1. 31

    at this point most browsers are OS’s that run (and build) on other OS’s:

    • language runtime - multiple checks
    • graphic subsystem - check
    • networking - check
    • interaction with peripherals (sound, location, etc) - check
    • permissions - for users, pages, sites, and more.

    And more importantly, is there any (important to the writers) advantage to them becoming smaller? Security maybe?

    1. 10

      Browsers rarely link out the system. FF/Chromium have their own PNG decodes, JPEG decodes, AV codecs, memory allocators or allocation abstraction layers, etc. etc.

      It bothers me everything is now shipping as an electron app. Do we really need every single app to have the footprint of a modern browser? Can we at least limit them to the footprint of Firefox2?

      1. 9

        but if you limit it to the footprint of firefox2 then computers might be fast enough. (a problem)

        1. 2

          New computers are no longer faster than old computers at the same cost, though – moore’s law ended in 2005 and consumer stuff has caught up with the lag. So, the only speed-up from replacement is from clearing out bloat, not from actual hardware improvements in processing speed.

          (Maybe secondary storage speed will have a big bump, if you’re moving from hard disk to SSD, but that only happens once.)

          1. 3

            moore’s law ended in 2005 and consumer stuff has caught up with the lag. So, the only speed-up from replacement is from clearing out bloat, not from actual hardware improvements in processing speed.

            Are you claiming there have been no speedups due to better pipelining, out-of-order/speculative execution, larger caches, multicore, hyperthreading, and ASIC acceleration of common primitives? And the benchmarks magazines post showing newer stuff outperforming older stuff were all fabricated? I’d find those claims unbelievable.

            Also, every newer system I had was faster past 2005. I recently had to use an older backup. Much slower. Finally, performance isn’t the only thing to consider: the newer, process nodes use less energy and have smaller chips.

            1. 2

              I’m slightly overstating the claim. Performance increases have dropped to incremental from exponential, and are associated with piecemeal attempts to chase performance increase goals that once were a straightforward result of increased circuit density through optimization tricks that can only really be done once.

              Once we’ve picked all the low-hanging fruit (simple optimization tricks with major & general impact) we’ll need to start seriously milking performance out of multicore and other features that actually require the involvement of application developers. (Multicore doesn’t affect performance at all for single-threaded applications or fully-synchronous applications that happen to have multiple threads – in other words, everything an unschooled developer is prepared to write, unless they happen to be mostly into unix shell scripting or something.)

              Moore’s law isn’t all that matters, no. But, it matters a lot with regard to whether or not we can reasonably expect to defend practices like electron apps on the grounds that we can maintain current responsiveness while making everything take more cycles. The era where the same slow code can be guaranteed to run faster on next year’s machine without any effort on the part of developers is over.

              As a specific example: I doubt that even in ten years, a low-end desktop PC will be able to run today’s version of slack with reasonable performance. There is no discernible difference in its performance between my two primary machines (both low-end desktop PCs, one from 2011 and one from 2017). There isn’t a perpetually rising tide that makes all code more performant anymore, and the kind of bookkeeping that most web apps spend their cycles in doesn’t have specialized hardware accelerators the way matrix arithmetic does.

              1. 3

                Performance increases have dropped to incremental from exponential, and are associated with piecemeal attempts to chase performance increase goals that once were a straightforward result of increased circuit density through optimization tricks that can only really be done once.

                I agree with that totally.

                “Multicore doesn’t affect performance at all for single-threaded applications “

                Although largely true, people often forget a way multicore can boost single-threaded performance: simply letting the single-threaded app have more time on CPU core since other stuff is running on another. Some OS’s, esp RTOS’s, let you control which cores apps run on specifically to utilize that. I’m not sure if desktop OS’s have good support for this right now, though. I haven’t tried it in a while.

                “There isn’t a perpetually rising tide that makes all code more performant anymore, and the kind of bookkeeping that most web apps spend their cycles in doesn’t have specialized hardware accelerators the way matrix arithmetic does.”

                Yeah, all the ideas I have for it are incremental. The best illustration of where rest of gains might come from is Cavium’s Octeon line. They have offloading engines for TCP/IP, compression, crypto, string ops, and so on. On rendering side, Firefox is switching to GPU’s which will take time to fully utilize. On Javascript side, maybe JIT’s could have a small, dedicated core. So, there’s still room for speeding Web up in hardware. Just not Moore’s law without developer effort like you were saying.

      2. 9

        Although you partly covered it, I’d say “execution of programs” is good wording for JavaScript since it matches browser and OS usage. There’s definitely advantages to them being smaller. A guy I knew even deleted a bunch of code out of his OS and Firefox to achieve that on top of a tiny, backup image. Dude had a WinXP system full of working apps that fit on one CD-R.

        Far as secure browsers, I’d start with designs from high-assurance security bringing in mainstream components carefully. Some are already doing that. An older one inspired Chrome’s architecture. I have a list in this comment. I’ll also note that there were few of these because high-assurance security defaulted on just putting a browser in a dedicated partition that isolated it from other apps on top of security-focused kernels. One browser per domain of trust. Also common were partitioning network stacks and filesystems that limited effect of one partition using them on others. QubesOS and GenodeOS are open-source software that support these with QubesOS having great usability/polish and GenodeOS architecturally closer to high-security designs.

