1. 9

    Contrary to the comments at Reddit, I’m pretty sure Apple cannot do this unless you have installed a MDM profile…

    Locking, remote wipe, etc are limited to your iCloud account. There is no equivalent to “Google Play Services”. APNS has no control; it only handles push notifications.

    1. 15

      Contrary to the comments at Reddit, I’m pretty sure Apple cannot do this unless you have installed a MDM profile…

      When the OS is closed source how would you know?

      1. 12

        If you think Apple has a gaping backdoor in all of their phones which violates the mission of their product line, then please prove me wrong. In fact, take this opportunity to short their stock and prove it to the world. You could make yourself really rich really fast.

        Nobody else has done it, and everything Apple has done with their product line has been to constantly increase user security, not install backdoors for remote control and spying.

        I do not think they are perfect, but this would be a huge blow to their public perception and would certainly tarnish their brand for years to come.

        1. 7

          Objectively, I think that u/user545 has a valid point. When proprietary software is in place there is no way to verify that such software does what the user expects it to do, and nothing more. Just because Apple has said it doesn’t spy on its users, doesn’t mean such a statement is true; and we cannot trust them, because we don’t know what the program does in the inside.

          1. 9

            Perhaps it’s not as severe as user545 says.

            I think the argument can be transposed to anything done by anyone else:

            • I didn’t see how cars were built. So I have to assume the worst.
            • I didn’t see how roads were built. So I have to assume the worst.
            • I didn’t audit this open source project’s source code myself. So I have to assume the worst.
              • Or I only heard from someone that this source code checks out. But I don’t know that person, so I have to assume the worst (that they’re lying to me).
              • I didn’t audit the crypto algorithms. So I have to assume the worst.
              • I didn’t compile it myself. So I have to assume the worst.
              • I didn’t compile my compiler myself. So I have to assume the worst.
              • I didn’t compile my operating system myself with my own compiler. So I have to assume the worst.
              • I didn’t mine and process the raw resources to create my computer. So I have to assume the worst.

            Sure I can assume the worst, but then I probably wouldn’t live in a society.

            “Assume the worst” feels like an impractical rule to follow. Instead, it’s a practical tradeoff of efficiency (of my time) and likelihood I need to “assume the worst”. I’m not discounting the valuable effort that security researchers do to audit and break into these systems. Especially if they take this approach, that’s great. But they’re way more qualified and have more resources (eg - time, money) than me to do it. I’m not going to blindly assume the worst that these security researchers are out to trick me.

            I agree with feld. Apple isn’t perfect. They may change in the future. But Apple seem less likely than Google to implement a backdoor like this based on the way they position themselves in the market right now.

            1. 5

              You’re missing two things:

              1. “They’re usually defective since suppliers dont care or have liability.”

              2. “Intelligence agencies and law enforcement are threatening fines or jail for not putting secret backdoors in. The coercive groups also have legal immunity. Their targets can do 15 years if they talk.”

              No 1 also applies to FOSS. With those premises, I definitely cant trust closed-source software to not have incidental or intentional vulnerabilities. Now, we’re back to thorough design and review by parties we trust. Multiple, skilled, mutually-suspicious groups.

              1. 2

                Thanks,

                I agree with you on #1, including that it applies to FOSS. I may argue that a supplier has more incentive to fix it if you’re a potentially influential customer over a FOSS that has a disinterested maintainer (making you fall back to build-it-yourself or audit yourself. And to be clear, FOSS is definitely a better option than if the non-cooperative supplier is a monopoly). But I’d admit only be able to back up anecdotally, which isn’t a strong case.

                For #2, couldn’t that also apply to key maintainers in FOSS if they are contributing to the same project? I’d take a random guess that governments may find it impossible to coerce a small set of individuals. 15 years would equality scare FOSS maintainers as well. Sure, a geographical barrier may make that more difficult, but I’d guess that human-based intelligence agencies like the CIA probably have some related experience in this. I agree that FOSS makes it harder to sneak one by reviewers, but maybe there’s not many people needed to coerce to get the backdoor in a release.

                I only tangentially review security topics, so I’m not sure if that’s a realistic threat or just a tinfoil haty thought <:-).

                I guess I’m putting more emphasis from the perspective of typical (non-technical) user of software to:

                1. care more about security / privacy
                2. pressure companies they support to have better security/privacy practices

                Over distrusting all companies and have a significantly worse user experience of using software in general. Non-technical users generally like the fallback of technical support over just “figure it out yourself” or “you lost all your data because you couldn’t manage your secrets”.

                I’m curious, if a company allowed you to audit their source code before you approved/used it, would that significantly minimize the advantages FOSS software have over proprietary software for you?

                1. 2

                  I may argue that a supplier has more incentive to fix it if you’re a potentially influential customer over a FOSS that has a disinterested maintainer

                  This hasn’t been the case at all in the mobile space. The supplier has an incentive to not fix things so you buy a new device where as FOSS maintainers want your device to last as long as possible.

                  1. 2

                    I’d agree the motivation for some suppliers to upsell to newer devices, although I don’t really understand motivation for FOSS maintainers to want you to use your device as long as possible. As a one who maintained iOS libraries, there’s strong motivation to deprecate older devices/platforms since it’s a maintenance burden that sometimes hinders new feature work (and typically the most active contributors use the latest stuff). And when pitted against supporting the latest devices vs the older devices, chances are the newer stuff will win in those debates.

                    Thinking through the supplier stuff a bit more doesn’t make that much difference though. Sure, it doesn’t feel like a great business practice for a company to upsell. But it’s also how those companies stay in business. It could be viewed similarly to a maintenance support fee for existing devices. If suppliers offered the a retainer fee, it would effectively be the same thing then?

                    1. 2

                      The lineageOS team does amazing work keeping old Android devices on the latest release. Also means app devs don’t have to worry because these old devices support all the new apis and features.

                  2. 2

                    “For #2, couldn’t that also apply to key maintainers in FOSS if they are contributing to the same project?”

                    That’s a great observation. I held off mentioning it since people often say, “That’s speculation or conspiracy. Prove it with examples.” And the examples would have secrecy orders so… I just dropped the examples where they can find proof it happened. There very well could be coercive action against FOSS maintainers. Both Truecrypt developers and someone doing crypto on Linux filesystems kind of disappeared out of nowhere not talking about the project any longer. Now we’re into heresay and guesswork, though. Also, they might be able to SIGINT FOSS with a secrecy order. We might be able to counter that having people in foreign countries looking for the problem, submitting a fix, and the rule is to always take a fix. They have to spot the problem that might be out of their domain expertise, though.

                    Plenty of possibilities. I just don’t have anything concrete on mandated, FOSS subversion. I will say one of the reasons I’d never publish crypto under my own name or take money for it is this threat. I think it’s very realistic. I think we haven’t seen it play out since the popular libraries for crypto were so buggy that they didn’t need such a setup. If they did, they’d use it sparingly. Those also ran on systems that were themselves ridden with preventable 0-days.

                    Far as open vs closed with review, I wrote an essay on that here.

                    1. 2

                      Thanks for that essay, that was insightful.

                      I’m roughly remember the Truecrypt incident and that was suspect, although never came across the linux file system crypto circumstance. Was it similar to Truecrypt? Was that developer already known. My googling didn’t seem to show up any mention of that at all.

                  3. 1

                    There is one thing I am wondering about. Government agencies require backdoors but I would think they also require backdoors that are kept secret. How does that work with FOSS software? Alright yes they could sneek it in the compiled version maybe but distros are all moving to reproducible builds so that would be detected.

                    1. 2

                      Ignore the Karger/Thompdon attack: only happened twice that I know of. The nation-state attackers will go for low-hanging fruit like other black hats. They also need deniability. So, they’re most likely to either (a) use all bug hunting tools to find what’s already there and (b) introduce the kinds of defects people already do by accident. With (b), discoveries might not even burn the source if they otherwise do good work.

                      For FOSS, they’ll slip the vulnerability into a worthwhile contribution. It can be either in that component or be an interaction between it and others. Error-handling code of a complex component is a particularly-good spot since they often have errors.

              2. 10

                They are able to push updates over the internet and the whole thing is proprietary. I am unable to tell you what the system does because I cant see it. And at any time apple can push arbitrary code which could add a back door without anyone knowing.

                When you can’t see what is going on you have to assume the worst.

                1. 5

                  I can’t tell whether this is 1. a defense of open-source in general and android in particular or 2. a critique of apple.

                  Neither works.

                  1. See example of what just happened. or the firefox/mr robot partnership recently. open source does not automatically confer transparent privacy.

                  2. Apple has, in fact, emerged as a staunch defender of user privacy. There are many many examples of apple defending users against law enforcement.

                  You can’t wish Apple to be terrible about privacy and use that as the argument.

                  1. 3

                    Sure you can. They could take money to secretly backdoor the phone for NSA and use lawyers to tell FBI to get loss for image reasons. The better image on privcy leads to more sales. The deal with NSA puts upper bound on what FBI will do to them since they might just get data from NSA.

                    If that sounds far fetched, remember two things:

                    1. The telecoms were taking around $100 million each from NSA to give them data that they sometimes passed onto feds to use with parallel construction. Publicly they said they gave it out only with warrants. RSA went further to say they encrypted the data but weakened the crypto for $30 mil. The Core Secrets leak also said FBI could “compel” this.

                    2. In Lavabit trial, Feds argued he wouldnt have losses if customers didnt know he gave Feds the master key. He was supposed to do it under court order and then lie about it.

                    Given those two, I dont trust any profit-motivated company in US to not hand over data. Except maybe Lavabit in the past. Any of them could be doing it in secret for money that they take or get fines/jail.

                    1. 3

                      I would say Apple is more comparable to Lavabit than the others – they’re actively and publicly taking steps to protect their users’ privacy.

                      I wouldn’t argue that they will never do it, but to paint Apple and Google with the same brush on user privacy is silly and irresponsible.

                      1. 2

                        Well, we know that the secret, court meeting was going to put him in contempt or else. He had to shut the business down to avoid it. Apple may have been able to do more due to both size and making case public debate. Then again, that may have been a one-time victory followed by a secret loss. You can’t know if there’s two legal systems in operation side by side, one public and one secret. I assume the worst if the secret system is aggressively after something.

                        “I wouldn’t argue that they will never do it, but to paint Apple and Google with the same brush on user privacy is silly and irresponsible.”

                        I agree with this. Apple is a product company. Google is a full-on, surveillance company. Google is both riskier for their users now and more over time as they collect more which more parties get in various ways.

                    2. 3

                      I am not defending android at all. As you can see in the OP post android is absolutely horrible for privacy and control. I also agree that open source is not flawless of course but open source enables us to have the opportunity to inspect the programs we use (usually while contributing features) from what I understand the firerfox event was pushed through a beta/testing channel and not through the FF source. I would hope all linux distros have this feature turned off when packaging FF.

