1. 11

    And true to the fate of all computers, it was obsolete six years later.

    1. 23

      “It is difficult to get a [web developer] to understand something, when [their] salary depends on [them] not understanding it.”

      ― Upton Sinclair

      1. 4

        My back looks like a pin cushion from all the arrows I received over the years fighting for web that would be more ethical and void of mostly useless crap. Some battles won, too many lost. I lost one just yesterday, but it didn’t occur to me that it was because of my money-induced blindness.

        I actually like this quote and have used it myself before, but while I met many web developers over the years who didn’t care about bullshit described in the article, almost all of them didn’t simply because they were either ignorant of available technologies, didn’t care much about quality of anything they did and most often both.

        1. 1

          Some battles won, too many lost.

          What were some of the wins?

          1. 4

            Example of a small recent one would be Klevio website (as it currently exists, less so after today). I am not linking to it because I don’t want referrals from Lobsters to show up in website’s logs, but is trivial to find.

            Almost everything on this website works with Javascript turned off. It uses Javascript to augment experience, but does not needlessly rely on external libraries. Should work reasonably well even on poor connections. Does not track you and still has a privacy policy handling that tries to be closer to the spirit of GDPR then to what you may get away with.

            It would certainly be easier for me and faster to develop (cheaper for company) if I just leaned on existing tools, build yet another SPA and have not spent more than a week arguing with lawyers about what is required.

            Alas, because unsurprisingly most people do not opt-in to analytics, I am now working on a different confirmation dialog, more in line with what others are doing. It will still be better than most, but certainly more coercive than current.

            And this is in a company that is, based on my experience, far more conscientious about people’s privacy than others I worked for.

            1. 1

              It would certainly be easier for me and faster to develop (cheaper for company) if I just leaned on existing tools, build yet another SPA and have not spent more than a week arguing with lawyers about what is required.

              Is this really true? Not to downplay your craft but I always thought tinkering with HTML/CSS until things look right would be way easier than learning a separate library.

              I checked out that website and it’s pretty refreshing that stuff actually works. If you want a little constructive feedback, the information density is very low especially on a desktop computer with a widescreen monitor. I have to scroll down 7 screens to get all the information, which could have fit on a single screen. Same with the “about us” page. I notice the site is responsive, giving a hamburger when you narrow your window, so maybe the “non-mobile” interface could be more optimized for desktop use.

              1. 1

                I don’t think it is in every case, but in this one I think it would be since everything was handwritten without picking up existing solutions for things like galleries. If you mean the SPA part, then I guess it becomes more moot. It would probably be about the same doing the first implementation, but this one, which is basically a bunch of static files, certainly has a higher cost of maintenance because we (I) didn’t get around to finishing it so page “components” still have to be manually copied to new files and updated everywhere when their content changes. The plan was to automate most of this, but we haven’t spent the time on it yet.

                I agree with everything in the second paragraph. Regretfully that is one of those battles lost.

                1. 1

                  so what do your managers feel is the benefit of having such low information density? how do these decisions get made?

                  1. 1

                    If I remember correctly it was because it supposedly looks modern, clean and in-line with company’s brand. It has been a while so my memory is fuzzy on this.

        2. 2

          I’ve heard this a few times already, but I’ve never quite understood what the implication is. What precisely are web developers not understanding? I get the default examples (eg. oil companies funding environmental research), but just can’t see the analogy in this case.

          1. 22

            You’re on week three of your new job at a big city ad and design firm. Getting that first paycheck was nice, but the credit card bill from the moving expenses is coming up, that first month of big city rent wiped out your savings, and you don’t really have a local personal network to find new jobs. The customer wants a fourth “tag” for analytics tracking. Do you:

            1. Put it in
            2. Engage in a debate about engineering ethics with your boss and his boss (who drives a white Range Rover and always seems to have the sniffles after lunch) culminating with someone screaming and you storming out, never to return?
            1. 8

              Web devs know that auto play videos and newsletter pop ups are annoying but annoying people is profitable

          1. 3

            Is there a reason something like Sqlite isn’t used to store/read the PLY files or other metadata? Surely thousands of files on disk isn’t an optional solution … I assume you’re taking steps to parition out the files to say 1000 per directory to maximize ulimit and file read operations … Using g Sqlite could alleviate some of these issues.

