Threads for calvin
-
I think a lot of the issues outlined here are due to MacOS Ventura. I’m stuck on Monterey, by choice.
The same happened about 10 years ago; I used MacOS 10.9 (Mavericks) all the way from the first public beta until the last security update; it’s hands down the best macOS release ever, but it’s hopelessly outdated by now. It wasn’t until 10.14 (Mojave) that macOS was usable again, all releases in between just didn’t do it for me.
It seems Apple is doing the same thing again; MacOS 10.10 (Yosemite) was a “Vista”, and MacOS 13 (Ventura) is another “Vista”. I’ve contemplated switching to another OS a couple of times, but despite it’s increasing amount of flaws, I still like macOS best.
-
it’s hands down the best macOS release ever
Yeah, no. No. Not even in the top 5.
I am with @david_chisnall here. 10.6 was the best by far.
I’d go so far as to say this is the generally-held opinion. For example: https://morrick.me/archives/9220
After 10.6, well… 10.2 Jaguar started to pull things together nicely. That was a good release.
10.3 Panther was the lightest-weight finished release and runs well even on G3s. I still have at least one 10.3 machine.
10.4 introduces stuff like Spotlight and Dashboard that slowed down the very low-end, unsupported Macs I was using back then. With some hacking you could disable them, though. The last release with Classic, though, so worth keeping around.
10.5, the last PowerPC release, and in the form of Sorbet Leopard, the best release for high-end PowerMacs.
I intentionally omit the early releases which were amazing tech and really showed that Apple had a future, and buying NeXT had been the right thing to do, but were not great experiences to use. Important, though. I also skip Rhapsody and the original Platinum-themed Mac OS X Server.
So, top 5:
- Snow Leopard
- Jaguar
- Panther
- Tiger
- Leopard
-
10.4 introduces stuff like Spotlight and Dashboard that slowed down the very low-end, unsupported Macs I was using back then
It also had a bug that I really hated. If you were using FileVault (which made your home directory an encrypted disk image) then the install worked fine. When you logged in, everything worked fine. Then, the next time you logged out, you ended up with an unreadable home directory. Even more annoyingly, the disk image was readable by 10.3, but I didn’t realise that at the time, so I redid the upgrade from 10.3 and then had to merge the contents of two home directory disk images that each had one month of changes.
My first Mac ran 10.2, but because I bought it after 10.3 was announced it came with a free upgrade to 10.3 a few weeks later and so 10.3 was the first one I ran for a long time. 10.2 introduced Quartz Extreme, which was a bit delta. With 10.1, text rendering was slow. With 10.2, glyphs were rendered to textures and composited on the GPU, which was a huge perf win. On the same hardware, you could scroll smoothly in text-rich windows with 10.2, but not with 10.1.
-
I don’t remember 10.9 as standing out. 10.6 was great: an entire release dedicated to bug fixes and performance improvements. I think it was also the release that introduced Sudden Termination support, which drastically improved the time from reboot to usable system, reduced the data loss from crashes (not common, but they happen, especially application crashes), and made memory usage more efficient. It was probably the only release that I remember where nothing got worse. Most have some things better and some worse, with the ratio changing between releases.
10.7 introduced huge (and ugly) shadows on windows, I can’t remember if it was 10.8 or 10.9 that dialed them back so far that I lost the visual clue of which was the foreground one and kept typing in the wrong window.
APFS in 10.12 was a surprisingly big improvement. I never really had problems with HFS+, but updates with a CoW filesystem were much nicer.
11 is the newest version that supports my hardware, so I haven’t had the joy of Monterey (12) or Ventura (13).
A big part of the problem from my perspective is that few of the new releases have added anything I care about. When the release notes have ‘new emoji’ (i.e. system fonts have a few more glyphs in them) near the top of the list of new features, I might not be the target market. That’s not to say that nothing has improved since 10.6. Timer Coalescing, APFS, the improvements to Spotlight and Time Machine, AirDrop (though I wish this used an open protocol), immutable system images, and a few other things have all been noticeable benefits.
-
10.6 was indeed great, and 10.7 the big signal for me to pack up and leave even though it took a while to finally depart. Up until 10.7 I mainly used Apple hardware/software after leaving Linux (servers were/are still BSD) for Tiger (10.2) - being tired and fed up with Xfree86 (so around the keithp kerfuffle) and Fresco was going nowhere. A beer group of UIQs devs, BeOS fanboys and Amiga romantics had been fawning around the prospects of a GL based server-side graphics stack and client to toolkit pdf intermediate representation, lo and behold, there it was (mostly).
I kept clusters of PPC mac minis for that big endian bug hunting goodness and stuck with Macbook Pros for a long while in spite of hitting return issues upon recall issues and severe hardware problems with every .. single .. one. Still, my bigger gripes with 10.7 and beyond weren’t with the aesthetics but all the subtle pain points in its libc/posix going nowhere and, even more, the introduction of GateKeeper and what that implied. From this point and onwards, the split between the success of iPhone/iOS and the traction of OSX were at odds and the design bleeds made for an experience with a bigger ‘want to punch the screen’ factor than even Vista and onwards could muster.