                      The OP comment was asking me to prove that Apple is able to change user settings over the network and I think that is an unreasonable statement to make when the software is closed source. I also mentioned that it is possible as apple is able to push new updates at any time with arbitrary code. So they have the capability of doing anything that is possible hardware wise.

                      1. 2

                        Fair on your 2nd point of responding to the OP and I don’t know whether they have the capability. However, they seem, at least at the moment, disinterested in taking random liberties with their users’ privacy.

                        1. 3

                          disinterested in taking random liberties with their users’ privacy.

                          I think that’s probably true but no one in this thread actually knows and one day its quite likely that the US government will force them to backdoor devices if they haven’t already.

                    3. [Comment removed by author]

                      1. 1

                        I can be sure in the way I can find out if needed. With proprietary software I can not be sure even if I was willing to put in the effort unless I wanted to spend my whole life trying to reverse engineer a build that would be out of date in a few months.

                        1. 1

                          Ill add that the move toward tamper-resistant enclaves and integrity checks will make that even harder since some are about denying you read access or flagging your device on access attempt. You’re effectively punished for trying to verify their software.

                          1. 2

                            I find these fairly problematic because one of the main uses for these systems is to prevent the user making modifications that the OEM doesn’t want and DRM but at the same time the do have genuinely useful features that would be desirable if they were under my control.

                            There are a lot of other things in IT I think fall under the same category. My bank offers you data showing all the different categories of things you have spent on in the month which is really useful for me to have but really creepy for the bank to have.

                            1. 2

                              Yeah. There are also schemes that put the user in control to get those benefits. That most suppliers don’t implement them tells us a bit about their intent.

                      2. 1

                        How do you know they are able to do that then?

                        Because all system updates that got installed on my phone came only after I manually approved them. Unless I am not aware of some previously demonstrated capability this sounds like exactly the same kind of unsubstantiated argument you are arguing against.

                        1. 1

                          What criteria do you use for approving or denying updates and how would that be able to stop a backdoor being installed?

                          1. 2

                            It doesn’t matter since the original argument was that Apple can do the same thing (automatically install/change software on your device) which they cannot. You have to assent to the installation (of updates, backdoor or whatever). May not be a difference you care about, but I do.

                            I agree that black box software makes it impossible to know if software can be trusted, but binary package of an open source software is also just a black box if I am not able to generate the same hash when compiling myself which in my admittedly not recent experience happened a lot.

                            1. 1

                              “You have to assent to the installation “

                              You would need a copy of source for all priveleged hardware and software on their platform to even begin to prove that. You dont have that. So, you don’t know. You’re acting on faith in a profit-motivated, company’s promises.

                              I’ll also add one that has enough money to do a secure rewrite or mod of their OS but doesnt intentionaly. They don’t care that much. They’re barely even investing into Mac OS X from what its users say. Whereas, Sun invested almost $300 million into redoing Solaris for version 10. That brought us things like ZFS.

                              A company with around a $100 billion that cares less about QA than smaller businesses shouldnt be trusted at all. They’ve already signalled that wealth accumulation was more important.

                              Meanwhile, tiny OK Labs cranked out mobile sandboxing good enough that General Dynamics bet piles of money on them for Defense use. Several other companies cranked out security-enhanced CPU’s, network stacks, DNS, end-to-end messaging, and so on. Quite a few were for sale, esp those nearing bankruptcy. Shows Apple had plenty of opportunities to do the same or buy them. Didnt care. They’ll make billions anyway.

                              1. 2

                                I agree with pretty much everything you say and while interesting, I am not sure how it is relevant to what I said.

                                I did not argue that one should trust Apple (even though I do think iPhone has a better track record than Android). My point was simply that all other things being equal I prefer platforms that don’t suddenly change on some company’s whim and let me decide when or if I want to perform an update and that AFAICT Apple does not push those updates without user’s consent.

                                I assume your argument is that consenting is meaningless as I cannot perform any reasonable security analysis of what I will receive. True that I can’t, but I also value predictability and speaking from a personal experience I feel I lose some of it with auto-updates.

                    4. 4

                      objdump -d

                      1. 3

                        When the OS is open source how would you know? Have you personally audited all of linux? How do you know you can trust third-party audits? I don’t think “it’s open source” provides much in terms of security all things considered.

                      2. 3

                        how do you know, what APNS does.

                        1. 1

                          Signal is a messaging app, with a central provider. I would thing something more like Freenet would be ideal for moving PGP keys around. Freenet is slow, but PGP keys are tiny and infrequently downloaded, Freenet tries to maintain availability for a file as long as someone occasionally requests it (even if the original uploader goes away), and a Freenet node operator can’t tell what’s on their machine unless they already know what they’re looking for.

                          At least, if the problem you’re trying to overcome is the fact that SKS server operators can be compelled to censor them. Personally, I would think a project like Fedora would prefer to make their SKS server invite-only and only have package maintainers put their keys up there. If Fedora put up a Freenet node, they’d probably be censored by every country that engages in that kind of thing, and I’m not sure if they want to fight that fight.

                        1. 1

                          ajax.googleapis.com

                          fonts.googleapis.com

                          1. -2

                            oh well

                            1. 3

                              Suggested tag: opinion

                              1. 0

                                Haha. That would apply to about everything here without a demo, though. (Pause.) Maybe your real goal is a product or demo with every comment. Hmmm.

                                1. 0

                                  suggested tag: wrong

                                1. 5

                                  the laboriousness of writing an article when my opinion could be captured in a sentence, just so i can use the term “ipso facto”

                                  1. 2

                                    And to misuse a semicolon at the same time!

                                    1. 1

                                      why i never

                                  1. 2

                                    I like gopher, but the manually-wrapped text aspect of it turned me off. If the client could decide to wrap paragraphs on its own (like HTML) then it’d be perfect.

                                    1. 1

                                      the client can do that; it’s the default behavior on mosaic. although in general you should wrap your lines to accommodate people whose clients aren’t configured that way.

                                    1. 5

                                      One thing about SPAs…they seemed to be really popular starting with the rise of Rails, mostly as a way of compensating for Rails amazingly slow rendering.

                                      1. 1

                                        rendering? … I thought Rails was backend?

                                        1. 2

                                          Server-side rendering is a thing.

                                          1. 2

                                            is the process of building an html document to send to the browser called “rendering”?

                                            1. 7

                                              Yes.

                                              1. 2

                                                Also, there’s (eg) react-rails which does server-rendering of a react SPA (so you get the HTML which your react code would generate, served by rails).

                                          2. 1

                                            I remember the rise of Rails to be mid-to-late 2000s - I don’t remember seeing SPAs until the mid-2010s.

                                          1. 8

                                            As a European, I don’t quite get it: Americans seem to be concerned with net neutrality, meanwhile not protesting huge monopolistic corporations(the gatekeepers) removing some controversial users on their own judgement and with no way to appeal. Are individuals excluded from the net neutrality?

                                            1. 16

                                              I’m not very familiar with the legal details, but I assume the distinction is general access to the internet being considered a utility, while access to platforms being considered something like a privilege. E.g. roads shouldn’t discriminate based on destination, but that doesn’t mean the destination has to let you in.

                                              edit: As to why Americans don’t seem as concerned with it (which is realize I didn’t address): I think most people see it as a place, like a restaurant. You can be kicked out if you are violating policies or otherwise disrupting their business, which can include making other patrons uncomfortable. Of course there are limits which is why we have anti-discrimination laws.

                                              1. 1

                                                Well, they’re also private, for-profit companies that legally own and sell the lines. So, there’s another political angle where people might vote against the regulations under theory that government shouldn’t dictate how you run your business or use your property, esp if it cost you money. Under theory of benefiting owners and shareholders, these companies are legal entities specifically created to generate as much profit from those lines as possible. If you don’t like it, build and sell your own lines. That’s what they’d say.

                                                They don’t realize how hard it is to deploy an ISP on a shoe-string budget to areas where existing players already paid off the expensive part of the investment, can undercut you into bankruptcy, and (per people claiming to be ISP founders on Hacker News) will even cut competitors’ lines “accidentally” so their own customers leave them. In the last case, it’s hard to file and win a lawsuit if you just lost all your revenue and opponent has over a billion in the bank. They all just quit.

                                                1. 1

                                                  Do you have the source for these claims regarding ISPs?

                                                  1. 1

                                                    Which ones?

                                                    1. 2

                                                      …existing players … (per people claiming to be ISP founders on Hacker News) will even cut competitors’ lines “accidentally” so their own customers leave them.

                                                      1. 2

                                                        One of them described a situation with a contracted, construction crew with guy doing the digging not speaking English well. They were supposedly digging for incumbent but dug through his line. He aaid he pointed that it was clearly marked with paint or something. The operator claimed he thought that meant there wasnt a line there.

                                                        That’s a crew that does stuff in that area for a living not knowing what a line mark means. So, he figured they did it on purpose. He folded since he couldnt afford to sue them. Another mentioned them unplugging their lines in exchanges or something that made their service appear unreliable. Like the rest, they’d have to spend money they didnt have on lawyers who’d have to prove (a) it happened snd/or (b) it was intentional.

                                              2. 11

                                                The landmark case in the United States is throttling of Netflix by Comcast. Essentially, Comcast held Netflix customers hostage until Netflix paid (which they did).

                                                It’s important to understand that many providers (Comcast, AT&T), also own the channels (NBC, CNN, respectively). They have an interest in charging less for their and their partners content, and more for their competitors content, while colluding to raise prices across the board (which they have done in the past with television and telephone service).

                                                Collectively, they all have an interest in preventing new entrants to the market. The fear is that big players (Google, Amazon) will be able to negotiate deals (though they’d probably prefer not to), and new or free technologies (like PeerTube) will get choked out.

                                                Net neutrality is somewhere where the American attitude towards corporations being able to do whatever to their customers conflicts with the American attitude that new companies and services must be able to compete in the marketplace.

                                                You’re right to observe that individuals don’t really enter into it, except that lots of companies are pushing media campaigns to sway public opinion towards their own interests. You’re seeing those media campaigns leaking out.


                                                Switching to the individual perspective.

                                                I just don’t want to pay more for the same service. In living memory Americans have seen their gigantic monopolistic telecommunications company get broken up, and seen prices for services drop 100 fold; more or less as a direct consequence of that action.

                                                As other posts have noted, the ISP situation in the US is already pretty dire unless you’re a business. Internet providers charge whatever they can get away with and have done an efficient job of ensuring customers don’t have alternatives. Telephone service got regulated, but internet service did not.

                                                Re-reading your post after diving on this one… We’re not really concerned about the same gatekeepers. I don’t think any American would be overly upset to see players like Amazon, Facebook, Google, Twitter, and Netflix go away and I wouldn’t be surprised to see one or more of those guys implode as long as they don’t get access to too much of the infrastructure.

                                                1. 4

                                                  Right-leaning US Citizen here. I’ll attempt to answer this as best as I can.