            Please pardon my ignorance, I’m not a graphics guy although I find it fascinating. I’m a webdev/polygot programmer …

            1. 5

              It’s almost certainly fine. SQLite is useful when you want to query data or manipulate it in ways SQL is designed for. If you’re accessing objects by name, a filesystem is fine, already supported in your programming environment, easy to replicate across a large cluster, and on modern systems, is totally fine with tens of thousands of files per directory.

            1. 13

              If you’re like most people in America, you use a text editor nearly every day. Whether it’s your basic Apple Notes, or something more advanced like Google Docs, Microsoft Word or Medium

              These are not text editors but “word processors”.

              1. 6

                Word processors are a special case of text editors imo. They’re definitely not optimized for programming, but most programming editors I’ve used share more with Word than they share with, say, vim or ed.

              1. 1

                As a developer who moved from Linux to the macOS platform, this made me think about how many non-native apps I use as replacements for the Apple version. The obvious ones I’m thinking of:

                • Alfred instead of Spotlight
                • iTerm2 instead of Terminal
                • Dropbox instead of iCloud
                • Chrome instead of Safari
                • Gmail instead of Mail
                • Google Maps instead of Maps
                • VLC instead of iMovie
                • Spotify instead of iTunes
                • Signal instead of Messages

                &c. This surely isn’t a good trend for Apple to allow to continue.

                1. 13

                  That’s not what’s meant by “native” in this case. Alfred, iTerm, Dropbox, Chrome, and VLC are native. Spotify is Electron, and I’m not sure about Signal. I’m guessing it’s probably a native app that does most of its UI in a WebView.

                  1. 5

                    Signal for Desktops is Electron.

                    1. 2

                      As it might be useful to describe what is meant by native, it means something on a spectrum between “using the platform-supplied libraries and UI widgets”, i.e. Cocoa and “not a wrapped browser or Electron app”, so it’s not clear whether an application using the Qt framework would be considered “native”. It could be delivered through the App Store and subject to the sandbox restrictions, so fits the bill for a “native” app in the original post, but it would also not be using the native platform features which are presumably seen as Apple’s competitive advantage for the purpose of the same post.

                      1. 2

                        I’d call QT native. It doesn’t use the native widgets, but then neither do most applications that are available on multiple platforms.

                        1. 2

                          It may be native, but it’s not Mac-native in the sense Gruber was talking about. You will find that all three uses of “native” in his article appear as “native Cocoa apps” or “native Mac apps”. He is talking about a quite specific sense of native: apps that integrate seamlessly with all of the MacOS UI conventions (services, system-wide text substitutions, native emoji picker, drag & drop behaviours, proxy icons, and a myriad more). Qt apps do not.

                    2. 5

                      Why is it not a good trend? You are still using a Mac .. they sold you the hardware. Should they care about what apps you run?

                      1. 3

                        Apps with good experiences that aren’t available on other platforms keep users around. Third-party iOS apps do a better job of moving iPhones than anything else Apple does, because people who already have a pile of iOS apps they use generally buy new iPhones.

                        Electron is just the latest in a long series of cross-platform app toolkits, and it has the same problems that every other one has had: look & feel, perceived inefficiency, and for the OS vendor, doesn’t provide a moat.

                        1. 1

                          Counterpoint, their apps have always been limited and really for people who weren’t willing to learn and use more robust tooling. I mean how many professionals use iMovie.

                          1. 1

                            iMovie is a good example. I’m guessing a lot of us prefer VLC.

                        2. 1

                          It’s good for the end user but not a good trend for their business model, part of which is to have best-in-class apps. Don’t get me wrong, I like having choice and I think they shouldn’t force you into their own app ecosystem.

                      1. 10

                        Our goal is to deliver the best experience for customers, which includes overall performance and prolonging the life of their devices. Lithium-ion batteries become less capable of supplying peak current demands when in cold conditions, have a low battery charge or as they age over time, which can result in the device unexpectedly shutting down to protect its electronic components.

                        Last year we released a feature for iPhone 6, iPhone 6s and iPhone SE to smooth out the instantaneous peaks only when needed to prevent the device from unexpectedly shutting down during these conditions. We’ve now extended that feature to iPhone 7 with iOS 11.2, and plan to add support for other products in the future.

                        Come on. If this is really about managing demand spikes, why limit the “feature” to the older phones? Surely iPhone 8 and X users would also prefer that their phones not shut down when it’s cold or the battery is low?

                        1. 6

                          I would assume most of those phones are new enough where the battery cycles aren’t enough to cause significant enough wear on the battery to trip the governor, and/or battery technology improved on those models.