        1. 6

          Are there simpler browsers optimised for displaying plain ol’ hyperlinked HTML documents, and also support modern standards? I don’t really need 4 tiers of JIT and whatnot for web apps to go fast, since I don’t use them.

          1. 12

            I’ve always thought one could improve on a Dillo-like browser for that. I also thought compile-time programming might make various components in browsers optional where you could actually tune it to amount of code or attack surface you need. That would require lots of work for mainstream stuff, though. A project like Dillo might pull it off, though.

            1. 10
              1. 3

                Oh yeah, I have that on a Raspberry Pi running RISC OS. It’s quite nice! I didn’t realise it runs on so many other platforms. Unfortunately it only crashes on my main machine, I will investigate. Thanks for reminding me that it exists.

                1. 1

                  Fascinating; how had I never heard of this before?

                  Or maybe I had and just assumed it was a variant of suckless surf? https://surf.suckless.org/

                  Looks promising. I wonder how it fares on keyboard control in particular.

                  1. 1

                    Aw hell; they don’t even have TLS set up correctly on https://netsurf-browser.org

                    Does not exactly inspire confidence. Plus there appears to be no keyboard shortcut for switching tabs?

                    Neat idea; hope they get it into a usable state in the future.

                  2. 1

                    AFAIK, it doesn’t support “modern” non-standards.

                    But it doesn’t support Javascript either, so it’s way more secure of mainstream ones.

                  3. 6

                    No. Modern web standards are too complicated to implement in a simple manner.

                    1. 3

                      Either KHTML or Links is what you’d like. KHTML would probably be the smallest browser you could find with a working, modern CSS, javascript and HTML5 engine. Links only does HTML <=4.0 (including everything implied by its <img> tag, but not CSS).

                      1. 2

                        I’m pretty sure KHTML was taken to a farm upstate years ago, and replaced with WebKit or Blink.

                        1. 6

                          It wasn’t “replaced”, Konqueror supports all KHTML-based backends including WebKit, WebEngine (chromium) and KHTML. KHTML still works relatively well to show modern web pages according to HTML5 standards and fits OP’s description perfectly. Konqueror allows you to choose your browser engine per tab, and even switch on the fly which I think is really nice, although this means loading all engines that you’re currently using in memory.

                          I wouldn’t say development is still very active, but it’s still supported in the KDE frameworks, they still make sure that it builds at least, along with the occasional bug fix. Saying that it was replaced is an overstatement. Although most KDE distributions do ship other browsers by default, if any, and I’m pretty sure Falkon is set to become KDE’s browser these days, which is basically an interface for WebEngine.

                      2. 2

                        A growing part of my browsing is now text-mode browsing. Maybe you could treat full graphical browsing as an exception and go to the minimum footprint most of the time…

                    2. 4

                      And more importantly, is there any (important to the writers) advantage to them becoming smaller? Security maybe?

                      user choice. rampant complexity has restricted your options to 3 rendering engines, if you want to function in the modern world.

                      1. 3

                        When reimplementing malloc and testing it out on several applications, I found out that Firefox ( at the time, I don’t know if this is still true) had its own internal malloc. It was allocating a big chunk of memory at startup and then managing it itself.

                        Back in the time I thought this was a crazy idea for a browser but in fact, it follows exactly the idea of your comment!

                        1. 3

                          Firefox uses a fork of jemalloc by default.

                          1. 2

                            IIRC this was done somewhere between Firefox 3 and Firefox 4 and was a huge speed boost. I can’t find a source for that claim though.

                            Anyway, there are good reasons Firefox uses its own malloc.

                            Edit: apparently I’m bored and/or like archeology, so I traced back the introduction of jemalloc to this hg changeset. This changeset is present in the tree for Mozilla 1.9.1 but not Mozilla 1.8.0. That would seem to indicate that jemalloc landed in the 3.6 cycle, although I’m not totally sure because the changeset description indicates that the real history is in CVS.

                        2. 3

                          In my daily job, this week I’m working on patching a modern Javascript application to run on older browsers (IE10, IE9 and IE8+ GCF 12).

                          The hardest problems are due the different implementation details of same origin policy.
                          The funniest problem has been one of the used famework that used “native” as variable name: when people speak about the good parts in Javascript I know they don’t know what they are talking about.

                          BTW, if browser complexity address a real problem (instead of being a DARPA weapon to get control of foreign computers), such problem is the distribution of computation among long distances.

                          Such problem was not addressed well enough by operating systems, despite some mild attempts, such as Microsoft’s CIFS.

                          This is partially a protocol issue, as both NFS, SMB and 9P were designed with local network in mind.

                          However, IMHO browsers OS are not the proper solution to the issue: they are designed for different goals, and they cannot discontinue such goals without loosing market share (unless they retain such share with weird marketing practices as Microsoft did years ago with IE on Windows and Google is currently doing with Chrome on Android).

                          We need better protocols and better distributed operating systems.

                          Unfortunately it’s not easy to create them.
                          (Disclaimer: browsers as platforms for os and javascript’s ubiquity are among the strongest reasons that make me spend countless nights hacking an OS)

                        1. 5

                          So TrueOS is now called Project Trident, and there’s a new project that will take the TrueOS name and will add to FreeBSD at a lower level rather than just being a collection of packages on top of FreeBSD?