                                                  Net neutrality is being pushed by the media because it “fights discrimination”, and they blame the “fascist, nazi right” for it’s repeal (and they’re correct, except for the “fascist, nazi” bit). But without net neutrality, the ISPs still have an incentive to provide equal service, because otherwise they’ll lose customers (for obvious reasons).

                                                  I can’t speak to why open-source advocates are also pushing for net neutrality, because (in my opinion) the government shouldn’t be involved in how much internet costs. I do remember this article was moderately interesting, saying that the majority of root DNS servers are run by US companies. But, that doesn’t really faze me. As soon as people start censoring, that get backlash whether the media covers it or not

                                                  Side note, the reason you don’t see the protests against the “gatekeepers” is that most of the mainstream media isn’t accurately covering the reaction of the people to the censorship. I bet you didn’t know that InfoWars was the #1 news app with 5 stars on the Apple app store within a couple of weeks of them getting banned from Facebook, etc. I don’t really have any opinion about Alex Jones (lots of people on the right don’t agree with him), but you can bet I downloaded his app when I found out he got banned.

                                                  P.S. I assumed that InfoWars was what you were referring to when you said “removing some controversial users” P.P.S. I just checked the app store again, and it’s down to #20 in news, but still has 5 stars.

                                                  1. 34

                                                    But without net neutrality, the ISPs still have an incentive to provide equal service, because otherwise they’ll lose customers (for obvious reasons).

                                                    I think this is too optimistic. I live in Chicago, the third biggest city in the country and arguably the tech hub of the midwest. In my building I get to choose between AT&T and Comcast. I’m considered lucky: most of my friends in the city get one option, period. If their ISP starts doing anything shady they don’t have an option to switch, because there’s nobody they can switch to.

                                                    1. 16

                                                      I think this is too optimistic. I live in Chicago, the third biggest city in the country and arguably the tech hub of the midwest. In my building I get to choose between AT&T and Comcast. I’m considered lucky: most of my friends in the city get one option, period. If their ISP starts doing anything shady they don’t have an option to switch, because there’s nobody they can switch to.

                                                      It’s interesting to contrast this to New Zealand, where I live in a town of 50,000 people and have at least 5 ISPs I can choose from. I currently pay $100 NZ a month for an unlimited gigabit fibre connection, and can hit ~600 mbit from my laptop on a speed test. The NZ government has intervened heavily in the market, effectively forcing the former monopolist (Telecom) to split into separate infrastructure (Chorus) and services (Telecom) companies, and spending a lot of taxpayer money to roll out a nationwide fibre network. The ISPs compete on the infrastructure owned by Chorus. There isn’t drastic competition on prices: most plans are within $10-15 of each other, on a per month basis, but since fibre rolled out plans seem to have come down from around $135 per month to now around $100.

                                                      I was lucky to have decent internet through a local ISP when I lived in one of Oakland’s handful of apartment buildings, but most people wouldn’t have had that option. I think the ISP picture is a lot better in NZ. Also, net neutrality is a non-issue, as far as I know. We have it, no-one seems to be trying to take it away.

                                                      1. 14

                                                        I’m always irritated that there are policies decried in the United States as “impossible” when there are demonstrable implementations of it elsewhere.

                                                        I can see it being argued that the United States’s way is better or something, but there are these hyperbolic attacks on universal health care, net neutrality, workers’ rights, secure elections, etc that imply that they are simply impossible to implement when there are literally dozens of counterexamples…

                                                        1. 5

                                                          At the risk of getting far too far off topic.

                                                          One of the members of the board at AT&T was the CEO of an insurance company, someone sits on the boards of both Comcast/NBC and American Beverages. The head of the FCC was high up at Verizon.

                                                          These are some obvious, verifiable, connections based in personal interest. Not implying that it’s wrong or any of those individuals are doing anything which is wrong, you’ve just gotta take these ‘hyperbolic attacks’ with a grain of salt.

                                                            1. 2
                                                          1. 4

                                                            Oh yeah it’s infuriating. It helps to hit them with examples. Tell them the media doesn’t talk about them since they’re all pushing something. We all know that broad statement is true. Then, briefly tell them the problems that we’re trying to solve with some goals we’re balancing. Make sure it’s their problems and goals. Then, mention the solution that worked else where which might work here. If it might not fit everyone, point out that we can deploy it in such a way where its specifics are tailored more to each group. Even if it can’t work totally, maybe point out that it has more cost-benefit than the current situation. Emphasize that it gets us closer to the goal until someone can figure out how to close the remaining gap. Add that it might even take totally different solutions to address other issues like solving big city vs rural Internet. If it worked and has better-cost benefit, then we should totally vote for it to do better than we’re doing. Depending on audience, you can add that we can’t have (country here) doing better than us since “This is America!” to foster some competitive, patriotic spirit.

                                                            That’s what I’ve been doing as part of my research talking to people and bouncing messages off them. I’m not any good at mass marketing, outreach or anything. I’ve just found that method works really well. You can even be honest since the other side is more full of shit than us on a lot of these issues. I mean, them saying it can’t exist vs working implementations should be an advantage for us. Should. ;)

                                                            1. 3

                                                              Beautifully said.

                                                              My family’s been in this country since the Mayflower. I love it dearly.

                                                              Loving something means making it better and fixing its flaws, not ignoring them.

                                                              1. 2

                                                                Thanks and yes. I did think about leaving for a place maybe more like my views. That last thing you said is why I’m still here. If we fix it, America won’t be “great again:” it would be fucking awesome. If not for us, then for the young people we’re wanting to be able to experience that. That’s why I’m still here.

                                                        2. 5

                                                          arguably the tech hub of the midwest.

                                                          Only if you can’t find Austin on a map… ;)

                                                          1. 11

                                                            Native Texan/Austinite here. Texas is the South, Southwest, or just Texas. All the rest of y’all are just Yankees. ;)

                                                          2. 1

                                                            But if their ISP starts doing anything shady, they’ll surely get some backlash, even if they can’t switch they can complain.

                                                            1. 9

                                                              They’ve been complaining for decades. Nothing happens most of the time. The ISP’s have many lobbyists and lawyers to insulate them from that. The big ones are all doing the same abusive practices, too. So, you can’t switch to get away from it.

                                                              Busting up AT&T’s monopoly got results in lower costs, better service, better speeds, etc. Net neutrality got more results. I support more regulation of these companies and/or socialized investment to replace them like the gigabit for $350/mo in Chattanooga, TN. It’s 10Gbps now I think but I don’t know what price.

                                                              Actually, I go further due to their constant abuses and bribing politicians: Im for having a court seizetheir assets, converting them to nonprofits, and putting new management in charge. If at all possible. It would send a message to other companies that think they can do damage to consumers and mislead regulators with immunity to consequences.

                                                                1. 6

                                                                  What incentive does the ISP have to change? Unless you can complain to some higher authority (FCC, perhaps) then there is no reason for the ISP to make any changes even with backlash. I’d be more incentivized to complain if there was at least some competition.

                                                              1. 30

                                                                Net neutrality is being pushed by the media because it “fights discrimination”, and they blame the “fascist, nazi right” for it’s repeal

                                                                Nobody says this. It’s being pushed because it prevents large corporations from locking out smaller players. The Internet is a great economic equalizer: I can start a business and put a website up and I’m just as visible and accessible as Microsoft.

                                                                We don’t want Microsoft to be able to pay AT&T to slow traffic to my website but not theirs. It breaks the free market by allowing collusion that can’t be easily overcome. It’s like the telephone network; I can’t go run wires to everyone’s house, but I want my customers to be able to call me. I don’t want my competitors to pay AT&T to make it harder to call me than to call them.

                                                                But without net neutrality, the ISPs still have an incentive to provide equal service, because otherwise they’ll lose customers (for obvious reasons).

                                                                That assumes people have a choice. They very often don’t. Internet service has a massively high barrier to entry, similar to a public utility. Most markets in the United States have at most two providers (both major corporations opposed to net neutrality). Very, very rarely is there a third.

                                                                More importantly, there are only five tier-1 networks in the United States. Five. It doesn’t matter how many local ISPs there are; without Net Neutrality, five corporations effectively control what can and can’t be transmitted. If those five decide something should be slowed down or forbidden, there is nothing I can do. Changing to a different provider won’t do a thing.

                                                                (And of those five, all of them donate significantly more to one major political party than the other, and the former Associate General Counsel of one of them is currently chairman of the FCC…)

                                                                I can’t speak to why open-source advocates are also pushing for net neutrality, because (in my opinion) the government shouldn’t be involved in how much internet costs.

                                                                Net neutrality says nothing about how much it costs. It just says you can’t charge different amounts based on content. It would be like television stations charging more money to Republican candidates to run ads than to Democratic candidates. They’re free to charge whatever they want; they’re not free to charge different people different amounts based on the content of the message.

                                                                Democracy requires communication. It does no good to say “freedom!” if the major corporations can effectively silence whoever they want. “At least it’s not the government” is not a good defense of stifling public debate.

                                                                And there’s a difference between a newspaper and a television/radio station/internet service. I can buy a printing press and make a newspaper and refuse to carry whatever I want. There are no practical limits to the number of printing presses in the country.

                                                                There is a limited electromagnetic spectrum. Not just anyone can broadcast a TV signal. There is a limit to how many cables can be run on utility polls or buried underground. Therefore, discourse carried over those media are required to operate more in the public trust than others. As they become more essential to a healthy democracy, that only becomes more important. It’s silly to say “you still have freedom of speech” if you’re blocked from television, radio, the Internet, and so on. Those are the public forums of our day. That a corporation is doing the blocking doesn’t make it any better than if the government were to do it.

                                                                Side note, the reason you don’t see the protests against the “gatekeepers” is that most of the mainstream media isn’t accurately covering the reaction of the people to the censorship.

                                                                There’s a big difference between Twitter not wanting to carry Alex Jones and net neutrality. Jones is still free to go start up a website that carries his message; with Net Neutrality not only could he be blocked from Twitter, but the network itself could make his website inaccessible.

                                                                There is no alternative with Net Neutrality. You can’t build your own Internet. Without mandating equal treatment of traffic, we hand the Internet over solely to the big players. Preventing monopolistic and oligarchic control of public discourse is a valid use of government power. It’s not censorship, it’s the exact opposite.

                                                                1. 7

                                                                  That assumes people have a choice. They very often don’t.

                                                                  This was also brought up by @hwayne, @caleb and @friendlysock, and is not something that occurred to me. I appreciate all who are mentioning this.

                                                                  More importantly, there are only five tier-1 networks in the United States.

                                                                  Wow, I did not know that. I can see that as a legitimate reason to want net neutrality. But, I also think that they’ll piss off a lot of people if they can stream CNN but not InfoWars.

                                                                  It just says you can’t charge different amounts based on content.

                                                                  I understood it to also mean that you also couldn’t charge customers differently because of who they are. Also, don’t things like Tor mitigate things like that?

                                                                  “At least it’s not the government” is not a good defense of stifling public debate.

