1. 5

    Still waiting for that POWER9 based laptop with classic 7-row ThinkPad keyboard …

    1. 3

      it’s 90W - it’s going to be one of those incredibly thick gamer laptops at best

      1. 3

        What prevents them from making a one with 2 cores and SMT4 at 25W envelope? :)

        1. 6

          The market for it. (Also, the 90W figure is for the 4-core part that pretty only exists as chaff that RCS uses and IBM otherwise wouldn’t. POWER9 is designed for 4-8 thread clumps - IBM sells single-core/thread models, but those use firmware DRM to be restricted)

          1. 1

            Which ones are those?

            1. 1

              Servers like the S812 Mini. The AIX configuration has more cores, but the i configuration is limited to a single one.

              1. 2

                Oh, yes. IBM i definitely plays by different rules.

          2. 3

            The limiting factor for the 4cores aren’t the cores itself, but all the peripheries like the PCIe host bridges, the core interconnect, the onchip accelerators, the MMU etc.

      1. 6

        This reminds me a little of Haiku’s packagefs system.

        1. 4

          More than a little for me; I’m having trouble finding a feature that isn’t implemented by Haiku’s package manager. Not that that’s a bad thing; I’ve been wanting an equivalent for Linux ever since I’ve learned about it.

        1. 1

          I wonder how Gtk+1.2 would stack up to Motif (or as they called it, at the time, “Bloatif”). Kind of disappointed that Qt is so high.

          1. 2

            Along the same lines, I’d love to see the different Qt versions. I assume here Qt==Qt5, but it’s worth noting that Qt has been a useful and widely deployed toolkit since 1.x, which was a lot leaner. (I used to statically link it back in the day.)

            1. 2

              Just check the list, it shows Motif and something called ‘GDK’. Since GDK is not a GUI toolkit I can only assume that this is GTK1.x. Motif uses 1.50MB and as such lies between GDK (which is lower at 1.20MB) and GTK+2 (higher at 2.80MB).

              1. 1

                GDK is the drawing engine of GTK. I assume that’s using GDK to draw, without using GTK widgets.

                1. 5

                  This is mostly the case - GDK is used as an abstraction layer between GTK and the underlying system (Xlib on X11). It was more Glib I was thinking about here than GDK. Still, GTK1 was a relatively lightweight abstraction on top of GDK (and gdk-pixbuf) which did not need (nor support) things like Pango, Cairo, ATK etc. It was lighter than Motif but heavier than Xaw (Athena).

                  Another interesting option for this list would be Xview (Sun’s OpenLook widget library) and the related OLIT (OpenLook Intrinsics Toolkit) which I suspect will end up being more lightweight even than GTK1 while still being perfectly usable. The somewhat sparse OpenLook style fits right in with the current flat UI toolkit trend.

              2. 2

                I remember working with Motif on…some system, I can’t remember which now…some Unix….that didn’t support shared objects, so Motif was statically linked into every Motif application. Moreover, they didn’t do a good job with the archives, so every application had a minimum size of like 2-3MB. This was back when that was an enormous amount of space.

              1. 3

                This is huge, because it is only professional desktop environment available.

                1. 4

                  I use Window Maker and I am a professional, so I doubt your statement.

                  1. 4

                    That’s an awfully loaded claim…

                    1. 2

                      I’m going to say it’s a joke, if only because it’s too funny not to be, regardless of intent.

                  1. 2

                    funny, 5 out of the 25 entries currently listed are reposts on Lobsters by @calvin

                    1. 4

                      @calvin likely copies things from a lot of sites. He’s a curator for Lobsters.

                      On a related note, I’ve noticed that the growth of the site has led to HN-like submissions getting more attention than what did in the past. Things are changing. So, I’ve been posting more of those, too, since it’s what they want to read. It’s also too busy with such submissions to ensure the CompSci stuff would even be seen. I’ve been posting it on days with less going on.

                      1. 4

                        I do cross-post from Reddit/HN, but only if:

                        1. The article fits the scope of the site. HN has a lot of tech business stuff that’s just on the edge and outright non-tech related stories.

                        2. It has enough “meat on the bone” to be interesting. I do try to consider the fact that not everyone here is at the same skill level in everything though, so more introductory stuff could be submitted if I think it fits Lobsters’ quality standards.

                        3. It’s not a blatant advertisement. Vendor blogs are OK if they’re talking about something technical and not trying to sell you on things (At most, a little quip saying “btw if you liked this please buy our stuff”.). Sometimes my filters get fouled though, out of confusion or just mental exhaustion.

                        Of course, I also have an RSS reader…

                        1. 2

                          I’ve noticed that the growth of the site has led to HN-like submissions getting more attention than what did in the past

                          From the July stats we can see that the links in common are ~2% of the total links on HN[1], while they’re ~60% on Lobste.rs.

                          Lobste.rs is way less aggressive in outright removing stuff. There’s quite a lot of links on Lobste.rs with negative karma (like this one). That link has a 0.34 comment-to-score ratio on HN.

                          The scale of the two sites is way different, so it’s natural that HN will have some “outsized” influence on the stuff that ‘s posted here. It’s up to the community to ensure it’s the stuff they want.

                          [1] note that I don’t (yet) weed out links that can be flagged “dead” after submission, unless they’re part of a pair.

                          1. 1

                            And I don’t just mean in common: I mean the kinds of content that appeals to folks on HN more. Lobsters had a lot of deeper tech stories in the past that weren’t as mainstream. Even when here, the HN-like content often covers them up.

                            1. 2

                              I browse using the /newest link, because there’s seldom more content than maybe half of that gets replaced daily. I find plenty of interesting content, and I flag the inappropriate stuff.

                              As mentioned in my blog post, that’s essentially impossible to do on Hacker News. Discovery is at the mercy of the front page.

                              So increasing size and popularity does carry risks. But I don’t want to exclude people from the stuff posted here.

                              1. 2

                                Yeah, I might just have to stop relying on the front page. I think most folks use it, though. So, I’ve shifted my submitted content from CompSci to more HN-like stuff with some CompSci to fit the audience’s preferences. Well, my schedules have kept me off the site, too.

                                And I’m also not trying to exclude anyone: just talking about patterns of behavior they’re all doing. I’m letting the site evolve into whatever it will become.

                                @pushcx would you run a query to see how many requests/views we get on front page, recent, and new? I’m curious what the audience ratio is for those. I expect some will be scripts that might run many times a day. Might be ways to reduce that like unique I.P.‘s or account ID’s.

                                1. 3

                                  So, I’ve shifted my submitted content from CompSci to more HN-like stuff with some CompSci to fit the audience’s preferences. Well, my schedules have kept me off the site, too.

                                  For what it is worth, I have joined lobsters specifically, to exclude from my frequent consumption, the HN’s 10%-stories (this is my ‘tag’ for stories that are only tangentially related to CS, Maths, Physics, Material Engineering, Biology), and their associated comments.

                                  On the other hand, if people are more interested in social/economic/political/moral impacts and positioning of technology+sciences and its leaders, HN is probably a much better place. I am interested in those as well, but I prefer to consume those at much less frequent intervals.

                                  Also, the ‘I have built a business over the weekend’ – kind of stories, often frequent on HN, are inspirational.. but to a point :-).

                                  1. 2

                                    Lobsters was mostly like that when I joined it. That’s a smaller part of the audience and/or submissions now.

                                  2. 3

                                    Why not just submit the kind of content that interests you most rather than trying to fit your beliefs about other’s preferences?

                                    1. 1

                                      I do. I just also want it to delight and help more people. There were quite a few people who used that sort of work when they saw it. If it gets covered up regularly, then there’s no point in submitting it.

                                      I have thought about reviving the idea of a feed of that stuff folks can subscribe to or post here if they wanted. Then, just tell the target audience about it. Pretty swamped by main job currently. Barely time to do my research at all. Got 61 tabs open on my phone I gotta go through. Off today so will do.

                                      1. 2

                                        Thanks for the response.

                                        A twitter feed would be pretty low set-up time and you can easily publish an RSS feed from it (https://wp.me/p9vpb5-43)

                          2. 1

                            @calvin submitted 59 entries last month (data collection started on 5 Jul 2019 so the entire month is not covered).

                          1. 13

                            Federated Gitea (or even better, some sort of open federated git protocol) would be very interesting.

                            1. 3

                              This really piqued my interest as well. Does anyone know more about the current state of federated gitea and what the future plans are?

                              1. 3

                                I’m reminded of git-ssb, which at first glance seems to be what you want.

                                1. 5

                                  Another similar project is http://www.radicle.xyz (but I agree, P2P not federated).

                                  1. 5

                                    Federation isn’t P2P. They’re similar in some ways, and quite unlike in others.

                                    1. 1

                                      Yeah, git-ssb is a neat project! I checked it out a few years ago and I remember having some kind of issue with it. Maybe cross-device identity or something? I suppose I should revisit it.

                                      1. 1

                                        SSB in general doesn’t support cross-device identity at all, but leaves the problem of identifying two different public keys as the same “identity” to higher level applications. There are several solutions in the roadmap, but nothing definite for now.

                                  1. 3

                                    If my bouncer is up.

                                    1. 3

                                      Moof!

                                      Even though I was an Amiga guy back then (and still am), Susan Kare’s icons and graphic design are my favorites.

                                      (She also designed the icons in the early versions of Windows.)

                                      I wonder if we could get a Kickstarter to commission her to design an XDG icon theme.

                                      1. 1

                                        She worked at Eazel doing stuff for Nautilus; I’m not sure of the provenance of the GNOME icon theme of the time though.

                                      1. 4

                                        That’s nice and all, but what’s the reasoning behind not releasing their drivers as open source?

                                        1. 13

                                          likely

                                          • Required IP from other companies that they would need to negotiate with or replace in order to release the source for

                                          • Keeping advantages in optimizations for real-world applications (they play a lot of games to optimize existing software, down to both AMD and Nvidia rewriting a game’s shaders and shipping them with the driver)

                                          • Requirements from Hollywood and the ilk not to release any information useful for circumventing or understanding DRM schemes

                                          1. 7

                                            Requirements from Hollywood and the ilk

                                            This shouldn’t really touch drivers (both AMD and Intel are all in on FOSS drivers) but AMD employees on reddit have cited this as the biggest reason why Radeon firmware is closed.

                                            Apparently hollywood lawyers would have an issue even with a FOSS firmware that does not implement DRM at all.

                                            1. 2

                                              From what I’ve read: they also restrict some features depending on whether or not you bought the “professional” version of their cards. This restriction is implemented in software (drivers), the cards are otherwise similar (identical?).

                                              https://www.eevblog.com/forum/chat/hacking-nvidia-cards-into-their-professional-counterparts/

                                              I think I’ve seen a lot of Quadro cards in universities, so I think this could be a decent bit of money for them.

                                              1. 1

                                                It is an absurd amount of money for them. If you are running an ML training cluster it can be cheaper to buy 20% “better” cards for 2x more money than to buy 20% more server racks.

                                          1. 2

                                            You can also do this to JVM processes, more or less, using LiveREPL. It’s intended to attach to Clojure processes, but you can attach it to anything running on the JVM, and it doesn’t require any cooperation—all you need is the script and some jar files, and to be running as the same user as the JVM process is. From there, it’s all just Java agent injection and dynamic classloaders and other stuff I don’t totally understand.

                                            It sounds like Manhole instead requires cooperation from the server, but if you can run as the same user anyway, it’s always theoretically possible to attach a debugger or something.