                          1. 3

                            Wow, it would have made much more sense if the announcement had been phrased that way.

                            1. 1

                              I’m still not sure if my assessment is correct.

                            2. 2

                              That’s what I took from it. The blog post was a bit hard to understand, I had to read it twice to actually figure out what they’re trying to say.

                            1. 7

                              Do not top-post.

                              Keep quoted text small and relevant

                              Sadly, this advice is just not followed most of the time on the mailing lists I follow. As much as top-posting bothers me, I have to resign myself to the fact that demanding it is basically me becoming the old man who yells at clouds. All attempts to stop it by others have not worked. I don’t think it’s going away.

                              1. 1

                                List managers could stop it by bouncing top-posts.

                                1. 1

                                  I still reply to e-mails with top posts (although I’m on very few mailing lists these days and contribute to nearly zero).

                                  At least with personal e-mails, it makes more sense for your reply to be at the top and not have to scroll all the way to the bottom.

                                  But whatevs. It’s tabs vs spaces at this point.

                                  1. 3

                                    You shouldn’t have to scroll far - you only quote enough to make it clear what you are talking about, then you talk about it. If you want to see the whole message, you can just go back to the other email.

                                    1. 2

                                      An apt comparison, just like so-called “tabs-vs-spaces” the claim that there are two equivalent options misses the point entirely.

                                      The point is not to uselessly quote everything and put your post at the bottom instead of uselessly quoting everything and putting your post at the top. The point is to stop uselessly quoting everything.

                                    2. 1

                                      This particular battle is lost. I doubt there is any mail client with more than 3% marketshare that does not use top-posting as standard.

                                      In the business world, where clients like Outlook hold sway, someone who doesn’t top post and doesn’t drag along the entire previous conversation (including disclaimer signatures, cutesy “consider the environment before printing this email” PNGs, and potentially embarrassing discussions of someone who was just added as a CC by a 3rd party) is seen as a weirdo.

                                    1. 2

                                      This is one of those things that makes me feel sad about the future of the web. It seems like our only choices are between publishers who want to load up the web with autoplaying videos, ADD-inspiring redirects to more articles, and endless piles of ads and tracking scripts, and tech behemoths that want to put the whole web under their proprietary protocols and in-house services. There doesn’t seem to be any forces pushing for quality content on readable pages with reasonable, trustworthy ads or some other sort of monetization.

                                      1. 1

                                        There doesn’t seem to be any forces pushing for quality content on readable pages with reasonable, trustworthy ads or some other sort of monetization.

                                        I guess the EU is kinda doing that. But I agree, there needs to be a grassroots effort to push back.

                                      1. 33

                                        hopefully this will get a bunch of FOSS projects off github. they should never have been on there in the first place.

                                        1. 7

                                          Where should they have been?

                                          1. 1

                                            I used to host everything on Gitorious. It was around since slightly before GitHub, but then got aquired by GitLab and shut down. It looks like everything was migrated over to GitLab some time later, but by then I was happily self-hosting bare clones with a static file server.

                                            1. 1

                                              a computer running a vcs

                                            2. 10

                                              Who are you to tell open source maintainers where they “should” be?

                                              If you believe it’s important that open source projects need to use open source tools, you need to start by making the open source tools great, not by lecturing people for using effective tooling to advance their projects.

                                              1. 4

                                                maintainers of free software should use free tools to support the free software ecosystem, and so that others don’t have to give away their freedom in order to participate. you seem to be implying that the only valid criterion for using a tool is how “effective” it is in the short term; i don’t agree with that.

                                                1. 3

                                                  …what?

                                              1. 10

                                                From the readme:

                                                You probably noticed the peculiar default line length. Black defaults to 88 characters per line, which happens to be 10% over 80. This number was found to produce significantly shorter files than sticking with 80 (the most popular), or even 79 (used by the standard library). In general, 90-ish seems like the wise choice.

                                                This is a table stakes deal breaker for me. I know, I know, I’m likely old fashioned. I prefer old school. :-)

                                                1. 5

                                                  It is a default though, you can pass --line-length to it.

                                                  1. [Comment removed by author]

                                                    1. 4

                                                      Honestly though, is your terminal window really 80 columns wide? And should outdated defaults matter?

                                                      1. 3

                                                        Yes, my terminal window is really 80 columns wide.

                                                        I also have a source file where a single line of code is 250 characters (and no, it really can’t be broken up due to semantic constraints).

                                                        So, what should be the minimum width of a terminal window?

                                                        1. 1

                                                          I actually prefer to code with a 80-wide terminal most of the time, because it tends to remind me to simplify my code more than I would otherwise :o

                                                        2. 1

                                                          I think 79 is better than 80, because 79 allows for a single-column ruler on the side of the window and stuff

                                                          1. 1

                                                            This is about the size of your code “viewport”, not of your terminal.

                                                            3 columns are already used by my line length indicator in vim, but that number is really arbitrary too.

                                                          2. 1

                                                            departing from established standards because you feel like it is a pretty bad sign in general. as are --long-gnu-style-options, but that’s a different issue.