                          It’s really a lose-lose for Apple whichever way they do it, and they IMHO picked the best compromise: run the phone normally on a worn battery and reduce battery life further, and risk just shutting off when the battery can’t deliver the necessary voltages on bursty workloads; or throttle the performance to try to keep battery life consistent and phone running with a battery delivering reduced voltages?

                          1. 6

                            Apple could have also opted to make the battery replaceable, and communicate to the user when to do that. But then that’s not really Apple’s style.

                            1. 3

                              I believe that’s called “visiting an Apple store.” Besides, as I’ve said elsewhere in this thread, replacing a battery on an iPhone is pretty easy; remove the screen, (it’s held in with two screws and comes out with a suction cup) and the battery is right there.

                            2. 4

                              and plan to add support for other products in the future.

                              They probably launched on older phones first since older phones are disproportionately affected.

                              1. 2

                                Other media reports indicate that battery performance loss is not just a function of age but of other things like exposure to heat. They also indicate that this smoothing doesn’t just happen indiscriminately but is triggered by some diagnostic checks of the battery’s condition. So it seems like making this feature available on newer phones would have no detrimental effect on most users (because their batteries would still be good) and might help some users (whose batteries have seen abnormally harsh use or environmental conditions). So what is gained by limiting it only to those using older models? Why does a brand new iPhone 7 bought new from Apple today, with a brand new battery, have this feature enabled while an 8 does not?

                                1. 2

                                  Probably easier for the test team to find an iPhone 7 or 6 with a worse battery than an 8. the cpu and some other components are different.

                                  1. 3

                                    There are documented standards for rapidly aging different kinds of batteries (for lead-acid batteries, like in cars, SAE J240 says you basically sous-vide cook them while rapidly charging and draining them), and I’d be appalled if Apple didn’t simulate battery aging for two or more years as part of engineering a product that makes or breaks the company.

                            1. 6

                              I’m curious as to why some drawing commands are nondeterministic across machines, even running the same software.

                              1. 5

                                I surveyed some finger printing algorithms a few months ago and I learned that the fingerprinting algorithms gather information about your machine and browser capabilities: the OS, the screen resolution, the screen size, the font list, and machine specifications (3d extensions, graphics accelerations, etc.). WebGL would be especially rich for exposing this information. Drawing to a canvas could be a way to sniff some of these capabilities out even if they the browser is not letting 3rd party JS know about them. This is all conjecture but seems likely.

                              1. 4

                                I can be found at @tscs37@mastodon.social, though not very active since it’s my public non-shitposting account to some extend (I’ve been heavily using my shitposting account, should change that)

                                Does anybody know of a good web client that supports multiple accounts?

                                1. 4

                                  Do you mind sharing your shitposting account? I’m honestly more interested in that than anything else.

                                  1. 4

                                    that would be this one

                                1. 3

                                  I just set up mine a week or two ago, I’m bonzoesc@m.bonzoesc.net, probably going to end up as a typical shitpost zone.

                                  1. 7

                                    I’ve been using a Samsung ARM Chromebook (1st generation) as my daily driver for the past 4 years. It’s a lowend, underpowered machine with nothing to write home about, but it can support a full Arch Linux ARM installation, run a web browser just fine, and have an adequate number of terminals. I love it. The battery life hasn’t changed at all since I bought it, it’s still consistently getting >7 hours. I have other friends with ARM laptops from other manufacturers, the battery life story is one I hear consistently.

                                    1. [Comment removed by author]

                                      1. 6

                                        dz, I wrote up a blog post about this: http://blog.jamesluck.com/installing-real-linux-on-arm-chromebook I completely replaced ChromeOS with Archlinux ARM on the internal SSD. The gist of the process is that you make a live USB, boot to that, and then follow the same procedure for making the bootable USB onto the SSD. You just have to untar the root filesystem, edit /etc/fstab, and correct the networking config!

                                        1. 1

                                          If it’s anything like my Samsung ARM Chromebook, you can boot a different os off external storage (i.e. an SD card), or possibly replace Chrome OS on the internal solid-state storage.

                                          1. 1

                                            You can replace ChromeOS. Here’s the Arch wiki on the 1st gen Samsung ARM Chromebook and the Samsung Chromebook Plus.

                                        1. 1

                                          Can’t you just option+click on Update and select the IPSW file? I don’t think any of the spoofing apple servers is required.

                                          1. 1

                                            Only if you both have the IPSW file (not easy to download for a non-iOS-administrator) and know to option-click update (it’s completely undiscoverable).