                                                                  I completely agree. But in the US we have a free market (at least, we used to) and that means that the government is supposed to stay out of it as much as possible.

                                                                  Preventing monopolistic and oligarchic control of public discourse is a valid use of government power.

                                                                  I also agree. But these corporations (the tier-1 ISPs) haven’t done anything noticeable to me to limit my enjoyment of conservative content, and I’m pretty sure that they would’ve by now if they wanted to.

                                                                  The reason I oppose net neutrality is more because I don’t think that the government should control it than any more than I think AT&T and others should.

                                                                  not only could he be blocked from Twitter, but the network itself could make his website inaccessible.

                                                                  But they haven’t.

                                                                  edit: how -> who

                                                                2. 6

                                                                  Even though I’m favoring net neutrality, I appreciate you braving the conservative position on this here on Lobsters. I did listen to a lot of them. What I found is most had reasonable arguments but had no idea about what ISP’s did, are doing, are themselves paying Tier 1’s, etc. Their media sources’ bias (all have bias) favoring ISP’s for some reason didn’t tell them any of it. So, even if they’d have agreed with us (maybe, maybe not), they’d have never reached those conclusions since they were missing crucial information to reflect on when choosing to regulate or not regulate.

                                                                  An example is one telling me companies like Netflix should pay more to Comcast per GB or whatever since they used more. The guy didn’t know Comcast refuses to do that when paying Tier 1’s negotiating transit agreements instead that worked entirely different. He didn’t know AT&T refused to give telephones or data lines to rural areas even if they were willing to pay what others did. He didn’t know they could roll out gigabit today for same prices but intentionally kept his service slow to increase profit knowing he couldn’t switch for speed. He wasn’t aware of most of the abuses they were doing. He still stayed with his position since that guy in particular went heavily with his favorite, media folks. However, he didn’t like any of that stuff which his outlets never even told him about. Even if he disagrees, I think he should disagree based on an informed decision if possible since there’s plenty smart conservatives out there who might even favor net neutrality if no better alternative. I gave him a chance to do that.

                                                                  So, I’m going to give you this comment by @lorddimwit quickly showing how they ignored the demand to maximize profit, this comment by @dotmacro showing some abuses they do with their market control, and this article that gives nice history of what free market did with each communications medium with the damage that resulted. Also note that the Internet itself was an open, free-if-you-have-a-wire system that competed with the proprietary, charge-per-use, lock-them-in-forever-if-possible systems the private sector was offering. It smashed them so hard you might have even never heard of them or forgotten a lot about them depending on your age. It also democratized more goods than about anything other than maybe transportation. Probably should stick with the principles that made that happen to keep innovation rolling. Net neutrality was one of them that was practiced informally at first then put into law as the private sector got too much power and was abusing it. We should keep doing what worked instead of the practices ISP’s want that didn’t work but will increase their profits at our expense for nothing in return. That is what they want: give us less or as little improvement in every way over time while charging us more. It’s what they’re already doing.

                                                                  1. 2

                                                                    I read the comments, and I read most of the freecodecamp article.

                                                                    I like the ideal of the internet being a public utility, but I don’t really want the government to have that much control.

                                                                    I think the real problem I have with government control of the internet, is that I don’t want the US to end up like china with large swaths of the internet completely blocked.

                                                                    I don’t really know how to solve our current problems. But, like @jfb said elsewhere in this thread, I don’t think that net neutrality is the best possible solution.

                                                                    1. 2

                                                                      Also note that the Internet itself was an open, free-if-you-have-a-wire system that competed with the proprietary, charge-per-use, lock-them-in-forever-if-possible systems the private sector was offering. It smashed them so hard you might have even never heard of them or forgotten a lot about them depending on your age.

                                                                      I might recognize a name, but I probably wasn’t even around yet.

                                                                      So, I’m going to give you…

                                                                      Thanks for the info, I’ll read it and possibly form a new opinion.

                                                                    2. 5

                                                                      But without net neutrality, the ISPs still have an incentive to provide equal service, because otherwise they’ll lose customers (for obvious reasons).

                                                                      What obvious reasons? Because customers will switch providers if they don’t treat all traffic equally? That would require (a) users are able to tell if a provider prioritizes certain traffic, and (b) that there is a viable alternative to switch to. I have no confidence in either.

                                                                      1. 1

                                                                        I don’t personally care if the prioritize certain websites, but I sure as hell care if the block something.

                                                                        As far as I’m concerned, they can slow down Youtube by 10% for conservative channels and I wouldn’t give a damn even though I watch and enjoy some. What really bothers me is when they “erase” somebody or block people from getting to them.

                                                                        1. 4

                                                                          well you did say they have an incentive to provide “equal service” so i guess you meant something else. net neutrality supporters like me aren’t satisfied with “nobody gets blocked,” because throttling certain addresses gives big corporations more tools to control media consumption, and throttling have similar effects to blocking in the long term. i’m quite surprised that you’d be fine with your ISP slowing down content you like by 10%… that would adversely affect their popularity compared to the competitors that your ISP deems acceptable, and certain channels would go from struggling to broke and be forced to close down.

                                                                          1. 1

                                                                            Well, I have pretty fast internet, so 10% wouldn’t be terrible for me. However, I can see how some people would take issue with such a slowdown.

                                                                            I was using a bit an extreme example to illustrate my point. What I was trying to say was that they can’t really stop people from watching the content that they want to watch.

                                                                            1. 3

                                                                              I recall, but didn’t review, a study saying half of web site users wanted the page loaded in 2 seconds. Specific numbers aside, I’ve been reading that kind of claim from many people for a long time that a new site taking too long to load, being sluggish, etc makes them miss lots of revenue. Many will even close down. So, the provider of your favorite content being throttled for even two seconds might kill half their sales since Internet users expect everything to work instantly. Can they operate with a 50% cut in revenue? Or maybe they’re bootstrapping up a business with a few hundred or a few grand but can’t afford to pay for no artificial delays. Can they even become the content provider your liked if having to pay hundreds or thousands extra on just extra profit? I say extra profit since ISP’s already paid for networks capable of carrying it out of your monthly fee.

                                                                              1. 2

                                                                                yeah, the shaping of public media consumption would happen in cases where people don’t know what they want to watch or don’t find out about something that they would want to watch

                                                                                anti-democratic institutions already shape media consumption and discourse to a large extent, but giving them more tools will hurt the situation. maybe it won’t affect you or me directly, but sadly we live in a society so it will come around to us in the form of changes in the world

                                                                        2. 5

                                                                          But without net neutrality, the ISPs still have an incentive to provide equal service, because otherwise they’ll lose customers (for obvious reasons).

                                                                          Most customers have exceedingly limited options in their area, and they’re not going to switch houses because of their ISP. Especially in apartment complexes, you see cases where, say, Comcast has the lockdown on an entire population and there really isn’t a reasonable alternative.

                                                                          In a truly free market, maybe I’d agree with you, but the regulatory environment and natural monopolistic characteristics of telecomm just don’t support the case.

                                                                          1. 1

                                                                            Most customers have exceedingly limited options in their area, and they’re not going to switch houses because of their ISP.

                                                                            That’s a witty way of putting it.

                                                                            But yeah, @lorddimwit mentioned the small number of tier-1 ISPs. I didn’t realize there were so few, but I still think that net neutrality is overreaching, even if its less than I originally thought.

                                                                            1. 3

                                                                              Personally, I feel that net neutrality, such as it is, would prevent certain problems that could be better addressed in other, more fundamental ways. For instance, why does the US allow the companies that own the copper to also own the ISPs?

                                                                          2. 3

                                                                            But without net neutrality, the ISPs still have an incentive to provide equal service, because otherwise they’ll lose customers (for obvious reasons).

                                                                            Awkward political jabs aside, most of your statements imply that you believe customers are free to choose who they get their internet from, which is just plain incorrect. Whatever arguments you want to make against net neutrality, there is one indisputable fact that you cannot just ignore or paper over:

                                                                            ISPs do not operate in a free market.

                                                                            In the vast majority of the US, cable and telephone companies are granted local monopolies in the areas they operate. That is why they must be regulated. As the Mozilla blog said, they have both the incentive and means to abuse their customers and they’ve already been caught doing it on multiple occasions.

                                                                            1. 1

                                                                              most of your statements imply that you believe customers are free to choose who they get their internet from, which is just plain incorrect

                                                                              I think you’re a bit late to the party, I’ve conceded that fact already.

                                                                            2. 3

                                                                              All of that is gibberish. Net Neutrality is being pushed because it creates a more competitive marketplace. None of it has anything to do with professional liar Alex Jones.

                                                                              But without net neutrality, the ISPs still have an incentive to provide equal service, because otherwise they’ll lose customers (for obvious reasons).

                                                                              That’ s not how markets work. And it’s not how the technology or permit process for ISPs work. There is very little competition among ISPs in the US market.

                                                                              1. 1

                                                                                Hey, here’s a great example from HN of the crap they pull without net neutrality. They advertised “unlimited,” throttled it secretly, admitted it, and forced them to pay extra to get actual unlimited.

                                                                                @lorddimwit add this to your collection. Throttling and fake unlimited been going on long time but they couldve got people killed doing it to first responders. Id have not seen that coming just for PR reasons or avoiding local, govt regulation if nothing else.

                                                                                1. 1

                                                                                  I can’t speak to why open-source advocates are also pushing for net neutrality, because (in my opinion) the government shouldn’t be involved in how much internet costs.

                                                                                  It’s not about how much internet costs, it’s about protecting freedom of access to information, and blocking things like zero-rated traffic that encourage monopolies and discourage competition. If I pay for a certain amount of traffic, ISPs shouldn’t be allowed to turn to Google and say “want me to prioritize YouTube traffic over Netflix traffic? Pay me!”

                                                                                  1. 1

                                                                                    Net neutrality is being pushed by the media because it “fights discrimination”, and they blame the “fascist, nazi right” for it’s repeal (and they’re correct, except for the “fascist, nazi” bit).

                                                                                    Where on earth did you hear that? I sure hope you’re not making it up—you’ll find this site doesn’t take too kindly to that.

                                                                                    1. 1

                                                                                      I might’ve been conflating two different political issues, but I have heard “fascist” and “nazi” used to describe the entire right wing.

                                                                                      A quick google search for “net neutrality fascism” turned this up https://motherboard.vice.com/en_us/article/kbye4z/heres-why-net-neutrality-is-essential-in-trumps-america

                                                                                      “With the rise of Trump and other neo-fascist regimes around the world, net neutrality will be the cornerstone that activists use to strengthen social movements and build organized resistance,” Wong told Motherboard in a phone interview. “Knowledge is power.”

                                                                                      1. 2

                                                                                        You assume that net neutrality is a left-wing issue, which it’s not. It actually has bipartisan support. The politicians who oppose it have very little in common, aside from receiving a large sum of donations from telecom corporations.

                                                                                        As far as terms like “fascist” or “Nazi” are concerned—I think they have been introduced into this debate solely to ratchet up the passions. It’s not surprising that adding these terms to a search yields results that conflate the issues.