                                            I’m hearing people say “that sounds really dangerous in production” but the funny thing is that that’s the only place I’ve ever used it. Why? Because this is a tool of last resort, and if it weren’t production, I’d do it a different way. I’m not happy to have had to use LiveREPL on a production server, but it was necessary (couldn’t reproduce behavior in other environments, and needed to validate a guess as to the right fix) and we were careful: Take the server out of the cluster, replicate the bad behavior, attach, dig around inside, apply the proposed patch to the running application (ain’t Clojure grand?), validate the fix, terminate and replace the server.

                                            I’ve only had to do it twice, and it was totally worth it.

                                            1. 2

                                              Sounds a lot like what Erlang developers do with attaching REPLs and doing hot code reloading.

                                              1. 1

                                                Same goes for the Lisp family of languages.

                                                It’s wonderful for debugging since you can just explore the running system where the problem is.

                                                1. 1

                                                  Yep. LiveREPL can help you inspect a running java process, but if it’s a Clojure app you can actually swap stuff out too, since it’s a Lisp with rebindable vars. :-)

                                            1. 1

                                              The HP palmtops are a treasure (though in my experience, the newer they got, the less reliable they were – something I don’t think can be blamed on the bathtub curve, since my journada was nearly ten years old when I got it). I used an HP95lx as my primary PDA from around 2007 to 2010, & was still working fine when I got rid of it (while my 2000-era journada continued working for about a year).

                                              Being stuck on Windows CE is worth it, just to get a hardware keyboard on your PDA. The journada was an improvement over the first-generation blackberry it replaced, since it had wifi.

                                              1. 1

                                                I also have a 660lx - the keyboard is a little clumsy because it’s basically scaled up calculator keys. the Jornadas have the typical laptop style keys of the time, so they’re a little gentler to type on.

                                                1. 1

                                                  Yeah, the jornada keys are nicer to type on, but like laptop keys of the era, they tend to break quickly: I had to replace a key within about 3 months of getting the thing. On my 95lx and 100lx, the chiclet-style keys weren’t nice to type longform on but they remained totally reliable the whole time I used them (in part because it was impossible for anything to get under them).

                                                  The nicest typing experience I’ve had on a portable is my NEC PC-8300 (a clone of the TRS-80 Model 100, & apparently the last machine for which Bill Gates wrote a substantial amount of code for the Microsoft BASIC port): it had a nice full-sized mechanical keyboard where you can hear springs clanking as you type.

                                              1. 25

                                                Boy, this might not be a popular opinion, but here it goes…

                                                Suppose someone posted a manifesto to Lobsters, and then went on a mass shooting spree. Should Lobsters be shut down for it?

                                                If 8chan uses Let’s Encrypt (I don’t know if they do), should their TLS certs be revoked?

                                                It’s no secret that 8ch is extreme compared to the rest of the internet. But on the gunman’s thread, apparently 8chan mocked the shooter. I don’t know. I haven’t seen the thread; that info comes from hearsay around the internet. The point is, we’re getting our news about this incident from sources other than 8chan, because it seems like most of us don’t participate on 8chan.

                                                Note that Cloudflare has terminated support for a social network for sex workers: https://twitter.com/SarahJamieLewis/status/1158203593071067136

                                                It’s very easy to jump on the bandwagon of targeting 8chan for this. It’s not so easy to carefully consider the long-term implications of shutting down years-long websites with active communities.

                                                8chan’s cloudflare protection terminates in just over three hours. We’ll see if a gigantic DDoS is about to follow.

                                                I think this is one step closer to the web becoming a series of centralized institutions. And personally, I don’t like the implications of that. The New Zealand shooter livestreamed his attack on Facebook, yet faced no repercussions. When I tried to google for 8chan, the site is completely absent in the search results. I had to use ddg just to get to it.

                                                This is simply my own point of view though. I understand and respect that others have different feelings on the matter.

                                                EDIT: I found a copy of the 8chan thread: https://web.archive.org/web/20190803162950/https:/8ch.net/pol/res/13561044.html

                                                I encourage all of you to read the community response and form your own conclusions.

                                                EDIT2: 8chan is now offline. I assume they’ll be back up within 48 hours, but for better or for worse, cloudflare basically took down this site on short notice in the middle of the night on a Sunday.

                                                1. 35

                                                  Suppose someone posted a manifesto to Lobsters, and then went on a mass shooting spree. Should Lobsters be shut down for it?

                                                  I assume the post would be removed for violating site policy and wouldn’t harbour it - no need for the state to force the site.

                                                  1. 14

                                                    Certainly. Calls for violence are against 8chan’s ToS too.

                                                    It could be true that 8chan doesn’t enforce their ToS. But we don’t have the data, and it seems plausible that 8chan deleted the thread when the moderators became aware of it.

                                                    EDIT: It’s impossible to know for sure, but people are claiming that 8chan took down the manifesto within minutes, and reacted faster than Facebook did. https://www.reddit.com/r/technology/comments/cm4on1/cloudflare_to_terminate_service_for_8chan/ew075j6/

                                                    1. 18

                                                      I think the ToS and how fast the manifesto was removed is irrelevant.

                                                      The events leading up to the shooting rampage are what matter. There is every indication that over the last six months multiple terrorist attacks were committed by people radicalized on 8chan. The whole extremist community is the problem, not how fast they respond to obvious signs of extremism once an atrocity has been committed.

                                                      There is one method we know that works for extremist communities like this: cutting off their platform restricts the extent they can recruit and pushes them underground, where they can be better contained.

                                                      Are there some non-extremist parts of 8chan? Possibly, but it’s also irrelevant. Having a community engage in extremism or being taken over by extremists should have consequences and that applies to people willingly associating with that kind of community.

                                                      1. 4

                                                        radicalized on 8chan

                                                        I would assert most people aren’t radicalised on 8chan. It’s where you end up once you’re radical, because only a radical can find that kind of environment sufferable. In a sense, 8chan works as refuge for radicals.

                                                        1. 17

                                                          There is probably a progression, however the evidence seems to bear out that 8chan’s environment heavily contributes (but probably isn’t the only factor) in making extremists out of these people.

                                                          1. 9

                                                            Radicalization isn’t a binary. I’m sure there are plenty of people posting on 8chan and similar corners of the web who are quasi-racist trolls posting “for the lulz” and wouldn’t escalate to violence. But how much does the insular environment push them further to violence? How much does an environment filled with people saying “kill (((them)))” further push people who are already willing to become violent?

                                                            Some research on this topic paints a picture of the impact of sites like 8chan:

                                                            For lone wolf terrorists of the post-9/11 period, traditional loci of radicalization have been replaced by informal online social networks, the civilian workplace, and mass media

                                                            Lone wolves are enabled through either direct means in the form of people who unwittingly assist in planning attacks, or indirectly by people who provide inspiration for terrorism.

                                                            During the pre-9/11 era, 57% of the lone wolf terrorists were enabled by others. In the post-9/11 era, the figure rose to 67%. Nearly all of the enabling was indirect.

                                                            1. 3

                                                              Out of a morbid curiosity, are they including lone wolves that were groomed by overzealous feds?

                                                              1. 4

                                                                In their longer book on the subject, Hamm and Spaajj pull no punches there:

                                                                The strongest and most provocative work exists in the book’s final two chapters which provide a thorough indictment of the FBI’s Sting Program on its ethical grounding and “for diverting resources away from the real problem”

                                                                [they] accuse the FBI of “mythmaking”: exaggerating the threat of these suspects to appease a “results driven culture”, to give the impression that America is winning the war on terrorism and to justify additional funding.

                                                                (doi:10.1080/17539153.2017.1384154)

                                                        2. 4

                                                          8chan’s moderation is often laser-focused when it comes to rulebreaking, on the popular boards at least.

                                                        3. 3

                                                          8chan /pol/’s moderators did and were trying to remove it for violating site policy.

                                                        4. 23

                                                          I can see how you might get to this position, starting from zero or close to it. I don’t even think such a position is bad in the abstract, i.e., if we were to apply a veil of ignorance, I would generally agree that Cloudflare shouldn’t do this. But 8chan and lobste.rs are very different sites, as you allude to. Your hypothetical positions them as equivalents, but 8ch is not the same kind of site. Consider the work done by Bellingcat contributor Robert Evans, that links to his most recent (and relevant) work on the subject. He lays out clearly how the 8ch board members aren’t mocking the terrorist here, but rather encouraging and radicalizing others.

                                                          A more apt analogy would be if someone posted a manifesto to Daily Stormer, or the InfoWars message boards, or another site which actively works to radicalize it’s members, in those situations, is it ethical for someone to continue working with them if those sites show a longstanding tolerance for speech which leads to terrorist acts?

                                                          We don’t live in a perfect world, and I am happy to stand at the front of the line in criticizing Cloudflare for lots of things, but I find it difficult to defend a site which so happily supports terrorists and who’s participants work to create more of them. I don’t think it’s ethical to work with terrorists, I don’t think it’d be unethical for Cloudflare, LetsEncrypt, or anyone else to refuse them service.

                                                          I think it’s reasonable to worry about the web being centralized, but I don’t think that this is any more or less a step in that direction than the existence of cloudflare as a service in-and-of-itself. I’m also someone who generally dislikes any corporation because I’m a weirdo lefty. But that’s another topic.

                                                          1. 12

                                                            If 8chan is anything like 4chan

                                                            Certainly. Calls for violence are against 8chan’s ToS too.

                                                            Anon imageboards have a simply unsustainable community model. It’s impossible to hold anyone accountable for anything they do on there. Facebook and Twitter has serious problems, but at least if they kick someone off the site, it has some teeth to it (you lose all your followers). The closest thing 8chan has is an IP block, and that can be instantly routed around with a proxy and you lose nothing when you do so. There’s a reason why, despite nominally having a rule against it in their ToS, these sites are known for activities like the Anonymous group, /pol/, and cyberbullying. They might talk a good game about moderating their site in their ToS, but they deprive themselves of the tools to really pull it off.

                                                            But on the gunman’s thread, apparently 8chan mocked the shooter. I don’t know. I haven’t seen the thread; that info comes from hearsay around the internet.

                                                            These sites are a lot less conflict-averse than most online communities. I’m not surprised that somebody on there would mock the shooter. There’s probably someone else saying that the shooter did nothing wrong, someone else saying that the shooter was driven to it by our “degenerate” society, and someone else saying that the shooter should’ve just committed suicide and left everyone else out of it. A sufficiently long thread will always have a dissenter in it, pretty much no matter what.

                                                            I have reservations about this incident, because I don’t like the fact that it’s CloudFlare doing it. I’d rather just have the site shut down by the government for negligent publication of text that incites violence, but that’s never going to happen as long as the big websites lobby against it…

                                                            1. 4

                                                              Polite request - could you add a NSFW disclaimer to those top links? Those advertisements are not something I’d want popping up in the office :)

                                                              1. 3

                                                                activities like the Anonymous group, /pol/, and cyberbullying

                                                                These are not against the rules, and so are not bannable offenses.

                                                                1. 7

                                                                  You know that hacking, hate speech, and harassment are illegal, right?

                                                                  1. 0

                                                                    Anonymous are not inherently hackers, hate speech is free speech, and cyberbullying could be depending on the context: I doubt posting about someone online without posting directly to them would be deemed harassment in court.

                                                                    1. 8

                                                                      I’ve seen calls to directly harass someone not be removed, (and was moderating the other end), so my view of their mods are not as positive as yours.