                                            1. 1

                                              I thought the ipsw download links were common knowledge …

                                          1. 3

                                            irreversibility, an essential design feature of cryptocurrency blockchains, is the fatal flaw of cryptocurrency that is responsible for most cryptocurrency and smart contract disasters

                                            If people wanted repudiation, they would use PayPal.

                                            Repudiation is one of the worst parts of the existing financial system, because it encourages horrendous failure-prone system design (since we can just roll it back no problem!). On a practical level, repudiation is fundamentally incompatible with the goals of a trustworthy, mechanized, objective finance system.

                                            (Although arguably it makes sense for ethereum since they’ve already given up on all three of those things by manually reversing the DAO “hack” even though it was a perfectly valid contract. So much for “code is law”.)

                                            On a philosophical level, Bitcoin is all about giving you more control at the expense of no one holding your hand. That’s the way it was designed, and that’s the way we want it. Repudiation fundamentally means loss of trust or loss of control. If anyone can reverse their own transactions, we lose trust. If there’s some centralized party that can choose to reverse transactions, we lose control.

                                            1. 5

                                              as long as human will build computer system, you will have to have way to recover against human errors. The only systems that don’t support this recovery system is human endangering systems which are gambled to be error free.

                                              1. 6

                                                Yes, I’m saying that’s unworkable for anyone who just wants to move value around in a money-like manner and isn’t ideologically committed to dealing with the brittleness of the resulting system.

                                                1. 0

                                                  Is cash unworkable? It has basically the same non-repudiation properties as Bitcoin, and yet people seemed to do OK with it for a long time (and before that, same deal with specie, and before that with commodities, etc.).

                                                  The existence of repudiation is a consequence of the emergence of unreliable credit systems, not something people sought out.

                                                  1. 13

                                                    Actually no, repudiation in the sense of contracts existed long before unreliable credit systems. Courts would “rollback” a contractual transaction for various different reasons. Among them failure on one party to understand what the other party meant in the wording of a contract. This could be due to one or both parties interpreting the language of the contract differently. This is a feature and not a bug of contract law.

                                                    As the bugs in smart contracts indicate it’s frequently possible for both the author of the contract and the counterparties to not fully understand what the contract actually says. This is for most people a bug and not a feature. Only idealists and thiefs would look at it as a feature. The idealist is willing to sacrifice assets for the ideal of an unbiased contract enforcer. The other likes the idea that they can take money from people who didn’t think it was possible with no consequences.

                                                    Thiefs were exploiting the legal system long before this of course but since smart contracts are obviously capable of quite serious bugs. You’ve just traded one group of exploiters for another which certainly hasn’t moved us in a direction of progress, and may in fact have moved us a few steps backwards since the smart contract by definition doesn’t allow for any kind of remediation of the exploit.

                                                    1. 0

                                                      Contract invalidation risk is related to, but not the same as, counterparty and settlement risk in trading.

                                                      Modern credit systems didn’t exist until the late 1600s. Credit existed long before this, but its scope was strictly limited. Fungible obligations, short selling, futures, and all the other staples of modern trading are for the most part less than 500 years old.

                                                      As the bugs in smart contracts indicate it’s frequently possible for both the author of the contract and the counterparties to not fully understand what the contract actually says

                                                      You can’t blame human failures on the system they’re failing with. It’s not a “bug”, it’s the entire point.

                                                      1. 10

                                                        You can’t blame human failures on the system they’re failing with. It’s not a “bug”, it’s the entire point.

                                                        The entire point of systems engineering is to understand how system design leads to human failures.

                                                        1. 9

                                                          Fungible obligations, short selling, futures, and all the other staples of modern trading are for the most part less than 500 years old.

                                                          That’s not true. The ancient Babylonians had grains futures markets. Credit instruments, in many cases, predate cash.

                                                          1. 8

                                                            You can’t blame human failures on the system they’re failing with.

                                                            You can when literally Gavin Wood can’t write a contract that won’t lose him literally tens of millions of dollars. This strongly suggests the ideological imperative in question fails when it hits reality. “[ideology] cannot fail, it can only be failed” is the stuff of cults.

                                                            1. 0

                                                              You can when literally Gavin Wood can’t write a contract that won’t lose him literally tens of millions of dollars.

                                                              Sounds like Gavin Wood is one of the original developers of ethereum, which is exactly the sort of person I would expect to lose tens of millions of dollars due to lack of rigor.

