1. 3

    I think GitLab uses a better approach. Secret environment variables (holding keys/passwords) in CI are only accessible from protected contexts. You can configure who is allowed to create or update such protected tag or branch.

    1. 4

      Something else GitLab does is provide a ephemeral API token to CI jobs. It’s only valid until the job ends, so it can’t be extracted and used elsewhere later on. It’s limited in scope (and obviously isn’t useful when your CI job has to interact with external services) but the approach is very useful when working with Docker images written by someone else.

    1. 7

      There’s far more open-source software out there than distributions can or will ever maintain and distribute. If you’re writing niche software (open-source has a long tail of projects with a very small number of users), your project probably won’t get picked up and included in a distribution - so you’ll have to find some way to distribute it anyway.

      Based on one of my own projects that has been included in multiple distributions, you can expect no communication if a distribution does pick up your project and package it. Users can pick the packages provided by their OS if they want, or grab it from an unmanaged software repository. Both of these are fine and part of a healthly ecosystem - users who want to trust everything they install can keep to their distributions packages, and users who want to use exactly what the developer provides can do that too. I think most users use a combination of packages from both managed and unmanaged repositories, and I doubt many of them could use only managed packages without giving up some of the projects they use.

      1. 2

        Agile-style standups certainly don’t seem useful in the environment the author describes in which products are launched infrequently over large time periods, one of the main things an Agile practice avoids doing. A daily standup is much more useful when paired with sprints or short-term focused development.

        1. 11

          This matches up pretty well with my experiences of what people call “DevOps”, having worked in various operations-focused jobs. Roles that actually involve mixing development and operations work seem to be much rarer than I expected. My current and past roles have explicitly been both, but I’m usually the only person in the company doing that.

          A lot of companies aiming to follow DevOps principles seem to end up having separate development and operations roles - they just call them something else. I’ve seen both “DevOps Engineer” and “Site Reliability Engineer” jobs end up being similar to a more traditional operations job, and not involve development at all. They do usually come with a focus on configuration management, infrastructure-as-code and other delivery tools - all good ideas, but they seem separate from the original principles of an engineering culture that brings together development and operations.

          1. 2

            Certainly when the concept first started making a buzz it was the idea that there was a pipeline from requirement to production, with dev, test and deploy merely being steps along the way…

            We learnt ages back that if you make the devs get involve in test…. suddenly, magically, they start to design for test…

            A classic story that happened in my team was we added a feature in 2 hours flat and threw it over the wall to test…. and they said they would take several testers 2 weeks to test it. WHAT!?

            Turns out the feature only effected a very rare occurrence and triggering wasn’t possibly and actually knowing what happened was hard since it was a component in a large system and….

            3 hours dev later and they had a hook to trigger the event on demand and logging to see the result and testing was over and done in less than a day.

            But it seems culture and political empires are harder than coding and sysadmin…. and the grand scheme of making those most capable of easing (and most responsible for creating) the pain of test, deployment and administration wear some of that pain…. has failed.

          1. 2

            Before I switched to a job that deploys software using Docker, I’d previously used mixes of system-package management (RPM) and a configuration management tool (Chef or Ansible).

            At a startup that managed a large number of systems and services, I worked with Chef:

            • CI pipelines publish a new “cookbook” that installs the new package. Cookbooks were released automatically to integration environments, and manually released to staging and production environments.
            • Rollbacks were done by downgrading to an older cookbook, or stopping Chef and downgrading the package.
            • All files were managed by the package or cookbook.
            • Configuration drift was limited by Chef running every half-hour, avoiding manual changes to systems persisting.
            • All configuration was done by the versioned cookbook.

            At a smaller company I used Ansible instead, as we only managed a very small number of systems.

            • Ansible was configured in a single repository, that would upgrade to the latest published versions of packages. CI pipelines that published packages triggered the pipeline that ran Ansible.
            • Rollbacks were very infrequent, and our only option was manually fixing things or downgrading packages.
            • All files were managed by the package or Ansible playbook.
            • Nothing limited configuration drift, but with <10 systems it wasn’t really a problem.
            • All software configuration was done by the separate Ansible playbooks, so it was easy to release software that wouldn’t be compatible with the configuration or vice-versa.

            System package managers like apt and dnf provide a lot of the tooling you need to deploy software the “boring” way. Unless you’re doing something unusually complex, a package repository and a small amount of configuration management (which should do little more than install packages and create config files) will get you a long way.

            1. 1

              Do you have any blog post or article describing your approach in more detail? Several people here seem to use system packages and it got my attention.

            1. 31

              Good praxis. I hope to see more of these in the future. Corporations are heavily dependent on open source packages and repos and they direct dependencies such as this one. Thousands of developers have ticking bombs in their hands that can be triggered with 0 legal consequences and nobody really acknowledges this.

              1. 9

                The code is open source. Anyone who seriously depends on these packages will just fork, first privately, then publicly. It’s ultimately a purely symbolic gesture, good for Seth Vargo, but will have very little tangible impact.

                1. 2

                  This require hours of human work to be fixed on a global scale. The impact is temporary but very tangible. Clearly a single case is not that relevant but an orchestrated operation disrupts to a much deeper level.

                  1. 2

                    The cost of hours of human work is a drop in the bucket to most companies, and virtually every large corporation. It’s certainly not enough to stop doing business with large clients like ICE.

                    1. 2

                      It’s the cost of missed gains that hurts them, not the cost of fixing the system. Modern disruption praxis for example prescribes to block as many crossings and roundabouts as possible and this is similar to dependencies in a automated process. The damage is not on the extra-salaries of the truckers that won’t deliver the goods, the damage is in the missed sales. It’s not in the hours or days of the salaries of your workers that will be stuck in the traffic, but in the goods and services that you won’t be able to provide to your customers. On top you have all the losses from cross-dependencies in “just-in-time” production pipelines that suffer heavily from minimal disruption of the logistics. Code dependencies are the streets on which the trucks of automated pipelines are running. You don’t have to block all the streets to cause disruption, it’s enough to block a few good ones

                      1. 2

                        Shutting down a github page is nowhere near the same as refusing to do work that’s in a company’s critical path to earn revenue. These corporations already have their code and are using a version of it in production, shutting down a github page doesn’t interfere with that. Revenue continues to be made.

                        1. 1

                          These corporations already have their code and are using a version of it in production, shutting down a github page doesn’t interfere with that.

                          In this specific case, a common pattern when using Chef is for “recipes” - the code executed on each server being managed - to install and/or update gems at runtime. Removing the package from rubygems.org almost certainly meant that Chef stopped working for a large number of companies (until Chef Inc. contacted RubyGems to restore the package that was removed).

                          1. 2

                            Wow, so this is the left-pad situation all over again?

                            1. 2

                              It’s a very similar situation, yes.

                              A package is removed by it’s owner, and the package registry takes takes action so that users of the package don’t have to do anything. The major difference here is the package registry giving ownership rights of the package in question to a company, rather than just restoring the package and preventing package removals.