                                                                      Hate speech is only free speech in a very fundamental interpretation of it and definitely illegal in many jurisdictions.

                                                                      1. 3

                                                                        Anonymous are not inherently hackers

                                                                        Sure, they also did zero-hacking DDoS, spear phishing, and intentionally flooding phone lines, all of which would at least be grounds of a restraining order if it weren’t such a pain to figure out who the order should even be served to.

                                                                        hate speech is free speech

                                                                        As was already brought up elsewhere in the conversation tree, “free speech zones” suck like a Hoover. That’s probably one of the reasons you’re on Lobsters instead of /g/.

                                                                        cyberbullying could be depending on the context

                                                                        I’m talking about planned raids when I refer to cyberbullying. Not just calling people names in public, but rather calling people names in places where they will be notified about it (like if I posted @WilhelmVonWeiner is a poopy-head on here, so that you would be automatically notified and thus making it probable, rather than merely possible, that you will read it).

                                                                        Obviously, there’s always an element of context to something like that, but considering how beyond-the-pale the instances have been known to get, I’m curious what definition of cyberbullying you’d use that doesn’t include 4chan raids on other sites.

                                                                        1. 1

                                                                          No, I’m not on /g/ because 8chan’s equivalent is /tech/, and nobody on /g/ or /tech/ actually knows anything about technology

                                                                          1. 4

                                                                            I agree, but I’m curious: have you ever thought about why so much more interesting discussions happen on here compared to there?

                                                                            1. 1

                                                                              …nobody on /g/ or /tech/ actually knows anything about technology.

                                                                              1. 5

                                                                                Why? Why don’t people who know anything about technology hang out on anon boards?

                                                                                1. 2

                                                                                  Probably for the same reason. More people who know nothing past consumer technology post there than people who do, so it drowns out anything interesting. This was the case long before the extreme politicisation of imageboards.

                                                                  2. 1

                                                                    I’m not sure entirely how it works, but I’ve flipped though 4 and 8chan enough to notice that 8chan must have some sort of moderation.

                                                                    4chan pol is all over the place. Extremists and conspiracy theorists of all stripes constantly arguing with each other and trying to out-troll each other. It’s hard to tell what’s even serious, and I’ve never noticed any consistent position to it all.

                                                                    8chan pol appears to be full-on Nazis. No serious opposition noticeable. But there also appears to be a leftypol that is full-on Communists, calling for violent communist revolution. Apparently they raid each other periodically, though the righty pol seems to be much bigger.

                                                                  3. 10

                                                                    Suppose someone posted a manifesto to Lobsters, and then went on a mass shooting spree. Should Lobsters be shut down for it? […] It’s not so easy to carefully consider the long-term implications of shutting down years-long websites with active communities.

                                                                    I would shut down Lobsters rather than run a site where mass murders regularly propagandize their atrocities, yes. This is, in fact, a very easy question.

                                                                    1. -1

                                                                      There are less easy, more realistic scenarios. Suppose someone posted a manifesto, and then took down an electric grid due to an unpatched security issue, resulting in some deaths. (This may seem contrived, but public infrastructure has historically been the most vulnerable.)

                                                                      Lobsters has become my home. It’s unfortunate that the community would be shut down due to the actions of one malicious person.

                                                                      On the other hand, even if you wanted to keep Lobsters running afterwards, you might not be able to, because the wider internet might deplatform your CDN: https://twitter.com/CodeMonkeyZ/status/1158422046176530432

                                                                      1. 8

                                                                        Why do you keep imagining scenarios of one lone wolf when 8chan has been home to three mass murderers this year?

                                                                        1. 1

                                                                          Personally, Im looking at the potential of and actual good Ive seen on Lobsters vs some asshole who might do their evil deed anywhere. Destroying all the good Lobsters did and might do over one murderer is a poor trade in my book. I’d rather fight the specific behavior or commenters promoting violence against innocent people to eliminate the problem while keeping whatever good the site brings.

                                                                          8chan couldve adopted this philosophy. They and that channel didnt care. Damage followed. It wasn’t because 8chan as a whole existed, though. They just didn’t cut out those with the worst intentions consistently working toward delivering on them. The haters weren’t even hiding what they were doing per articles Lobsters shared. Bad administration over there is all.

                                                                          1. 1

                                                                            Because I am trying to persuade you to think about the implications of what you’re saying. Calls for violence are against the site’s ToS, just like Lobsters, and they actively moderate and ban offenders, just like Lobsters. Yet 8chan is being forced offline for not doing a good enough job in the eyes of the wider internet.

                                                                            We don’t know how much those people used 8chan. Before the internet, crazies sent mail to news stations to get attention. Why is this any different?

                                                                          2. 6

                                                                            You seem to be trying your best to treat both sites as equal and come up with a “this could happen anywhere!” argument. But it wouldn’t. Because most sites are not the first port of call for white nationalist terrorists looking to chat with other white nationalists in advance of a terror attack; that honor falls to 8chan and friends.

                                                                            If your hypothetical came true, most likely the manifesto would be downvoted from the beginning. I can’t speak for mods but would be shocked if it wasn’t removed immediately and the poster banned. The community certainly would not repost it multiple times after that; if you’re looking for that experience, try 8chan.

                                                                            And the site wouldn’t face any harm afterwards because the community does not have a history of supporting terrorism and terrorists - 8chan does.

                                                                            These things don’t just happen in a vacuum. Context matters.

                                                                            1. 0

                                                                              I can’t speak for mods but would be shocked if it wasn’t removed immediately and the poster banned.

                                                                              That is literally what happened on 8chan. They reacted within minutes.

                                                                              1. 3

                                                                                Cool. Now try the other two.

                                                                                Context matters.

                                                                            2. 3

                                                                              Don’t use weasel words such as “deplatforming” - it’s not what’s happened here. The CDN in question (BitMitigate) was renting hardware and broke the acceptable use policy of their host.

                                                                              “Deplatforming” refers to the practice of “meta service providers” such as Youtube, Twitter and Facebook of removing content from popular listings, search results, and/or ad revenue for reasons that are unclear to the content producer, or that can change over time. It’s also a dog-whistle used by right-wing commentators who believe that content they approve of is being suppressed by these large social media companies.

                                                                              1. 2

                                                                                Then why isn’t 8chan up and running again? The site’s still down.

                                                                                This is a legit use of the term deplatforming. The entire world is coming together to make sure 8chan stays offline.

                                                                                The host wasn’t the one demanding that BitMitigate be taken offline. The internet was. Reporters even showed up on the Twitter thread – if they had said no, what do you think would have happened? You’re literally not allowed to say “Yes, this content can stay” in that context, because you’d lose business.

                                                                                Framing it as an AUP violation isn’t really true in that context.

                                                                                1. 3

                                                                                  Then why isn’t 8chan up and running again? The site’s still down.

                                                                                  Presumably because they didn’t have a contingency plan in place, other than contracting with BitMitigate, who seem to have built their free-speech mansion on shaky ground.

                                                                                  No doubt they will be up on the internet in a couple of days. Non olet as the Romans used to say - money doesn’t smell.

                                                                                  This is a legit use of the term deplatforming.

                                                                                  I don’t agree. It’s more restrictive than deplatforming. The content is, as you say, inaccessible. Deplatformed content is accessible, as long as you have the direct URL to it. But you are using “deplatforming” in the wider, politicized context. This is just confusing, because people might think that it’s just a question of 8chan not being indexed by Google, or them not being able to use AdWords for ads.

                                                                                  The entire world is coming together to make sure 8chan stays offline.

                                                                                  This does not seem to be the case to me. It might look that way on Twitter though.

                                                                                  Framing it as an AUP violation isn’t really true in that context.

                                                                                  I’m obviously not privy to the specific terms of that AUP that Epik/BitMitigate signed with Voxility, so I’m quoting from the Verge article I’m using as source for this (it was submitted to HN yesterday):

                                                                                  “As soon as we were notified of the content that Epik was hosting, we made the decision to totally ban them,” Voxility business development VP Maria Sirbu told The Verge. Sirbu said it was unlikely that Voxility would work with Epik again. “This is the second situation we’ve had with the reseller and this is not tolerable,” she said.

                                                                                  It seems pretty cut and dried to me. This is a business decision by Voxility, regarding the kind of customers they want to work with.

                                                                                  (Edit added a quote and a response)

                                                                                  1. 2

                                                                                    It’s probably productive to agree to disagree then.

                                                                                    A website was cut off from ~all services within 24 hours on short notice. If AWS, Digital Ocean, and every other host refused to do business with you, would you say you didn’t have a contingency plan?

                                                                                    No doubt they will be up on the internet in a couple of days.

                                                                                    This is looking increasingly unlikely. I think we may very well be looking at the first large-scale deplatforming of a relatively popular website. I keep using that word because that is the definition:

                                                                                    Deplatforming, also known as no-platforming, is a form of political activism or prior restraint by an individual, group, or organization with the goal of shutting down controversial speakers or speech, or denying them access to a venue in which to express their opinion.

                                                                                    No business in the world can host 8chan and face no backlash from their customers. There is no business incentive to do business with 8chan, so all of them will say no. Therefore the world is cooperating to see that 8chan is removed from a venue to speak: the internet.

                                                                                    By the way, I was blacklisted from HN nearly a year ago after asking about their moderation policies publicly. This is partly why these issues are rather important to me.

                                                                                    1. 2

                                                                                      I agree, I think it’s best we end our discussion.

                                                                                      Thanks for clarifying what you mean by “deplatforming”. What’s the source of that quote, by the way? I’ll update my vocabulary accordingly.

                                                                                      No business in the world can host 8chan and face no backlash from their customers.

                                                                                      You have a higher opinion of the morality of global capitalism than I do.

                                                                                      Therefore the world is cooperating to see that 8chan is removed from a venue to speak: the internet.

                                                                                      Let’s get real here - the world is depriving a website the ability to monetize speech that is explicitly anonymous. I have very little sympathy for people espousing the sort of ideology apparent on /pol/, but I have even less for cowards who won’t stand behind their words.

                                                                                      1. 2

                                                                                        At least I was able to persuade you from “It’s not happening” to “It’s happening, but our cause is righteous.”

                                                                                        The main point isn’t really about 8chan. It’s about leading indicators. Once it’s in vogue to start banning social networks and working together to keep them off the internet, it seems like a matter of time before various communities are targeted by news agencies.

                                                                                        By the way, you could make the same argument about Twitter: It’s allowed white supremacist content for years. It’s a platform where people go to reinforce their own views. And it served as the largest hub for 8chan followers to figure out where to go next. Ban twitter? Why or why not? What’s the difference?

                                                                                        (re: the definition, honestly I just typed define: deplatforming into google.)

                                                                                        1. 2

                                                                                          At least I was able to persuade you from “It’s not happening” to “It’s happening, but our cause is righteous.”

                                                                                          You have done no such thing. I have never denied that 8chan is offline, or the processes that caused it.

                                                                                          I am not advocating online for the banning of 8chan - I’m not naive enough to believe that this will stop the radicalization of lone wolves. I’m interested in the mechanics of modern web publishing at scale, and how it interacts with free speech. I’ve learned a lot about the roles of CDNs through this story.

                                                                                          As to my distaste of people anonymously or not advocating mass murder - that’s hardly a fringe position.