Going back to a FDO- desktop, seeing what they had done to the place, and after the 10th discrete D-Bus related bug/crash/vulnerability accidentally found in a single day through mere use was the final straw – I’m gonna build my own theme park with black jack and … Incidentally .. I had another set of tools around for reversing, game- browser- and SCADA- hacking reasons that could be twisted somewhat into another form of desktop stack. Thus a long pilgrimage begins …
-
Thus a long pilgrimage begins
And, honestly, Arcan is probably the thing that would get me back to using FreeBSD instead of macOS on the client. The combination of Arcan and Capsicum is the foundation of the environment that I actually want.
-
The combination of Arcan and Capsicum is the foundation of the environment that I actually want.
Hah, I wish. But I bet we’re going to see something like that sooner or later, in the form of a third-party combination of Arcan and an odd bunch of cgroups wrappers. @crazyloglad is going to be too nice to say anything about it and everyone else will just be too terrified but at this point I’m not even sure it would be that bad an idea compared to the alternatives.
-
-
-
-
-
I haven’t tried it myself yet, not counting various 10min plays with it while standing in Mac stores. My own 27” Retina iMac is unsupported, so I probably won’t be, but then I’m still on 10.14 because I have some 32-bit apps I want to keep.
But from my first impressions…
- weird clunky iOS-like Settings app
- weird big fat translucent menu bar that looks like a 3rd party rip-off rather than the Real Thing™
- Stage Manager. WTF is that? Why’s my Mac got 2 docks now? (I also hate the floating window thumbnails in iPadPOS 16 Mail and Safari, too.)
- I hear that Mail.app has some unwelcome changes too, but then I use Thunderbird anyway.
-
weird clunky iOS-like Settings app
I’m not sure why the new Settings app receives so much hate, I find it way more responsive than the old System Preferences (and also more native). Yes, the layout is different from what most people got used to over the last decade or so, but it’s not weird or clunky.
-
-
-
Another Ventura hater here. XCode keeps beachballing on me. Occasionally Finder windows will become oddly read-only. Sleep doesn’t always work.
In terms of making users run system command-line tools as root to try to debug problems (yay, “spindump”!), bad Bluetooth drivers, and weird power management issues, Apple has gone blazing past Linux, even as they control the hardware.
-
-
Sounds like it’s hard to support two architectures with one GHCup.
-
I don’t think the name is the problem, as much as it is communications.
-
Nice article! Wasn’t JXL removed from Firefox Nightly?
-
Sadly, JXL in browsers is likely dead.
IMO that’s a real shame because it’s the only next-generation codec that can re-encode existing jpeg images without introducing new artifacts (because it can re-use the DCT parameters). I have terabytes of jpeg images that could be shrunk 20% or so, really huge bandwidth savings.
-
-
-
-
I don’t think it’s been removed (yet?) and the issue on bugzilla is still open though it’s restricted, when Mozilla decides to remove it I’d assume they’ll close the issue.
-
-
-
Teletypes are such amazing machines. They’re significantly older than computers — I hadn’t realized how much until I looked up Teleprinter on Wikipedia just now and saw that the earliest date back to the 1840s! And Baudot code, a 5-bit alphabet that was widely used before ASCII, was designed for a device built in 1874. (Emile Baudot also gave his name to the unit “baud”, which basically means one bit per second.)
I did use BASIC on an Imsai (Altair clone) with a teletype, but I never had to boot it. I did a few times boot the old PDP-8 in the high school computer lab, which also required a few dozen bytes to be toggled in by hand before it could load its OS from reel-to-reel magnetic tape. This from-nothing exercise is where the word “boot” came from, via “lifting yourself up by your bootstraps.” (Apologies if you youngsters already knew that.)
Oh, and apropos of the “who invented the byte?” thread, note that the Altair’s front panel groups the bits in threes, and the boot loader is written down in octal, even though the 8080 is an 8-bit CPU. Old habits died hard.
-
Oh, and apropos of the “who invented the byte?” thread, note that the Altair’s front panel groups the bits in threes, and the boot loader is written down in octal, even though the 8080 is an 8-bit CPU. Old habits died hard.
DEC stuff in general did that. Octal is clumsy on an eight-bit-byte machine like a PDP-11, but obviously makes more sense on something six or nine-bit like a PDP-10.
-
Well…the really cool kids had a Friden Flexowriter (because of the name, if nothing else), but I have in my day booted CP/M (among other things) from paper tape on an ASR-33 (not mine, regrettably). You could, theoretically, boot it from a punch card reader, but I confess to never actually seeing that done.
-
-
This is a puff piece with no relevant content.
-
I disagree. It’s futurism, so it could be wrong, but the idea that the easiest to use UI for apps has switched from a GUI to a command line is interesting. It had been observed for some time that Google is like a CLI but this takes it to a new level. Will it actually work out? Time will tell. But if you’re thinking about where the business opportunities are for programmers, it would be silly to not at least examine if LLMs could help your project.