                            2. 1

                              Then all those companies, at least the mature ones, have a serious shortcoming in their service/product delivery system. You shouldn’t rely on rubygems.org being accessible for your services/products to be deliverable and work. We have a dozen employees and could rebuild from scratch within hours with rubygems.org (and related sites) down. If the deletion of a gem impacts you, it’s squarely on you.

                            3. 1

                              Why don’t we have both?

                  1. 2

                    The first example doesn’t work with the current version of PyYAML - the specific use of function application was disabled some time ago, and yaml.load() logs a noisy deprecation warning telling users to use yaml.safe_load() instead.

                    https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

                    1. 2

                      As I read that, this will just print a warning and still work: “in PyYAML version 5.1, you will get a warning, but the function will still work”?

                      Sidenote: one of the ideas I’ve had for a long time is to analyse GitHub with Google BigQuery to try and find exploits for this; I’ll bet you’ll find a few. Unfortunately using the BigQuery UI is about as much fun as smashing your toes against the bedside table, so I never made much progress with it.

                      1. 1

                        Using !!python/object/apply:os.system with PyYAML version 5.1 will raise an error.

                        Using yaml.load(...) with PyYAML version 5.1 will trigger a warning (unless you specify the Loader argument).

                        Some examples and the output they create on my machine: https://gist.github.com/borntyping/27e4529b8ac17c1ad9a7a72369525365

                    1. 4

                      Every Python problem the author describes in the article as needing to be solved by with Docker or Kubernetes has been possible without them since long before they were even first released [1]. I think the author also misunderstands the difference between languages that support concurrency well and languages that support distributed systems well, and misses their own point that you should pick languages based on their strengths. The programming model in PHP has seen a resurgence in distributed systems as “serverless”, where stateless applications are used to respond to individual requests (making scaling and state management much easier).

                      I think the problem Docker solves is very different from the authors assumption that it’s used to “make the transition to the modern world of cloud computing”. There’s a lot of utility in being able to package and install applications the same way regardless of language. In the various places I’ve worked, it’s been just as useful as a way to deploy Golang and Java applications as it has Python - I’ve found Java applications often come with a mountain of shell scripts intended to discover and configure system state that can be thrown out when using Docker.

                      [1]:

                      1. 2

                        I found the nix explanations in the article really interesting - seeing an example that goes all the way from writing an application to having it deployed and running on a server is really useful. I didn’t know about nixops before and it seems to fill in the gap between packaging and deployment I’ve seen when looking at other nix articles.

                        The correct solution would be to talk to the developers and have them implement support, but in the meantime, how should we proceed?

                        This line (and a few others) really stood out to me though - I think the author has followed the common misunderstanding that “DevOps” is a type of technology, rather than the culture of operations and development engineers participating together. The process the author hints at looks exactly like a classic engineering team where development writes an application and it gets passed over a wall to the operations team who deploy it.

                        1. 2

                          That particular section was inspired by an experience I had where there was exactly this kind of split. In my case the development team never got around to prioritising the fix we needed, so we worked around it.

                          I completely agree that DevOps is a culture, not a job title, but that unfortunately wasn’t the case where I used to work.

                        1. 9

                          Was there any reason to write this in the soon-to-be EOL Python 2 over Python 3?

                          1. 3

                            I’d like to keep compatibility with 3, but I wrote & tested it against 2 because on my system & most others that’s still the default version (and probably will continue to be long after the language maintainers stop support). Forcing the version to 3 would require a bunch of complexity that didn’t make sense in a 1-file 700-line tool.

                            1. 4

                              You can set the shebang to explicitly call python3.

                              1. 3

                                If I did that, then all the systems that don’t have python3 at all would be broken.

                                The appropriate solution is what I’ve done: set the shebang to python & write code that ought to work on any version a user might reasonably have. And, if I start to have more users I’ll test on python3 more often.

                                1. 8

                                  Okay, I suppose. It just seems the likelihood of a Python user who wants to use this, yet lacks Python 3 on their computer, and installing Python 3 with <package manager> install python3 is nil or approaching nil. People love to support Python 2 but it’s officially EOL in like, 6 months. Sorry if I sound condescending, I’m not trying to. It’s just the one place I’ve not found Python 3 is CentOS 6

                                  1. 2

                                    If halcy drops python2 support for mastodon.py I’ll have to drop python2 support for this. In the meantime, since nothing on my dev machine uses python3, I’m not going to go out of my way to drop compatibility.

                                  2. 1

                                    I don’t think setting the shebang to python is the right decision. Regardless of whether you’re targeting python2 or python3 (and I do agree that programmers should avoid creating new code in python2 now that we are so close to its end-of-life), it’s not consistent from system to system whether the python binary refers to version 2 or 3. I use both arch linux and ubuntu frequently, and on arch python is Python 3 but on Ubuntu it’s Python 2, so I’ve just gotten used to calling python3 or python2 explicitly (and sometimes even python3.6 specifically if I know I need that version of python 3 and not another one). Being as explicit as possible about what version of a dependency you want, and relying as little as possible on what happens to be installed under a given name on some platform, is a good practice.

                                    1. 1

                                      The thing is, while it’s not totally consistent across systems which version which python is set to, on those same systems, it’s not consistent whether or not python2 or python3 even exist. You can have a system where python=python2 and python 3 is installed as Python3.6 only (or it’s installed but not in the path). Distro maintainers have done all sorts of crazy stuff with how they’ve juggled multiple major versions of python being installed at once.

                                      Since a lot of folks don’t have python 3 installed at all, and since part of the point of a curses client is to support systems that really don’t have the horsepower to run the web client, I don’t want to drop python2 support. (For instance, I’ve got a mac mini at home manufactured right after the switch to intel, and it’s been years since it was able to install OS updates or load most websites in its browser, & this ought to work fine on that machine.)

                                  3. 1

                                    maybe he means the complexity of installing python3 when you’ve python2 by default

                                    1. 2

                                      I mean the complexity of detecting python2, determining whether or not python3 exists, determining its path, and executing $0 with it before executing any other code – in other words, what’s necessary to support cases where python=python2 but python3=python3, cases where python=python3, and cases where python=python2 and python3 isn’t in path but various python3.x or Python3 or Python3.x exist in path.

                                      This is a stupid complicated task (I’ve seen it done for Perl & tcl+wish, and done it for shells where sh may be dash or busybox), and it takes a dozen lines to do correctly.

                                      I have no need for a dependency on any python3 features, so compatibility makes more sense.

                                      1. 6

                                        python should always equal python2, at least on systems that comply with PEP394

                                        https://www.python.org/dev/peps/pep-0394/

                                        1. 2

                                          I didn’t know this existed! Cool! :)

                                  4. 1

                                    I understand your simplicity arguments, but honestly the fact that it’s python 2 makes me want to ignore it.

