and indeed some programmers believe in the power of a single language to the point of zealotry.

        Personally I concur with the article; a language is just a tool.

        The Seven Languages in Seven Weeks book was transformative for my career and personal development. I recommend it.

        1. 5

          I only bothered to read about 1/3rd of the words in your post completely at random, so I’m going to assume you were most likely advocating that new programmers chase large stable salaries by learning COBOL as soon as possible. ;)

          I have a gut feeling that working in a JVM language without also learning Java might be a bad plan. I suspect that one might eventually learn Java by accident anyway if one works with a JVM language for long enough. So that’s two programming languages already. :)

          1. 2

            Rich hickey much? :)

            1. 1

              I for one recommend checking out “unknown” languages wherever possible, because they often harbour other lessons, or ways of thinking, from what you might be used to.

              When I went through my CS undergrad degree, the University was in the process of changing its CS curriculum. In particular, they were starting to do away with some of the “one language for a term” courses, like taking COBOL or APL for a full academic term. I took a couple of these, though just sat in on COBOL enough to admit that I didn’t want to admit knowing it.

              A friend took one of these multiple-language courses during a spring session, which is compressed into about six weeks. Basically, he had to learn about something totally different, and write an assignment using it, per week. The prof (hey, Dr. Bate!) was brilliant, and could change languages the way most people change socks, but mere mortals found it a challenge. I think I would have liked that one myself.

            2. 4

              Such people absolutely exist. I help my company’s recruiter review resumes from software engineering candidates, and I’ll regularly see someone who learned Java in school, got a job writing Java code, got some Java certifications, left their job to get a job at another Java shop, and to make themselves stand out, point out that they are a regular attendee at some Java conferences.

              I’ve noticed a few patterns, though they’re “patterns” only in that they happen often enough for me to notice them, not in that they represent anywhere near the majority of candidates.

              Java: The language of choice for monoglots with university CS degrees. I can’t remember the last time I saw a CS-degree-holding candidate whose sole language was anything but Java.

              Ruby: The language of choice for non-degree-holding monoglots who go to programming retreats like Recurse Center to sharpen their skills.

              JavaScript: The language of choice for full-stack monoglot web developers, unsurprisingly.

              Python: The language of choice for monoglots who transitioned into software development from some unrelated profession.

              Of those, Java is the most common, Ruby and JavaScript are less common but not too unusual, and Python I only see occasionally. I never see Clojure or Haskell or Scala or Rust or Go monoglots. We’re not a .NET shop, so it’s possible there are a lot of C#-only folks we’re just not seeing.

              The other pattern I see: Monoglot candidates tend to do worse in our technical interviews than polyglots. This holds true even for coding questions in their language of choice that don’t involve any obscure algorithmic trickery. I often ask a question that involves extracting substrings from an input string, and it’s shocking to me, for example, how many “Java developer with 8 years of experience” candidates don’t appear to have solidly internalized the idea that Java strings are immutable.

              1. 1

                As a C# developer (It’s been the main language I’ve made money with over the years), I’ve bounced between a few .NET shops. I don’t think I’ve encountered a C# monoglot yet. Often, C# is paired with another programming language, either SQL (Specifically T-SQL), or Javascript, at least in a business context. I’ve seen people with VBScript in their backgrounds, people with C++ in their backgrounds, people that knew SQL far better, and people who where a bit too fond of copy-paste, but there’s usually at least one other programming language involved.

                That being said, I’ve only worked at 5 companies that use .NET.

                Unlike the other languages you’ve mentioned, I don’t think there are many ways to do just C# usefully, unless you’re a diehard Microsoft fanboy who doesn’t want to do websites or database work.

              2. 2

                I think you can be effective if you know just one language (especially if it is well suited to the domain, or has a lot of specialized libraries). But I think that you’ll be radically more effective if you know more, just because of the cross pollination. I find it’s harder to generalize if you don’t have at least two languages under your belt.

                1. 2

                  I see no reason a person theoretically couldn’t learn only one language in their entire career but it would be relatively rare, like living in the same house your while life.

                1. 1

                  I’ve been using vscode on Linux for a few years now, which surprises the heck out of me for a number of reasons.

                  I use very little of its full functionality and instead basically use it as a fancy GUI for vim, via the VSCode Vim extension: https://github.com/VSCodeVim/Vim. As a multi-decade user of vim, this extension is impressively complete, I don’t miss of real vim from it. I was actually under the impression that the VSCode Vim extension was using neovim under the hood but that does not seem to be the case. I will have to check out the linked extension to see if I like as much or better.

                  1. 3

                    VSCodeVim can use NeoVim under the hood—and back when I was using [Neo]Vim, that’s how I used it. You just need to toggle two settings and you’re there. In general, I found it worked fairly well as long as you don’t have too many plugins; IIRC, I hit some weird issues around having jedi + the Visual Studio Python plugin + NeoVim all running at once. But if you aren’t a heavy plugin user, it works great, and meant that my custom NeoVim keybindings just kinda worked.

                    1. 2

                      I should mention the onivim 2 project then, as it uses neovim under the hood and is based on Reason/ocaml to compile to native code.

                      1. 3

                        Oni2 is a cool project, but it has actually changed to use libvim instead of Neovim, primarily due to issues with integrating the Neovim build with Oni2’s OCaml-based build/getting everything to build on Windows. The Oni2 author explains more here: https://github.com/onivim/libvim#why-is-libvim-based-on-vim-and-not-neovim

                        1. 2

                          Thanks for the update ; I did not know that and it’s an interesting read about they integrate this way.

                        2. 1

                          Looks pretty interesting, I will have to check it out.

                      1. 44

                        Google search results have got worse and worse over the years. It used to be that the first result of my search was nearly always what I wanted. Now Google insists on trying to be clever, and often the MOST IMPORTANT keyword in the search isn’t even there at all.

                        1. 16

                          A million times this. Google seems far less useful today than it did 10 years ago. Most of the time, I get search results for what Google thinks I’m trying to search for based on popular searches, rather than what I am actually searching for. Basically if your search query is fairly uncommon, Google won’t show you any relevant results, period.

                          There is a big gaping vacuum in the market for a search engine specifically focused on technical users looking for technical content. Who wants to start a company with me?

                          1. 6

                            Isn’t that … almost literally what DuckDuckGo is?

                            1. 3

                              No, DuckDuckGo pulls from Bing, and both tend to change what you searched for to what it thinks you want instead. Even the old trick of +wanted_keyword -unwanted_keyword does not guarantee it will honor your request (they are treated as ‘suggestions’ instead of rules now), but it does help a lot.

                            2. 3

                              I’m sure it started with the demise of: https://www.google.com/bsd

                              1. 3

                                google.com/linux was literally my first contact with Google. I was attending a local Linux user group (are those still a thing?) in the city I grew up in back in South America, and someone told us we should check that out next time we were looking for Linux resources. I remember the quality and breadth of the results was mind blowing, and I immediately stopped using any other search engines. Never thought I would end up working for them about 15 years later, heh.

                            3. 3

                              Catering to the lowest common denominator rather than to people who actually know how to structure search queries.