                                                                                        1. 2

                                                                                          Ill add on your first point that conservatives who are pro-market are almost always pro-competition. They expect the market will involve competition driving whats offered up, its cost down, and so on. Both the broadband mandate and net neutrality achieved that with an explosion of businesses and FOSS offering about anything one can think of.

                                                                                          The situation still involves 1-3 companies available for most consumers that, like a cartel, work together to not compete on lowering prices, increasing service, and so on. Net neutrality reduced some predatory behavior the cartel market was doing. They still made about $25 billion in profit between just a few companies due to anti-competitive behavior. Repealing net neutrality for anti-competitive market will have no positives for consumer but will benefit roughly 3 or so companies by letting them charge more for same or less service.

                                                                                          Bad for conservative’s goals of market competition and benefiting conservative voters.

                                                                                  2. 2

                                                                                    One part of it is that we already have net neutrality, and it’s easier to try to hang on to a regulation than to create a new one.

                                                                                  1. 2
                                                                                    1. That I feel the use of corporate advertising on blogs devalues the medium.

                                                                                    Unlike all those subscriber based blogs that everyone reads and links to?

                                                                                    1. 2

                                                                                      i guess he’s contrasting blogs that have corporate advertising with blogs that don’t. blogs don’t need to have a revenue stream but some receive donations, which is neither advertising nor subscription.

                                                                                    1. 1

                                                                                      shouldn’t it be einkTTY? because a paper TTY would just be a TTY.

                                                                                      1. 34

                                                                                        Good talk.

                                                                                        I recently used systemd “in anger” for the first time on a raspi device to orchestrate several scripts and services, and I was pleasantly surprised (but also not surprised, because the FUD crowd is becoming more and more fingerprintable to me). systemd gives me lifecycle, logging, error handling, and structure, declaratively. It turns out structure and constraints are really useful, this is also why go has fast dependency resolution.

                                                                                        It violates unix philosohpy

                                                                                        That accusation was also made against neovim. The people muttering this stuff are slashdot markov chains, they don’t have any idea what they’re talking about.

                                                                                        1. 22

                                                                                          The declarative units are definitely a plus. No question.

                                                                                          I was anti-systemd when it started gaining popularity, because of the approach (basically kitchen-sinking a lot of *NIX stuff into a single project) and the way the project leader(s) respond to criticism.

                                                                                          I’ve used it since it was default in Debian, and the technical benefits are very measurable.

                                                                                          That doesnt mean the complaints against it are irrelevant though - it does break the Unix philosophy I think most people are referring to:

                                                                                          Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new “features”.

                                                                                          1. 30

                                                                                            If you believe composability (one program’s output is another program’s input) is an important part of The Unix Philosophy, then ls violates it all day long, always has, likely always will. ls also violates it by providing multiple ways to sort its output, when sort is right there, already doing that job. Arguably, ls formatting its output is a violation of Do One Thing, because awk and printf exist, all ready to turn neat columns into human-friendly text. My point is, The Unix Philosophy isn’t set in stone, and never has been.

                                                                                            1. 7

                                                                                              Didn’t ls predate the Unix Philosophy? There’s a lot of crufthistory in unix. dd is another example.

                                                                                              None of that invalidates the philosophy that arose through an extended design exploration and process.

                                                                                              1. 4

                                                                                                nobody said it’s set in stone; it’s a set of principles to be applied based on practicality. like any design principle, it can be applied beyond usefulness. some remarks:

                                                                                                • i don’t see where ls violates composability. the -l format was specifically designed to be easy to grep.
                                                                                                • the sorting options are an example of practicality. they don’t require a lot of code, and would be much more clumsy to implement as a script (specifically when you don’t output the fields you’re sorting on)
                                                                                                • about formatting, i assume you’re referring to columniation, which to my knowledge was not in any version of ls released by Bell Labs. checking whether stdout is a terminal is indeed an ugly violation.
                                                                                                1. 6

                                                                                                  i don’t see where ls violates composability. the -l format was specifically designed to be easy to grep.

                                                                                                  People have written web pages on why parsing the output of ls is a bad idea. Using ls -l doesn’t solve any of these problems.

                                                                                                  As a matter of fact, the coreutils people have this to say about parsing the output of ls:

                                                                                                  However ls is really a tool for direct consumption by a human, and in that case further processing is less useful. For futher processing, find(1) is more suited.

                                                                                                  Moving on…

                                                                                                  the sorting options are an example of practicality. they don’t require a lot of code, and would be much more clumsy to implement as a script (specifically when you don’t output the fields you’re sorting on)

                                                                                                  This cuts closer to the point of what we’re saying, but here I also have to defend my half-baked design for a True Unix-y ls Program: It would always output all the data, one line per file, with filenames quoted and otherwise prepared such that they always stick to one column of one line, with things like tab characters replaced by \t and newline characters replaced by \n and so on. Therefore, the formatting and sorting programs always have all the information.

                                                                                                  But, as I said, always piping the output of my ls into some other script would be clumsier; it would ultimately result in some “human-friendly ls” which has multiple possible pipelines prepared for you, selectable with command-line options, so the end result looks a lot like modern ls.

                                                                                                  about formatting, i assume you’re referring to columniation, which to my knowledge was not in any version of ls released by Bell Labs. checking whether stdout is a terminal is indeed an ugly violation.

                                                                                                  I agree that ls shouldn’t check for a tty, but I’m not entirely convinced no program should.

                                                                                                  1. 4

                                                                                                    just because some people discourage composing ls with other programs doesn’t mean it’s not the unix way. some people value the unix philosophy and some don’t, and it’s not surprising that those who write GNU software and maintain wikis for GNU software are in the latter camp.

                                                                                                    your proposal for a decomposed ls sounds more unixy in some ways. but there are still practical reasons not to do it, such as performance and not cluttering the standard command lexicon with ls variants (plan 9 has ls and lc; maybe adding lt, lr, lu, etc. would be too many names just for listing files). it’s a subtle point in unix philosophy to know when departing from one principle is better for the overall simplicity of the system.

                                                                                              2. 25

                                                                                                With all due respect[1], did your own comment hit your fingerprint detector? Because it should. It’s extrapolating wildly from one personal anecdote[2], and insulting a broad category of people without showing any actual examples[3]. Calling people “markov chains” is fun in the instant you write it, but contributes to the general sludge of ad hominem dehumanization. All your upvoters should be ashamed.

                                                                                                [1] SystemD arouses strong passions, and I don’t want this thread to devolve. I’m pointing out that you’re starting it off on the wrong foot. But I’m done here and won’t be responding to any more name-calling.

                                                                                                [2] Because God knows, there’s tons of badly designed software out there that has given people great experiences in the short term. Design usually matters in the long term. Using something for the first time is unlikely to tell you anything beyond that somebody peephole-optimized the UX. UX is certainly important, rare and useful in its own right. But it’s a distinct activity.

                                                                                                [3] I’d particularly appreciate a link to NeoVim criticism for being anti-Unix. Were they similarly criticizing Vim?

                                                                                                1. 9

                                                                                                  [3] I’d particularly appreciate a link to NeoVim criticism for being anti-Unix. Were they similarly criticizing Vim?

                                                                                                  Yes, when VIM incorporated a terminal. Which is explicitly against its design goals. From the VIM 7.4 :help design-not

                                                                                                  VIM IS... NOT                                           *design-not*
                                                                                                  
                                                                                                  - Vim is not a shell or an Operating System.  You will not be able to run a
                                                                                                    shell inside Vim or use it to control a debugger.  This should work the
                                                                                                    other way around: Use Vim as a component from a shell or in an IDE.
                                                                                                    A satirical way to say this: "Unlike Emacs, Vim does not attempt to include
                                                                                                    everything but the kitchen sink, but some people say that you can clean one
                                                                                                    with it.  ;-)"
                                                                                                  

                                                                                                  Neo-VIM appears to acknowledge their departure from VIM’s initial design as their :help design-not has been trimmed and only reads:

                                                                                                  NVIM IS... NOT                                          design-not
                                                                                                  
                                                                                                  Nvim is not an operating system; instead it should be composed with other
                                                                                                  tools or hosted as a component. Marvim once said: "Unlike Emacs, Nvim does not
                                                                                                  include the kitchen sink... but it's good for plumbing."
                                                                                                  

                                                                                                  Now as a primarily Emacs user I see nothing wrong with not following the UNIX philosophy, but at it is clear that NeoVIM has pushed away from that direction. And because that direction was an against their initial design it is reasonable for users that liked the initial design to criticism NeoVIM because moving further away from the UNIX philosophy.

                                                                                                  Not that VIM hadn’t already become something more than ‘just edit text’, take quickfix for example. A better example of how an editor can solve the same problem by adhering to the Unix Philosophy of composition through text processing would be Acme. Check out Acme’s alternative to quickfix https://youtu.be/dP1xVpMPn8M?t=551

                                                                                                  1. 0

                                                                                                    akkartik, which part of my comment did you identify with? :) FWIW, I’m fond of you personally.

                                                                                                    I’d particularly appreciate a link to NeoVim criticism for being anti-Unix

                                                                                                    Every single Hacker News thread about Neovim.

                                                                                                    Were they similarly criticizing Vim?

                                                                                                    Not until I reply as such–and the response is hem-and-haw.

                                                                                                    1. 9

                                                                                                      To be fair I don’t think the hacker news hive mind is a good judge of anything besides what is currently flavour of the week.

                                                                                                      Just yesterday I had a comment not just downvoted but flagged and hidden-by-default, because I suggested Electron is a worse option than a web app.

                                                                                                      HN is basically twitter on Opposite Day: far too happy to remove any idea even vaguely outside what the group considers “acceptable”.

                                                                                                      1. 4

                                                                                                        Indeed, I appreciate your comments as well in general. I wasn’t personally insulted, FWIW. But this is precisely the sort of thing I’m talking about, the assumption that someone pushing back must have their identity wrapped up in the subject. Does our community a disservice.

                                                                                                        1. 0

                                                                                                          OTOH, I spent way too much of my life taking the FUD seriously. The mantra-parroting drive-by comments that are common in much of the anti-systemd and anti-foo threads should be pushed back. Not given a thoughtful audience.

                                                                                                          1. 2

                                                                                                            Totally fair. Can you point at any examples?

                                                                                                            1. 3

                                                                                                              https://news.ycombinator.com/item?id=7289935

                                                                                                              The old Unix ways are dying… … Vim is, in the spirit of Unix, a single purpose tool: it edits text.