                                                              “[ideology] cannot fail, it can only be failed” is the stuff of cults.

                                                              Are mathematics and formal logic cults?

                                                              That’s what this comes down to; I agree ethereum in particular is unsuitable as a financial system, but all that means is that we have to increase our expectations of formality in financial system design.

                                                              1. 5

                                                                Are mathematics and formal logic cults?

                                                                No, but the idea of wiring them into a financial system in a way that quite efficiently separates less-rigorous people from their investments sure is. People have a hard time dealing with formalized logic systems, and get tremendous value from a squishy financial system with chargebacks and courts and mutable rules.

                                                                1. 4

                                                                  Also, we’re really bad at doing math good :(

                                                                  1. 0

                                                                    Good thing grandma doesn’t need to write a proof every time she sends Bitcoin; only expert imementers need to care about this stuff.

                                                                    1. 6

                                                                      This is categorically not true. Because when Grandma wants to send money via a smart contract on a blockchain she must either trust that the writer of the contract was a benevolent expert or be an expert herself. This continued insistence that math will protect less math savvy people from more math savvy people is why every conversation with the idealist breaks down.

                                                                      Grandma isn’t an idealist. She just wants to be one of the parties in a smart contract. But grandma can’t safely do it. Period.

                                                                      1. 4

                                                                        A good example is the EtherDelta hack. Approximately 0 crypto users can audit their software, let alone do audit it; they trust that someone else has done the security legwork to decompile and inspect a smart contract or a huge pile of minified JavaScript.

                                                                        One could then answer “well they deserve what happens to them, doing that in cryptocurrency” - but then you’re back to the problem that this is substantially only a problem if you insist on using cryptocurrency for things that are currently done without it. The primary use case is ideological, ‘cos it sure isn’t practical.

                                                              2. 4

                                                                A bug is code that doesn’t work they way you meant it to. Blame lies with the Humans absolutely. But that’s the whole problem. Humans have to write the contracts. Humans also have to trust the contracts. Since Humans have to write them Humans also can’t trust them.

                                                                This make smart contracts considerably more risky. That is the entire point of their critics.

                                                                1. 0

                                                                  Humans have to write the contracts. Humans also have to trust the contracts. Since Humans have to write them Humans also can’t trust them.

                                                                  This would all be true in the absence of formal methods, which people whom I actually trust to build a working financial system are currently trying to fix.

                                                                  I agree that existing “smart” contract systems suck, but the fundamental idea is perfectly sound.

                                                                  1. 4

                                                                    We probably would need to agree to disagree. I suspect the above would still be true even if you had formal methods.

                                                                    1. 2

                                                                      I think so too. The issue here seems to have been a combination of the following:

                                                                      1. code sharing (“external library”) to reduce deployment cost in the form of gas
                                                                      2. not knowing or realizing the library was actually a multi-sig wallet contract and thus vulnerable to the previously fixed vulnerability
                                                                      3. not considering the ill effects of calling a “kill function” on such a wallet
                                                                    2. 3

                                                                      formal methods only prove what you specified. usually the way to hack formal proven programs is to play on unspecified things.

                                                              3. 4

                                                                Is cash unworkable? It has basically the same non-repudiation properties as Bitcoin, and yet people seemed to do OK with it for a long time

                                                                The widespread use of cash is actually a pretty recent invention. “Cash” as we currently conceive of it (paper money, gold coins, silver bars, etc) has not historically been the primary financial instrument in people’s lives. The primary financial instrument has been credit. Historically, people would ring up a tab, and then pay it off. Even as late as the 1600s, it was possible for English kings to recall all of the coins in circulation and have it reminted with their likeness.

                                                                This was workable because people lived in close-knit communities, and social and legal remedies could be effectively used against people who failed to pay off their debts. Cash was used when trading with people who could not be trusted, usually because they were merchants who were from outside the community.

                                                                It’s only as we move to a more atomized, anonymous society that cash becomes more widely used. But even in a highly cash-oriented society, if you actually looked at the transactions, most “large” transactions were conducted in a repudiable medium, like cheques or bank transfers.

                                                                1. 3

                                                                  I’d rather trade some repudiation potentially happening to having to lug around gold coins when I want to buy something. I find the arguments against repudiation a bit overblown. There was no lack of fraud, insolvency or straight-up moral hazard in the “good old days” of the gold standard.

                                                                  1. 0

                                                                    I’d rather trade some repudiation potentially happening to having to lug around gold coins when I want to buy something.