                                    1. 2

                                      It’s not ‘python 2’ but ‘python 2 / 3’. I’m not dropping compatibility with python3 – just trying to avoid dropping compatibility with the version of python that people actually use.

                                      For a small project like this, the main effort involved in supporting both is in switching which interpreter you’re running it with & making sure the dependencies are in both versions of site-packages.

                                      Specifically, I haven’t been heavily testing on python 3 because changes to how strings work between 2 and 3 cause my pickled cache files not to work across major versions – in other words, in order to test on python 3, I need to move my cache out of the way to avoid corrupting it. Since this has been my primary client for 6 months, I’m not particularly happy doing that, & I’m happier just taking compatibility patches from folks like @gcupc who run it on python3.

                                      1. 2

                                        then ignore it

                                        1. 1

                                          I don’t - understand this reaction. I get wanting to support the wholesale move to Python 3, and I totally get that 3 has lots of improved language syntax and features, but if you might find a tool useful, why reject it over something like this?

                                          I mean, I regularly use tools written in Perl because they Just Work even though the idea of dusting off those particular neurons makes me kinda queasy just thinking about it :)

                                          1. 1

                                            The impression I’m getting (from the many, many people telling me to break compatibility) is that, because the move to 3 was held back so long by incompatible 2.x code that never got ported, folks see 2.x-compatible code as traitorous / counterrevolutionary, and because 3.x has new features that encourage a different coding style, they figure any 3.x-specific code would be written in a fundamentally different way than 2.x-compatible code (and thus, 2.x-compatibility is seen as an awkward and burdensome hack).

                                            Of course, the former applies much more than the latter to this code: I made it 2.7-compatible because that’s the default on my system, and because I’m not particularly invested in the progress of the python platform – I don’t care one way or another about the glorious python3 revolution, because I consider python a middling language whose primary utility is its large standard library & online help/documentation system – I don’t feel like I need to help the platform along by encouraging people to upgrade. I’ve got little interest in being pythonic or adhering to the community’s preferred idioms except when doing so makes the code smaller or more readable, but to the extent that I have any kind of python mentality affecting the style and structure of the code, it’s probably even pre-2.7 (since I learned on 2.4).

                                            Anyway, this thing is BSD licensed – and TINY. If anybody is invested enough in breaking 2.7-compatibility, feel free to fork it. I’d be interested in seeing the kinds of structural changes that folks think would come out of a pure-3.x implementation, since I don’t really consider it amenable to most of the features that have been added. (In a 3.x-only port, in a couple places, forced casts could be dropped, and a couple lines of unicode handling could be eliminated, and I’ve got some polyfills for simulating library features introduced or removed in 3.x, but aside from that, the only change I could see is maybe a heavier use of functional-style list operations?)

                                            1. 2

                                              What you’re seeing here is the result of a lot of work people in the community are doing to motivate people to switch. There was and is a fair bit of anxiety over watching what happens when other programming languages (like Perl 5) stagnate and even when the successor arrives only a tiny group of ascetics actually use it because most of the user base has gone elsewhere.

                                              So Guido and pretty much the entire community have undertaken a bunch of initiatives to force people to move. Things like stopping security updates, and having library authors drop Python 2 support with newer versions.

                                              I’m honestly in favor of all of that - I quite like Python 3 and think it’s a very positive step forward for the community.

                                              I’m less a fan of negative or judgemental pressure tactics however (Not suggesting those were in use here) and think that the incentives should be positive in getting people to move over.

                                              1. 1

                                                Makes sense. In this particular case, positive incentives aren’t going to convince me to drop support because the client is basically feature-complete & I’m not convinced that switching to new features is going to substantially lower maintenance load. The stuff that’s easier in python3 than on python2 (like unicode) is already written & stable.

                                                I’ll break compatibility if my (single) dependency does, or if somebody does a fork that is convincingly preferable to my version. (Or, I guess, if one of my major planned features – like fully-featured killfiles that can inject CWs based on filters, or multi-account support with a merged timeline – can be done in 1/10th of the number of lines with a python3 feature.)

                                                1. 1

                                                  Obviously it’s your bat and ball, but if you really want people to feel welcome to fork, you should make it its own repository, that way they can fork and also pull your upstream changes as you evolve the script.

                                                  Just a thought :)

                                                  1. 3

                                                    It’s in its own repository now. (That’s what triggered me to post it: a couple folks asked me to stick it in its own repo so they could submit pull requests easier.)

                                    1. 1

                                      Configuration management tooling.

                                      1. 2

                                        I use the very vague metric “I am proud of the work I do?”

                                        For me, this expands to:

                                        • Are the users of my software happy with the work I’ve done for them?
                                        • Do I think I could have done my work better than I did, given the same constraints?
                                        • Has my software caused pain for the people who use it, operate it, or maintain it?
                                        • Am I happy to show or talk about my work to other people?
                                        1. 7

                                          It wasn’t the central point of the article, but I found it very hard to let this quote pass:

                                          Go modules took the idea of dependency management and rethought it from first principles, then landed on a much more elegant solution that I think other programming languages will spend the next few years catching up with.

                                          Go has certainly started from scratch in it’s design of dependency management tooling, but - at least to me - feels very far behind other languages both new and old. It makes some of the painful parts of other systems much easier, especially in it’s attempts to minimise the impacts of updating dependencies, but makes a lot of things much harder that are already elegantly solved by other package managers (swapping implementations of dependencies or getting them from other sources, showing outdated packages, separating source code from distribution, providing an interface for other tooling to be built on top of the dependency manager, and so on).

                                            1. 14

                                              INI does not support hierarchies.

                                              1. 10

                                                INI files have no well-defined spec, and very few parser implementations work the same way.

                                              1. 19

                                                Urbit’s innovations have stood in the dark shadow of moldbug’s neofeudalist writings. Every time Urbit comes up in conversations among crypto people here in Berlin, someone in the group says “but have you looked at what Curtis wants the world to look like?” and then the subject changes.

                                                I think it’s good for the project that people can say “yeah but he’s gone now, what do you think about the ___ mechanism?” since there are some interesting ideas to examine in there. They built everything from scratch. A VM, a language, a filesystem, etc etc etc…

                                                But still, this is kind of like if Terry had stepped away from TempleOS.

                                                1. 7

                                                  The whole concept as I understand it seems pretty interesting, but come on - the entire ecosystem of Urbit is still absurd. Hoon, the weird new pronunciation scheme you have to learn, the obtuse naming schemes…

                                                  1. 3

                                                    I found the weird names annoying as well, but Curtis does come up with a valid reason for this, in that everything gets rewritten and refactored multiple times, so “…it lets the hard problem of naming get solved later, and hence better.” As the system gets more mature, and actually usable, it would be nice if they came up with some meaningful names for the bigger components (e.g. rename Ford to Build System). He also admits his biggest mistake was assigning 1 to false and 0 to true. I’m sure this was a result of his habitual contrariness.