                                                                                                              https://news.ycombinator.com/item?id=10412860

                                                                                                              thinks that anything that is too old clearly has some damage and its no longer good technology, like the neovim crowd

                                                                                                              Also just search for “vim unix philosophy” you’ll invariably find tons of imaginary nonsense:

                                                                                                              https://hn.algolia.com/?query=vim%20unix%20philosophy&sort=byPopularity&prefix&page=0&dateRange=all&type=comment

                                                                                                              Please don’t make me search /r/vim :D

                                                                                                              1. 4

                                                                                                                thinks that anything that is too old clearly has some damage and its no longer good technology, like the neovim crowd

                                                                                                                That’s not saying that neovim is ‘anti-Unix philosophy’, it’s saying that neovim is an example of a general pattern of people rewriting and redesigning old things that work perfectly well on the basis that there must be something wrong with anything that’s old.

                                                                                                                Which is indeed a general pattern.

                                                                                                                1. 1

                                                                                                                  That’s not saying that neovim is ‘anti-Unix philosophy’

                                                                                                                  It’s an example of (unfounded) fear, uncertainty, and doubt.

                                                                                                                  rewriting and redesigning old things that work perfectly well on the basis that there must be something wrong with anything that’s old.

                                                                                                                  That’s a problem that exists, but attaching it to project X out of habit, without justification, is the pattern I’m complaining about. In Neovim’s case it’s completely unfounded and doesn’t even make sense.

                                                                                                                  1. 1

                                                                                                                    It’s not unfounded. It’s pretty obvious that many of the people advocating neovim are doing so precisely because they think ‘new’ and ‘modern’ are things that precisely measure the quality of software. They’re the same people that change which Javascript framework they’re using every 6 weeks. They’re not a stereotype, they’re actual human beings that actually hold these views.

                                                                                                                    1. 2

                                                                                                                      Partial rewrite is one of the fastest ways to hand off software maintainership, though. And vim needed broader maintainer / developer community.

                                                                                                                      1. 0

                                                                                                                        Vim’s maintainer/developer community is more than sufficient. It’s a highly extensible text editor. Virtually anything can be done with plugins. You don’t need core editor changes very often if at all, especially now that the async stuff is in there.

                                                                                                                        1. 3

                                                                                                                          You don’t need core editor changes very often if at all, especially now that the async stuff is in there.

                                                                                                                          Which required pressure from NeoVim, if I understood the situation correctly. Vim is basically a one-man show.

                                                                                                                2. 2

                                                                                                                  Thanks :) My attitude is to skip past crap drive-by comments as beneath notice (or linking). But I interpreted you to be saying FUD (about SystemD) that you ended up taking seriously? Any of those would be interesting to see if you happen to have them handy, but no worries if not.

                                                                                                                  Glad to have you back in the pro-Neovim (which is not necessarily anti-Vim) camp!

                                                                                                      2. 20

                                                                                                        What is FUD is this sort of comment: the classic combination of comparing systemd to the worst possible alternative instead of the best actual alternative with basically claiming everyone that disagrees with you is a ‘slashdot markov chain’ or similar idiotic crap.

                                                                                                        On the first point, there are lots of alternatives to sysvinit that aren’t systemd. Lots and lots and lots. Some of them are crap, some are great. systemd doesn’t have a right to be compared only to what it replaced, but also all the other things that could have replaced sysvinit.

                                                                                                        On the second point, it’s just bloody rude. But it also shows you don’t really understand what people are saying. ‘I think [xyz] violates the unix philosophy’ is not meaningless. People aren’t saying it for fun. They’re saying it because they think it’s true, and that it’s a bad thing. If you don’t have a good argument for the Unix philosophy not matter, or you think systemd doesn’t actually violate it, please go ahead and explain that. But I’ve never actually seen either of those arguments. The response to ‘it violates the Unix philosophy’ is always just ‘shut up slashdotter’. Same kind of comment you get when you say anything that goes against the proggit/hn hivemind that has now decided amongst other things that: microsoft is amazing, google is horrible, MIT-style licenses are perfect, GPL-style licenses are the devil-incarnate, statically typed languages are perfect, dynamically typed languages are evil, wayland is wonderful, x11 is terrible, etc.

                                                                                                        1. 8

                                                                                                          claiming everyone that disagrees with you is a ‘slashdot markov chain’ or similar idiotic crap

                                                                                                          My claim is about the thoughtless shoveling of groundless rumors. Also I don’t think my quip was idiotic.

                                                                                                          there are lots of alternatives to sysvinit that aren’t systemd

                                                                                                          That’s fine, I never disparaged alternatives. I said: systemd is good and I’m annoyed that the grumblers said it wasn’t.

                                                                                                          1. 2

                                                                                                            It’s not good though, for all the reasons that have been said. ‘Better than what you had before’ and ‘good’ aren’t the same thing.

                                                                                                            1. 1

                                                                                                              seriously. If you don’t like systemd, use something else and promote its benefits. Tired of all the talking down of systemd. It made my life so much easier.

                                                                                                              1. 1

                                                                                                                seriously. If you like systemd, use it and shut up about it. Tired of all the talking up of systemd as if it’s actually any better than its alternatives, when it is objectively worse, and is poorly managed by nasty people.

                                                                                                                1. 4

                                                                                                                  Have you watched the video this thread is about? Because you really sound like the kind of dogmatist the presenter is talking about.

                                                                                                                  If you like systemd, use it and shut up about it

                                                                                                                  Also, isn’t this a double-standard, since when it comes to complaining about systemd, this attitude doesn’t seem that prevalent.

                                                                                                                  1. 2

                                                                                                                    No, because no other tool threatens the ecosystem like systemd does.

                                                                                                                    Analogy: it wasn’t a double-standard 10 years ago to complain about Windows and say ‘if you like Windows, use it and shut up about it’.

                                                                                                                    1. 3

                                                                                                                      I see this kind of vague criticism when it comes to systemd alot. What ecosystem is it really breaking? It’s all still open source, there aren’t any proprietary protocols or corporate patents that prevent people from modifying the software to not have to rely on systemd. This “threat”, thr way I see it, has turned out to be at most a “ minor inconvenience “.

                                                                                                                      I suppose you’re thinking about examples like GNOME, but on the one hand, GNOME isn’t a unix-dogmatist project, but instead they aim to create a integrated desktop experience, consciously trading this in for ideal modularity – and on the other, projects like OpenBSD have managed to strip out what required systemd and have a working desktop environment. Most other examples, of which I know, have a similar pattern.

                                                                                                        2. 6

                                                                                                          I think that the problem is fanboyism, echo chambers and ideologies.

                                                                                                          I might be wrong, so please don’t consider this an accusation. But you writing this sounds like someone hearing that systemd is bad, therefore never looking at it, yet copying it. Then one tries it and finding out that baseless prejudices were in fact baseless.

                                                                                                          After that the assumption is that everyone else must have been doing the same and one is enlightened now to see it’s actually really cool.

                                                                                                          I think that this group behavior and blindly copying opinions is one of the worst things in IT these days, even though of course it’s not limited to this field.

                                                                                                          A lot of people criticizing systemd actually looked at systemd, really deep, maybe even built stuff on it, or at least worked with it in production as sysadmin/devop/sre/…

                                                                                                          Yes, I have used systemd, yes I understand why decisions we’re taken, where authors if the software were going, read specs of the various parts (journald for example), etc.

                                                                                                          I think I have a pretty good understanding compared to at least most people that only saw it from a users perspective (considering writing unit files to be users perspective as well).

                                                                                                          So I could write about that in my CV and be happy that I can answer a lot of questions regarding systemd, advocate its usage to create more demand and be happy.

                                                                                                          To sum it up: I still consider systemd to be bad on multiple layers, both implementation and some ideas that I considered great but then through using it seeing that it was a wrong assumption. By the way that’s the thing I would not blame anyone for. It’s good that stuff gets tried, that’s how research works. It’s not the first and not the last project that will come out sounding good, to only find out a lot of things either doesn’t make a difference or make it worse.

                                                                                                          I am a critic of systemd but I agree that there’s a lot of FUD as well. Especially when there’s people that blame everything, including own incompetence on systemd. Nobody should ever expect a new project to be a magic bullet. That’s just dumb and I would never blame systemd for trying a different approach or for not being perfect. However I think it has problems on many levels. While I think the implementation isn’t really good that’s something that can be fixed. However I think some parts of the concept level are either pretty bad or have turned out to be bad decisions.

                                                                                                          I was very aware that especially in the beginning the implementation was bad. A lot got better. That’s to be expected. However next to various design decisions I consider bad I think many more were based on ideas that I think to most people in IT sound good and reasonable but in the specific scenarios that systemd is used it at least in my experience do not work out at all or only work well in very basic cases.

                                                                                                          In other words the cases where other solutions are working maybe not optimal, but that aren’t considered a problem worth fixing because the added complexity isn’t worth it systemd really shines. However when something is more complex I think using systemd frequently turns out to be an even worse solution.

                                                                                                          While I don’t wanna go into detail because I don’t think this is the right format for an actual analysis I think systemd in this field a lot in common with both configuration management and JavaScript frameworks. They tend to be amazing for use cases that are simple (todo applications for example), but together with various other complexities often make stuff unnecessarily complicated.

                                                                                                          And just like with JavaScript frameworks and configuration management there’s a lot of FUD, ideologies, echochambers, following the opinion of some thought leaders, and very little building your own solid opinion.

                                                                                                          Long story short. If you criticize something without knowing what it is about then yes that’s dumb and likely FUD. However assuming that’s the only possible reason for someone criticizing software is similarly dumb and often FUD regarding this opinion.

                                                                                                          This by the way also works the reverse. I frequently see people liking software and echoing favorable statements for the same reasons. Not understanding what they say, just copying sentences of opinion leaders, etc.

                                                                                                          It’s the same pattern, just the reversal, positive instead of negative.

                                                                                                          The problem isn’t someone disliking or liking something, but that opinions and thoughts are repeated without understanding which makes it hard to have discussions and arguments that give both sides any valuable insides or learnings

                                                                                                          Then things also get personal. People hate on Poetteing and think he is dumb and Poetteing thinks every critic is dumb. Just because that’s a lot of what you see when every statement is blindly echoed.

                                                                                                          1. 1

                                                                                                            That’s nice, but the implication of the anti-systemd chorus was that sys v init was good enough. Not all of these other “reasonable objections” that people are breathless to mention.

                                                                                                            The timbre reminded me of people who say autotools is preferrable to cmake. People making a lot of noise about irrelevant details and ignoring the net gain.

                                                                                                            But you writing this sounds like someone hearing that systemd is bad, therefore never looking at it, yet copying it.

                                                                                                            No, I’m reacting to the idea that the systemd controversy took up any space in my mind at all. It’s good software. It doesn’t matter if X or Y is technically better, the popular narrative was that systemd is a negative thing, a net-loss.

                                                                                                            1. 2

                                                                                                              In your opinion it’s good software and you summed up the “anti-systemd camp” with “sys v init was good enough” even though people from said “anti-systemd camp” on this very thread disagreed that that was their point.

                                                                                                              To give you an entirely different point of view, I’m surprised you don’t want to know anything about a key piece of a flagship server operating systems (taking that one distro is technically an OS) affecting the entire eco system and unrelated OS’ (BSDs etc.) that majorly affects administration and development on Linux-based systems. Especially when people have said there are clear technical reasons for disliking the major change and forced compliance with “the new way”.