                                                                                          Finally, the definition of “deplatforming”. This is the link I get from searching like you did:

                                                                                          https://en.wikipedia.org/wiki/Deplatforming

                                                                                          A quick glance through the reference list shows that this is most likely a partisan article that’s worked hard to satisfy Wikipedia’s standards for notability. Like many other hot-button issues and terms, I do not believe a Wikipedia definition to be a good basis for discussion.

                                                                                          This is my final comment in this matter. Thanks for the discussion.

                                                                          3. 8

                                                                            When I tried to google for 8chan, the site is completely absent in the search results. I had to use ddg just to get to it.

                                                                            Yep. And this censorship feeds directly into the narratives peddled by the hate groups.

                                                                            1. 32

                                                                              And this censorship feeds directly into the narratives peddled by the hate groups.

                                                                              Any circumstance would be bent to fit their narrative, so this isn’t particularly relevant to informing policy.

                                                                              1. 5

                                                                                Sort of, but there’s a little more to it than just that.

                                                                                As an outsider, it is hard to sell me on “look at the (((people))) that run everything, fluoridate our water, and steal our precious bodily fluids!”. Like, that’s clearly some neonazi nutjob.

                                                                                But, a smaller complaint–“hey, some metagroup of people don’t like us (nevermind why) and they keep banding together to kick us off of public platforms…you could be next!”–is, critically, able to be backed up with evidence and sold to a rube really easily.

                                                                                We aren’t weakening their positions by engaging in the exact tactics they accuse us of, and, what’s more, we are setting precedent that probably is going to be abused.

                                                                                1. 14

                                                                                  We aren’t weakening their positions by engaging in the exact tactics they accuse us of, and, what’s more, we are setting precedent that probably is going to be abused.

                                                                                  The point of the parent is that they will accuse others of any tactic (and exactly that can be found in relevant playbooks). Opposition is an important democratic property and refusal of support is a the most basic and important form of opposition. And that’s precisely what that strategy aims for.

                                                                                  Following that demand is just as good as dropping dead.

                                                                                  1. 17

                                                                                    We aren’t weakening their positions by engaging in the exact tactics they accuse us of

                                                                                    You absolutely weaken their positions! No platforming is a patently effective way to deny people the ability to spread a fascist message with ease.

                                                                                    Nobody is saying you are forbidden to print your neonazi newspaper, just that the printing press in town will politely decline your business and the community won’t let you set up your table in the farmers market. Go try to pass it out on the street if you want. If you want to spread your message, we won’t make it easy, you’re going to have to add your own effort & money to the mix.

                                                                                    More concretely, 8chan didn’t get null routed: a business decided that it was within their best business interests to decline to take money from a web site linked to multiple fascist terrorist attacks. Another business, one willing to attract a similar clientele will likely extend their service. I find it strange that so many capitalists all over the internet are wringing their hands over this… it’s what the system demands, right?

                                                                                    we are setting precedent that probably is going to be abused

                                                                                    Oh mate, the next time you see coverage of BLM protesting police brutality, people marching against ICE, or a counter protest against the KKK, take a look at the pictures the media puts out: see who is holding riot shields and tear gas guns and which group they’re pointed at.

                                                                                    The state - not just private enterprise - has favored certain categories of speech over others for over a century. In some cases it has been direct, by passing laws that criminalize membership in certain named organizations, and in other cases indirectly through the use of “investigative committees”, surveillance and support of oppositional groups.

                                                                                    1. 10

                                                                                      We aren’t weakening their positions by engaging in the exact tactics they accuse us of

                                                                                      Deplatforming hate groups literally weakens their position. It’s not only acceptable but ethically responsible to do so. Or even ethically necessary: sunlight is not always the best disinfectant.

                                                                                    2. 2

                                                                                      Yes! Also, these arguments ignore that there’s also a tangible effect: labor that needs to be invested to build the features yourselves.

                                                                                    3. 4

                                                                                      Google delisted 8chan a long time ago because people kept (keep?) posting child exploitation images in there.

                                                                                    4. -1

                                                                                      Wow, be careful on that slippery slope! They should really put up a caution sign or something…

                                                                                      1. 6

                                                                                        …slippery slope? A quote from a later comment on this post…

                                                                                        MasonJar avatar MasonJar 1 hour ago | link |

                                                                                        Uhhh guys, seems to be a bit of an update on this, but it seems that the free-speech-absolutist CDN BitMitigate, which took over 8chan’s service and was also serving DailyStormer, was just taken down by its upstream provider, Voxility. Is this getting disturbing to anybody yet? If you’re okay with a website that doesn’t censor opinions you don’t like being dropped by companies providing services to it, are you also okay with an internet service provider being dropped by its upstream provider because it refuses to terminate services to that website?

                                                                                        1. 3

                                                                                          I don’t see how this outcome has anything to do with the alarmism of the parent post.

                                                                                          And, although you didn’t ask:

                                                                                          Are you also okay with an internet service provider being dropped by its upstream provider because it refuses to terminate services to that website?

                                                                                          Yes, absolutely: this was a good and correct maneuver by the upstream provider.

                                                                                          1. 2

                                                                                            I replied to the comment in question here:

                                                                                            https://lobste.rs/s/j72cp9/terminating_service_for_8chan#c_pgcwks

                                                                                      1. 2

                                                                                        One theoretical Windows-based solution would be to add UTF-8 as a “legacy” multi-byte character set, since the Windows API is familar with those and has functions to comprehend them. The problem is you’d have to use the non-wide APIs to do so, AFAIK.

                                                                                        1. 2

                                                                                          Recently I’ve been thinking that a lot of these encoding problems could have been solved/prevented if there was some way of telling which character encoding a piece of text uses. For example, if the first byte (or two bytes) of every string was used to identify the encoding. e.g. 0x01 would be ASCII, 0x02 ISO-8859-1, etc.

                                                                                          With this, there would be no need for encoding anything with backward-compatible hacks like UTF-8 or UTF-16: old character encodings would be marked as “ASCII” or “UCS-2” and keep working just fine. It would also mean it’ll be easier to “use the right encoding for the job”.

                                                                                          This would require updating a lot of tools and APIs; but not really more so than making everything “8 bit clean” or “unicode clean”.

                                                                                          The currently popular solution is “UTF-8 everywhere”, but I’m left wondering if we’ll be reading “The Tragedy of UTF-8” in 20 years time…

                                                                                          1. 3

                                                                                            This breaks down as soon as you start concatenating strings: greek_text + cyrillic_text

                                                                                            • If you insist on unifying both to a single encoding, there’s no codepage that handles both, so you have a half-garbage string.

                                                                                            • If you preserve both codepage markers, now you have markers in the middle of a string. Processed text may end up with any number of markers anywhere, so you end up with a variable-width encoding that is more annoying than UTF-8 with none of its advantages.

                                                                                            1. 2

                                                                                              This is exactly what some OSes do already. Conversions can be performed transparently when opening files based on what’s requested versus what’s marked about the file. It does mean some complications when storing files, but the ones from munging strings together at runtime would probably be the same:

                                                                                                                             Display Attributes                               
                                                                                                                                                                              
                                                                                               Object . . . . . . :   /home/calvin/ccsid.c                                    
                                                                                                                                                                              
                                                                                               Type . . . . . . . . . . . . . . . . . :   STMF                                
                                                                                                                                                                              
                                                                                              [...]
                                                                                                                                                                              
                                                                                               Coded character set ID . . . . . . . . :   819                                 
                                                                                              [...]                                                                   
                                                                                              
                                                                                              1. 2

                                                                                                Windows already does this with a byte order mark, UNIX doesn’t because it outright ruins a lot of utilities. Is that first byte a byte order mark or two ASCII characters? etc. etc.

                                                                                                It’s been 20 years and UTF-8 has been the standard for those 20 years, except when it’s transcoded to UTF-16 for internal use. I don’t envision seeing the death of UTF-8 any time soon, even if I personally have some huge problems with certain aspects of it (like how emoji and flags are constructed and how even transcoding to UTF-16 and normalizing it doesn’t save you from having to deal with multi-graphene -> single visible character combinators).

                                                                                                1. 2

                                                                                                  I mean… There are a lot of registries of encodings, and a lot of standards for attaching an identifier from those registries to a piece of text. There’s enough, in fact, that we could reasonably benefit from a registry of registries… I’m not convinced this is a tractable problem.

                                                                                                1. 4

                                                                                                  Tragic that this wasn’t about function pointers with the article title “Here’s my number so call me maybe”.

                                                                                                  1. 1

                                                                                                    Tired: function pointers

                                                                                                    Wired: function descriptors (when your function pointers dont point to an instruction, but to a structure describing the needed values to load into registers to make the call - a victim of bad calling conventions)

                                                                                                  1. 3

                                                                                                    L4 [IBM System/3x0] happens to be one in which you can tell the length of the instruction from the first few bits, has a fairly regular instruction decode, has relatively few addressing modes, no indirect addressing. In fact, a big subset of its instructions are actually fairly RISC-like, although another subset is very CISCy.

                                                                                                    IIRC, it might be because of the Model 44, which had a simplified decoder (limited instruction forms, less direct-memory) in exchange for greater integer performance - arguably a kind of ur-RISC.

                                                                                                    1. 8

                                                                                                      The comment field there doesn’t permit editting and correcting typos…..

                                                                                                      So let me try again here…

                                                                                                      In a galaxy far far away….

                                                                                                      Larry Wall wondered why he needed to learn 3 pretty bad languages, sh, awk, sed…., and devised perl as the Grand Unifying Language.

                                                                                                      Perl sadly borrowed too much from it’s inspirations, and wasn’t much more readable.

                                                                                                      Then Matz came along and resolved to borrow the best from perl and scheme and ….. and make something more powerful than them all, yet more readable.

                                                                                                      It’s called Ruby.

                                                                                                      And yes, you can do everything in Ruby, in one line if you must, that you can do in bash, awk, sed, jq, perl…. but in a more powerful and maintainable form.

                                                                                                      All this has been available for decades, why are we (still) bashing (pun intended) our heads against the Lowest Common Denominator?

                                                                                                      1. 8

                                                                                                        serious question: what does “doing some awk in Ruby” look like? This might be a pretty big motivator for me to finally figure out Ruby for scripting (I’m more of a Python guy myself but awk works nicely for small scripts on line-oriented stuff when I want a one-liner)

                                                                                                        1. 8

                                                                                                          Compare:

                                                                                                          # Official way of naming Go-related things:
                                                                                                          $ grep -i ^go /usr/share/dict/* | cut -d: -f2 | sort -R | head -n1
                                                                                                          goldfish
                                                                                                          

                                                                                                          Versus Ruby:

                                                                                                          puts(Dir['/usr/share/dict/*-english'].map do |f|
                                                                                                            File.open(f)
                                                                                                              .readlines
                                                                                                              .select { |l| l[0..1].downcase == 'go' }
                                                                                                          end.flatten.sample.chomp)
                                                                                                          

                                                                                                          Simple example, but I think it demonstrates that doing various basic and common tasks are quite a bit more complex to do in Ruby than in the shell.

                                                                                                          That doesn’t mean I’m always in favour of shell scripts – I got that example from an article I wrote saying you shouldn’t use shell scripts – but there are definitely reasons shell scripting persists, even though we have things like Perl and Ruby.

                                                                                                          In that article I wrote “I regret writing most shell scripts [..] and my 2018 new year’s pledge will be to not write any more”. I’ve mostly failed at that new years’ pledge, and have happily continued shelling about. I have started rewritting shell script prototypes to other languages at the first sign of getting hairy though, and that seems like a middle ground that is working well for me (I should update/ammend that article).