                                                                    Bitcoin allows you to keep both. It’s easy to transport and non-repudiable. That’s the point.

                                                                  2. 4

                                                                    Two problems with the cash analogy:

                                                                    1. Someone can’t pick your pocket from the other side of the world.
                                                                    2. Bitcoin acts much more like a balance in an electronically-accessible bank account. Except with no customer service and a terrible user experience. And ridiculously high fees. And long transaction delays.

                                                                    It combines the worst of both worlds.

                                                                    The existence of repudiation is a consequence of the emergence of unreliable credit systems, not something people sought out.

                                                                    This is completely historically false, as zaphar points out below.

                                                                    1. 3

                                                                      Actually, bitcoins have lot of less problems than ethereum. It has an only point of failure which is to keep the private key secret. (There is several variation on how this secret key can be stolen, but it is far smaller problem than the way bug can be introduced in smart contract)

                                                                      1. 2

                                                                        Someone can’t pick your pocket from the other side of the world.

                                                                        Someone also can’t steal your cryptocurrencies from the other side of the world unless you’re acting stupid and trust a third-party wallet service.

                                                                        Bitcoin acts much more like a balance in an electronically-accessible bank account.

                                                                        “Cash acts much more like a balance in a physically-accessible bank account.” What are you trying to communicate with this statement?

                                                                        Except with no customer service

                                                                        You don’t need one; anything that’s possible you can do on your own. Sure, if you’re totally clueless it might be harder for you, but it’s a massive improvement for people who know what they’re doing.

                                                                        and a terrible user experience.

                                                                        Right, because banks score so highly for customer satisfaction. The reason I tried bitcoin was because banks kept fucking me over in ridiculous ways. The state comptroller stole thousands of dollars from my Wells Fargo account because of a paperwork error (not possible with bitcoin), and after I got it fixed and had the money refunded, Wells Fargo charged me hundreds in “legal fees” for the pleasure of helping the government steal my money.

                                                                        And ridiculously high fees.

                                                                        Compared to what? Even with the current insane transaction volume, it’s still cheaper than PayPal or credit cards, for any purchase over, say, $50. It’s only going to get cheaper as we find ways to take the pressure off (a la lightning network).

                                                                        And long transaction delays.

                                                                        I thought you were the one who liked repudiation? A transaction “going through” just means it’s no longer repudiable. Bitcoin transactions clear to the level of a credit card transaction instantly, and to the level that credit card transactions do after ~6 months on an average of ten minutes.

                                                                        This is completely historically false,

                                                                        No, it’s really not. For some historical context look up Hawala (early credit system) and then read about the emergence of modern financial instruments in the Netherlands in the late 1600s, including modern notions of settlement.

                                                                        1. 5

                                                                          Someone also can’t steal your cryptocurrencies from the other side of the world unless you’re acting stupid and trust a third-party wallet service.

                                                                          Except the article in question is exactly that with no one acting stupid. A contract had an unintended effect that allowed someone playing around to accidentally revoke access to assets guarded by that contract. That is demonstrably the entire thing that a smart contract is for. Are you suggesting that your money is safe as long as you don’t use a smart contract and don’t be stupid? I would agree but the context of this conversation isn’t crypto-currency. It’s smart contracts.

                                                                          1. 6

                                                                            Someone also can’t steal your cryptocurrencies from the other side of the world unless you’re acting stupid and trust a third-party wallet service.

                                                                            see, you say this, but it turns out that “be your own bank” also means “be your own financial institution chief security officer”, and that turns out in repeated practice to be really hard, hence the repeated tales on /r/bitcoin of people losing their holding to user error or computer mishaps.

                                                                            Here’s the Bitcoin Wiki guide to being your own bank: https://en.bitcoin.it/wiki/Securing_your_wallet Give that to your favourite nontechnical relative and see how they do.

                                                                            it’s still cheaper than PayPal or credit cards, for any purchase over, say, $50.

                                                                            This is entirely false in the UK.

                                                                            The rest of your post is a Gish gallop of non sequiturs.

                                                                            1. -1

                                                                              hence the repeated tales on /r/bitcoin of people losing their holding to user error or computer mishaps

                                                                              Yes, you expect some level of failure in a population of millions.

                                                                              Give that to your favourite nontechnical relative and see how they do.

                                                                              Any idiot can use a phone app like Mycelium and be sufficiently secure. Give them a Trezor if you’re really worried.

                                                                              This is entirely false in the UK.