                                                          3. 2

                                                            I just counted the length of lines over 266 Lua files [1], calculating the 95th percentile [2] of line length. Only 4% had a 95 percentile of 89 or higher; 11% had a 95th percentile of 80 or higher. And just because, 4% had 95th percentiles of 80 and 81. For maximum line lengths:

                                                            • 42% with longest line of 79 characters or less
                                                            • 46% with longest line of 80 characters or less
                                                            • 56% with longest line of 88 characters or less

                                                            Longest line found: 204 characters

                                                            [1] I don’t use Python, so I’m using what I have. And what I have are multiple Lua modules I’ve downloaded.

                                                            [2] That is, out of all the lines of code, 95% of line lengths are less than this length.

                                                            1. 1

                                                              https://en.wikipedia.org/wiki/88_(number)

                                                              I can’t help it but read it as a fascist code, or at least I start thinking about whether it could be on every occasion I see this number (not totally unfounded, because where I live it is used this way every now and then). I don’t think they meant to use it this way, so I think it’s fine (more than that, good, because it devalues the code by not treating the numebr as taboo).

                                                              1. 1

                                                                Personally I don’t like line break at 80 or 90 with python, as the 4-spaces indent quickly uses up a lot of horizontal space. For example, if you write unittest-style unit tests, before you write any assignment or call, you have already lost 8 spaces.

                                                                class TestMyFunctionality(unittest.TestCase):
                                                                    def setUp(self):
                                                                        # ....
                                                                    def test_foo(self):
                                                                        x = SomeModule.SomeClass(self.initial_x, get_dummy_data(), self.database_handle)
                                                                

                                                                Of course you could start introducing line breaks, but that quickly leads to debates on “hanging indent”, lisp-style-indent, etc. or you end up with a lot of vanity variables for local variables.

                                                                With lisp-style indent I mean the following snippet, that (if it was the way the autoformatter would do it would convince me to accept a 80 character line length limit)

                                                                class TestMyFunctionality(unittest.TestCase):
                                                                    def setUp(self):
                                                                        # ....
                                                                    def test_foo(self):
                                                                        x = SomeModule.SomeClass(self.initial_x,
                                                                                                 get_dummy_data(),
                                                                                                 self.database_handle)
                                                                

                                                                Whereas I find the “hanging indent” style makes understanding the structure of the syntax tree so much more difficult.

                                                                class TestMyFunctionality(unittest.TestCase):
                                                                    def setUp(self):
                                                                        # ....
                                                                    def test_foo(self):
                                                                        x = SomeModule.SomeClass(
                                                                                self.initial_x,
                                                                                get_dummy_data(),
                                                                                self.database_handle)
                                                                
                                                              1. 5

                                                                i didn’t see anything with noscript turned on, which unfortunately disqualifies the project from use.

                                                                some lightweight discourse alternatives which don’t require javascript are fluxbb, and mailing lists.

                                                                to not leave anything out, i should also say that nim-forum is using a fairly loose definition of “lightweight.” maybe compared to discourse it is. but fluxbb 1.2.24 is written in under 9000 lines of PHP, with the only other dependency being some database. nim has a longer list of dependencies, and the dependencies themselves are quite heavy.

                                                                1. 2

                                                                  I’m genuinely curious why this disqualifies the project. Is it just a point of principle? Is it that you do not deem it safe to execute JS on websites?

                                                                  I don’t consider fluxbb and mailing lists to be alternatives to be honest. The former is a classic forum and the latter is, well, a mailing list.

                                                                  I just checked and the current codebase is 5300 lines of code. Which dependencies are heavy?

                                                                  1. 4

                                                                    One example of why SPAs cannot be used: if anything goes wrong, the whole site just breaks. On my phone (Blackberry Q10) https://forum.nim-lang.org/ just loads a blank white page and nothing more.

                                                                    1. 1

                                                                      That’s a good point. In the future it might be possible to pre-render the HTML on the server-side (it should be especially easy as the frontend is written in Nim too) and gracefully downgrade the experience (full page reloads on all links). I think for right now though, the current forum handles 90% of the use cases well, do remember that this is the initial version.

                                                                      Btw I would appreciate any more information about the Q10 failure, is JS simply disabled there? or is it not handling the forum’s JS properly? If you could open an issue on GitHub that would be brilliant.

                                                                      1. 2

                                                                        I assume it’s not handling the forum’s JS properly. If I get some time I’ll try to figure out how to hook up the web inspector, see what the error is, and open an issue :)

                                                                        1. 1

                                                                          Thank you!

                                                                    2. 3

                                                                      ah, i was being an idiot w/r/t to the listed dependencies. none of those are all that heavy. sorry about that!

                                                                      but there is one huge unlisted dependency: one of three major web engines. this is part of why i don’t support projects that don’t work without javascript. plenty of web forums are usable in dillo, netsurf, mothra, and lynx. people should not have to depend on the insane treadmill of ever-expanding web complexity for simple text-based communication.

                                                                      the other part is that javascript can be used to track you. people cannot be expected to review all the javascript that their browser might run to ensure that it’s not doing something malicious, so they should be able to disable it and still function online.

                                                                      why is a “classic” forum like fluxbb not considered an alternative to discourse/nimforum?

                                                                      1. 2

                                                                        Honestly, the only differences between classic forums and Discourse I’ve ever noticed are (1) the default Discourse theme is “modern looking” [meh] (2) Discourse integrates very well with email and is basically a fancy mailing list archive where you can choose to get only some threads or categories by email [very good]

                                                                        1. 2

                                                                          ah so you can post via email? that does seem useful.