                                                    1. 4

                                                      I’m sure this was a result of his habitual contrariness.

                                                      Or perhaps cognitive contamination from /bin/sh.

                                                  2. 10

                                                    Every time Urbit comes up in conversations among crypto people here in Berlin, someone in the group says “but have you looked at what Curtis wants the world to look like?” and then the subject changes.

                                                    And I find this quite baffling. It’s deeply disappointing that people whom I respect default to this gossip-driven analysis instead, that a project as ambitious and worthy as Urbit gets buried in “foogate” style rumors.

                                                    Urbit is fascinating. It is the only project I know of designed to address distributed problems (viz. community moderation, censorship, identity, ownership) from an incentive-based approach instead of the typical GNU-style “sheer will and religion” approach.

                                                    1. 34

                                                      Since Curtis apparently wants the world to be in a certain manner and more or less spun up his own world in Urbit, maybe it’s prudent to consider what Curtis’ opinions on things are before adopting the project that likely embodies them?

                                                      I’m not sure myself, but in a project like this, it may be hard to meaningfully separate creator and creation - even after the creator left (as the fundamental architecture is still shaped in his image).

                                                      1. 6

                                                        I think the new primer https://urbit.org/primer/ makes a good case that there is nothing actually feudal about Urbit in practical terms. Once you own a planet, the personal level of Urbit entity, you are free to have its traffic routed by any star, the network routing level, that will accept you. This could be a problem it Facebook or some government buys up every star in the system, which is unlikely for the foreseeable future.

                                                        1. 6

                                                          Once you own a planet

                                                          Of which there will be - by design (“Any reputation system needs scarcity of identity.”) - fewer than there are people on this planet right now (4 billion in total). Given how these systems work, it will be interesting to reclaim “lost” ones, reducing supply even further over time.

                                                          Will everybody else be a sharecropper? Or will they have to spin up their own network?

                                                          Now these identities can be subpartitioned (“moons”, again 2^32, and they’re bound to their “planet”), but if global network size doesn’t matter, why setup such limits in the first place? This isn’t the 1970’s anymore (as they correctly state in their marketing material).

                                                          This could be a problem it Facebook or some government buys up every star in the system

                                                          They merely need to control the galaxies: “The galaxies form a senate which updates the logic of the Ethereum land registry by majority vote”. The platform doesn’t seem to design elections for this “senate” into the platform.

                                                          “Tlon remains the guardian of the urbit.org galaxies. We have always wanted the address space to be widely distributed.” - address space, yes. But Tlon owns the right to repartition the entire platform as they “bought back” galaxies. Even if you “own” a planet, that’s only one of Tlon’s decisions away from not being yours anymore.

                                                          Since control over your data is bound to a planet, which is contingent of (at some point) a galaxy “sponsoring” you, and they can make up all the rules, it looks like just the same kind of sharecropping to me as any of the big vendor-lock platforms that make up the modern internet. Just with more obscure ownership.

                                                          1. 5

                                                            and they can make up all the rules

                                                            This is just dishonest. The “rules” are voted on by a senate, the same way the rules of the internet are voted on by the IEEE currently.

                                                            Tlon owns the right to repartition the entire platform as they “bought back” galaxies. Even if you “own” a planet, that’s only one of Tlon’s decisions away from not being yours anymore.

                                                            False. Owning Urbit addresses is like owning a bitcoin wallet. Tlon can’t take it away from you any more than Satoshi can.

                                                            (edit:)

                                                            if global network size doesn’t matter, why setup such limits in the first place?

                                                            Global network size does matter, as you quoted, “Any reputation system needs scarcity of identity.” It seems to me like you are giving Urbit a bad-faith reading. If you try a good-faith reading, try the “principle of charity”, you might find that you agree with Urbit more than you realize.

                                                            1. 4

                                                              The “rules” are voted on by a senate

                                                              Who or what makes up the senate? I quoted the part of their marketing material already and to me it looks like absolute rule by whoever controls a majority of galaxy nodes, so 129 hosts. The rules they vote on make up the “land registry”, from which, apparently, everything else is derived.

                                                              “Any reputation system needs scarcity of identity”

                                                              Yes, I quoted that.

                                                              But how is a reputation system relevant to what you can or cannot do to your append-only data log? I prefer scuttlebutts solution to approximately the same problem: you keep your log, I keep my log, and if I decide to trust you, I also look at your log (and parse the bits you decide to share with me by giving me the keys).

                                                              No need for reputation except the reputation that already exists in the real world, that makes me decide whether to trust you.

                                                              [edit to add: the Urbit folks claim elsewhere that galaxies and stars are entirely meaningless, but since they’ve been made part of the fabric that makes up the platform, by having them spawn each other and planets, they can’t be that meaningless. Otherwise, why add them in the first place?]

                                                              1. 3

                                                                Who or what makes up the senate?

                                                                Galaxy owners. See the bottom of https://urbit.org/primer for the distribution. I don’t think anyone really knows exactly how this will work yet, the owners are pretty well distributed with nobody owning 51% of the address space.

                                                                But how is a reputation system relevant to what you can or cannot do to your append-only data log?

                                                                It’s not. A reputation system is relevant to how valuable my Urbit is. If I start spamming people with my planet, then the star that is my supervisor can stop sending me packets. I could move to another star, but if my reputation gets bad enough, nobody will want to send/receive my packets, and my Urbit will become worthless, I wouldn’t even be able to resell it. This is not the case with e.g. email addresses, which spammers can create ad infinitum. That is the only reason for the scarcity of addresses.

                                                                Re: the append log, only I can write to that, no different than scuttlebutt.

                                                                Also, nobody claimed galaxies and stars are meaningless; they are network infrastructure responsible for routing packets. They are arbitrary in that a planet doesn’t really care which star it’s getting packets from, just like you don’t care which AWS data center is serving you a website.

                                                      2. 18

                                                        Paraphrasing a comment I made about Jordan Peterson’s work - learning Urbit and the weird way it is structured is a significant time investment. A simple heuristic to determine whether something is worth your time is to check what the creator of this thing is like.

                                                        In the case of JP, my impression is unfortunately only 3rd hand.

                                                        In the case of Jarvin, or rather his alter ego Mencius Moldbug, I have read some primary material, such as the following blog post:

                                                        https://www.unqualified-reservations.org/2013/01/how-bitcoin-dies/

                                                        Imagine that the BTC/USD market is perfectly liquid with no exchange overhead. Imagine also that there are two types of BTC users: Jews, who speculate (holding BTC long-term with the expectation that it will appreciate against USD); and Aryans, who only trade (and sweep all BTC balances into USD at the end of every day). These are simplifications, of course—but edifying ones.

                                                        Jarvin was (in my imperfect recollection) criticized for the use of these terms, and (again, iirc) replied that he was only being “provocative”. Fair enough, I’m sure Jarvin (and people of his ilk) have plenty of experience in discussing whether what they’re writing is only provocative or if they’re genuinely anti-Semitic (Jarvin identifies as a Jew, I believe). It’s a depressingly common occurrence online.