                                                                              Are you claiming that credit cards don’t charge fees in the UK?

                                                                              The rest of your post is a Gish gallop of non sequiturs.

                                                                              Everything I said was a direct response to one of your points, so I think you mean “I don’t know how to refute what you said so I’m going to dismiss it instead”.

                                                                  1. 2

                                                                    Big thing missing from that comparison was price…

                                                                    1. 1

                                                                      The price for the Qualcomm part may not be public yet.

                                                                      1. 3

                                                                        https://www.qualcomm.com/news/releases/2017/11/08/qualcomm-datacenter-technologies-announces-commercial-shipment-qualcomm

                                                                        list price of $1,995, the 48 core Qualcomm Centriq 2460 processor offers greater than 4X better performance per dollar and up to 45% better performance per watt versus Intel’s highest-performance Skylake processor, the Intel Xeon Platinum 818[1].

                                                                    1. 3

                                                                      Not even a full year after the DAO hack.

                                                                      Will Ethereum ever manage to develop a programmable blockchain without bugs?

                                                                      1. 6

                                                                        This is functionally equivalent to developing software in general without bugs.

                                                                        We all know how easy that is.

                                                                        1. 4

                                                                          I.e. it’s doable if the work is competent and thorough. I would not use either of these terms to describe anything about ethereum.

                                                                          On the other hand, a promising development here, which will hopefully be applied to Bitcoin in the future: https://blockstream.com/simplicity.pdf

                                                                          1. 2

                                                                            I think the challenge comes from the complexity of smart contracts. Bitcoin has never had bugs this bad, but Bitcoin is not programmable.

                                                                            Ethereum changes too quickly for me to keep up - are these programmable contracts Turing-complete? Their chain might be more secure if the smart contract language was less powerful. Simple languages are a lot easier to reason about, and to prove the safety of.

                                                                            1. 2

                                                                              Bitcoin is programmable to a certain extent (you can do escrow for example) but it has not a turing complete language. I totally agree that their smart contract language should not be turing complete

                                                                            2. 2

                                                                              John Nagle (Animats) suggested Decision Tables since they can be setup to be quite intuitive and analyzed by machines:

                                                                              https://en.wikipedia.org/wiki/Decision_table

                                                                              One can also apply lessons from Design by Contract to embed constraints. One might also have the transaction generate traces that have to be sanity checked in a pre-agreed-upon way. There’s stuff that blockchains might explore that don’t require fancy programming languages so much as increasing clarity for people writing the contracts.

                                                                              1. 1

                                                                                it is a beautiful idea

                                                                            3. 3

                                                                              It’s the same problem as any other programming environment: people will build programs that have bugs, and while the environment can and should work to eliminate software errors, we will always invent new classes of bugs that will require extensive research to understand, detect, and prevent.

                                                                            1. 9

                                                                              It turns out the machines that feel quick are actually quick, much quicker than my modern computer – computers from the 70s and 80s commonly have keypress-to-screen-update latencies in the 30ms to 50ms range out of the box, whereas modern computers are usually in the 100ms to 200ms range.

                                                                              This makes me sad.

                                                                              Updated to add: if the original author is reading this, I have some 1990s Models M and a modern Unicomp (Model M remake built by the original IBM contractor) and I’d be really interested in seeing how they compare. I am in NYC and would be happy to lend them to you. But your “please contact me” link goes to Twitter (of which I am not a member), so please e-mail me if you are interested.

                                                                              1. 3

                                                                                For the 90s keyboards, you might want to measure the latency coming out of the original interface, then as it goes through a PS/2->USB converter (or in my case, an AT->PS/2->USB converter).

                                                                                1. 1

                                                                                  Heh. I used a single “Windows 98 ready!” Logitech NewTouch ergo keyboard with an integrated touchpad for the bulk of my career, taking it with me from job to job. Best keyboard feel I ever found, and completely indestructible. I can’t speak to its latency, but its longevity was legendary – six jobs, sixteen years, and who knows how many lines of code.

                                                                                  The series of keyboard connectors that I had to use to keep it running got pretty ludicrous though, and I remember that a crummy ps/2 to usb converter did seem to change how responsive the keyboard felt. It was worth it to suffer the return line at Fry’s to find good ones.

                                                                                2. 2

                                                                                  Models M

                                                                                  Thank you for your proper pluralization.

                                                                                1. 1

                                                                                  I’m noticing that the Das 3 and the Filco Majestouch both link to the “clicky” MX blue variant. Could this be why they placed higher than other MX counterparts? It would be nice to see switch data.