                                                                  1. 1

                                                                    My phone is almost fully degoogled. The only thing I am left with is chrome because firefox is unusably slow on android.

                                                                    1. 3

                                                                      there’s also uhhh, android

                                                                      1. 1

                                                                        I’ve bounced around a few different browsers and settled on Fennec which is supposedly a different Firefox implementation. I found it a bit slow, but once I installed the uBlock Origin add-on it sped right up.

                                                                        1. 2

                                                                          supposedly a different Firefox implementation

                                                                          No, it’s Firefox with branding turned off. Unofficial builds, such as F-Droid’s (which I think they don’t want to do anymore) are usually unbranded.

                                                                          1. 1

                                                                            Ahhh thanks for the heads up!

                                                                        2. 1

                                                                          Firefox 57 and above work pretty damn well for me on any kind of Android phone I tested, but yeah, older Fx releases for Android were so slow that you could just VNC to your desktop and use firefox on it as well.

                                                                        1. 19

                                                                          My one beef with these kinds of articles is that they phrase things so that it sounds like Google has a grand plan to destroy open standards, but it may actually be that there are many local decisions that ended up doing it. The CEO of Google probably didn’t reach down one day and say, “Let’s get rid of XMPP”. I think it’s more likely that the hangouts group decided to stop maintaining it so they could compete with other chat products that weren’t restricted by XMPP. This isn’t to say that a trend of this kind of behavior from Google isn’t something to talk about, but probably it’s either something fundamental about how to make money from open standards, or else something about Google’s incentive structure. If you asked Sundar Pichai to stop doing this, he would probably say, “I don’t know what you’re talking about, but we have never made “destroying open standards” part of our long-term strategy.”

                                                                          1. 37

                                                                            Their intentions are irrelevant; only their actions and the consequences of them matter.

                                                                            1. 17

                                                                              If the sole intention of the article is to encourage other folks to avoid this pitfall, sure! If we want to also convince Google to stop doing it, then the practical mechanics of how these things actually happen are of vital importance. It’s probably the rank and file that want to do something innovative in order to hit quarterly goals, and are sacrificing open standards at the altar–getting those kinds of people to understand the role that they are personally playing is important in that context.

                                                                              1. 6

                                                                                You’re right that it’s important that the labor understand what the consequences of their efforts actually are; I think that’s what I’m saying, too.

                                                                                It’s also important that other people who are impacted by these actions by powerful actors like Google or Apple or Microsoft, but who don’t work there, understand who is responsible for these social negatives.

                                                                                It’s further important, for everyone to understand, that the directly responsible parties for that social cost are the corporations themselves, whose individual human members’ culpability for those costs is proportional to those members’ remuneration. Pressure should be applied as closely and directly to the top of that hierarchy as possible in order to convince them to stop it, in whatever way you can do best. The OP article is addressing the top of that hierarchy in Google’s (Alphabet’s?) particular instance, since they’re a very powerful actor in the space of the Internet and software in general.

                                                                                1. 6

                                                                                  Additionally, though it may be helpful for third parties to critique actors like Google by having concrete suggestions or perfect empathy for the foot-soldiers caught up in the inhumane machine that Google in some ways is, it’s not the obligation of the victims to make things easy for the powerful. It’s the moral obligation of the powerful to be mindful and careful with how they act, so that they don’t inadvertently cause human suffering.

                                                                                  Before any ancap libertarian douchetards weigh in with “corporations aren’t moral entities”, they absolutely act within the human sphere, which makes them moral agents. Choosing to be blind to their moral obligations makes them monsters, not blameless. Defending their privilege to privatize profit and socialize cost is unethical and traitorous to the human race.

                                                                              2. 7

                                                                                I think it’s more likely that the hangouts group decided to stop maintaining it so they could compete with other chat products that weren’t restricted by XMPP.

                                                                                That’s reasonable –by all accounts, xmpp is terrible – but the replacement could have been open sourced. This detail makes it clear that closing off the chat application was intentional. When GChat’s userbase was small, it made sense to piggy back off of the larger XMPP community. When GChat became the dominant chat client, it no longer needed the network effect that a federated protocol provided, and it moved to a proprietary protocol.

                                                                                1. 1

                                                                                  By whose accounts?

                                                                                  The vast majority of “commercial” chat networks are xmpp under the hood, with federation disabled.

                                                                                  Being technically poor isn’t why they turned off federation, it’s because federated chat gives zero vendor lock-in.

                                                                                  1. 2

                                                                                    I believe you and @orib are in agreement when s/he says:

                                                                                    This detail makes it clear that closing off the chat application was intentional

                                                                                2. 9

                                                                                  On the other hand, the CEO of Google could decree that using open standards is important.

                                                                                  I agree that this is closer to a natural disaster than a serial killer but an apathetic company doesn’t mean the outcome is better than an actively antagonistic company.

                                                                                  1. 9

                                                                                    I thought this article was fairly agnostic about how conscious Google’s embrace, extend, extinguish pattern is. This seems like the right approach, as we don’t have any way of knowing.