                                                                                                          1. 5

                                                                                                            To be fair, it looks like most of the additional complexity in the Ruby code comes from reading files: the first command in the pipeline, grep -i ^re glob, is what becomes

                                                                                                            Dir[glob].map do |f|
                                                                                                              File.open(f)
                                                                                                                .readlines
                                                                                                                .select { |l| l[0..1].downcase == re }
                                                                                                            end.flatten
                                                                                                            

                                                                                                            The rest of the script contributes very little to the Ruby code.

                                                                                                            I suspect this is a recurring theme when trying to replace shell pipelines with programs. Only Perl avoids some of this additional complexity for reading files, I think.

                                                                                                            1. 5
                                                                                                              puts Dir['/usr/share/dict/*-english'].
                                                                                                                flat_map { |f| File.readlines(f).grep(/^go/i) }.
                                                                                                                sample
                                                                                                              
                                                                                                              1. 6

                                                                                                                At least with Ruby I don’t have to constantly cross-reference the man page and my cargo-culted knowledge of Unix’s multitude text manipulation DSLs, all unlike. It’s pretty obvious what it’s doing.

                                                                                                                1. 1

                                                                                                                  Actually you used very little shell there in your first example.

                                                                                                                  You also used grep, cut, sort and head.

                                                                                                                  Why do you assume the backtick operator and the | operator for io doesn’t exist in ruby? In fact why do people assume shell and jq do not exist if you use ruby?

                                                                                                                  Personally I tend to reduce the number of tools involved to reduce the cognitive load of needing to understand each tool to understand the one liner.

                                                                                                                  I balance that against considerations like going IO.read(”|sort -u fileName”) can be a huge performance boost

                                                                                                                  Anyhoo… some examples of ruby onliners

                                                                                                                  http://reference.jumpingmonkey.org/programming_languages/ruby/ruby-one-liners.html

                                                                                                                2. 7

                                                                                                                  Because code in sed or awk that worked a decade ago (or, hell, two years) still works. Ruby code seems to bit rot faster than any other language I’ve use for nontrivial work.

                                                                                                                  Also, with awk, I could put it down for a year, then use it again, and everything I’d need to be productive fits in a small man page. (The same seems to be true of sed, though I don’t use it much.) The Ruby ecosystem moves a lot faster, and if you haven’t been following it closely, catching up will add extra work. (Whether it’s actually going anywhere is neither here nor there.)

                                                                                                                  Yes, awk is a more limited language, but that’s a trade-off – there are upsides, and I know which I’d prefer.

                                                                                                                  1. 1

                                                                                                                    Not true.

                                                                                                                    The awk scripts I wrote decades ago with in Solaris awk which is not quite the same thing as gnu awk.

                                                                                                                    Well thought out growth in a language is good.

                                                                                                                    I find the maintenance burden in ruby rolling forward with language versions is very low.

                                                                                                                    Doubly so since rubocop will often autocorrect stuff.

                                                                                                                  2. 6

                                                                                                                    I don’t know Ruby. But for me these are the reasons why I am writing more and more bash programs:

                                                                                                                    • Bash is my command line. So I am doing a lot of small steps, file modifications, comparing, searching analysing. At some point I can see that some of the steps can be composed and I pull them out of the history, try them out on the console and at some point put them into a script. If Ruby would have a REPL in which I can do all the operations that I am doing on the command line with less typing and more comfort, I would maybe give it a try.

                                                                                                                    • Bash is on every Linux box. Ruby is not.

                                                                                                                    1. 4

                                                                                                                      Ruby does have a REPL. It’s called IRB and it comes with every Ruby installation. I use it exactly as you describe, for composing small programs iteratively.

                                                                                                                      1. 1

                                                                                                                        Are you using the Ruby REPL as your daily all-time console or just when you have in mind to create a program? I am asking honestly because I do not know anything about Ruby or their REPL and I am quite interested how good this REPL is as a replacement for the daily life?

                                                                                                                        My point is that shell scripts are a by-product of using the shell for doing manual tasks. And I get better and better at my shell usage, and even after 20 years of shell usage I am still discovering new features or ways to do something in a more efficient way. While the shell language is really ugly, but being very succinct plus the composition of unix commands, the history, the prompt customization, the possibility to have vi mode for editing (and I probably forgot a lot of features), all this makes using shell such an efficient tool.

                                                                                                                        1. 2

                                                                                                                          Well, no, not as my daily shell. I dislike shell scripting enough that I switch to Ruby pretty quickly if I’m having to spend any amount of time or effort on a task, but it’s not meant to be a replacement for bash/zsh/fish.

                                                                                                                      2. 3

                                                                                                                        Bash is on every Linux box. Ruby is not.

                                                                                                                        Let’s not limit ourselves here. For those not using Bash and/or Linux, how about this:

                                                                                                                        • Bourne-compatible $SHELL is on every Unix box. Ruby is not.
                                                                                                                        1. 2

                                                                                                                          Bash is on every Linux box. Ruby is not.

                                                                                                                          So is ed.

                                                                                                                          However sudo apt install ruby solves that problem.

                                                                                                                          And yes, ruby does have a REPL.

                                                                                                                          1. 2

                                                                                                                            apt: command not found.

                                                                                                                            sudo: permission denied

                                                                                                                            $

                                                                                                                            1. 2

                                                                                                                              Have fun with ed then, it’s the Standard!

                                                                                                                              https://www.gnu.org/fun/jokes/ed-msg.html

                                                                                                                              1. 1

                                                                                                                                I have written scripts in ed before to do some sufficiently tricky text manipulation. It’s a good tool.

                                                                                                                        2. 5

                                                                                                                          Mostly, because picking up enough jq, awk and sed to be useful is faster than learning the ins and outs of Ruby?

                                                                                                                          I suppose you could make a similar argument about learning Ruby one-liners, but by the time I’m writing a very long bash script, I’m probably writing a larger program anyway, either in Go or Python. Ruby as a language doesn’t have much appeal to me, at least at the moment.

                                                                                                                          Awk, at least, fits very nicely into a small space right next to regex. jq is a bit fiddilier to pick up, but very nice for basic stuff. Sed, I still don’t have down very well, but also is nicely regex adjacent.

                                                                                                                          1. 3

                                                                                                                            I regularly write sed one liners to do refactorings on my Ruby code. Usually the sed call is fed by the result of grep or find. I could write a Ruby one liner to do the same, but it would be a much longer line and escaping would be much more difficult. Ruby is simply not a replacement for the convenience of sed.

                                                                                                                            And maintainability is a red herring here: the whole point of something like sed is that you use it for one-off commands.

                                                                                                                            1. 2

                                                                                                                              I’m not that experienced with jq, but when it comes to awk (and sed), one of their benefits is that you can easily write a program in the shell, since they act as glue between pipe operations.

                                                                                                                              For example, to filter out all lines that have less than 4 characters, all you have to write is

                                                                                                                              ... | awk 'length >= 5' | ...
                                                                                                                              

                                                                                                                              no imports or types required. It was made for stuff like this, which makes it easy to use. I’ve only read a book about Ruby a few years ago, but to process stdin/out this was should require a bit more overhead, shouldn’t it?

                                                                                                                              1. 1

                                                                                                                                One part of your history lesson is missing: Paul McCarthy and Steve Russell saw what was going to happen and pre-emptively invented Lisp. And yes, you can do everything in Lisp, in one line if you must, that you can do in bash, awk, sed, jq, perl… but in a more powerful and maintainable form.

                                                                                                                                ;)

                                                                                                                                1. 2

                                                                                                                                  s/Paul/John/

                                                                                                                                  This gotta be one of my most common brainarts…

                                                                                                                                  1. 2

                                                                                                                                    It was Yoko’s fault.

                                                                                                                                  2. 1

                                                                                                                                    Ruby equivalents of the basic awk and sed examples from the article, as examples of Ruby one-liner structure:

                                                                                                                                    • AWK: awk '{print $1}' logs.txt
                                                                                                                                      • Ruby: cat logs.txt | ruby -ne 'puts $_.split[0]'
                                                                                                                                      • Ruby: cat logs.txt | ruby -ane 'puts $F[0]'
                                                                                                                                    • sed: sed 's/^[^ ]*//' logs.txt |sed 's/"[^"]*"$//'
                                                                                                                                      • Ruby: cat logs.txt | ruby -ne 'puts $_.gsub(/^[^ ]*/, "").gsub(/"[^"]*"$/, "")'
                                                                                                                                  1. 18

                                                                                                                                    People still call ARM a “RISC” architecture despite ARMv8.3-A adding a FJCVTZS instruction, which is “Floating-point Javascript Convert to Signed fixed-point, rounding toward Zero”. Reduced instruction set, my ass.

                                                                                                                                    This seems a bit like a “no true Scotchman” to me. Just because ARM has a bunch of instructions that solve specific cornercases, doesn’t mean it’s no longer “reduced”. It still has much fewer instructions than the dominant CISC architecture (by an order of a magnitude). Reduced is not the same as “absolute minimum”.

                                                                                                                                    “Pure ideas” like “only use the bare minimum instruction set” rarely work well in practice, hence FJCVTZS and other exceptions, which is perfectly reasonable, and doesn’t make ARM “not RISC”.

                                                                                                                                    1. 16

                                                                                                                                      Just because ARM has a bunch of instructions that solve specific cornercases, doesn’t mean it’s no longer “reduced”. It still has much fewer instructions than the dominant CISC architecture (by an order of a magnitude). Reduced is not the same as “absolute minimum”.

                                                                                                                                      I kinda agree in a theoretical sense, but I think that redefines what RISC means really heavily. When RISC was first invented, it really meant three things: load/store architecture with lots of registers, all instructions the same length, and…well, it did effectively mean a minimalist, if not minimal, instruction set. Some CPUs carried that a lot further than others (e.g. SPARC originally didn’t even have multiply and divide instructions, many didn’t allow unaligned loads, etc.), but all had markedly smaller instruction sets than their contemporary CISC counterparts, frequently from a mixture of fewer addressing modes and genuinely cutting out stuff.

                                                                                                                                      Modern ARM might have fewer instructions in practice than AMD64, which is the comparison I assume you’re making with “the dominant CISC architecture”. I’m not sure, to be honest, because things like NEON and FJCVTZS add tons to the ARM side, and AMD64 cuts out whole subsystems when running in 64-bit mode. But modern ARM definitely has more instructions than the 68k and x86 that were around when these terms were hatched. Hell, I can definitely spit out the entire 68020 instruction set from memory, and probably get close on the 80486 if we exclude the FPU, but there’s no way I can regurgitate the entire current ARM instruction set. It’s freaking huge. The only things I see RISC-like in the classical definition about a modern ARM CPU is the fact that all the instructions are the same length and there are plenty of registers. You can convince me that merely having something like NEON can still be a RISC CPU, but FJCVTZS definitely doesn’t fit the classical definition of RISC.

                                                                                                                                      And while I wouldn’t phrase things quite the way the article did, I think it’s true: what RISC ultimately brought to the stable was a reset of a bunch of classical CISC instruction sets that allowed it to run a lot faster. Most modern RISC CPUs (including e.g. PowerPC) have tons and tons and tons of instructions. And that’s fine. The right answer ended up being more in the middle than initially anticipated.

                                                                                                                                      1. 6

                                                                                                                                        The only things I see RISC-like in the classical definition about a modern ARM CPU is the fact that all the instructions are the same length and there are plenty of registers

                                                                                                                                        uhh, how about the fact that it’s a load-store architecture, instead of having other instructions directly reference memory? That feels like the defining “RISCiness” trait these days.