                            1. 6

                              The “GNU generation” bit hasn’t aged particularly well, if anything I see the influence of GNU disappearing further and further.

                              Apple is removing GPL stuff whenever they can, Android was never GNU at all, Clang has turned into a realistic alternative to GCC (and the competition made GCC better), Musl seems to become a more and more popular alternative to Glibc and Guile has lot less adoption than Lua. So having a non-GNU/Linux system is pretty much feasible/trivial.

                              1. 8

                                GPL licensed software is doing quite well in the enterprise, cloud, and web application space. AWS and GCP (and to a lesser but still very relevant degree, Azure) all rely quite heavily on Linux and the GNU userland. The Linux desktop doesn’t have anything like the market share compared to Windows or Mac but you won’t find many dev tools that aren’t cross-platform for all three.

                                The examples you listed (Android and Apple) are consumer products shipped by companies who would prefer the benefit of integrating and shipping open source software without the burden of having to contribute back to the community in some minimally meaningful fashion.

                                1. 6

                                  I was specifically talking about GNU projects, not GPL projects. The only GNU projects without a serious non-GNU contender these days are what, coreutils and Emacs? The former could be replicated with moderate effort but there is little point to it and the latter is an editor.

                                  My point being that GNU as operating system (as in GNU/Linux) has become less and less important, since it very much feasible to run a fully featured non-GNU/Linux operating system.

                                  1. 14

                                    The only GNU projects without a serious non-GNU contender these days are what, coreutils and Emacs?

                                    Ahem…

                                    1. 15

                                      Isn’t MATLAB a serious non-GNU contender to Octave?

                                      1. 0

                                        No, because Octave is a free replacement for Matlab and Matlab is not a free replacement for Matlab.

                                        There are no serious non-GNU contenders for free Matlab replacements.

                                        1. 1

                                          What do you mean by “free” in “free Matlab replacements”? I don’t think something has to be free (as in beer) to be a serious contender to a free (as in speech) application…

                                          1. 3

                                            The only free that matters to someone whose avatar is a baby gnu.

                                      2. 1

                                        If our baseline is “compatible-with-MATLAB” then yes, Octave doesn’t really have any serious competition in that space (bar MATLAB itself).

                                        But if we’re looking at numeric/scientific programming environments, then Julia, Python + Jupyter are strong contenders.

                                        1. 1

                                          Yep, that is exactly the baseline. There’s lots of Matlab code out there that will be relevant for all foreseeable future. It needs to run on something and that something can’t be nothing but Matlab.

                                      3. 4

                                        How is having a competitor bad? If anything having competition means projects don’t stagnate to internal politics and actually innovate. It’s a shame that there is only one really viable kernel for gnu systems these days. The world would be a lot better of there were several.

                                        1. 2

                                          It’s a shame that there is only one really viable kernel for gnu systems these days.

                                          GNU/kFreeBSD and GNU/kNetBSD are/were a thing. But apparently, there is not much interest in these.

                                          1. 1

                                            Debian GNU/FreeBSD is still developed (albeit at a very slow rate) but Debian GNU/NetBSD never matured enough to have a release before it was inevitably abandoned.

                                        2. 4

                                          Ghostscript, Make (and I am not talking about build-systems, but Makefile interpreters and runners), gettext, R, Nano, ncurses, and as we count coreutils, then AWK, sed, and tar.

                                      4. 6

                                        I think that the existence of non-GNU Linux variants isn’t coming at the cost of GNU/Linux. It’s a separate market that grows independently and still supplies good patches in the projects shared by both.

                                        1. 1

                                          Android was never GNU at all,

                                          Well, the kernel used to boot Android phones is Linux / GNU GPLv2 .. but I get your point; noting in ASOP or any of the core apps is GPL

                                          1. 6

                                            GNU/Linux specifically refers to the kernel Linux plus the GNU userland (compiler collection, coreutils, libraries, etc). Android isn’t running the GNU operating system.

                                        1. 10

                                          The problem with the standard typewriter keyboard is that the weakest and least-agile digits (the pinkies) are the ones that got overloaded with the most additional keys off to the extreme left and right of the main typing area. On my keyboard, this is the distribution for my hands: (not counting the numbered function keys, as these are not normally used when “typing”):

                                          Left hand:

                                          thumb: 0 index finger: 8 index finger: 4 ring finder: 4 pinky: 11

                                          Right hand:

                                          thumb: 1 index finger: 8 middle finger: 4 ring finger: 4 pinky: 16

                                          The strongest digit, the thumb, is given only one key (the space bar) and it’s a personal choice which thumb you use… which means one thumb will go completely unused. So right off the bat, 10% of our fingers are useless for typing. Regardless of how curvy and ergonomic you make it, it would be hard to purposefully devise a more inefficient keyboard for the human hand.

                                          1. 2

                                            You might be interested in the findings of Carpalx. Also, a lot of split/orthopedic keyboards move all those extra keys between the hands instead of exterior to them. My own Let’s Split layout does this.

                                            1. 1

                                              I use my ring fingers for all the satellite keys.

                                            1. 3

                                              Great podcast, great episode, and I already started using its lessons.

                                              For a report that takes a while to load, I made a percent-complete bar graph that ticks up to an upper-end estimated completion time. It’s basically fake - the loader doesn’t know anything about the report’s progress or when it’ll be done. But people like it! They’re much happier to sit and wait and less likely to click on something else out of impatience.

                                              Since I aim high on the time estimate, it usually finishes and displays the report before the loader graph fills completely. Seems bad, right? The loader’s not accurate, after all. But instead, people are happy it finished early. Under promise and over deliver.

                                              1. 1

                                                Do your users know that you’re intentionally lying to them? Wouldn’t a simple statement like, “please hang on, this will take a little bit” be more honest and just as effective? Are there any other ways of achieving the same thing possible without deceiving anyone?

                                                1. 1

                                                  To me this doesn’t seem like a lie, but rather like an effective form of visual communication. It wouldn’t be a lie to display a hardcoded message saying “please wait, this usually takes about X time.” @observator’s loading bar has essentially the same informational content, the only difference being that the hardcoded “X” estimate is presented graphically, along with a helpful timer indicating how much of “X” has already elapsed.

                                              1. 13

                                                Okay, the real solution is protocols like SRP or the new OPAQUE draft. The even more real solution is something better than passwords. It’s a shame SQRL did not take off (I’m not aware of any public services using it exactly, but Yandex does support a very very similar but custom scheme). But the push for U2F is very good, push notification confirmations are also not bad…

                                                But when you use the classic password auth, just use scrypt/argon2, abandoning good password hashes for silly concerns about computation time is not a good idea.

                                                1. 6

                                                  Okay, the real solution is protocols like SRP or the new OPAQUE draft.

                                                  You may find this thread on /r/crypto interesting, in particular since some people seem to believe an adjusted B-SPEKE is the better PAKE than OPAQUE or SRP. CC @Loup-Vaillant since you asked about that originally and probably have a somewhat educated opinion by now.