                                                                                    We know from court proceedings that Microsoft executives used the term “embrace, extend, extinguish” (and no doubt they justified this to themselves as necessary and for the greater good). We don’t have the same window into Google executives’ communications, but it seems foolhardy to think that some of them wouldn’t recognize the similarities between Microsoft’s “embrace, extend, extinguish,” and Google’s current approach. Sunar Pichai could be lying to himself, or he could just be lying to us. Either way the particular psychology of Google executives doesn’t seem important when the effects are predictable.

                                                                                  1. 12

                                                                                    why does gimp.org have doubleclick.net tracking… i mean it’s a GNU project… how does this happen?

                                                                                    1. 26

                                                                                      The circular shape of the letters hints at the eyes of the Go gopher

                                                                                      They’re really stretching with that line. Two circles could be a lot of things and the first things that come to mind don’t have anything to do with the Go gopher. I don’t like this. It’s generic corporate, and I’ll miss the ode to Plan 9.

                                                                                      1. 29

                                                                                        they needed an excuse to update the website and make it not work without javascript.

                                                                                        1. 16

                                                                                          i kind of respect the cynicism that went into this reply

                                                                                          1. 2

                                                                                            But, they didn’t update the website. The branding is entirely absent from the website. It’s boggling.

                                                                                            1. 3

                                                                                              oh, they will

                                                                                              1. 1

                                                                                                Over two weeks later and still no redesign of the website.

                                                                                          2. 15

                                                                                            It’s generic corporate

                                                                                            but… Go doesnt have generics! \s

                                                                                            Maybe it just supports the corporate interface.

                                                                                            1. 1

                                                                                              It’s generic corporate

                                                                                              Actually, it makes sense.

                                                                                              I’ll miss the ode to Plan 9

                                                                                              IMHO, Plan 9 had the technical potential to disrupt the centralized web. Years before it became a problem.
                                                                                              Now it’s a niche OS, developed by weird hackers that don’t buy mainstream buzzwords.

                                                                                              So, from certain points of view, Plan 9 is dangerous.
                                                                                              Something that any good programming minion should forget…

                                                                                              1. 4

                                                                                                Wait, does the COC rotate every time you click it? If so, are they being serious? The COCs generally looked really laudable, but now I can’t tell if they’re just posting them ironically.

                                                                                                1. 1

                                                                                                  Wait, does the COC rotate every time you click it?

                                                                                                  Yes.

                                                                                                  If so, are they being serious?

                                                                                                  Yes.

                                                                                                  The COCs generally looked really laudable, but now I can’t tell if they’re just posting them ironically.

                                                                                                  As my doctor say, irony is the worst side effect of intelligence.
                                                                                                  A pretty serious side effect, that most people cannot tollerate.

                                                                                                  (but since my doctor is my wife, she could be ironic about that… :-D)

                                                                                            1. 2

                                                                                              in what way did the spam/moderation problem manifest? what suggests zulip would not have those problems? i hope these questions don’t sound too pointed. i would just like to understand the decision, lest i must make a similar one in the future.

                                                                                              1. 2

                                                                                                There were almost no real messages on the mailing list – and I would get messages from mailman/dreamhost every day about whether to let spam in or not. There were a couple other reasons I forgot to mention:

                                                                                                • I’m on the toybox mailing list, which also uses mailman on Dreamhost. Rob Landley has complained that the archives go missing peridiocally. There is a hole in his mailing list history.
                                                                                                • Also, Gmail users get auto-unsubscribed because of some spam issue. It might be Google’s fault or it might be because Dreamhost is used to send a lot of spam. Dreamhost is good at web hosting, but the mailing list hosting doesn’t appear to be well-maintained.
                                                                                                • Some people had asked for an IRC channel, so this format might encourage more messages. There’s not enough traffic for IRC + mailing list, but there might be for a combined medium.
                                                                                                1. 1

                                                                                                  interesting. one hitch i’ve found is that i can’t figure out how to view threads without logging in to zulip. the mailing list had web archives which could be viewed without giving my email to dropbox. i don’t browse ml archives too much in practice, but it’s useful if you want to refer someone to a thread in a ml they’re not subscribed to. i’m sure there’s a way to enable this on the zulip side, and that way you’ll get the same utility that the ml provided and more.

                                                                                                  1. 1

                                                                                                    and I would get messages from mailman/dreamhost every day about whether to let spam in or not.

                                                                                                    But how does Zulip prevent this? Is it just not popular enough to have spambots for it or do they have something specific for curation?

                                                                                                    I suspect a lot of general purpose host get blacklisted for e-mail. I hadn’t thought of “don’t send e-mail” as a potential solution to that, but it seems to work. :)

                                                                                                    1. 2

                                                                                                      I’m not sure, but the fact that they have logins and are centralized means they can probably do a better job than a random mailing list.

                                                                                                      Dreamhost also probably has enough data to do something good about spam, but they apparently don’t. It costs engineers and money to fight e-mail spam.

                                                                                                      Here’s a good link about spam: Modern Anti-Spam and E2E Crypto (2014)

                                                                                                      https://news.ycombinator.com/item?id=12997025

                                                                                                      In my experience, Google’s spam filters have gotten significantly worse lately. I’m on the busybox mailing list and Gmail routinely marks those messages as spam. And it routinely rejects e-mails I sent from a cron job. So they’re having problems with both false positives and negatives.

                                                                                                      1. 1

                                                                                                        Thanks for the link and your thoughts on this! I actually didn’t know where to start looking.