                                                        But from a step outside, looking at something to invest time and effort in, and seeing that a project is closely identified with a person I would never want to be associated with, it’s quite easy to choose not to delve too much further.

                                                        I also happen to believe that he (along with many cryptocurrency enthusiasts) are fundamentally mistaken about how economics work, and I discount Urbit for that reason too.

                                                        1. 1

                                                          In the case of Peterson, his work is philosophical, so that heuristic makes a large amount of sense. Although when dealing with someone so, uh, misrepresented by various groups, I’d think it would be more sensible to actually look at the (readily, freely available) source material.

                                                          I agree that it is a significant time investment to fully understand, but I think you can get a good approximation of his basic mindset by watching one of his non-combative interviews, or one or two of his (non-biblical) lectures .

                                                          1. 1

                                                            Thanks for the suggestions!

                                                            I was a bit unclear when I wrote:

                                                            In the case of JP, my impression is unfortunately only 3rd hand.

                                                            I meant it in the narrow sense that I cannot offer any first-hand critique of his work. I’m really hesitant to parrot statements like “Person X holds Y views” unless I’ve verified this personally.

                                                            (I’d love to post a link to my comment but it’s really hard to find on the site, I’ll try to update if I can find it)

                                                            However, there’s a limit of how much time I’m prepared to spend just to be able to defend or criticize someone. In JP’s case, my desire to engage with his work is minimal since his most well-known public stance is vociferously anti-trans.

                                                            1. 1

                                                              In JP’s case, my desire to engage with his work is minimal since his most well-known public stance is vociferously anti-trans.

                                                              This is a good example of why it is worth going to the source. Peterson is not anti-trans, which he has stated many times and demonstrated by having respectful, productive interviews with at least one trans person that I can think of (Theryn Meyer).

                                                              The popular narrative conflates his objection to compelled speech in general with his objection to trans people (who were the subject of a particular piece of compelled speech legislation).

                                                              1. 2

                                                                I was prodded by your comment to read up a bit more about the entire Canadian controversy that I referred to.

                                                                You’re correct, based on the reporting I’ve read JP can’t be denoted as anti-trans. Thanks for encouraging me to learn more about this issue.

                                                                1. 3

                                                                  Thanks for being open to revisiting your views; that’s a remarkably rare virtue.

                                                          2. 0

                                                            if they’re genuinely anti-Semitic (Jarvin identifies as a Jew, I believe) … are fundamentally mistaken about how economics work, and I discount Urbit for that reason too.

                                                            What? You seem confused. Urbit is a technological structure, not a political one or economic one.

                                                            1. 16

                                                              Urbit is a technological structure, not a political one or economic one.

                                                              The entire premise of Urbit is the ownership of “scarce resources” (analogous to physical land) where one can seek rent. That’s both economic and political.

                                                              1. 4

                                                                Ok, but that’s no different from DNS.

                                                                Also:

                                                                Urbit’s distribution and sponsorship hierarchy of galaxies, stars and planets is not designed as a political structure, or even a social structure. The actual social layer is in userspace – one layer up.

                                                                Socially and politically, Urbit is a flat network of planets. Galaxies and stars are plumbing. No one cares which star is your sponsor, any more than your Facebook friends care who your ISP is, or you care what data center Facebook is in.

                                                                1. 6

                                                                  Ok, but that’s no different from DNS.

                                                                  DNS is absolutely a politic, economic and technical structure.

                                                                  1. 3

                                                                    You’re misunderstanding structures and the downstream implications that these structures cause. DNS is a techincal structure that has implications which are technical, political, and economic.

                                                                    The US Congress is a political structure which has implications that are political and economic (and sometimes technical, in the case of, say, regulating Facebook data privacy or whatever).

                                                                    1. 7

                                                                      DNS isn’t just a technical structure. The distinction between structures and implications (which I don’t think is useful in this context anyway) does to economics, but DNS does make political/social choices - for example, the number of root servers, control being hierarchical rather than distributed, and so on. All of these are both technical and political choices that the project makes, and that’s after generously excluding the organisations, committees, and documents that make DNS work.

                                                                      Urbit’s choice to have “scarce resources” is an intentionally different political choice from the one DNS made, which never intended to hit the resource limits we currently have with IPv4 - which is why we now have IPv6, and an address space where addresses becoming scarce is almost entirely implausible for the foreseeable future. Urbit’s choice was made with full knowledge of how scarcity effects these systems, making it absolutely clear that the design decision is political, not technical.

                                                              2. 7

                                                                Is there an example of a technology that doesn’t have political or economic implications? Considering the potential scope and impact of Urbit beyond its technological contributions seems especially important since it seems to me that it’s trying to alter the current conventional paradigm for internet services.

                                                                1. 3

                                                                  Is there an example of a technology that doesn’t have political or economic implications?

                                                                  No. And I didn’t say it doesn’t have political/economic implications, in fact it definitely does. But in my opinion, the Urbit political implications are better than what we currently have. Consider:

                                                                  Socially and politically, Urbit is a flat network of planets. Galaxies and stars are plumbing. No one cares which star is your sponsor, any more than your Facebook friends care who your ISP is, or you care what data center Facebook is in. … Because sponsorship has an escape mechanism, it is not a feudal bond (like your relationship to Facebook).

                                                                  Urbit is a decentralized network of social networks. No one can regulate it. Urbit is made to blossom into an endless garden of human cultures, each of which must regulate itself, none of which can bother the others. The soil in which these flowers grow must be level and neutral.

                                                            2. 7

                                                              I agree. It’s a kind of politics that makes people weak centered on our basic instincts of us vs them. The better route is to separate the two, ignore whatever bullshit he writes on his blog, focus on his technology, identify what good/bad can come out of it, and (if good) then either adopt or clone plus compete with it. The adopt or clone decision is where you consider the person. Even then, it’s not their political ramblings so much as what they do in a development and business context day to day. A person with strange beliefs who acts civil and hard working around others in a business is fine with me.

                                                              Edit to add: Work in diverse company with piles of people each with different beliefs, some diametrically opposed. We somehow still function and mostly get along with each other. Different mindset with effort put in is all it takes. Makes job more interesting, too.

                                                              1. 4

                                                                Except Urbit is deeply rooted, in its design, by Jarvin’s beliefs about politics and economics. A technology can’t stand in isolation from its context when its a deeply social technology like Urbit.

                                                                1. 5

                                                                  That’s a statement of faith, not proof. Assuming no patent risk, I can literally take his tech, distill out ideas useful to me, and use it for those things. I could’ve done that without ever knowing what his political beliefs are. I can do it while knowing what his political beliefs are. I can even do it to support things he opposes. Therefore, they provably don’t matter if I’m not partnering with him.