                                                  If PAKE functions take off, I sincerely hope it won’t require JavaScript in browsers. The NoScript crowd is the one that cares most about security—thus ironically also the one most likely to resist using a JavaScript-based method of authentication. This has already been raised as an issue in the WebAuthn spec, but not yet addressed there.

                                                  But the push for U2F is very good, push notification confirmations are also not bad…

                                                  $36 for two Yubico Security Keys (let’s be real, you need two of them, one to use, one in your bank safe in case the first one is lost or breaks) is a non-trivial investment for the masses. Though I suppose Windows Hello (and whatever browser vendors accept from Apple) will help out with adoption. The JavaScript requirement is still iffy.

                                                  1. 4

                                                    (Mentioning me didn’t trigger any notification like replies do…)

                                                    As far as I can tell, the only way to avoid having the server perform a slow hash, is client side computation. On the web, that means JavaScript, WebAssembly, or some standard added to HTML itself. No way around it. Personally, I think using JavaScript in this case would be justified. It sucks, but good PAKEs have advantages that benefits the user directly, such as not giving away their password to the server.

                                                    The (modified) B-SPEKE that was proposed on the thread I started on /r/crypto is excellent. I’m sold. The biggest advantage over OPAKE is that it doesn’t require point addition. This means we can Montgomery curves, which take less code to implement than Edwards curves, without killing efficiency. And I love small crypto libraries (sorry, couldn’t resist). Now it does require some non trivial primitives:

                                                    • Scalar multiplication (which you need for key exchange anyway)
                                                    • Hash to point (which you have if you use Elligator2 to hide the fact that you’re transmitting a public key)
                                                    • Inversion (modulo the order of the curve), for blinding. Not needed elsewhere, but fairly straightforward.

                                                    I personally plan to add it to Monocypher.

                                                    1. 3

                                                      some standard added to HTML itself

                                                      Or to HTTP instead! It would be awesome if HTTP Authentication supported one of these modern PAKEs in addition to Basic and Digest.

                                                    2. 1

                                                      The NoScript crowd

                                                      Does it really exist anymore? Do people still try to disable all JS? (heck, back when the NoScript addon was a thing, you’d usually configure it to only block 3rd party scripts or only block everything on random blogs and stuff where you don’t ever log in)

                                                      There’s a simple solution for the hypothetical “you’re stuck on an island with w3m” situation:

                                                      <noscript>
                                                        <b>WARNING WARNING WARNING you have JS disabled!
                                                        this fallback form is reduced security
                                                        only use if stuck on an island without a JS capable browser</b>
                                                        <form action="/login-legacy-style-with-the-pake-client-on-the-server">…</form>
                                                      </noscript>
                                                      
                                                      1. 2

                                                        These people do still exist, but they’re very rare. More likely reasons for (transient) lack of JavaScript execution are enumerated in: https://kryogenix.org/code/browser/everyonehasjs.html

                                                        /login-legacy-style-with-the-pake-client-on-the-server

                                                        That would go contrary to server relief (since bad actors could stress the server again through that).

                                                        1. 2

                                                          server relief

                                                          Just rate limit it. I honestly haven’t heard concerns about “server relief” from anyone who actually runs scrypt/etc :D

                                                          Also isn’t PAKE client side lighter than scrypt/etc?

                                                    3. 3

                                                      The even more real solution is something better than passwords. It’s a shame SQRL did not take off (I’m not aware of any public services using it exactly, but Yandex does support a very very similar but custom scheme).

                                                      We find it amazing that only 20 years ago, there was very little encryption on most web sites. Most of the time, the only pages anyone bothered to encrypt in-transit were credit card forms and often not even then. What fools we were! I feel like 20 years from now, we will look back and shake our heads with a sensible chuckle and wonder how anyone was ever expected to remember one long high-entropy password, let alone dozens at a time.

                                                      FWIW, SQRL is not dead, it’s just now finally being considered “done” by its creator. The reference implementation and docs are done and Steve Gibson is traveling and doing talks about it. I believe his intent is to hand off maintenance and further development to the SQRL community so he can get back to working on things that make him money.

                                                      1. 1

                                                        Another approach from the engineering side of things (rather than using more advanced crypto, a la OPAQUE) is to use something like Tidas which effectively just takes the iOS password manager out of the loop and lets you auth directly with public key authentication using touchID/faceID.

                                                      1. 0

                                                        When people complain about agile being nothing but a buzzword-laden wet blanket thrown atop their otherwise superior capability for productivity, I posit that one or more of these is true in their organization:

                                                        1. Management doesn’t “get” agile and sees it has a process to follow for increased productivity rather than what it is: a prescription and framework that values flexibility, communication, iteration towards improvement, and general open-mindedness. (There is no “right” way to do agiile, but there are plenty or wrong ways to do it.)

                                                        2. Even if they buy into it, management is not properly supportive of agile and won’t dedicate the time, resources, flexibility, or even change in business practices required in order to be successful with it.

                                                        3. The biggest one: Agile requires a certain kind of team culture. If everyone (or even anyone) on the team thinks of themselves as some kind of superstar lone coder, you won’t be agile. Many of us are in this profession because we have strong introvert tendencies but agile requires an almost uncomfortable level of cooperation and communication with the rest of the team. Even and perhaps especially with people you don’t like very much. Some kinds of personalities are not cut out for this, and this is not a knock against them, but they may not necessarily be a good fit for an agile team.

                                                        A final somewhat obvious observation: It is way easier to start a team with an agile philosophy than it is to convert one to it. Converting a team to agile can be done but it’s a painful process to ditch well-established processes and habits that “have always worked just fine for us in the past” in favor of experimenting with something new.

                                                        1. 2

                                                          Started reading the comments and TIL that collecting CPUs as a hobby is a thing that people do

                                                          1. 5

                                                            I don’t understand. Why get frustrated with Windows getting in the way of running a *nix dev environment when you can just…install Linux? The Windows 10 OS is basically gratis and you’ve spent $1800 on a decent piece of hardware. Just put Ubuntu or something on it and call it a day.

                                                            1. 1

                                                              Well his first and most visible complaint about windows was the font rendering so I would expect him to have a heart attack when he notices all of the little quirks that tend to come along with the typical Linux desktop.

                                                              1. 1

                                                                The author would probably be pretty unhappy with all of the little quirks of the Linux desktop, but font rendering probably isn’t one of them. Font rendering is so much better on Linux than on Windows that it’s like night and day.

                                                            1. 14

                                                              I agree that Windows is a pain for Linux development — but if one wants to do Linux development, why not … just use Linux? I’ve been using it for two decades now, and I would never willingly switch to Windows or macOS.

                                                              I have a desktop which is finely tuned to exactly the way I work, which enhances my efficiency and productivity, and is fun. Isn’t that the goal?

                                                              1. 5

                                                                I’ve been running Linux for decades and for the most part I couldn’t imagine using anything else. I’m very comfortable with all of the tools available and the highly configurable desktops. The main pain point for me these days is that the more popular desktop environments handle hotplugging of peripherals extremely poorly.