                                                                                                1. 16

                                                                                                  Reminded me I’ve had Google Analytics code up on my blog since forever for no benefit for me whatsoever. Off it goes!

                                                                                                  1. 2

                                                                                                    Kudos for removing it but I am curious how Google Analytics ends up running on so many sites to begin with?

                                                                                                    1. 11

                                                                                                      It’s free, it’s very easy to setup and understand, and there is a lot of documentation out there on how to integrate it into different popular systems like Wordpress. It’s definitely invasive, but it’s hard to deny that it’s easy to integrate.

                                                                                                      1. 1

                                                                                                        not as easy as doing nothing though… it’s free and easy to crawl around on all fours… that can be invasive too if you crawl under someone’s desk… but this still leaves the question why.

                                                                                                        1. 5

                                                                                                          Because a lot of the time when you’ve just made a site you want to see if anyone’s looking at it, or maybe what kind of browsers are hitting it, or how many bots, or whatever, so you set up analytics. Then time passes, you find out what you wanted to find out, and you stop caring if people are looking at the site, but the tracking code is still there.

                                                                                                          1. 2

                                                                                                            I’d compare it to CCTV cameras in shops. You visit the shop (the website) voluntarily so the owner can and will track you. We can agree that this is a bad thing under certain conditions, but as long as it’s technically trivial it will be done. No use arguing what is, you’d need a face mask or TOR to avoid it.

                                                                                                            That said, I’d also prefer if it wasn’t Google Analytics on most pages but something that keeps the data strictly in the owner’s hands. I can wish for it to be deleted after a while all I want but my expectation is that all the laws in the world won’t change that to a 100% certainty.

                                                                                                        2. 8

                                                                                                          End-user-facing SaaS products are one thing. On a site I run on infrastructure that I run myself I can just look at the httpd logs¹ and doing so is way faster than looking at GA², but if I also bought a dozen other random SaaS products then the companies that run those won’t ship me httpd logs, but they will almost always give me a place to copy-paste in a GA tracking <script>. If I have to track usage on microsites and my main website, it’s nice if the same tracking works for all of them.

                                                                                                          It has some useful features. I believe offhand that, if you wire up code to tell it what counts as a “conversion event”, GA can out the box tell you things like “which pages tended to correlate positively and negatives with people subsequently pushing the shiny green BUY NOW button?”

                                                                                                          There’s a populace of people familiar with it. If you hire a head of marketing³, pretty much every single person in your hiring pool has used GA before, but almost none of them have scraped httpd logs with grep or used Piwik. (Though I would be surprised if they didn’t immediately find Piwik easy and pleasant to use.) So when that person says that they require quantitative analysis of visitor patterns in order to do their job⁴, they’re likely to phrase it as “put Google Analytics on the website, please.”

                                                                                                          (¹ GA writes down a bunch of stuff that Apache won’t, out the box. GA won’t immediately write down everything you care about because you have to tell it what counts as a conversion if you want conversion funnel statistics.)

                                                                                                          (² I have seriously no idea whatsoever how anybody manages to cope with using GA’s query interface on a day to day basis. It’s the most frustratingly laggy UI that I’ve ever used, and I’m including “running a shell and text editor inside ssh to a server on literally the opposite side of the planet” in this comparison. I think people who use GA regularly must have their expectations for software UI adjusted downward immensely.)

                                                                                                          (³ or whatever job title you give to the person whose pay is predicated on making the chart titled “Purchases via our website” go up and to the right.)

                                                                                                          (⁴ and they do! If you think they don’t, take it up with Ogilvy. He wrote a whole book and everything, you should read it.)

                                                                                                          1. 1

                                                                                                            what’s that book?

                                                                                                            1. 3

                                                                                                              The book is “Ogilvy on Advertising”. It’s not long, the prose is not boring and there are some nice pictures in it.

                                                                                                              The main thing it’s about is how an iterative approach to advertising can sell a boatload of product. That is, running several different adverts, measuring how well each advert worked, then trying another set of variations based on what worked the first time. For measurement he writes about doings things like putting different adverts for the same product up, each with a different discount code printed on it, and then counting how many customers show up using the discount code that was in each of those adverts. These days you’ll see websites doing things like using tracking cookies to work out what the conversion rate was from each advert they ran.

                                                                                                              Obviously the specific mechanisms they used for measurement back then are mostly obsolete now, but the underlying principle of evolving ad campaigns by putting out variations, measuring, then doubling down on the things you’ve demonstrated to work is timeless.

                                                                                                              Ogilvy also writes a little bit about specific practical things that he’s found worked when he put them in adverts in the past, such as putting large amounts of copy on the advert rather than small amounts, font choice, attention-grabbing wording, how to write a CTA, black text on white backgrounds or vice-verse, what kinds of photos to run and so on. Many are probably still accurate because human beings don’t change much.

                                                                                                              Many are plausibly wrong now because the practicalities of staring at a glowing screen aren’t identical to those of staring at a piece of paper. If you’re following the advice to in the first bit of the book about actually measuring things, then it won’t matter much to you how much is wrong or right because you’ll rapidly find out for yourself empirically anyway. :)

                                                                                                              Hypothetically, let’s say you’ve done a lot of little-a agile software development: you might feel that the evolutionary approach to advertising is really, really obvious. Well, congratulations, but not all advertising is done that way, and quite a lot of work is sold on the basis of how fashionable and sophisticated it makes the buyer of the advertising job feel. Ogilvy conveys, in much less harsh words, that the correct response to this is to burn those scrubs to the fucking ground by outselling them a hundred to one.