                                                                                                                                        1. 2

                                                                                                                                          Yeah, that’s fair. Although I actually thought ARM had added some stuff in the newer multimedia instructions that were basically fused operation/store instructions. But that’s not my wheelhouse, so I may have misunderstood or it might’ve been a different CPU.

                                                                                                                                        2. 2

                                                                                                                                          The only things I see RISC-like in the classical definition about a modern ARM CPU is the fact that all the instructions are the same length…

                                                                                                                                          Aren’t Thumb instructions variable length?

                                                                                                                                          1. 1

                                                                                                                                            Thumb is halfword length.

                                                                                                                                            1. 1

                                                                                                                                              Thumb instructions can be 16-bit or 32-bit in length. That sounds like variable length to me.

                                                                                                                                              1. 7

                                                                                                                                                There is a significant difference between instructions that vary from 1 to 17 bytes (x86) and instructions that are 2 or 4 bytes (Thumb2). The former is much more complex than the latter.

                                                                                                                                                1. 4

                                                                                                                                                  Thumb2 is a variable-length instruction set. x86 is an absolutely-bonkers-length instruction set. :-P

                                                                                                                                                  1. 2

                                                                                                                                                    I guess that fits the idea that ARM doesn’t live up to the ideal of RISC but is still more RISC-like than CISC-like?

                                                                                                                                          2. 10

                                                                                                                                            It still has much fewer instructions than the dominant CISC architecture (by an order of a magnitude).

                                                                                                                                            It probably has fewer of them, but I don’t think the difference is an order of magnitude. The base ISA of x86 is of course much larger, but both x86 and ARM have multiple ways to do floating-point operations and SIMD (x87, MMX, 3DNow!, SSE, AVX vs FP, VFP, iwMMXt, NEON, SVE, not counting all the different versions). ARM also has multiple instruction encodings: ‘normal’ ARM (32-bit), old and obsoleted Thumb (16-bit), ThumbEE/T32 (variable-length), A64 (64-bit).

                                                                                                                                            From this, I can only conclude the words “CISC” and “RISC” don’t mean that much these days. If you want to learn about CPUs, it’s better to look at how they actually work instead of reiterating the debates on their design from decades ago. Secondly, the newer x86 additions look relatively “RISC-like” (SSE and friends don’t have funky loop instructions, x86_64 registers are general-purpose, …) and some RISCs (or companies that used to make RISC chips) have adopted more CISC-like approaches in some of their designs (PPC and IBM, anyone?).

                                                                                                                                            1. 6

                                                                                                                                              A64 (64-bit)

                                                                                                                                              A64 instructions operate on 64-bit values, but themselves are 32 bits long.

                                                                                                                                              the words “CISC” and “RISC” don’t mean that much these days

                                                                                                                                              Indeed. I think one meaningful distinction is “load-store vs x86 style operations-on-memory-addresses”, and “RISC vs CISC” seems to be sort of becoming a shorthand for that??

                                                                                                                                            2. 2

                                                                                                                                              It looks complex (pdf) compared to early RISC’s. That was 2008. It’s grown since then.

                                                                                                                                              1. -2

                                                                                                                                                “Floating-point Javascript Convert to Signed fixed-point, rounding toward Zero”

                                                                                                                                                Maybe people just need to build better languages …

                                                                                                                                              1. 12

                                                                                                                                                People still call ARM a RISC architecture because RISC is about timing and load/store, not about instruction count, a common misconception.

                                                                                                                                                1. 3

                                                                                                                                                  Timing isn’t that much of an issue anymore I think, now that there are out-of-order superscalar implementations of x86, ARM, PPC, and even m68k (remember m68k?).

                                                                                                                                                  RISCs only became successful when those chips started to have pipelining (see: MIPS, ARM2), otherwise there would be too much decoding overhead, compared to architectures that have eg. specific instructions for loops (rep and loop(cc) in x86, djnz in Z80, bne with pre-decrement addressing mode in 68k, …)

                                                                                                                                                  1. 2

                                                                                                                                                    Perhaps also instruction format (predictable forms, fixed-length) though this isn’t guaranteed; ARM has Thumb, PPC has VLE, and ROMP was dual-length.

                                                                                                                                                  1. 3

                                                                                                                                                    It’s unfortunate that most of these posts clump C with C++. Yes, it does reference Modern C++ Won’t Save Us. The question I would love answered is, does modern C++ solve 80% of the problems? Because 80% is probably good enough IMO if solving for 99% distracts us from other important problems.

                                                                                                                                                    1. 11

                                                                                                                                                      The question I would love answered is, does modern C++ solve 80% of the problems?

                                                                                                                                                      The reason this isn’t really answered is because the answer is a very unsatisfying, “yes, kinda, sometimes, with caveats.”

                                                                                                                                                      The issues highlighted Modern C++ Won’t Save Us are not straw men; they are real. The std::span issue is one I’ve actually hit, and the issues highlighted with std::optional are likewise very believable. They can and will bite you.

                                                                                                                                                      On the other hand, there is nothing keeping you from defining a drop-in replacement for e.g. std::optional that simply doesn’t define operator* and operator->, which would suddenly and magically not be prone to those issues. As Modern C++ Won’t Save Us itself notes, Mozilla has done something along these lines with std::span, too, preventing it from the use-after-free issue that the official standard allows. These structures behave the way they do because they’re trying to be drop-in replacements for bare pointers in the 90% case, but they’re doing it at the cost of safety. If you’re doing a greenfield C++ project, you can instead opt for safe variants that aren’t drop-in replacements, but that avoid use-after-free, buffer overruns, and the like. But those are, again, not the versions specified to live in std::.

                                                                                                                                                      And that’s why the answer is so unsatisfying: with std::move, rvalue references, unique_ptr, and so on give you the foundation for C++ to be…well, certainly not Rust, but a lot closer to Rust than to C. But the standard library, due to a mixture of politics and a strong desire for backwards compatibility with existing codebases, tends to opt for ergonomics over security.

                                                                                                                                                      1. -1

                                                                                                                                                        I think you hit the nail on the head, C++ is ergonomic. I guess I don’t like the idea that Rust would get in the way of me expressing my ideas (even if they are bad). Something about that is offensive to me. But of course, that isn’t a rational argument.

                                                                                                                                                        Golang, on one hand, is like speaking like a 3-year-old, and Rust is peaking the language in 1984. C++, on the other hand, is kind of poetic. I think that people forget software can be art and self-expression, just as much as it can be functional.

                                                                                                                                                        1. 10

                                                                                                                                                          I guess I don’t like the idea that Rust would get in the way of me expressing my ideas (even if they are bad). Something about that is offensive to me.

                                                                                                                                                          Isn’t it more offensive to tell users that you are putting them at greater risk of security vulnerabilities because you don’t like to be prevented from expressing yourself?

                                                                                                                                                          1. 3

                                                                                                                                                            That’s an original take on it.

                                                                                                                                                          2. 6

                                                                                                                                                            It doesn’t get in the way of expressing your ideas. It gets in the way of you expressing them in a way where it can’t prove they’re safe. A way where the ideas might not actually work in production. That’s a distinction I think is worthwhile.

                                                                                                                                                            1. 5

                                                                                                                                                              I think we agree strongly that Rust constrains what you can say. Where we have different tastes is that I like that. To me, it’s the kind of constraint that sparks artistic creativity, and by reasoning about my system so that I can essentially prove that its memory access patterns are safe, I think I get a better result.

                                                                                                                                                              But I understand how a different programmer, or in different circumstances, would value the freedom to write pretty much any code they like.

                                                                                                                                                              1. 3

                                                                                                                                                                I don’t like the idea that Rust would get in the way of me expressing my ideas

                                                                                                                                                                Every language allows you to express yourself in a different way; a Javascript programmer might say the same of C++. There is poetry in the breadth of concepts expressible (and inexpressible!) in every language.

                                                                                                                                                                I started out with Rust by adding .clone() to everything that made it complain about borrowing, artfully(?) skirting around the parts that seem to annoy everyone else until I was ready. Sure, it might have made it run a bit slower, but I knew my first few (er, several) programs would be trash anyway while I got to grips with the language. I recommend it if you’re curious but reticent about trying it out.

                                                                                                                                                                – The Rust Evangelion Strike Force

                                                                                                                                                                1. 3

                                                                                                                                                                  That is true, you have to do things “Rust way” rather than your way. People do react with offense to “no, you can’t just modify that!”

                                                                                                                                                                  However, I found Rust gave me a vocabulary and building blocks for common patterns, which in C I’d “freestyle” instead. Overall this seems more robust and readable, because other Rust users instantly recognize what I’m trying to do, instead of second-guessing ownership of pointers, thread-safety, and meaning of magic booleans I’d use to fudge edge cases.

                                                                                                                                                              2. 5

                                                                                                                                                                Tarsnap is written in C. I think it’s ultra unfortunate that C has gotten a bad rap due to the undisciplined people who use it.

                                                                                                                                                                C and C++ are tools to create abstractions. They leave many ways to burn yourself. But they also represent closely how machines actually work. (This is more true of C than C++, but C is a subset of C++, so the power is still there.)

                                                                                                                                                                This is an important quality often lost in “better” programming languages. It’s why most software is so slow, even when we have more computing power than our ancestors could ever dream of.

                                                                                                                                                                I fucking love C and C++, and I’m saddened to see it become a target for hatred. People have even started saying that if you actively choose C or C++, you are an irresponsible programmer. Try writing a native node module in a language other than C++ and see how far you get.

                                                                                                                                                                1. 25

                                                                                                                                                                  Tarsnap is written in C. I think it’s ultra unfortunate that C has gotten a bad rap due to the undisciplined people who use it.

                                                                                                                                                                  I think the hate for C and C++ is misplaced; I agree. But I also really dislike phrasing the issue the way you have, because it strongly implies that bugs in C code are purely due to undisciplined programmers.

                                                                                                                                                                  The thing is, C hasn’t gotten a bad rap because undisciplined people use it. It’s gotten a bad rap because disciplined people who use it still fuck up—a lot!

                                                                                                                                                                  Is it possible to write safe C? Sure! The techniques involved are a bit arcane, and probably not applicable to general programming, but sure. For example, dsvpn never calls malloc. That’s definitely a lot safer than normal C.

                                                                                                                                                                  But that’s not the default, and not doing it that way doesn’t make you undisciplined. A normal C program is gonna have to call malloc or mmap at some point. A normal C program is gonna have to pass around pointers with at least some generic/needs-casting members at some point. And as soon as you get into those areas, C, both the language and the ecosystem, make you one misplaced thought away from a vulnerability.

                                                                                                                                                                  This is an important quality often lost in “better” programming languages. It’s why most software is so slow, even when we have more computing power than our ancestors could ever dream of.

                                                                                                                                                                  You’re flirting around a legitimate issue here, which is that some languages that are safer (e.g. Python, Java, Go) are arguably intrinsically slower because they have garbage collection/force a higher level of abstraction away from the hardware. But languages like Zig, Rust, and (to be honest) bygones like Turbo Pascal and Ada prove that you don’t need to be slower to be safer, either in compilation or runtime. You need stricter guarantees than C offers, but you don’t need to slow down the developer in any other capacity.