                                                                My main workstation is a laptop with a hardware dock. When undocked, it’s a regular laptop. When docked, the laptop sees (at least) another screen, another mouse, another keyboard, and sometimes a few other things like USB sound cards and scanners. Modern DEs handle this poorly and every time I dock the thing (which can be multiple times per day), I have to spend up to 30 seconds fixing the display layout, window placement, keyboard repeat rate, or audio configuration. I suspect Mac and Windows do better with this but wouldn’t know. I know it can work because a decade ago, GNOME 2 had this all figured out. (Unfortunately it’s successor MATE has other issues.)

                                                                I can’t imagine the pain I will experience when I have to switch to a USB 3 or Thunderchicken dock because that’s what all laptops seem to be moving to.

                                                                1. 1

                                                                  The post is from DHH, the creator of Ruby on Rails. He doesn’t want to do Linux development, he wants to work on a Rails application. Using the *nix toolset is just a proxy, because he heard that this works best on Windows using WSL.

                                                                1. 6

                                                                  Is this for only HTTP, or are they abusing their certs to MITM HTTPS for injecting javascript too?

                                                                  1. 3

                                                                    Do they have a trusted CA to use for a MITM? I don’t think they do.

                                                                    Regardless, assuming they did that’d be a completely different level of attack that would be noticed and discussed on MDSP and would almost definitely lead to their CA being distrusted by browsers.

                                                                    MITMing HTTP sucks. MITMing HTTPS from a privileged position (outside of a client trusting your intermediates) is untenable.

                                                                    1. 2

                                                                      HTTP only. Comcast has been doing this for a couple years at least so I’m not exactly sure how this is news.

                                                                      I am no fan of Comcast in the slightest but I don’t consider this an attack as much as a poorly conceived notification system.

                                                                      1. 1

                                                                        Is it possible to make SSL injection without installing a certificate on the client?

                                                                        I have been worked with bandwidth optimization appliances (Sandvine) for an ISP some years ago and they are able to inject JS in HTTP traffic, not in HTTPS

                                                                      1. 20

                                                                        This is not an apology for Comcast, but my gut tells me that wrapping yet another protocol in HTTPS is maybe not the best idea. To be more technical, TCP overhead and SNI loopholes make DoH seem like a half-solution–which could be worse than no solution at all.

                                                                        Also, I think DoH is yet another Google power-play–just like AMP–to build yet another moat around the castle.

                                                                        1. 16

                                                                          Yea .. I mean, the slides aren’t wrong. And once Firefox is DoH->CloudFlair and Chrome is DoH->Google, who is to say either one wouldn’t just decide to delist a DNS entry they don’t like claiming it’s hate speech. Keep in mind, both companies have already done this to varying extents and it should be deeply troubling.

                                                                          I run a local DNS server on my router that I control. Still, it queries root servers plain-text and my ISP could see that (even though I don’t use my ISPs DNS .. not sure if they’re set to monitor raw DNS traffic or not). I could also pump that through one of my hosting providers (Vultr or DigitalOcean) and it’s less likely they’d be monitoring and selling DNS data (but they still could if they wanted).

                                                                          Ultimately the right legal argument that should be lobbied for is banning ISPs from collecting DNS data or altering DNS requests at all (no more redirects to a Comcast search page for non-existent domains!) That feels like it’s the more correct solution than centralizing control in Google/CloudFlare’s DNS.

                                                                          1. 12

                                                                            I also run a local resolver (a pihole – for dns based ad filtering), but also use DoT (dns over tls) between my resolver and an upstream resolver.

                                                                            It seems like host OS resolvers natively (and opportunistically) supporting DoT would solve a lot of problems, vs this weird frankenstein per-app DoH thing we seem to be moving towards.

                                                                            1. 4

                                                                              not sure if they’re set to monitor raw DNS traffic or not

                                                                              They most certainly do, and a few less scrupulous ISPs have been shown to be MITM’ing DNS responses for various reasons but usually $$$.

                                                                              1. 4

                                                                                Isn’t the real problem here the users choice of ISP? Or has so much of the internet become extremely monopolized around the world?

                                                                                1. 9

                                                                                  In the USA, there is basically zero choice in who your ISP can be, many even big urban areas have only 1 ISP provider. Perhaps if SpaceX can get their starlink stuff commercialized next year, the effective number will grow to 2…. maybe. I can’t speak for other countries, but in my experience they aren’t generally better in terms of options, but they do tend to be better in price. US ISP’s know they are the only game in town and charge accordingly.

                                                                                  1. 2

                                                                                    In the USA, there is basically zero choice in who your ISP can be

                                                                                    That’s understandable, but DoH is not the answer here. Addressing the lack of choice is the answer. If Google and Firefox/CF get a free pass in the US, it affects the rest of the world.

                                                                                    1. 1

                                                                                      I totally agree with you.

                                                                                    2. 2

                                                                                      I am considering myself lucky then. I can choose between anything that can run over POTS, cable and fiber. The POTS and fiber networks being required to open up their network for other ISP’s as well.

                                                                                      1. 1

                                                                                        In the USA, there is basically zero choice in who your ISP can be, many even big urban areas have only 1 ISP provider.

                                                                                        This is not strictly true at all. Most urban areas in the US of A are a duopoly insofar as the internet goes. You usually have a choice for the internet between the cableco or the telco. In addition, telcos are often required to provide CLECs with some sort of access to the copper lines as well, so, there’s some potential for a additional choices like Sonic DSL, although those become more rare because often the telco charges CLECs more for access to this copper than the price of their internet service directly to the consumer, so, Sonic is one of the few remaining independent CLECs out there.

                                                                                        Some areas do have extra third choices like PAXIO, Webpass, Google Fiber, as well as local municipal networks in some areas.

                                                                                        1. 3

                                                                                          10% of the US at any speed have more than 2 providers. When you get into slower speeds, there are 2 choices(telco and cable company).

                                                                                          “At the FCC’s 25Mbps download/3Mbps upload broadband standard, there are no ISPs at all in 30 percent of developed census blocks and only one offering service that fast in 48 percent of the blocks. About 55 percent of census blocks have no 100Mbps/10Mbps providers, and only about 10 percent have multiple options at that speed.” - https://arstechnica.com/information-technology/2016/08/us-broadband-still-no-isp-choice-for-many-especially-at-higher-speeds/

                                                                                          Figure 5 in the linked article above pretty much sums it up. So we are both correct, depending on perspective. :) The FCC thinks all is fine and dandy in the world of US internet providers. Something tells me the Cable companies are encouraging that behaviour :)

                                                                                  2. 1

                                                                                    And once Firefox is DoH->CloudFlair and Chrome is DoH->Google

                                                                                    Once the standards are in place for DHCP (et al) to report a default DoH endpoint to use, and OSes can propagate its own idea, informed by DHCP or user configuration, to clients (or do the resolving for them via DoH), there’s little reason for Firefox or Chrome not to use that data.

                                                                                    That issue is regularly mentioned in the draft RFCs, so there will be some solution to that. But given that there’s hijacking going on, browser vendors seem to be looking for a solution now instead of waiting that this part of the puzzle propagated through systems they don’t control.

                                                                                    Also, web browsers have a culture of “implement first, standardize once you experienced the constraints”, so this is well within their regular modus operandi - just outside their regular field of work.