                                                                                                          2. 6

                                                                                                            For me it was probably ego-stroking to find out how much traffic I was getting. I’ve been blogging for more than a decade and not always from hosts where logs were easily accessible.

                                                                                                            1. 4

                                                                                                              What gets me is why people care about how many hits their blog gets anyway. If I write a blog, the main target is actually myself (and maybe, MAYBE, one or two other people I’ll email individually too), and I put it on the internet just because it is really easy to. Same thing with my open source libraries: I offer them for download with the hopes that they may be useful… but it really means nothing to me if you use it or not, since the reason I wrote it in the first place is for myself (or again, somebody who emailed me or pinged me on irc and I had some time to kill by helping them out).

                                                                                                              As such, I have no interest in analytics. It… really doesn’t matter if one or ten thousand people view the page, since it works for me and the individuals I converse with on email, and that’s my only goal.

                                                                                                              So I think that yes, Google Analytics is easy and that’s why they got the marketshare, but before that, people had to believe analytics mattered and I’m not sure how exactly that happened. Maybe it is every random blogger buying into the “data-driven” hype thinking they’re going to be the next John Rockefeller in the marketplace of ideas… instead of the reality where most blogs are lucky to have two readers. (BTW I think these thoughts also apply to the otherwise baffling popularity of Medium.com.)

                                                                                                              1. 1

                                                                                                                Also, it’s invasive, sure but it’s also fairly high value even at the free level.

                                                                                                                You get a LOT of data about your users from inserting that tracking info into your site.

                                                                                                                Which leads me into my next question - what does all this pro-privacy stuff do to such a blog’s SEO?

                                                                                                                (I know, I know, we’re not supposed to care about SEO - we’re Maverick developers expressing our cultural otherness and doing Maverick-y things…)

                                                                                                                1. 2

                                                                                                                  Oh, it totally tanks SEO.

                                                                                                                  Alternately, the SEO consultants that get hired by biz request to have GA added anyways and they force you to bring it in. :(

                                                                                                                  1. 1

                                                                                                                    Google will derank pages what don’t have Google Analytics?

                                                                                                            1. 1

                                                                                                              I’m glad you asked. Just a few hours ago, my Moto G5 suddenly turned off and booted back up again. No problems with the device like this until today.

                                                                                                              The crashes continued (after about a minute of uptime) until I enabled the “Google App” app. I disabled it months ago to avoid seeing or interacting with the unremovable search bar widget.

                                                                                                              I’m very interested in hearing what happened. I have all auto-update functions disabled. Well, at least I thought I did!

                                                                                                              1. 1

                                                                                                                so now you have to deal with the search bar widget?

                                                                                                                1. 1

                                                                                                                  I apparently do, unless I install a completely different launcher.

                                                                                                                  1. 2

                                                                                                                    Arrow launcher is amazing, I don’t know if you’ve tried it. :)

                                                                                                                    1. 2

                                                                                                                      I have not. Thank you for the suggestion!

                                                                                                                1. 4

                                                                                                                  From what I have heard, Signal has been considered but there is an issue with some metadata going to the US.

                                                                                                                  1. 1

                                                                                                                    By the sounds of it they are just hosting a matrix server and riot.

                                                                                                                    1. 1

                                                                                                                      maybe they want to be able to customize their own clients or host their communications on their own servers

                                                                                                                    1. 3

                                                                                                                      The French government is also funding the anonymous payment system GNU Taler. I wish I knew more about the free software/digital rights movement in France, but it makes me really happy.

                                                                                                                      1. 13

                                                                                                                        “there is no denying that Microsoft has changed as a company in a way that is beneficial to the open source community and beyond.”

                                                                                                                        this is a bold claim which he doesn’t seem to back up. i see no reason to think that their new-found love for linux is anything but the “embrace” phase of a 3-part plan.

                                                                                                                        1. 1

                                                                                                                          agreed.

                                                                                                                          1. 4

                                                                                                                            encrypted gopher is a good idea, but this proposal seems a bit half baked. for one, a single item type isn’t enough to encrypt all of gopher. seems to me you’d need an encrypted version of each item type. 20h has spent a lot of time thinking about this, and his two suggestions seem more comprehensive:

                                                                                                                            the mailing list discussion on tls is also worth reading, to understand the tradeoffs of different approaches.

                                                                                                                            1. 11

                                                                                                                              Can you tell me why your blog requires javascript to display the content? It’s extremely frustrating, it’s all there but post the initial blip the site just turns white with only the header remaining visible.

                                                                                                                              https://i.imgur.com/mQHB3N0.png

                                                                                                                              1. 2

                                                                                                                                Fixed.

                                                                                                                                1. 2

                                                                                                                                  Works fine with FF’s reader view mode even with javascript blocked. He has a bit of javascript that loads typekit and toggles opacity on success. As to why?

                                                                                                                                  1. 2

                                                                                                                                    Looks like there’s an “opacity: 0” in the CSS.

                                                                                                                                    1. 1

                                                                                                                                      so i just have to disable css too? :)