                                                                                                                                                                  No, people shouldn’t hate on C and C++. But I also don’t think they’re wrong to try very hard to avoid C and C++ if they can. I think you are correct that a problem until comparatively recently has been that giving up C and C++, in practice, meant going to C#, Java, or something else that was much higher on the abstraction scale than you needed if your goal were merely to be a safer C. But I also think that there are enough new technologies either already here or around the corner that it’s worth admitting where C genuinely is weak, and looking to those technologies for help.

                                                                                                                                                                  1. 2

                                                                                                                                                                    You need stricter guarantees than C offers, but you don’t need to slow down the developer in any other capacity.

                                                                                                                                                                    Proven in a couple of studies with this one (pdf) being the best. I’d love to see a new one using Rust or D.

                                                                                                                                                                    1. 1

                                                                                                                                                                      I also really dislike phrasing the issue the way you have, because it strongly implies that bugs in C code are purely due to undisciplined programmers.

                                                                                                                                                                      You dislike the truth, then. If you don’t know how to free memory when you’re done with it and then not touch that freed memory, you should not be shipping C++ to production.

                                                                                                                                                                      You namedrop Rust. Note that you can’t borrow subsets of arrays. Will you admit that safety comes at a cost? That bounds checking is a cost, and you won’t ever achieve the performance you otherwise could have, if you have these checks?

                                                                                                                                                                      Note that Rust’s compiler is so slow that it’s become a trope. Any mention of this will piss off the Rust Task Force into coming out of the woodwork with how they’ve been doing work on their compiler and “Just wait, you’ll see!” Yet it’s slow. And if you’re disciplined with your C++, then instead of spending a year learning Rust, you may as well just write your program in C++. It worked for Bitcoin.

                                                                                                                                                                      It worked for Tarsnap, Emacs, Chrome, Windows, and a litany of software programs that have come before us.

                                                                                                                                                                      I also call to your attention the fact that real world hacks rarely occur thanks to corrupted memory. The most common vector (by far!) to breach your corporation is via spearphishing your email. If you analyze the amount of times that a memory corruption actually matters and actually causes real-world disasters, you’ll be forced to conclude that a crash just isn’t that significant.

                                                                                                                                                                      Most people shy away from these ideas because it offends them. It offended you, by me saying “Most programmers suck.” But you know what? It’s true.

                                                                                                                                                                      I’ll leave off with an essay on the benefits of fast software.

                                                                                                                                                                      1. 12

                                                                                                                                                                        It worked for […] Chrome

                                                                                                                                                                        It’s difficult for me to reconcile this with the perspective of a senior member of the Chrome security team: https://twitter.com/fugueish/status/1154447963051028481

                                                                                                                                                                        Chrome, Chrome OS, Linux, Android — same problem, same scale.

                                                                                                                                                                        Here’s some of the Fish in a Barrel analysis of Chrome security advisories:

                                                                                                                                                                        1. 1

                                                                                                                                                                          This implies an alternative could have been used successfully.

                                                                                                                                                                          Even today, would anyone dare write a browser in anything but C++? Even Rust is a gamble, because it implies you can recruit a team sufficiently proficient in Rust.

                                                                                                                                                                          Admittedly, Rust is a solid alternative now. But most companies won’t make the switch for a long time.

                                                                                                                                                                          Fun exercise: Criticize Swift for being written in C++. Also V8.

                                                                                                                                                                          C++ is still the de facto for interoperability, too. If you want to write a library most software can use, you write it in C or C++.

                                                                                                                                                                          1. 13

                                                                                                                                                                            C++ is still the de facto for interoperability, too.

                                                                                                                                                                            C is the de facto for interoperability. C++ is about as bad as Rust, and for the same reason: you can’t use generic types without compiling a specialized version of the template-d code.

                                                                                                                                                                            1. 8

                                                                                                                                                                              You’re shifting the goalposts here. “No practical alternative to C++” is altogether unrelated to “C and C++ are perfectly safe in disciplined programmers’ hands” which you claimed above.

                                                                                                                                                                              And no, empirically they are not safe, a few outlier examples notwithstanding (and other examples like Chrome and Windows don’t really support your claim). It’s also illogical to suggest that just because there are a handful of developers in the world who managed to avoid all the safety issues in their code (maybe), C and C++ are perfectly fine for wide industry use by all programmers, who, in your own view, aren’t disciplined enough. Can’t you see that it doesn’t follow? I can never understand why people keep making this claim.

                                                                                                                                                                              1. -1

                                                                                                                                                                                Also known as “having a conversation.”

                                                                                                                                                                                But, sure, let’s return to the original claim:

                                                                                                                                                                                C and C++ are perfectly safe in disciplined programmers’ hands

                                                                                                                                                                                Yes, I claim this with no hubris, as someone who has been writing C++ off and on for well over a decade.

                                                                                                                                                                                I’m prepared to defend that claim with my upcoming project, SweetieKit (NodeJS for iOS). I think overall it’s quite safe, and that if you manage to crash while using it, it’s because you’ve used the Objective-C API in a way that would normally crash. For example, pick apart the ARKit bindings: https://github.com/sweetiebird/sweetiekit/tree/cb881345644c2f1b2ac1a51032ec386d1ddb7ced/node-ios-hello/NARKit

                                                                                                                                                                                I don’t think SweetieKit could have been made in any other language, partly because binding to V8 is difficult from any other language.

                                                                                                                                                                                I do not claim at the present time that there are no bugs in SweetieKit (nor will I ever). But I do claim that I know where most of them probably are, and that there are few unexpected behaviors.

                                                                                                                                                                                Experience matters. Discipline matters. Following patterns, matters. Complaining that C++ is inherently unsafe is like claiming that MMA fighters will inherently lose: the claim makes no sense, first of all, and it’s not true. You follow patterns while fighting. And you follow patterns while programming. Technique matters!

                                                                                                                                                                                1. 5

                                                                                                                                                                                  Perhaps you are one of the few sufficiently disciplined programmers! But I really can’t agree with your last paragraph when, for example, Microsoft says this:

                                                                                                                                                                                  the root cause of approximately 70% of security vulnerabilities that Microsoft fixes and assigns a CVE (Common Vulnerabilities and Exposures) are due to memory safety issues. This is despite mitigations including intense code review, training, static analysis, and more.

                                                                                                                                                                                  I think you have a point about the impact of these types of issues compared to social engineering and other attack vectors, but I’m not quite sure that it’s sufficient justification if there are practical alternatives which mostly remove this class of vulnerabilities.

                                                                                                                                                                                  1. 1

                                                                                                                                                                                    For what it’s worth, I agree with you.

                                                                                                                                                                                    But only because programmers in large groups can’t be trusted to write C++ safely in an environment where safety matters. The game industry is still mostly C++ powered.

                                                                                                                                                                                    1. 3

                                                                                                                                                                                      I agree with that. I’ll add that games:

                                                                                                                                                                                      (a) Have lots of software problems that even the players find and use in-game.

                                                                                                                                                                                      (b) Sometimes have memory-related exploits that have been used to attack the platforms.

                                                                                                                                                                                      (c) Dodge lots of issues languages such as Rust address with the fact that you can use memory pools for a lot of stuff. I’ll also add that’s supported by Ada, too.

                                                                                                                                                                                      Preventable, buggy behavior in games developed by big companies continues to annoy me. That’s a sampling bias that works in my favor. If what I’ve read is correct, they’re better and harder-working programmers than average in C++ but still have these problems alternatives are immune to.

                                                                                                                                                                                      1. 3

                                                                                                                                                                                        That, and games encourage an environment of ignoring security or reliability in favour of getting the product out the door, and then no long-term maintenance. If it weren’t for the consoles, they wouldn’t even have security on their radar.

                                                                                                                                                                                        1. 1

                                                                                                                                                                                          Yeah. On top of it, the consoles showed how quickly the private market could’ve cranked out hardware-level security for our PC’s and servers… if they cared. Also, what the lower end of the per-unit price might be.

                                                                                                                                                                              2. 6

                                                                                                                                                                                Would anyone dare write a browser in anything but C++?

                                                                                                                                                                                That’s preeeetty much the whole reason Mozilla made Rust. It now powers a decent chunk of Firefox, esp the performance-sensitive parts like, say, the rendering engine.

                                                                                                                                                                            2. 5

                                                                                                                                                                              If you don’t know how to free memory when you’re done with it and then not touch that freed memory, you should not be shipping C++ to production.

                                                                                                                                                                              Did you ever botch up memory management? If you say “no” I am going to assume you haven’t ever used C nor C++.

                                                                                                                                                                              1. 5

                                                                                                                                                                                There’s a difference between learning and shipping to production.

                                                                                                                                                                                Personally, I definitely can’t get memory management right by myself and I’m pretty suspicious of people who claim they can, but people can and do write C++ that only has a few bugs.

                                                                                                                                                                                1. 5

                                                                                                                                                                                  There’s always one or other edge case that make it slip into prod even with the experts. A toolchain on a legacy project that has no santizer flags you are used to. An integrated third party library with ambiguous lifecycle description. A tired dev on the end of a long stint. Etc etc.

                                                                                                                                                                                  Tooling helps, but anytime you have an allocation bug caught in that safety net means you screwed up on your part.

                                                                                                                                                                                  1. 5

                                                                                                                                                                                    Amen. I thought I was pretty good a while back having maintained a desktop app for years (C++/MFC (yeah, I know)). Then I got on a team that handles a large enterprise product - not exclusively C++ but quite a bit. There are a couple of C++ guys on the team that absolutely run circles around me. Extremely good. Probably 10x good. It was (and has been) a learning experience. However, every once in a while we will still encounter a memory issue. It turns out that nobody’s perfect, manual memory management is hard (but not impossible), and sometimes things slip through. Tooling helps tremendously - static analyzers, smarter compilers, and better language features are great if you have access to them.

                                                                                                                                                                                    I remember reading an interview somewhere in which Bjarne Stroustrup was asked where felt he was on a scale of 1-10 as a C++ programmer. His response, iirc, was that he was a solid 7. This from the guy who wrote the language (granted, standardization has long since taken over.) His answer was in reference to the language as a whole rather than memory management in particular, but I think it says an awful lot about both.

                                                                                                                                                                                    1. 4

                                                                                                                                                                                      My first job included a 6 month stint tracking down a single race condition in a distributed database. Taught me quite a bit about just how hard it is to get memory safety right.

                                                                                                                                                                                      1. 2

                                                                                                                                                                                        You’re probably the kind of person that might be open-minded to the idea that investing some upfront work into TLA+ might save time later. Might have saved you six months.

                                                                                                                                                                                        1. 2

                                                                                                                                                                                          The employer might not have needed me in 2007 if the original author had used TLA+ (in 1995, when they first built it).

                                                                                                                                                                                          1. 2

                                                                                                                                                                                            Yeah, that could’ve happened. That’s why I said you. As in, we’re better off if we learn the secret weapons ourselves, go to employers who don’t have them, and show off delivering better results. Then, leverage that to level up in career. Optionally, teach them how we did it. Depends on the employer and how they’ll react to it.

                                                                                                                                                                                            1. 2

                                                                                                                                                                                              This particular codebase was ~600k lines of delphi, ~100k of which was shared between 6 threads (each with their own purpose). 100% manually synchronized (or not) with no abstraction more powerful than mutexes and network sockets.

                                                                                                                                                                                              It took years to converge on ‘only crashes occasionally’, and has never been able to run on a hyperthreaded CPU.

                                                                                                                                                                                              1. 1

                                                                                                                                                                                                Although Delphi is nice, it has no tooling for this that I’m aware of. Finding the bugs might have to be a manual job. Whereas, Java has a whole sub-field dedicated to producing tools to detect this. They look for interleavings, often running things in different orders to see what happens.