                                                                                    Lobbying work isn’t as effective as just starting to use DoH because you have to do it in each of the nearly 200 jurisdictions around the globe.

                                                                                    1. 1

                                                                                      Not holding my breath on a legal solution. US gov has not been a friend of privacy, and other governments are far worse.

                                                                                      Only thing coming to mind here is some sort of privacy-oriented low-profit/non-profit organization to pool and anonymize queries over many different clients. Even that’s not so great when most setups are 8.8.8.8, admin/password, and absolutely DNGAF.

                                                                                      1. 1

                                                                                        And once Firefox is DoH->CloudFlair and Chrome is DoH->Google, who is to say either one wouldn’t just decide to delist a DNS entry they don’t like claiming it’s hate speech. Keep in mind, both companies have already done this to varying extents and it should be deeply troubling.

                                                                                        Like Cloudflare not supporting edns.. :/

                                                                                      2. 3

                                                                                        To be more technical, TCP overhead and SNI loopholes make DoH seem like a half-solution

                                                                                        The TCP/TLS overhead can be minimized with keep-alive, which DoT clients like stubby already do. You can simply reuse an established connection for multiple queries. This has worked very well for me in my own setups.

                                                                                        As others have probably pointed out, the SNI loophole can be closed with eSNI. How soon and if this is going to take hold is anyones guess at this point. But I personally see privacy as more of a side effect as I simply care that my queries are not manipulated by weird networks.

                                                                                        This is not an apology for Comcast, but my gut tells me that wrapping yet another protocol in HTTPS is maybe not the best idea.

                                                                                        I would love to agree with you here (and I do so in principle), but from my own experience with DoT and DoH I can tell you that many networks simply don’t allow a direct DoT port, leaving you with either DoH or plain DNS to an untrusted (and probably non-validating) resolver. The shift to “X over HTTPS” is but a reaction to real world limitations, where almost everything but HTTP(s) is likely to be unreachable in many networks. I’d love to use DoT and do so whenever I can. But I need to disable it more often than I’d like to. :(

                                                                                        A minor fun fact regarding DoH: Since a http(s) server can redirect to different endpoints, it’s in principle possible for clients to choose different “offers” - a DoH server may offer a standard resolution on /query and filter out ad networks on /pihole or whatever. And using dnsdist, this is easy to setup and operate yourself. DoH doesn’t really mean DNS centralization but the opportunity for quite the opposite: You could now take your own resolver with you wherever you go.

                                                                                        1. 1

                                                                                          I’m fine with DoH as a configurable system-level feature, but application-level resolvers are bad news, and that seems to be where all of this is headed.

                                                                                          If that’s where it goes, many of applications will default to their own favorite DoH provider for some kind of kickback. The prospect of having to find the “use system resolver” check box for every single application after every other update does not bring joy.

                                                                                        2. 3

                                                                                          HTTPS is upgrading to QUIC, so we’ll eventually have DNS back on UDP, but with proper encryption this time.

                                                                                        1. 8

                                                                                          It’s sad this is even needed. Unfortunately some people think that publishing some code oblige you to support it.

                                                                                          I remember people being upset at Dominic Tarr who transferred ownership of one of his npm modules to new maintainer who turned out to have malicious intents. People were upset that Tarr allowed new maintainer to use his old repository (instead forcing regular fork) or something like that.

                                                                                          Unless you are paid to provide support you don’t have any obligation to user of your FOSS code whatsoever.

                                                                                          1. 6

                                                                                            Many people are aware of the “no warranties” part of most FLOSS licenses.

                                                                                            But Github etc. have made contributing to software development easy and dare I say it , friendly. For better or worse, people expect maintenance and support, and a minority demand it.

                                                                                            While a gruff “read the damn license and leave me alone” is the techically correct way to communicate an absence of support, having a clear, unambigious and neutral way to communicate that is for the better in general.

                                                                                            1. 5

                                                                                              People were upset that Tarr allowed new maintainer to use his old repository (instead forcing regular fork) or something like that.

                                                                                              Unless you are paid to provide support you don’t have any obligation to user of your FOSS code whatsoever.

                                                                                              I don’t know anything about that particular situation but there’s a difference between obligation and trust. Open source authors do not have any obligation towards users of their code. However, if you use someone else’s code in your project or on your computer, you have a choice to make. You can either read and personally vet every line of the third-party code (which takes just as much, if not more effort than simply writing it yourself in the first place), or you can choose to trust that the author has no ill intent towards you. Almost without exception, we chose the latter and because of that, the whole open source software community is built upon trust (and to a lesser degree) reputation.

                                                                                              If you have some code that the open source community trusts, you certainly have the right to hand it off to anyone you chose. There is no obligation to manage the code in any particular way, or at all. But if you don’t vouch for that person, and they do something underhanded with it, those who comprise the community is well within their rights to no longer trust you.

                                                                                              1. 3

                                                                                                It’s very useful to know the status of a project when e.g. comparing alternatives or to know whether submitting an issue is not a waste of time. The choice here is not ‘either you buy support or you assume it is abandoned’. There is plenty of communication bandwidth available.

                                                                                              1. 2

                                                                                                What exactly does the counter-claim involve? The post doesn’t go into detail.

                                                                                                1. 5

                                                                                                  You don’t lay out your entire legal strategy before you’ve had a chance to use it.

                                                                                                  1. 2

                                                                                                    That makes sense, I didn’t give it much thought

                                                                                                1. 5

                                                                                                  This is the kind of transparency that I aspire to.

                                                                                                  1. 1

                                                                                                    For any Lobsters that maintain an ACM membership, how do you feel about this code of ethics?

                                                                                                    1. 3

                                                                                                      I think the ‘public good’ stuff is a pretty sharp turn away from the culture we have now. Unclear whether affected industries (ex: free-to-play videogames) have many ACM members on staff.

                                                                                                      Calling for ‘active’ preservation of diversity is controversial (I support it personally but the arguments over that are certainly ongoing in public). It stops short of recommending any particular active method, which IMO was particularly wise of the authors.

                                                                                                      Other than that it’s pretty standard professional body stuff - same as any other professional body code of ethics I’ve read (that is, accountancy and law in Australia).

                                                                                                      1. 1

                                                                                                        It stops short of recommending any particular active method, which IMO was particularly wise of the authors.

                                                                                                        Good eyes. I think it’s safe to recommend random, blinded selection from a pool where only their work or writings are seen. It sounds too unbiased if anything. I mean, the real bias would be in the inputs, if anything person-specific came off in the writing/projects, and so on. Yet, it’s knocked out a lot of issues while sounding pretty non-discriminatory (i.e. random). That could be default for folks that are worried about perception. It can be phrased as a possibility instead of strong recommendation.

                                                                                                        My method remains looking for X number of talented people in each group, making that the pool, and looking at random samples of entire pool in a blinded way. That way you’re biasing the supply side equally across groups. This is the social justice aspect that will be controversial. From there, each person earns their place based on performance. They know some tricks might have loaded supply side a bit to combat discrimination. However, each person that got in is because they earned it.