                                                                  They matter to you or others like you who feel a need to combine a person’s political beliefs or statements with everything they do. You’re limiting yourself voluntarily for ideological reasons. I intentionally avoided limiting myself that way since it reduces what I can get done with no value in return. My opponents who control the world in damaging ways also don’t limit themselves like you: they’ll work with or fund people whose beliefs or personalities they can’t stand if it achieves common goals. Got them where they are. Defeating them to stop real damage (vs crap people write on Internet) will take all kinds of people working together despite differing beliefs.

                                                                  1. 5

                                                                    Oh don’t get me wrong, I’m all for appropriate parts of technology for uses outside their design. My statement wasn’t about restricting yourself. What I mean is that (and this is especially true in software) the design of a technology is better understood when looking at the “whys” and not just the “hows”. For example, why does Urbit limit its address space? It’s not a technological limitation. In fact, there are lots of parts of the system built around the idea of artificial resource scarcity. Without understanding this system “top”, which covers many lines of code in various components, how are you going to properly take what you need if say, you don’t want that silly limitation?

                                                                    A person with strange beliefs who acts civil and hard working around others in a business is fine with me.

                                                                    I find that a person with “strange beliefs” (to put it nicely) is also a strange person to work with. Most work is communist in nature ( in the Graeber definition of “from each according to their ability, to each according to their need”). When you ask for a code review, your colleague typically doesn’t say “I will do it but what will you do for me?”. If you need a wrench, the guy next to you doesn’t go “Only if you give me $1”. If the friction is low enough, or need great enough, people will typically do it. Any strange beliefs that stray away from this kind of work ethic typically make all work far less efficient, and even unworkable.

                                                                    1. 2

                                                                      In fact, there are lots of parts of the system built around the idea of artificial resource scarcity.

                                                                      Ok, now I agree with you there. What you’re talking about, though, is design goals. I’m all for understanding them since I need to understand the rationale behind the decisions. I think I avoided Urbit when I saw cryptocurrencies or something mentioned. The rationales might have a political component. I can still ignore that if I choose. Sometimes, I learn from it like with privacy techs whose features might be inspired by sneaky behavior of companies or governments. One can still separate design requirements from political motivations in most cases just by filtering and/or generalizing.

                                                                      “is also a strange person to work with. “

                                                                      Now, now, that’s jumping to conclusions. A person should be judged on what they actually do rather than hypothesizing. I only read a little on this guy with some people saying he’s really nice at conferences with informative talks. Some people said there were problems but those posts weren’t as specific. If he’s actually disrupting people, then he’s not a good guy to have around. If he’s not and is helpful, then he is potentially a good guy to have around. That’s how I do it with coworkers. It works with some being weird on occasion but they usually just avoid uncomfortable subjects if they know it bothers someone. Unless they’re assholes which is a different thing entirely. ;)

                                                                      “When you ask for”

                                                                      Since I know little about him, I’d say whoever you’re describing is a person that demands something in return for his work. Presumably, the employees aren’t working for free. They’re doing that, too. I’m also aware of, experienced a lot of, people trying to be users getting others to do their work for them or get something from nothing. They’re not give and take people so much as take, take, take. One strategy for dealing with that is to be a no, extra, free work by default person who is selective about their generosity. I just read an awesome article about such a transition recently.

                                                                      Now, that said, a person that acts like that can also be a drain on a business or not right for its culture. Not even political culture so much as performance standards. If they’re paid to do an app, the best team will always be supporting each other to get it out the door in whatever state the business needs. I’d not hire such a person that made everything a trade if they were already getting paid for an outcome that required that minor thing to achieve. I’d rather them be helpful by default covering for each others’ weaknesses and helping them improve on them. I’m sure you’re of the same mind on that, too. :)

                                                                      1. 6

                                                                        “is also a strange person to work with. “

                                                                        Now, now, that’s jumping to conclusions.

                                                                        Re-reading what I wrote I was definitely a little obtuse. Let me elaborate, I find people with his kind of ideas usually hard to work with. But that’s just my experience. I didn’t mean strange ideas in general, but “strange ideas” as in, his ideas. Reading previous articles, it seems his co-workers basically seemed to have done what you would do, basically tiptoe around those issues to maintain a polite atmosphere. Which is fine and probably the most appropriate thing to do in that situation.

                                                                        However, I think we can agree that we should not entertain asinine ideas. If he was a flat earther and designed his software to have a 2D address space because the plane is the way to go, we would certainly find that a strange design choice that introduces complexity. But for some reason when someone thinks some races are a better fit for slavery and that democracy is bad and incorporates those ideas into his design by having an ownership model based on those ideas, we seem to say “I can work with that guy, he is fine, he likes cats as I do”. To me, that’s just a form of support and validation. Maybe you are able to compartmentalize these things, but what if the person can’t and finds your support validation of the other stuff. I’m going to call in Godwin’s Law here and say, yes, Hitler also loved his mother and painted some nice stuff, but would I work with him on chemistry projects?

                                                                        1. 3

                                                                          “But for some reason when someone thinks some races are a better fit for slavery and that democracy is bad “

                                                                          Those are actually specific examples where I’d consider not working with someone. Especially if the project was about individual empowerment and decentralization. I’ve still worked with people who had a white supremacist background. We’d occasionally have to call them out on their behavior if a discussion between them and black folks involved race. They’d make an advance which we sane, white people would block. They almost always walk off. Then, it’s done. They and the black folks usually get along day-to-day with one we just fired being missed a lot. Might shock you with the stuff you read on tech forums about what blacks, Jews, etc believe and need for inclusive environments, eh?

                                                                          “To me, that’s just a form of support and validation. Maybe you are able to compartmentalize these things, but what if the person can’t and finds your support validation of the other stuff.”

                                                                          Which brings me to this. Down here in the South, we know there’s lots of racists on each side. As we might say it, we know everyone has a bit of bullshit or crazy shit in their head. With a Christian majority, we’re also taught that people are inherently sinful with us needing to admonish it, be forgiving, and be patient in helping them get better. So, what of these people who think other races are inferior and individual decisions are worthless? How to get them further away from these beliefs?

                                                                          There’s only one thing that works that I can tell from observing where the South was and is today. That’s getting different people in one place forced to be around each other, tolerating each other, for long periods of time. For us, it starts in public schools where racist whites and blacks along with people in the middle are stuck together. Then in the workplaces. The process over time lowered that racist bullshit down to tolerable levels where the KKK-style people are fairly uncommon or rare depending on the area. They mostly hide from us. Even they often like black people where they are compartmentalizing what they learned to like vs what they were taught to hate.