                                                                                                                                                                                                “~100k of which was shared between 6 threads (each with their own purpose).”

                                                                                                                                                                                                That particularly is the kind of thing that might have gotten me attempting to write my own race detector or translator to save time. It wouldn’t surprise me if the next set of problems took similarly long to deal with.

                                                                                                                                                                                  2. 1

                                                                                                                                                                                    Oh yes. That’s how you become an expert.

                                                                                                                                                                                    You quickly learn to stick to patterns, and not deviate one millimeter from those patterns. And then your software works.

                                                                                                                                                                                    I vividly remember when I became disillusioned with shared_ptr: I put my faith into magic to solve my problems rather than understanding deeply what the program was doing. And our performance analysis showed that >10% of the runtime was being spent solely incrementing and decrementing shared pointers. That was 10% we’d never get back, in a game engine where performance can make or break the company.

                                                                                                                                                                                    1. 2

                                                                                                                                                                                      Ok, I take it you withheld shipping code into prod until you reached that level of expertise? I’m almost there after 20+ years and feel like a cheat now ;)

                                                                                                                                                                                  3. 4

                                                                                                                                                                                    It’s funny you mention slow compiles given your alternative is C++: the language that had the most people complaining about compile times before Rust.

                                                                                                                                                                                    Far as other comment, the C++ alternative for a browser should be fairly stable. Rust and Ada are safer. D compiles faster for quicker iterations. All can turn off the safety features or overheads on a selective basis where needed. So, yeah, I’d consider starting a browser without C++.

                                                                                                                                                                                    The other problem with C++ for security is that it’s really hard to analyze with few tools compared to just C. There still isn’t even a formal semantics for it because the language itself is ridiculously complicated. Unnecessarily so given more powerful languages, PreScheme and Scheme48, had a verified implementations. It’s just bad design far as security is concerned.

                                                                                                                                                                                2. 6

                                                                                                                                                                                  Comparing something as large as an OS to a project like Tarsnap seems awfully simplistic. C has a bad rap because of undisciplined developers, sure, but also because manual memory management can be hard. The more substantial the code base, the more difficult it can get.

                                                                                                                                                                                  1. 6

                                                                                                                                                                                    Tarsnap is written in C

                                                                                                                                                                                    I want a rule in any conversation about C or C++ that nobody defending what can be done in those languages by most people uses an example from brilliant, security-focused folks such as Percival or DJB. Had I lacked empirical data, I’d not know whether it was just their brilliance or the language contributing to the results they get. Most programmers, even smart ones, won’t achieve what they achieved in terms of secure coding if given the same amount of time and similar incentives. Most won’t anyway given the incentives behind most commercial and FOSS software that work against security.

                                                                                                                                                                                    Long store short, what those people do doesn’t tell us anything about C/C++ because they’re the kind of people that might get results with assembly, Fortran, INTERCAL, or whatever. It’s a sampling bias that shows an upper bound rather than what to expect in general.

                                                                                                                                                                                    1. 8

                                                                                                                                                                                      Right. As soon as you restrict the domain to software written by teams, over a period of time, then it’s game over. Statistically you’re going to get a steady stream of CVE’s, and you can do things to control the rate (like using sanitizers) but qualitatively there’s really nothing you can do about it.

                                                                                                                                                                                    2. 4

                                                                                                                                                                                      My frustration to C is that it makes lots of things difficult and dangerous that really don’t need to be. Ignoring Rust as a comparison, there’s still lots of things that could be improved quite easily.

                                                                                                                                                                                      1. 4

                                                                                                                                                                                        That’s pretty much Zig. C with the low-hanging fruit picked.

                                                                                                                                                                                        1. 0

                                                                                                                                                                                          Now we’re talking! What kind of things could be improved easily?

                                                                                                                                                                                          I like conversations like this because it highlights areas where C’s designers could have come up with something just a bit better.

                                                                                                                                                                                          1. 9

                                                                                                                                                                                            That’s easy. Add slices.

                                                                                                                                                                                            1. 5

                                                                                                                                                                                              A significant amount of the undefined behavior in C and C++ is from integer operations. For example, int x = -1; int y = x << 1; is UB. (I bet if you did a poll of C and C++ programmers, a majority would say y == -2). There have been proposals (Regehr’s Friendly C, some more recent stuff in WG21) but so far they haven’t gotten much traction.

                                                                                                                                                                                              1. 5

                                                                                                                                                                                                I tweeted this as a poll. As of the time I posted the answer, 42% said -2, 16% correctly said it was UB, another 16% said implementation defined, and 26% picked “different in C and C++.” Digging a little further, I’m happy to see this is fixed in the C++20 draft, which has it as -2.

                                                                                                                                                                                                1. 1

                                                                                                                                                                                                  Agreed; int operations are one area I find hard to defend. The best I could come up with is that int64_t should have been the default datatype. This wouldn’t solve all the problems, but it would greatly reduce the surface.

                                                                                                                                                                                            2. 4

                                                                                                                                                                                              I wonder about how well C maps to machine semantics. Consider some examples; for each, how does C expose the underlying machine’s abilities? How would we do this in portable C? I would humbly suggest that C simply doesn’t include these. Which CPU are you thinking of when you make your claim?

                                                                                                                                                                                              • x86 supports several extensions for SIMD logic, including SIMD registers. This grants speed; performance-focused applications have been including pages of dedicated x86 assembly and intrinsics for decades.
                                                                                                                                                                                              • amd64 supports “no-execute” permissions per-page. This is a powerful security feature that helps nullify C’s inherent weaknesses.
                                                                                                                                                                                              • Modern ARM support embedded “thumb” ISAs which trade functionality for size improvements. This is an essential feature of ARM which has left fingerprints on video game consoles, phones, and other space-constrained devices.

                                                                                                                                                                                              Why is software slow? This is a sincere and deep question, and it’s not just about the choice of language. For example, we can write an unacceptably-slow algorithm in any (Turing-equivalent) language, so speed isn’t inherently about choice of language.

                                                                                                                                                                                              I remember how I learned to hate C; I wrote a GPU driver. When I see statements like yours, highly tribal, of forms like, “try writing [a native-code object with C linkage and libc interoperability] in a language other than C[++],” I wonder why you’ve given so much of your identity over to a programming language. I understand your pragmatic points about speed, legacy, interoperability, and yet I worry that you don’t understand our pragmatic point about memory safety.

                                                                                                                                                                                              1. 4

                                                                                                                                                                                                It was designed specifically for the advantages and limitations of the PDP-11 on top of authors’ personal preferences. It’s been a long time since there was a PDP-11. So, the abstract machine doesn’t map to current hardware. Here’s a presentation on its history that describes how many of the “design” decisions came to be. It borrowed a lot from Richard’s BCPL which wasn’t designed at all: just what compiled on even worse hardware.

                                                                                                                                                                                                1. 1

                                                                                                                                                                                                  I keep hearing this trope, but coming from the world of EE, I’m readily convinced it is false. C never was designed to give full access to the hardware.

                                                                                                                                                                                                  1. 1

                                                                                                                                                                                                    The K&R book repeatedly describes it as using data types and low-level ops that reflect the computer capabilities of the time. Close to the machine. Then, it allows full control of memory with pointers. Then, it has an asm keyword to directly program in assembly language. It also was first used to write a program, UNIX, that had full access to and manipulated hardware.

                                                                                                                                                                                                    So, it looks like that claim is false. It was designed to do two things:

                                                                                                                                                                                                    1. Provide an abstract machine close to hardware to increase (over assembly) productivity, maintain efficiency, and keep compiler easy to implement.

                                                                                                                                                                                                    2. Where needed, provide full control over hardware with a mix of language and runtime features.

                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                      Yet even the PDP-11 had a cache. C might have been low enough to pop in to assembly or write to an arbitrary memory position, but that does not mean it ever truly controlled the processor.

                                                                                                                                                                                                      1. 1

                                                                                                                                                                                                        That would be an exception to the model if C programmers routinely control the cache. It wouldn’t be if the cache was an accelerator that works transparently in the background following what program is doing with RAM. Which is what I thought it did.

                                                                                                                                                                                                        Regardless, C allows assembly. If instructions are availsble, it can control the cache with wrapped functions.

                                                                                                                                                                                                2. 1

                                                                                                                                                                                                  In my experience, C is very close to how the processor. Pretty much every C “phoneme” maps to one or two instructions, making it very close to how your processor actually works. The assembly is a bit more expressive, especially when it comes to bit operations and weird floating point stuff (and loads of weird, speciallized stuff), but C can only use features it can expect any reasonable ISA to have. It usually is easily extensible to accomodate the more specific things, far easier than most other languages.

                                                                                                                                                                                                  About your three examples:

                                                                                                                                                                                                  1. Adding proper support for SIMD is difficult, because it is very different between architectures or between versions of an architecture. The problem of designing (in a perfomant way, because if someone is vectorizing by hand, perfomance is important) around these differences is hard enough that I haven’t seen a good implementation. GCC has an extension that tries, but it is a bit of a PITA to use (https://gcc.gnu.org/onlinedocs/gcc/Vector-Extensions.html#Vector-Extensions ). There are relatively easy to use machine specific extensions out there that fit well into the language.

                                                                                                                                                                                                  2. If you malloc anything, you’ll get memory in a non-executable page from any sane allocator. If you want memory with execute permissions, you’ll have to mmap() yourself.

                                                                                                                                                                                                  3. Thumb doesn’t really change the semantics of the logical processor, it just changes the instruction encoding. This is almost completly irrelevant for C.

                                                                                                                                                                                                  You can of course argue that most modern ISAs are oriented around C (I’m looking at you, byte addressability) and not the other way around, but that is a debate for another day.

                                                                                                                                                                                                  1. 2

                                                                                                                                                                                                    “Adding proper support for SIMD is difficult, because it is very different between architectures or between versions of an architecture.”

                                                                                                                                                                                                    There’s been parallel languages that can express that and more for years. C just isn’t up to the task. Chapel is my current favorite given all the deployments it supports. IIRC, Cilk language was a C-like one for data-parallel apps.

                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                      Cilk is a C extension. Also, it is based upon multithreading, not SIMD.

                                                                                                                                                                                                      1. 1

                                                                                                                                                                                                        Oh yeah. Multithreading. Still an example of extending the language for parallelism. One I found last night for SIMD in C++ was here.

                                                                                                                                                                                                3. 3

                                                                                                                                                                                                  I see your point regarding people sh*tting all over C/C++. These are clearly good languages and they definitely have their place. However, I work with C++ pretty frequently (not low-level OS stuff, strictly backend and application stuff on Windows) and I’ve encountered a couple of instances in which people way more capable than I am managed to shoot themselves in the foot. That changed my perspective.

                                                                                                                                                                                                  To be clear, I also love C (mmmm…less C++), and I think that most developers would do well to at least pick up the language and be able to navigate (and possibly patch a large C codebase.) However, I’d also wager that an awful lot of stuff that is written in C/C++ today, probably doesn’t need the low level access that these languages provide. I think this its particularly true now that languages like Rust and go are proving to be both very capable at the same kinds of problems and also substantially little less foot-gunny.

                                                                                                                                                                                                4. 2

                                                                                                                                                                                                  This is a bit tangential, but your link for “Modern C++ Won’t Save Us” points to the incorrect page.

                                                                                                                                                                                                  It should point to: https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/