                                                                                                        Although I haven’t run it for proof, I strongly believe that a method creating that perception of earned placement… one that’s actually true… would make a world of difference vs things like traditional A.A. or non-white/non-male-only focus in “diversity” initiatives. This isn’t just for my group: lots of non-[majority] oppose methods that are or look like hand-outs favoring knowing they earned it. Probably intrinsic to human nature.

                                                                                                        Combating the injustice problem in a fair way that doesn’t create resentment is a high-priority issue for me. My experience in the South motivates me to avoid re-igniting tensions where possible. My solution focuses on fairness since that perception or need seems to have higher effect on whether reaction to a method gets acceptance or extreme push-back. I encourage people to have at this one to see if it works or is a flop. All I ask is credit for my contribution. If a flop, I’ll own up to that, try to figure out why it flopped, and come up with something more effective. My responsibility since I pushed it.

                                                                                                        1. 3

                                                                                                          I think it’s safe to recommend random, blinded selection from a pool where only their work or writings are seen.

                                                                                                          Isn’t judging people solely on their merit the exact thing that got GitHub into trouble a while ago?

                                                                                                          1. 2

                                                                                                            “Meritocracy” is often used to hide discriminatory practices. At the least, unconscious bias towards outgroups penalizes them. The word itself will instantly cause an argument with folks that focus on that sort of thing.

                                                                                                            My method fixes the supply-side bias to increase minority hires. Then, it blinds the pool during evaluation to counter some or all of that bias. Finally, the process looks at candidates performance in various ways to assess who gets in. The combination is more meritocratic in practice than many places but less than ideal form since I’m trading some merit for inclusive hiring.

                                                                                                            In practice, companies can get by without the best of the best. The ones that say they go for best candidates usually aren’t really hiring the best. One, last benefit is that the best jump ship way faster than the good workers that will come through my hiring process.

                                                                                                            1. 2

                                                                                                              The Scala community still has meltdowns about that time some shitty person was accepted through a blind submission process at a conference. (The process was pushed by the exact kind of people who were afterwards unhappy about the results.)

                                                                                                              So I’m not sure about the wisdom of that approach.

                                                                                                              1. 1

                                                                                                                A close reading should reveal the difference between blind submissions and blind selection. A talk that was never going to be accepted (due to the speaker) shouldn’t have made it to the selection pool.

                                                                                                                1. 1

                                                                                                                  That a bad person can get through a hiring process doesn’t mean we toss the whole process. We can toss that person out instead for whatever made them shitty. Fire them.

                                                                                                                  1. 2

                                                                                                                    That would have been a possibility. Instead there are now semi-official boycotts of conferences whose organizers decided to invite the conference organizer who accepted that submission half a decade ago.

                                                                                                                    1. 1

                                                                                                                      Wow. That sounds kind of childish. I appreciate the heads-up about that stuff.

                                                                                                              2. 2

                                                                                                                The argument against meritocracy as described in the article you linked to seems to be, “a community which aims to be meritocratic is not one if it is comprised primarily of privileged white males, which means it can never be a real meritocracy.” Curious logic, at best.

                                                                                                                1. 3

                                                                                                                  Meritocracy was intended to be a pejorative term:

                                                                                                                  https://en.wikipedia.org/wiki/The_Rise_of_the_Meritocracy

                                                                                                                  1. 2

                                                                                                                    More generously, “if you think you have a discrimination-free meritocracy, but there’s a difference between the demographics on the two sides of the hiring/promotion process, it’s more likely that there is bias than that you’ve randomly got an odd sample”.

                                                                                                                2. 3

                                                                                                                  I think it’s safe to recommend random, blinded selection from a pool

                                                                                                                  For hiring, I think blinding as much as possible is a no-brainer.

                                                                                                                  Amazing how much pushback I got from ‘progressive’ workplaces over blinding our pre-interview code test submissions.

                                                                                                                  That said: hiring is a crapshoot; the only large study I’m aware of in the space comes from google, which found no correlation between interview score and job performance one year in. According to that evidence, they’d be better off drawing candidates names from a hat and hiring them (would be cheaper and just as accurate).

                                                                                                                  ``

                                                                                                                  My method remains looking for X number of talented people in each group, making that the pool, and looking at random samples of entire pool in a blinded way

                                                                                                                  That’s exactly what the best ‘progressive’ conferences are doing for their speaker pools. It involves a lot of very active outreach to fill the pool for some groups but the results have been pretty great.

                                                                                                                  ``

                                                                                                                  From there, each person earns their place based on performance

                                                                                                                  This part is harder (and IMO intractable) to do fairly. Performance needs to be evaluated by a human, and (necessarily) includes things like “works well with others”.

                                                                                                              3. 1

                                                                                                                1.1. The first one instantly knocks out many working for surveillance-oriented and for-profit, owner/shareholder-focused companies. Maybe since some have a large benefit to the public. Folks looking for jobs tend to be able to go for one that aims for more good. Those that don’t might not be able to agree with this.

                                                                                                                1.2. The second one I’m already practicing. You have to be willing to turn down six or more digits to do this. On abstract side, the problem with Do No Harm is one sometimes has to do harm to create the opportunity to do good. They actually acknowledge that in their Do No Harm section. Maybe I could agree to it in a conditional way.

                                                                                                                1.3. Be honest and trustworthy. Again, I can mostly do this. The second I go do business with mass or enterprise markets I’ll not be able to do this. That’s because marketing requires at least selective omission of truths to highlight one’s own products and/or protect their trade secrets. Sometimes outright deception is called for if the environment is predatory in a way that makes the honest disappear. I can be as honest as I can in any given situation, though. The Code doesn’t allow for that here.

                                                                                                                1.4. I help and call everyone out equally or close as I can. I’m already boosting folks that need it. I should be way ahead on this like 1.2. Accessibility tech is only thing I’d be behind on, probably updating my knowledge before a product release. Only problem here is if they force a specific belief system or type of practice here. Long-time readers know there’s going to be an ACM meta on that.

                                                                                                                1.5. Respect I.P. laws. I’m a strong opponent of current I.P. laws calling for reforms. The U.S. system also allows people to get patents without doing anything to earn them before suing real inventors for massive money in often-rigged cases. DMCA abuse is rampant. Although I’d deal fairly, I think I can’t argue I’d respect, according to some courtroom somewhere, all DMCA notices or patent claims. I’d be a target of claims at some point. I’d say fuck them and ACM before I’d stay a member. Introspectively, I feel good knowing we got as far as I.P. laws before I strongly said “Fuck that!”

                                                                                                                1.6 and 1.7: Privacy and confidentiality. The name is nickpsecurity. So, of course. :)

                                                                                                                I’ll just stop there since this is a long comment with plenty for people to consider. I think the nature of capitalism or at least demand-side of employment contracts also makes some stuff in Section 2 questionable. Might not be able or willing to do some of it. Maybe another write-up another day. Also, why look at it if at least one requirement, maybe two, already disqualified me from being “ethical” enough for the ACM? ;)

                                                                                                                I love ACM/IEEE as a researcher. They have great content. I strongly encourage people to get a membership to at least one to see cutting-edge research. Most stuff is cross-posted to both. I just might have to cross my fingers behind my back if I click “I Agree” checkbox on a thing or two. All I’m saying… Oh shit, there I go failing Section 1.3 again… I wonder how many pentesters could make it haha.