                                                                                                              1. 2

                                                                                                                you summed up the “anti-systemd camp” with “sys v init was good enough” even though people from said “anti-systemd camp” on this very thread disagreed that that was their point.

                                                                                                                Even in this very thread no one has actually named a preferred alternative. I suspect they don’t want to be dragged into a discussion of details :)

                                                                                                                affecting the entire eco system and unrelated OS’ (BSDs etc.)

                                                                                                                BSDs would be a great forum for demonstrating the alternatives to systemd.

                                                                                                                1. 2

                                                                                                                  Well, considering how many features that suite of software has picked up, there isn’t currently one so that shortens the conversation :)

                                                                                                                  launchd is sort of a UNIX alternative too, but it’s currently running only on MacOS and it recently went closed source.

                                                                                                          2. 3

                                                                                                            It violates unix philosohpy

                                                                                                            That accusation was also made against neovim. The people muttering this stuff are slashdot markov chains, they don’t have any idea what they’re talking about.

                                                                                                            i don’t follow your reasoning. why is it relevant that people also think neovim violates the unix philosophy? are you saying that neovim conforms to the unix philosophy, and therefore people who say it doesn’t must not know what they’re talking about?

                                                                                                            1. 1

                                                                                                              are you saying that neovim conforms to the unix philosophy, and therefore people who say it doesn’t must not know what they’re talking about?

                                                                                                              When the implication is that Vim better aligns with the unix philosophy, yes, anyone who avers that doesn’t know what they’re talking about. “Unix philosophy” was never a goal of Vim (”:help design-not” was strongly worded to that effect until last year, but it was never true anyways) and shows a deep lack of familiarity with Vim’s features.

                                                                                                              Some people likewise speak of a mythical “Vim way” which again means basically nothing. But that’s a different topic.

                                                                                                              1. 1

                                                                                                                vim does have fewer features which can be handled by other tools though right? not that vim is particularly unixy, but we’re talking degrees

                                                                                                            2. 1

                                                                                                              The people muttering this stuff are slashdot markov chains, they don’t have any idea what they’re talking about

                                                                                                              I’ll bookmark this comment just for this description.

                                                                                                            1. 2

                                                                                                              whole lot of assertions without really anything to back them up. like calling google play services a rootkit, and claiming it’s easy to run a f-droid repository (i don’t know if it is or isn’t, but at least prove it is without continually saying “fact”).

                                                                                                              1. 8

                                                                                                                I agree about the “lot of assertions” point, but how would you go a prove it is easy to run your own F-Droid repository? Would a link to F-Droid’s Installing the Server and Repo Tools be enough?

                                                                                                                1. 2

                                                                                                                  Yes.

                                                                                                                  1. 2

                                                                                                                    that sounds like something someone could look up on their own if they were curious

                                                                                                                    1. 2

                                                                                                                      Yes, but if you’re going to make an assertion like that you should still back it up, even if it’s just a simple documentation link.

                                                                                                                      1. 1

                                                                                                                        factual claims are good to back up with sources, but a fuzzy claim like “it’s not a lot of work” doesn’t really lend itself to that IMO

                                                                                                              1. 3

                                                                                                                I prefer a minimal web, my own blog is minimalist in design and in hosting by being hand coded and generated by a static site generator.

                                                                                                                Sometimes you need a bit of sparkle though.

                                                                                                                1. 1

                                                                                                                  no you don’t

                                                                                                                1. 5

                                                                                                                  Sounds interesting, might solve a problem I have at work, too bad it’s coupled to github =(

                                                                                                                  1. 3

                                                                                                                    What would you prefer it to use as the underlying storage? (I am trying to understand what people actually want.)

                                                                                                                      1. 4

                                                                                                                        I was thinking of storing everything, including the comments in a git instance, which would work independently of what git frontend you are using, but then I would have to speak git protocol from the browser which sucks. I may have a look at git.js

                                                                                                                        1. 3

                                                                                                                          Looking at git.js documentation :(

                                                                                                                          “I’ve been asking Github to enable CORS headers to their HTTPS git servers, but they’ve refused to do it. This means that a browser can never clone from github because the browser will disallow XHR requests to the domain.”

                                                                                                                          1. 1

                                                                                                                            Anything self-hosted would be viable, but everything on git would be even better, although probably more complicated. We use gerrit at work (which sucks at several levels), and mostly anything third-party is very much disallowed. Maybe you could create an abstraction that would speak Github API to github and git protocol to other servers where this would work?

                                                                                                                            The other possibility could be a sort of optional backend/proxy, so, if the git server doesn’t have CORS, you could spin that optional server.

                                                                                                                            1. 2

                                                                                                                              After thinking about it some more, there’s a lot that GitHub offers that I would have to reimplement myself. Authentication, for one thing. If it was used in a stand-alone mode in enterprise, some kind of authentication would be still needed. People would probably want SSO. Then there are notifications. GitHub sends you an email when you are mentioned in a bug. I would have to somehow interact with company’s mail server. And so on. This is my hobby project and I don’t really have time to go into that amount of complexity.

                                                                                                                              1. 1

                                                                                                                                Sure, makes sense. It’s still a cool project, nonetheless, so, congrats =)

                                                                                                                          2. 2

                                                                                                                            sounds like a job for the backend

                                                                                                                        2. 1

                                                                                                                          The only issue that I have with it is sharing my organization details. Although you could do it manually, I’m always a bit annoyed about this.

                                                                                                                      1. 23

                                                                                                                        “It is difficult to get a [web developer] to understand something, when [their] salary depends on [them] not understanding it.”

                                                                                                                        ― Upton Sinclair

                                                                                                                        1. 4

                                                                                                                          My back looks like a pin cushion from all the arrows I received over the years fighting for web that would be more ethical and void of mostly useless crap. Some battles won, too many lost. I lost one just yesterday, but it didn’t occur to me that it was because of my money-induced blindness.

                                                                                                                          I actually like this quote and have used it myself before, but while I met many web developers over the years who didn’t care about bullshit described in the article, almost all of them didn’t simply because they were either ignorant of available technologies, didn’t care much about quality of anything they did and most often both.

                                                                                                                          1. 1

                                                                                                                            Some battles won, too many lost.

                                                                                                                            What were some of the wins?

                                                                                                                            1. 4

                                                                                                                              Example of a small recent one would be Klevio website (as it currently exists, less so after today). I am not linking to it because I don’t want referrals from Lobsters to show up in website’s logs, but is trivial to find.

                                                                                                                              Almost everything on this website works with Javascript turned off. It uses Javascript to augment experience, but does not needlessly rely on external libraries. Should work reasonably well even on poor connections. Does not track you and still has a privacy policy handling that tries to be closer to the spirit of GDPR then to what you may get away with.

                                                                                                                              It would certainly be easier for me and faster to develop (cheaper for company) if I just leaned on existing tools, build yet another SPA and have not spent more than a week arguing with lawyers about what is required.

                                                                                                                              Alas, because unsurprisingly most people do not opt-in to analytics, I am now working on a different confirmation dialog, more in line with what others are doing. It will still be better than most, but certainly more coercive than current.

                                                                                                                              And this is in a company that is, based on my experience, far more conscientious about people’s privacy than others I worked for.

                                                                                                                              1. 1

                                                                                                                                It would certainly be easier for me and faster to develop (cheaper for company) if I just leaned on existing tools, build yet another SPA and have not spent more than a week arguing with lawyers about what is required.

                                                                                                                                Is this really true? Not to downplay your craft but I always thought tinkering with HTML/CSS until things look right would be way easier than learning a separate library.

                                                                                                                                I checked out that website and it’s pretty refreshing that stuff actually works. If you want a little constructive feedback, the information density is very low especially on a desktop computer with a widescreen monitor. I have to scroll down 7 screens to get all the information, which could have fit on a single screen. Same with the “about us” page. I notice the site is responsive, giving a hamburger when you narrow your window, so maybe the “non-mobile” interface could be more optimized for desktop use.

                                                                                                                                1. 1

                                                                                                                                  I don’t think it is in every case, but in this one I think it would be since everything was handwritten without picking up existing solutions for things like galleries. If you mean the SPA part, then I guess it becomes more moot. It would probably be about the same doing the first implementation, but this one, which is basically a bunch of static files, certainly has a higher cost of maintenance because we (I) didn’t get around to finishing it so page “components” still have to be manually copied to new files and updated everywhere when their content changes. The plan was to automate most of this, but we haven’t spent the time on it yet.

                                                                                                                                  I agree with everything in the second paragraph. Regretfully that is one of those battles lost.

                                                                                                                                  1. 1

                                                                                                                                    so what do your managers feel is the benefit of having such low information density? how do these decisions get made?

                                                                                                                                    1. 1

                                                                                                                                      If I remember correctly it was because it supposedly looks modern, clean and in-line with company’s brand. It has been a while so my memory is fuzzy on this.

                                                                                                                          2. 2

                                                                                                                            I’ve heard this a few times already, but I’ve never quite understood what the implication is. What precisely are web developers not understanding? I get the default examples (eg. oil companies funding environmental research), but just can’t see the analogy in this case.

                                                                                                                            1. 22

                                                                                                                              You’re on week three of your new job at a big city ad and design firm. Getting that first paycheck was nice, but the credit card bill from the moving expenses is coming up, that first month of big city rent wiped out your savings, and you don’t really have a local personal network to find new jobs. The customer wants a fourth “tag” for analytics tracking. Do you:

                                                                                                                              1. Put it in
                                                                                                                              2. Engage in a debate about engineering ethics with your boss and his boss (who drives a white Range Rover and always seems to have the sniffles after lunch) culminating with someone screaming and you storming out, never to return?
                                                                                                                              1. 8

                                                                                                                                Web devs know that auto play videos and newsletter pop ups are annoying but annoying people is profitable

                                                                                                                            1. 18

                                                                                                                              I only recently started using noscript. A lot of people balk at the fact that the majority of websites don’t work anymore after you install it, and the fact that you have to manually unlock specific scripts, and even think about which scripts you want to allow. It is certainly not something the everyday user wants to deal with. But the speed with which pages load, and the complete absence of all the spying and autoplay videos and the majority of images makes it really worth it.

                                                                                                                              Obviously the better solution for everyone is for web designers to get their shit together on this issue. But I am not holding my breath. For now noscript is as necessary as adblock ublock origin for having a positive experience of the internet.

                                                                                                                              It also teaches you who your friends are - the websites that just work as though the plugin were not there are the good ones. The ones that tell you you need to enable javascript and load all scripts directly from their own domain are also resolved with a single click. The ones that are a major hassle to use with noscript running are the ones you should probably be staying away from anyway.

                                                                                                                              1. 4

                                                                                                                                Not just technical people either: an old friend used to train laypeople to use it on NoScript forums. He said there was a small, but steady, stream of them concerned about privacy and/or speeding up machines.