                                                                                  1. 1

                                                                                    Aren’t the latencies due to electronics and not mechanical? That would explain why the ErgoDox places so average - because the firmware can do so many different things.

                                                                                    1. 1

                                                                                      The latency measurements are the time from when the key starts moving to the time when the USB packet associated with the key makes it out onto the USB bus.

                                                                                      The Apple keyboard in first place has very little key travel, while the Planck and Ergodox in the middle of the heap probably have full-travel mechanical switches that have a way to move before closing the circuit.

                                                                                      1. 2

                                                                                        Which also makes the results surprising because the Filco has quite a lot of key travel. It would be interesting if this could be broken down further by activating the switches directly and comparing that to the overall time.

                                                                                  1. 3

                                                                                    Yubikey has a page up for their hardware, some of which is vulnerable: https://www.yubico.com/keycheck/

                                                                                      1. 5

                                                                                        This response confuses me. There’s an appeal that they exist in a kind of useless corner of PACELC (“sometimes we’re consistent and slow, and sometimes we’re inconsistent,”) a diagram that I feel wants to bamboozle me but just makes me cringe, some Java Jargon about data grids, and a bit of backing off on availability for future versions of particular object types.

                                                                                        1. 0

                                                                                          Yep, they’re butt-hurt over someone exposing the fact that their software doesn’t do what people expect it to do.

                                                                                        2. 2

                                                                                          “Before going into that[,] lets[sic] go into how common network partitions are.”

                                                                                          This sentence, or something like it, is a pretty sure sign that what you’re going to read in a few seconds contains some (or is entirely) bullshit.

                                                                                          1. 1

                                                                                            The best I can interpret from this is that the author seems to believe that a PA system requires losing writes. The blog seems to be saying “Yes, we are PA/EC, so of course these are the results you’d expect”. Which is clearly not true.

                                                                                          1. 12

                                                                                            I don’t understand why “With Ruby’s syntax” is such a selling point. There are a lot of gotchas in it, it doesn’t seem to be any more ergonomic than other syntactic styles, and it seems a particularly bad fit for a statically typed language.

                                                                                            1. 10

                                                                                              /me gets ready to burn some Internet credibility

                                                                                              I’m a fan of Ruby’s syntax, despite being a big FP nerd. I don’t know why I like it, to be honest. I think it is the preference of English-y words over sigils.

                                                                                              1. 2

                                                                                                I like that it reads really nicely with the standard formatting and long/descriptive variable and function names:

                                                                                                def initialize(client, keys)
                                                                                                  raise ArgumentError, t('client_type', :client => client.inspect) unless client.is_a? Riak::Client
                                                                                                  raise ArgumentError, t('array_type', :array => keys.inspect) unless keys.is_a? Array
                                                                                                
                                                                                                  self.thread_count = client.multi_threads
                                                                                                  validate_keys keys
                                                                                                  @client = client
                                                                                                  @keys = keys.uniq
                                                                                                  self.result_hash = {}
                                                                                                  @finished = false
                                                                                                end
                                                                                                

                                                                                                It’s pure preference, but it feels more welcoming to me than any other language I’ve learned.

                                                                                              2. 3

                                                                                                I guess the syntax itself is OK, what I have a problem with is the whole “implicit” nature of Ruby code. I always get confused when things happen in my code that I didn’t ask for or didn’t know of.

                                                                                                1. 1

                                                                                                  That’s a problem with using any featureful library without fully understanding it beforehand, though ruby makes it harder by having nonlocal imports.

                                                                                              1. 5

                                                                                                I’ll be going this year, my first ever Def Con and I’m super excited.

                                                                                                If anyone has tips for getting the most out of it I’d love to hear it.

                                                                                                1. 6

                                                                                                  This thread on twitter is good: https://twitter.com/tarah/status/886323500419436544

                                                                                                  In my experience: say hello to randos that look bored/lonely, do contests, save the talks for when they show up on youtube, drink lots of water (not booze, not soda, not coffee, yes water), and don’t forget to eat, shower, and sleep.

                                                                                                  1. 5

                                                                                                    The talks are important and make sure to hit the ones that interest you the most, but the social aspect is the part that sets security cons apart. Over the years I’ve ended up going to less and less of the talks and instead watching them when I get back from the con. Talk to people! I wonder if there is enough interest to have an impromptu meetup for lobsters at DefCon/BSidesLV.