                                                                                                                1. 3

                                                                                                                  1.3. Be honest and trustworthy

                                                                                                                  It’s certainly very difficult to ethically do business in a corrupt environment, or with corrupt entities.

                                                                                                                  Respect I.P. laws

                                                                                                                  In context, I’m virtually certain this means ‘obey’ rather than ‘like’. ‘Obey civil as well as criminal law’ is present in virtually every professional bodies code of ethics.

                                                                                                                  1. 1

                                                                                                                    Re I.P. laws. Yeah, that’s what I thought. For the same reasons, I might be found in non-compliance at some point by some party. All I can safely say.

                                                                                                              1. 4

                                                                                                                Some would read this as an ad to move from one proprietary system (Oracle) to another proprietary system (AWS services). The fact that everyone is reacting with joy shows how horrible Oracle’s reputation must be.

                                                                                                                1. 15

                                                                                                                  Oracle is a decent database and a questionable ERP system which is sold by the mafia.

                                                                                                                  As an example, EBS has some modules licensed against your business’ revenue - not just how much you use it, but a one to one assumption that if your sales go up by X your EBS install was to thank; its costs must naturally increases proportionally. Others license against value of goods transported (OTM) and god only knows how much VCP Demantra costs.

                                                                                                                  All those licenses are bundled and squished together, discounted individually, but tracked exceptionally carefully - mess it up and the relations managers go away and their legal comes in.

                                                                                                                  They’re a peach to work with.

                                                                                                                  1. 1

                                                                                                                    That’s seriously fucked up! But why do people even put up with this bullshit?

                                                                                                                    1. 3

                                                                                                                      Because expensive and convoluted software licensing schemes are very much the norm in the enterprise space. Large companies have people, sometimes teams, who do nothing but handle license compliance for the various products they buy from third-parties.

                                                                                                                  2. 4

                                                                                                                    It is an ad. It’s not even disguised. It had a lot of numbers and details, though. Plus, it was a massive number of databases. I was impressed.

                                                                                                                    Edit: just noticed wezm already posted the number.

                                                                                                                  1. 4

                                                                                                                    Can’t we just remove the “data” and say science in general? Any systematic approach to knowledge about our world that is built around categorization or definition is doomed to marginalize those that defy categorization or definition.

                                                                                                                    1. 7

                                                                                                                      Most science done has ethical boundaries they attempt to follow. Some of these boundaries may be more or less compromised. Most scientific studies for example won’t include you without your explicit consent. Data science is more slippery than typical scientific practice because it revolves around data already gathered. Bypassing your consent is MUCH easier. The problem then gets further compromised when we start talking about businesses who may have a profit motive in ignoring scientific norms. Without any of the normal rules, regulations, and protections provided in a normal study they can really go off the rails. Without protection and oversight most businesses will be too tempted by the prospect of profits, and they will always choose what they perceive shareholders will value. Of course, mined data is a toxic asset, especially without consent. It can be illegal, or worse reputation destroying, and I suspect that will only get more so over time. Businesses that “mine data” as their primary way of doing business might lead to a bubble like crash that would be pretty bad for us devs. When that day comes it’s possible we won’t have to worry about this conversation so much, but until then it’s important to talk about specifically where the problems arise.

                                                                                                                      1. 4

                                                                                                                        Nice strawman argument. But, there’s a large jump between science and Seeing Like a State. See: the vast majority of human history.

                                                                                                                        To wit, we are not resources for a state to manage in order to maximise GDP growth.

                                                                                                                        1. 5

                                                                                                                          I’m not sure what about my argument is strawman. In the article the argument is that data science can be used to subjugate or violate the rights of queer people. To quote the article:

                                                                                                                          There’s no test that you give someone to determine they’re “actually” trans, unless you’re a doctor, or a neuroscience researcher, or a bigot (but I repeat myself).

                                                                                                                          If we’re going to argue that data science threatens transexuality because it attempts to understand it or at the very least to categorize it, then we can just throw most natural science efforts out the window too. I don’t think the leap from the scientific method to panopticism is as great as you seem to think it is. The problem is that scientific reasoning can be used for many things, but what it’s best at is systemizing knowledge and define things against other things. That happens to be very useful at building knowledge, and those with knowledge have power, and eventually GDP. I’d love a counter example of a ludite culture that has a thriving GDP and loose definitions around their beliefs.

                                                                                                                          1. 3

                                                                                                                            Whether a person is trans or not, isn’t a scientific question. Cool that you’re going to bring that strawman to your grave tho.

                                                                                                                            1. 3

                                                                                                                              Whether a person is trans or not, isn’t a scientific question.

                                                                                                                              As someone totally not in the loop, why isn’t it a scientific question? Somewhat related to that, why wouldn’t everything also be a scientific question?

                                                                                                                              1. 2

                                                                                                                                It’s currently what many scientists are studying and debating. There’s knowledge, theory, and practices around the subject. It’s definitely a scientific question. Further, it’s a settled question for some while a debated one for others. All depends on one’s views.

                                                                                                                                1. 4

                                                                                                                                  Whether a single person or not is trans is - for now - a question of their subjective experience.

                                                                                                                                  There’s definitely science to be done about whether there are commonalities, biological markers, etc.

                                                                                                                                  1. 2

                                                                                                                                    That’s all I’m saying. Especially the subjective experience. That biological gender is objective with objective data, but trans identity is subjective, is exactly why there’s such a strong debate about whether to accept or reject it. Science has been making the situation just a little more objective. That might help in some ways down the road.

                                                                                                                                    Or make it worse. Never know how scientific results will be [ab]used… Just gotta take the chance since the subject is too important to not investigate.

                                                                                                                                    1. 7

                                                                                                                                      It seems a subtle nitpick to the uninitiated, but receiving the suggestion that a scientist could ‘set them straight’ about their subjective, personal experience is a common enough occurrence that you’ll enrage people if they think you’re doing it, which makes reasonable discussion hard.

                                                                                                                                      Rereading “Whether a person is trans or not, isn’t a scientific question” with that context might make more sense of the reaction.

                                                                                                                                      1. 6

                                                                                                                                        This is the real MVP comment of the conversation. The same way science can’t tell you if you’re “objectively” sad or “objectively” a baseball fan, it makes no sense to ask if someone is “objectively” trans, but that doesn’t mean we get upset at people for crying when their grandparents die or spending hours watching people run around on a field.

                                                                                                                                        1. 4

                                                                                                                                          This response has been absolutely boggling my mind since I’ve first read it. Are you actually comparing gender with an interest for a sport? Then are you trivialising the implications of self-id (which is a thing). I mean, the entire discussion has been one of the catalysts of the alt-right, something I hardly think something like “baseball” could have had brought into life. I guess what they share in common, is that there is big money pushing both (after all, there’s a lot of profits one can make off people who depend on permanent medical supervision).