                                                                          What you’re advocating is essentially enlightened people pushing out those who still need to learn stuff away from those who will teach them. Then, they cluster into groups of racists who continue reading garbage, hating on people, plotting, and planning. Many such shunned groups ended up voting for Trump last election since he was only one pretending to care about them. There was no way to reach them since the radical-leftist liberals succeeded in censoring them off as many forums as possible. They similarly created their own recruiting locals and drowning out opposition. Division and siloing at an all-time high on the net like it used to be in meat space in the South. (slow clap for radical liberals)

                                                                          We’re not showing support for these idiots: we’re showing them that people are better than they think. We’ll call them out where needed. If they disrupt too much and ignore warnings, we’ll eject them from that position so they know we mean business. They’ll have another chance to do better. Contrast that to radical-liberal doctrine behind CoC’s where statements on any medium or place will get people blocked from all places with similar CoC. See paragraph above for where that shit leads. My reaction is more patient and measured with a chance for people to learn over time. And it always takes time.

                                                                          1. 3

                                                                            That’s getting different people in one place forced to be around each other, tolerating each other, for long periods of time.

                                                                            I think this is absolutely right. I’m not advocating for people to splinter of and shun each other. What I’m advocating is people should not ignore bad ideas and make sure the other party knows. I’m not a moral relativist. And you are right about Trump folks feeling left out. You are also right that the liberals basically ignored them.

                                                                            However, You are wrong that radical-leftists are liberals because they are not liberals. Radical leftists despise liberals just as much as the right does. But you won’t find that kind of discussion on Fox News or NY Times.

                                                                            1. 2

                                                                              I forgot about the definition dispute. My bad. Yeah, OK, your position seems a lot more reasonable. I like that. :)

                                                                            2. 1

                                                                              I’m a lot less patient and tolerant than I used to be: particularly of stupid stuff directed at someone else.

                                                                            3. 2

                                                                              If he was a flat earther and designed his software to have a 2D address space because the plane is the way to go, we would certainly find that a strange design choice that introduces complexity.

                                                                              I don’t know about you, but I would judge the idea as strange if I would not see the benefits of it, not because its author has different political views. If 2d addresses would solve many issues than it might be a good idea regardless of who came up with it.

                                                                          2. 1

                                                                            The reason for network address scarcity is to make spamming cost-ineffective.

                                                                            Compare that with the state of email spam, where email addresses are basically free.

                                                                            1. 2

                                                                              Alternatively, they could do something like bank-level verification checking government ID’s and requiring a deposit to create an account. Then, maybe fining whoever is spamming. Then, it should go down. Worst case with low or now fines, whoever is compromised will find out about that changing their credentials or reinstalling their system.

                                                                              Jumping from “there’s spam cuz addresses are free” to “need network address scarcity” is the kind of unnecessary, risky solution that crowd is fond of. Better to just fix the problems in existing systems or design new ones with methods proven in existing ones. They have an irrational aversion to doing that for some reason.

                                                                              1. 2

                                                                                Relying on government ids is a centralized solution. Urbit is decentralized, thus needs a decentralized reputation system.

                                                                                1. 2

                                                                                  It could be bootstrapped that way. The different organizations become part of the reputation system. Hell, it might even become a new service from banks and credit unions. They already often act as notaries.

                                                                                  1. 2

                                                                                    Yeah, I’d rather not have banks regulating my computer usage…

                                                                                    1. 2

                                                                                      Are you using burst transmission or a mesh network not connected to the Internet (doubtful)? Otherwise, you already use a centralized service via one of the big ISP’s that ID’d you and took payment with centralized currency. They also regulate your computer usage far as the network goes. Although they got issues, they’re still less volatile than most of these decentralized systems. The most popular ones, esp Bittorrent, operate over the centralized ones, too, for their benefits. That’s despite decentralized options being available for a long time. They’re too slow and unreliable.

                                                                                      It always interests me that you rely on centralized services on one hand with justifications but tell me in other areas there can be no justification for relying on centralized service. Make up your mind. Meanwhile, the inconsistency suggests to me that we can leverage centralized services as a component in these decentralization schemes.

                                                                                      1. 4

                                                                                        Decentralized computing infrastructure is something valuable we should work toward. We’re not there yet, but Urbit is a step in the right direction. Ofc sometimes its better to centralize some things, but in computing I’d rather have decentralized infra.

                                                                              2. 0

                                                                                Spamming is not the main motivation. The main motivation is to provide a source of funding to the company by selling the space. Oh, and the designer was a neo-feudalist which probably inspired the whole enterprise.

                                                                                1. 3

                                                                                  The main motivation is to provide a source of funding to the company by selling the space.

                                                                                  I’ll add that I’m skeptical of all companies that look like pyramid schemes or at least just funnels of money to the creators in exchange for tech that’s highly risky. Throw in any cryptocurrencies to that list since they’re usually structured in an elitist way for founders. If it’s a money system, I want it done fairly by non-profits or public-benefit companies whose incentives will protect the currency, exchange, and so on. Preferably one that’s already profitable from another revenue stream where they don’t have to worry about trying to monetize the financial project. It can just breakeven with a slight surplus or donations to cover expansion.

                                                                                  1. 3

                                                                                    You are right on the money here.

                                                                                    1. 3

                                                                                      Great pun haha.

                                                                      2. 7

                                                                        Lol no one owes moldbug respect

                                                                      3. 5

                                                                        Whatever his political stance he’s still as excellent a writer as he was one the old Usenet. One of the more memorable flames on talk.bizarre was from his hand.

                                                                        1. 11

                                                                          I found him self-aggrandizing and subject to an inescapable superiority complex. When he writes philosophy he is unnecessarily verbose, so everything said seems tainted by trivial matters such as the author ego and it leaves me wondering whether the actual ideas expressed are self-sufficient or tainted by this ego: trying to project, to present himself: keeping at the marketing speak level and building an idea of himself, instead of leaving his ideas laid bare.

                                                                          It’s not precise, and he just reads like an insufferable prick. I found Urbit rather interesting though, but I can only rejoice that the project is now without this guy.

                                                                          1. 2

                                                                            I tried reading the linked post and couldn’t make heads or tails of it. Maybe because it’s written “in-universe” so to speak and therefore addresses those people familiar with the specialized terminology of the Urbit system.

                                                                        1. 6

                                                                          I was learning SQL over the summer, and I found the venn diagrams very confusing. Unlike /u/pab, I think the visualization from this article explains it much better.

                                                                          1. 8

                                                                            Referencing users on lobste.rs is done with @, not /u/, e.g. @Forty-Bot.

                                                                            1. 2

                                                                              hm, well profile pages are still at lobste.rs/u/<username> so I don’t know why they changed it.

                                                                              1. 6

                                                                                What do you mean changed it? @ is the de facto standard way to mention usernames. It has always been that way on lobste.rs and everywhere else I can think of, the only place /u/ works is reddit.

                                                                                1. 2

                                                                                  @ originated on Twitter & has been widely copied but I suppose that Reddit is actually now more widely used than Twitter.

                                                                                  1. 5

                                                                                    @username format predates Twitter.

                                                                                    1. 4

                                                                                      @name was around before Twitter (as plaintext markers in emails), and @name references are common on many social media sites (including Facebook).