                                                                                                                                1. 2

                                                                                                                                  Does it warn you if the scripts contents have changed?

                                                                                                                                  If so, it might mitigate a little this huge security hole hidden in plain sight… but I’m not much sure…

                                                                                                                                  1. 3

                                                                                                                                    No, you block on a domain basis so that security hole is not even needed to get around it. Its not going to save you from the government, just bloated websites and advertising.

                                                                                                                                    1. 2

                                                                                                                                      So… do you enable whole CDNs?

                                                                                                                                      Anyway, if I understand what you mean, once the JS execution is enabled for a host, the server could serve a malicious script to you without being noticed, so that bug could be exploited, not only by the government but by several private companies…

                                                                                                                                      1. 2

                                                                                                                                        most people don’t audit the javascript code before they enable it anyway, so detecting changes wouldn’t solve the core issue

                                                                                                                                        1. 1

                                                                                                                                          True. Indeed I said that it could mitigate that vulnerability.

                                                                                                                                          As @enkiv2 said in the lobsters’ thread about it, the only reliable solution is to remove scripting languages from browsers. A pretty expensive security fix, I know, but the bug is very dangerous.

                                                                                                                                          1. 6

                                                                                                                                            expensive in that it would save huge amounts of energy in the form of compute cycles that aren’t spent attacking the user

                                                                                                                                        2. 2

                                                                                                                                          µBlock lets you block based on pairs of first & third parties.

                                                                                                                                  1. 13

                                                                                                                                    I’ve been reading and upvoting rants about website bloat for several years now, based on scores so do many others, and yet every year it gets worse. It seems like the opinion of users on this kind of site is simply insufficient to change how websites are built, which is a bit surprising since people who build websites are presumably part of the core audience.

                                                                                                                                    I’m resigned at this point. The call to action tacked on to the end of the long list of complaints about modern web development practices feels profoundly empty. Even if every developer at Hill, Politico, and CNN read and wholeheartedly agreed with the sentiment here, the people who actually make the relevant decisions won’t, and even if they did I expect they wouldn’t care. The politics of large organizations make it a lot easier to sell the idea of more advertising or some slick animated thing you can show off in a meeting than a shorter waterfall chart or “authenticity” (presumably the opposite of “bullshit” per the definition offered in this article). The CNNs of the world are going to continue to get worse, there’s no stopping it, you can opt out or try to buy sufficiently good connectivity/hardware to mitigate it but you’re not going to write blog posts to win over the hearts and minds of those who can actually do something about it.

                                                                                                                                    1. 8

                                                                                                                                      what has failed is individuals resisting in isolation. what we haven’t tried is a unified movement.

                                                                                                                                      1. 5

                                                                                                                                        Your second paragraph nails it. I bet most people here agree with these rants; but most of the people paying their salaries don’t care.

                                                                                                                                      1. 11

                                                                                                                                        “Unfortunately, the fundamentalist FOSS mentality we encountered on Reddit is still alive and well.” Ok, so this “fundamentalist” attitute, according to the article, is from comments like “This is going to be a very hard sell being a proprietary closed source system to Linux users, many use Linux because they have bought into the idea of open source. Good luck with it anyway”. I understand that this article is just a closed-source product promo (whose claim to fame is interoperating with… another closed-source product), but name-calling folks (probably like myself) who use open source “fundamentalists” is wrong, especially when they give feedback as quoted.

                                                                                                                                        Then we have, “we don’t store or process data online — strictly between you and your mail server”, but, “users can turn off what little data collection we do”. Um… pick one.

                                                                                                                                        1. 1

                                                                                                                                          i guess they meant “unfortunately for us proprietary software programmers who want to exploit users.”

                                                                                                                                        1. 24

                                                                                                                                          As I read this I thought about my experiences with Diaspora and Mastodon. Pages like this one or this one (click “Get Started”, I couldn’t do a deep link because JavaScript) are, IMHO, a big part of the reason these services don’t take off. How can an average user be expected to choose from a basically random list of nodes? How can I, a reasonably “technical” person, even be expected to do so?

                                                                                                                                          So then why not host my own node? First, I don’t have time and most people I know don’t either. If I was 15 again I totally would because I had nothing better to do. I also don’t want to play tech support for a good chunk of my social network, and providing a service to someone has a tendency to make them view you as the tech support.

                                                                                                                                          Second, if I do that I’m now in charge of security for my data. As terrible as Twitter and Facebook are, they’re probably still a lot better at securing my data than I am (at the very least they probably patch their systems more often than I would). Even worse, if some non-technical person decides to bite the bullet and create a node for his/her friends, how secure do you think that’s going to be?

                                                                                                                                          Further, what are the odds that I, or whoever is maintaining the node, basically gets bored of it one day and kills the whole thing? Pretty damn high (maybe I and all my friends are assholes, though, so whatever).

                                                                                                                                          Anyway, this post really spoke to me because I’ve been trying to escape Evil companies for awhile now and “federated” just doesn’t seem to be the answer. I now believe that centralized is here to stay, but that we should start looking at the organizations that control the data instead of the technology. For example, if Facebook were an open non-profit with a charter that legally prevented certain kinds of data “sharing” and “harvesting” maybe I wouldn’t have any problem with it.

                                                                                                                                          1. 18

                                                                                                                                            How can an average user be expected to choose from a basically random list of nodes?

                                                                                                                                            How did they choose their email provider? Not be carefully weighing the technical options, surely. They chose whatever their friends or parents used, because with working federation it doesn’t matter.

                                                                                                                                            what are the odds that I, or whoever is maintaining the node, basically gets bored of it one day and kills the whole thing?

                                                                                                                                            Same as what happened with many early email providers: when they died, people switched to different ones and told their friends their new addresses.

                                                                                                                                            Really, all this argument of “what if federation isn’t a holy grail” is pointless because we all already use a federated system — email — and we know for a fact that it works for humans, despite all its flaws.

                                                                                                                                            1. 8

                                                                                                                                              How did they choose their email provider? Not be carefully weighing the technical options, surely. They chose whatever their friends or parents used, because with working federation it doesn’t matter.

                                                                                                                                              In contrast to mastodon instances - which are very alike - email providers have differentiated on the interface and guarantees they provide and market that. People react to that.

                                                                                                                                              1. 2

                                                                                                                                                In contrast to mastodon instances

                                                                                                                                                While this was largely true in the beginning, many Fediverse nodes now do market themselves based on default interface, additional features (e.g. running the GlitchSoc fork or something like it), or even using non-Mastodon software like Pleroma. I suspect this will only increase as additional implementations (Rustodon) and forks (#ForkTogether) take off and proliferate.

                                                                                                                                              2. 8

                                                                                                                                                How did they choose their email provider?

                                                                                                                                                I think federated apps like Mastodon are fundamentally different than email providers. Most email providers are sustainable businesses, they earn money with adds or paid plans or whatever and have their own emails servers and clients with specific features. Self-hosted email servers are a minority. Please tell if I wrong, but I don’t think one can easily earn money with a Mastodon instance.

                                                                                                                                                However I agree that both are federated.

                                                                                                                                                1. 1

                                                                                                                                                  i don’t know if any nodes do this but you could charge for mastodon hosting

                                                                                                                                                2. 6

                                                                                                                                                  You’re certainly not wrong, though I would argue that email, particularly as it was 20+ years ago when it went “mainstream”, is much simpler (for instance, it doesn’t require any long-term persistence or complicated access control) and therefore easier to federate successfully (in a way that humans can handle) than social networking.

                                                                                                                                                  1. 1

                                                                                                                                                    AP style social network federation also doesn’t require long-term persistence or complicated access control.

                                                                                                                                                    1. 1

                                                                                                                                                      email is social networking. are there particular social networking features you had in mind?

                                                                                                                                                      1. 3

                                                                                                                                                        Yeah, I listed them in my comment… “long-term persistence or complicated access control”. Admittedly I didn’t go into much detail. Email is a very simple social network, there isn’t much “meat” to it, particularly as it existed when it became popular.

                                                                                                                                                        1. 1

                                                                                                                                                          email has very long term persistence, much longer than something like facebook because it’s much easier to make backups of your emails than to make backups of your facebook interactions.

                                                                                                                                                          i guess i don’t know what you mean by “complicated access control.”

                                                                                                                                                          1. 1

                                                                                                                                                            Email is basically fire and forget. You download it to your computer and then you’ve got it forever (modern email does more, but also includes more of the privacy / data issues that come with other social networks). But most users can’t easily give other people on-demand access to their emails, which is the case with Facebook, Twitter, etc. Email is really meant for private communication (possibly with a large group, but still private), Facebook and company are for private, semi-private, and even public communication, and they require a user to be able to easily retroactively grant or retract permissions. Email doesn’t handle these other use-cases (this isn’t a fault of email, it doesn’t try to).

                                                                                                                                                        2. 2

                                                                                                                                                          The ability for interested parties to interact without reply all. I can post a picture of a beautiful burrito, and people can comment or ignore at their leisure, and then reply to each other. I guess there’s some preposterous email solution where I mail out a link to an ad hoc mailing list with every update and various parties subscribe, but… meh.

                                                                                                                                                          1. 2

                                                                                                                                                            something that handles a feature like that need not be email per se, but it could have a very similar design, or be built on top of email. something like what you suggested wouldn’t seem preposterous if the clients were set up to facilitate that kind of use.

                                                                                                                                                      2. 3

                                                                                                                                                        In the case of Mastodon, which instance you pick does matter. Users can make posts that are only visible to others in the same instance. If you pick the “wrong” home instance, you’ll have to make another account in another instance to see the instance-private posts there. If you’re a new Mastodon user, you might not know that one instance is good for artists and another good for musicians, etc. In any case, this is as easily solvable problem by adding descriptions and user-provided reviews to each instance.

                                                                                                                                                      3. 2

                                                                                                                                                        These ‘which instance to join’ sites are completely useless, I wish they wouldn’t exist at all.

                                                                                                                                                        1. 1

                                                                                                                                                          Second, if I do that I’m now in charge of security for my data. As terrible as Twitter and Facebook are, they’re probably still a lot better at securing my data than I am

                                                                                                                                                          Setting a price tag on your datas doesn’t secure them. There are enough scams and hoaxes on Facebook to share your information with other companies that I have to disagree with you. And since those social networks are collecing more data than necessary, it is easier to lose data.

                                                                                                                                                          1. 2

                                                                                                                                                            Facebook and Twitter also present single valuable targets and are thus more likely to be targeted. A hundred mastodon instances may be individually less secure due to the operators having fewer resources or less experience, but compromising a single server won’t get you as much.

                                                                                                                                                            1. 2

                                                                                                                                                              That’s a good point, although Wordpress vulnerabilities are still a big deal even though there are tons of small servers. The server might not be a monolith, but if the software is then it’s only slightly more work to attack N instances.

                                                                                                                                                              1. 1

                                                                                                                                                                True, although it depends whether the vulnerabilities are in the application being served or in the web server or OS serving it.