                                                                                                                                          It’s not a surprise that Gender cannot be scientifically determined (as compared to sex), since it’s social, and has become meaningless in a society that’s relying less and less on gendered division of labour. But how that means that gender becomes individual (an apparent paradox) is foreign to me. People often say self-id is the best solution, because nothing else works. But that doesn’t mean it is good in itself. Nothing works! Because gender is dead!

                                                                                                                                          To clarify this: None of this is meant as an insult against you or anyone else. None of this can be used an excuse of violence or smears. None of what I say is an attack on gender non-conformance. I don’t know you, and don’t wish to comment on your opinions. Ignore me if that’s what you want, I demand no response or attention. I just had to write this, even if it it were all wrong. This thread has already become so off topic, that there’s little more to care about. This topic has severely dealt damage to my mental well-being over the last few months, and suppressing it hasn’t done me well. I’ve been trying to get over it, but at no avail.

                                                                                                                                          1. 3

                                                                                                                                            I agree with you here; I was just using that as an example to help other people see why the specific idea I was referring to was a bit silly. It’s reductio ad not-quite-absurdum to illustrate a point.

                                                                                                                                            This topic has severely dealt damage to my mental well-being over the last few months, and suppressing it hasn’t done me well.

                                                                                                                                            I’m very happy to talk about this privately, if you want.

                                                                                                                                            1. 1

                                                                                                                                              Very kind, but there’s no point to burden anyone with my issues. The usage of the term “severely” was wrong, and I would edit it out if I could.

                                                                                                                                      2. 6

                                                                                                                                        If we’re going to talk in scientific terms it is important that we get the terms correct. So please don’t take this as me being pedantic because most people don’t know the precise definitions of these words. Heck even I didn’t before I had a close friend transition. I think it will help disambiguate and dissolve conflict. Gender specifically refers to the cultural construct, and therefore is subjective. You can have a gender even if you were a cybernetic brain in a box, no body required. Sex is the sexual dimorphism we observe, genitalia, hip size, bone structure, muscle mass, hair presentation, etc. As sexual dimorphism is not a binary, so even though yes your chromosomes may be XX or XY you can be XX with several male features. For example if you found out Hugh Jackman had XX chromosomes you wouldn’t more more likely to marry him, so the sexual dimorphism actually matters a great deal. Traits we generally think of as “male” or “female” often end up on people of either sex. In more extreme cases those traits are “fixed” surgically to fit the “birth sex” (what is perceived to be their sex by the parent, or the preferred sex by the parent). So sex as we talk about it in everyday language is not the chromosomes but rather the sexual dimorphism we observe.It’s quite a bit more common than people would like to think when we start to consider the full gamut of possible traits that can be considered sexually dimorphic. A woman at birth can have a “male” jawline, or a mustache, or a beard, or “male” muscles etc.

                                                                                                                                        Identity itself is a construct, so the only measure we can have is how real it feels to them, the one who is perceiving it. So, the very question of “Is this person’s perceptions about their own identity real” is a vacuous question to answer. It’s akin to debating the tautology ⊤ = ⊤, because you’re debating the reality of a fundamentally immaterial thing. More importantly when a person perceives something about their body, concretely, that doesn’t agree with how their body presents they will go to the ends of the earth resolve that cognitive dissonance. It will cause them great anguish until they fix that. It’s akin to if you woke up one morning with tiny hands coming out of your stomach. Body horror is an entire genre for a reason. There can be an element of body horror for someone like us when we observe someone transitioning, because we are projecting our identity on that person, and imagining how horrible it would be to change our bodies. However this body horror is precisely what many trans people live with when they do not transition. Therefore we should not put our own discomfort above theirs, as what they live with is an order of magnitude more intense than what we experience as an observer.

                                                                                                                                        The debate that arises around this subject is almost exclusively among lay people like you and me, and not researchers. The debates almost exclusively arise from the kinds of loose wiggly terms and the misconceptions around those terms that lay people use. The scientifically incorrect perception of sexual dimorphism as a binary, the conflation of sexual dimorphism and gender, and the conflation of sexual dimorphism and chromosomes are common contributors to why lay people debate on this until their lungs give out. The scientific consensus isn’t particularly divided on this subject. Some people don’t like the results, maybe some find them a bit disturbing, but that’s not the same thing as having a sound basis to doubt the conclusions. As we start unraveling the strings that hold together our consciousness, I suspect we will soon find things that are a great deal more upsetting than this.

                                                                                                                                        1. 1

                                                                                                                                          Very interesting read, thank you.

                                                                                                                                2. 1

                                                                                                                                  Why is GDP even relevant? Lol, life is not a competition to get rich dude, chill down. Also if you believe that ludites or neoludites are against science and tech, you should maybe spend your fraction of the GDP on some book about the subject.

                                                                                                                                  Science is a tool and as such should be treated. You elevate it to a source of truth, which is not. To each problem its tools. Understanding subjective experiences and the formation of identities is not a problem for natural sciences.

                                                                                                                                  1. 1

                                                                                                                                    I certainly didn’t say anyting about GDP being the alpha and the omega. I was meerly making the point–a point which often lost on many counter-culturalists—that the scientific method has proved itself over the last few hundred years to be VERY effective at stockpiling resources: knowledge, material and spiritual. I am actually pretty left-leaning in my own right and have very pessimistic views about the current trajectory of the application of the scientific method to our world. But this isn’t the right forum for those arguments.

                                                                                                                                    I was just trying to make an intellectual argument based on the claims of the original story that if you’re going to attack data science as hostile to the subjective quality of being human, you can go ahead and throw out biology, physics and chemistry which all attempt to categorize and objectify our gender with just as many horrible effects as data science.

                                                                                                                                    1. 1

                                                                                                                                      I don’t think any of those disciplines ever concerned itself with gender. Sex yes, gender no. Gender, if any, is studied by sociologists, anthropologist and so on. Biology has nothing to say about gender. Also it’s not clear what the scientific method told us about spirituality

                                                                                                                                      1. 1

                                                                                                                                        Those disciplines should not concern themselves with gender, but they certainly do. The scientific method has certainly been used to attempt to explain our process of belief from a biologically necessary perspective.

                                                                                                                                        1. 2

                                                                                                                                          If you’re talking about stuff like evolutionary psychology, it’s still hotly debated if, epistemically, they fall into modern science. Otherwise it’s not clear what you’re talking about. I mean, clearly at some point some scientist that never concerned themselves with humanities for sure tried to apply science where it was inappropriate, but Science as a discipline is something else.

                                                                                                                              2. 6

                                                                                                                                Science is essentially the process by which humans seek verifiable knowledge. It is the only tool we have to try to understand the universe we live in without simply taking someone else’s word for it. What would you replace it with?

                                                                                                                                1. 1

                                                                                                                                  I’m not arguing for replacing science. But in the context of the article, the nature of science is to categorize and define, and to do so with a decent amount of ruthlessness with regards to personal privacy and subjective feelings. It is not data science alone that is threatening to queer people. All of science is positioned against the more fluid and unexplainable aspects of being alive.