                                                                                      1. 1

                                                                                        What’s a plaintext marker in email? Never heard of it.

                                                                                        Some MUAs with html email allowing you to embed simple text or something?

                                                                                        1. 4

                                                                                          I mean literally including @Name in the text of an email when sending a message to a group of people and including parts directed at specific people. Not specially parsed by software at all.

                                                                                        2. 1

                                                                                          Facebook copied it from Twitter, as I said.

                                                                                          1. 2

                                                                                            My point is that @name is in far, far more common usage than /u/name. I should have been clearer.

                                                                                        3. 3

                                                                                          I suppose that Reddit is actually now more widely used than Twitter.

                                                                                          Citation most definitely needed.

                                                                                          Maybe in raw “engagement numbers” or whatever weird metrics ad people use to track site sizes, but Twitter is more mainstream than Reddit. A lot of Redditisms don’t even make sense to people outside it: the /r/ and /u/ prefixes, the distinction between link and self posts, and the threading (believe it or not, most people find threading super-confusing).

                                                                                          The gosh-darn POTUS has a Twitter account. I doubt he’s even heard of Reddit.

                                                                                          And in any case, it’s not whether /u/username or @username is more “popular”, the plain fact of the matter is that this site uses @username, and nothing else. As does Twitter, Discord, MS Teams, and for all I know Slack. Reddit is the outlier in this case.

                                                                                          And finally, there’s no reddit,com/u/username page, it redirects to reddit.com/user/username.

                                                                                          (Edit removed over-use of the word “definitely”).

                                                                                          1. 2

                                                                                            You are correct on all counts. I was even mistaken about my belief that Reddit is more popular than Twitter; evidently that’s only true in the US: https://www.alexa.com/topsites/countries/US

                                                                                            1. 1

                                                                                              I appreciate your response.

                                                                                            2. 1

                                                                                              And finally, there’s no reddit,com/u/username page, it redirects to reddit.com/user/username.

                                                                                              Writing /u/username in on reddit does several things. First, it sends a notification to that user. Second, it is displayed as if it was written [/u/username](https://reddit.com/user/username). There is similar behaviour for referencing subreddits with /r/subreddit. This native support strongly suggests that reddit considers reddit.com/u/username as a valid way to refer to a user’s profile, and to mention them on the website.

                                                                                            3. 2

                                                                                              But lobsters is written in ruby like Twitter and Reddit is python.

                                                                                              1. 1

                                                                                                I’m pretty sure there’s an implied sarcasm identifier that’s not printed there.

                                                                                                At least I really hope there is.

                                                                                    1. 13

                                                                                      The counter argument would be Moxie of course:

                                                                                      One of the controversial things we did with Signal early on was to build it as an unfederated service. Nothing about any of the protocols we’ve developed requires centralization; it’s entirely possible to build a federated Signal Protocol-based messenger, but I no longer believe that it is possible to build a competitive federated messenger at all.

                                                                                      So the big challenge will come when users expect some new feature which ActivityPub currently does not provide.

                                                                                      1. 15

                                                                                        Mastodon and the ActivityPub community have been iterating and pumping out new features on a rapid basis. On a protocol levle, ActivityPub itself is an iteration on the Activity Streams and ActivityPump protocols; themselves an iteration on OStatus. And there are plenty of ActivityPub instances that weren’t initially envisioned: PeerTube, MediaGoblin, NextCloud, … and chess?

                                                                                        I suppose moxie would argue that Mastodon isn’t or won’t be competitive.

                                                                                        I argue Signal, just like Twitter, will run out of money.

                                                                                        1. 4

                                                                                          Signal will become what WhatsApp was meant to become. WhatsApp could have been a secure messaging layer for businesses and consumers but Facebook made them an offer they couldn’t refuse so that dream wasn’t realized.

                                                                                          Signal now has a foundation and they have one of the original founders of WhatsApp bankrolling the operation. I don’t think they will run out of money and might even realize the original WhatsApp dream.

                                                                                          1. 1

                                                                                            Want to longbet?

                                                                                            1. 1

                                                                                              Sure.

                                                                                        2. 10

                                                                                          That quote is not really a good counter argument, it basically reads like “federation is bad because I said so.” You have to read the rest of his post to tease out his arguments:

                                                                                          • federation makes it difficult to make changes
                                                                                          • federation still favors a service single provider (e.g. gmail and email)

                                                                                          (Note: I don’t agree with moxie, just posting his counter argument for others to read)

                                                                                          1. 8

                                                                                            The counter argument would be Moxie of course

                                                                                            I’d have a lot easier time taking his arguments seriously if he hadn’t threatened legal action against a free software project simply for trying to build an interoperable client.

                                                                                            1. 4

                                                                                              Mastodon seems to cope quite well with this, possibly because there are few implementations and upgrading the server application isn’t too hard.

                                                                                              But I think the counter argument is entirely correct - it’s not possible (or at least very hard) to build a competitive federated messenger - and that’s completely fine. Competition is one of the parts of the centralised model that leads to de-prioritising users needs so that platforms can be monetise to keep it alive and “competitive”.

                                                                                              1. 5

                                                                                                Wait, what about matrix though?

                                                                                                1. 2

                                                                                                  To clarify my opinion a bit - I’m suggesting that federated networks won’t succeed by the metrics used to measure if something is “competitive”, not that federated networks don’t work. I think Mastodon and Matrix are both really good projects that will be much better than the alternatives long term, since there won’t be many incentives not to prioritise the needs of their users.

                                                                                                  1. 2

                                                                                                    Matrix from what I heard has scaling issues; we’re talking “three people on a single server massively increases load” bad. I think it’s due to protocol flaws?

                                                                                                    1. 5

                                                                                                      Any of matrix’s scaling issues come from federation (trying to sync room state across many different homeserver instances) and the poor state resolution algorithm they were using up until this past summer. Three (or thousands) of users on a single server participating in a room is not a concern, as that is a centralized instance.

                                                                                                      Highly recommend following the matrix blog and TWIM for project updates, especially for anything about synapse (their reference homeserver implementation). It was recently updated to python 3 and the memory footprint has drastically reduced. Keep a lookout for the “next generation” homeserver implementation, Dendrite, sometime after the Matrix 1.0 spec releases.

                                                                                                      1. 2

                                                                                                        I remember reading that this was because the current reference server implementation is simply not optimized. They’re rewriting it in Go (IIRC the new server is called Dendrite), but we’ll have to wait and see how performance changes.

                                                                                                1. 3

                                                                                                  npm does locally cache packages these days so they only need to be downloaded once, but you might be more interested in looking at the next generation package management tools the npm team is currently working on.

                                                                                                  1. 2

                                                                                                    With an inaccurate resolution or system used to synchronise time we’d see much higher differences between time on systems, which could easily lead to differences bigger than the few minutes other systems are willing to tolerate.