-
It misses the key thing that drove GUI adoption in the first place: discoverability. In early CLIs, it was easy to list the full set of commands available in an OS and then full set of options for each one. In DOS, I think it took two screens to list every single command available in the default install. As CLIs get bigger, this become harder because their designs were verb-noun. GUIs make it easy to show the set of verbs that are possible to apply to a specific object, which lets the user discover what the tool can do much more easily. It’s possible to design noun-verb CLIs (PowerShell has enough type info to do this, but decided to make some very poor choices from the perspective of usability). A natural-language prompt is the absolute worst thing here because it gives the user no information about what is possible and relies on their ability to scope queries to something that might work.
-
I think LLMs change the calculus here because it’s feasible to say, “I’m trying to get the average total value of all the monthly reports” and the LLM can shoot back “Use this code AVG(C5:X5) SUM(B5:B18)”. You don’t have to know that getting the average is AVG and getting the total is SUM. You also don’t have to preprogram in all the synonyms for the functions. Just write a bunch of documentation for one shot learning (and that can also be AI assisted) and let it go.
-
-
Typing is still tedious and time-consuming for an average user. It might be more convenient combined with voice, but that depends on user preferences and environment (e.g. open-plan office).
So I’d expect basic operations to still use classic buttons. Instructions may be useful for learning (“show me how…”) or tasks big and complicated enough that it’s easier to describe and delegate them than to do them yourself. However, the AI needs to be really good at this, so that checking the results and correcting it isn’t worse than doing it yourself.
-
-
The point of the current LLM tools is that it is possible to iterate. So there can be some back and forth between the user and the AI. The AI can even do the breaking down of a task for the user.
This is most likely not faster than a power user that knows how to click the right buttons or type in the right commands. But it is probably a lot faster and definitely a lot nicer experience for everyone else.
-
And we’re just witnessing the early beginnings of this kind of human machine interfaces. Imagine that the AI that’s assisting you has a personal profile of you where it remembers years of context about who you are and what you work on and what your current task is. Add on top of this the addition of voice and even body language through the web cam and then imagine what kind of interactions are possible.
-
-
-
-
-
-
-
I wish we could live more in the Alto’s world. Machines designed to be user-programmable general-purpose computers would be great.
-
The Alto itself wasn’t more user-programmable than a modern PC. It booted into a very arcane monitor program and required a few typed commands to load an OS from the disk. One of those “OS”s was Smalltalk, which was user-programmable, but you can run similarly-programmable environments on a modern computer with a lot less trouble!
-
Yes but, as I understand it, it was expected that many end-users would operate the Alto using Smalltalk. That is, a significant use-case was a user-programmable OS. That is, it was expected that people using the Alto for work would do so in the context of a user-programmable environment.
Even programmable environments nowadays are, for the most part, just a small subset of the functionality in a given OS, and are almost all targeted towards specialist programmers, not end-users.
-
That’s a fair point. I’m skeptical about user-programmable systems, though. Automobiles also started as user-tinkerable, but it turned out most people didn’t want to take apart and reassemble cars, they just wanted to drive them. But those who were interested took shop classes and could work on cars in their garages. Same with computers.
(Tinkering with Smalltalk was fun but could really get you in trouble. I made some extensions to pop-up menus once, but several times a bug meant I completely broke pop-ups in the whole system, and it turned out to be impossible to evaluate code or back out my change without popping up a menu and creating another recursive level of debuggers. The only recourse was to abort and relaunch from the last saved image.)
-
I strongly disagree - look at the sheer number of non-developers using VBA to improve their lives. User-programmability is extremely popular whenever it’s available, even in trivial ways. AutoCAD, Emacs, Excel, Word, game modding …
-
-
-
-
-
-
Sometimes I think we were too quick to leave xmpp behind. Something like the conversations app provides easy signup, easy e3ee, video calls, read markers etc, plus it’s federated. Using it isn’t all that different from sending an email.
I like matrix but I haven’t had many positive experiences using the apps.
-
-
Yeah but conversations is a good app, and is developed mostly by one person. How hard would it have been to do something comparable on ios, compared to the resources that have gone into developing matrix?
I like matrix and what it does, but sometimes when my laptop fans are spinning up to open element I wonder if it was all worth it
-
-
The issue here is looking at a protocol as though it is an implemetation. The reason “every client named signal” has the same features is that there is only one ter platform and made by the same people. If you want the same experience “on XMPP” you pick an app and all use that. Other people can use other apps, but if they don’t work as well that’s their own fault same as using a 3rd party signal client or bridge might sometimes do funky stuff.
-
I run an XMPP server that has about a dozen users. The major issue with XEPs is that people create them and then don’t document them well. Configuration can definitely be difficult to figure out.
But that’s a server-side issue. Users don’t have to figure that stuff out.
That being said, I can’t get my wife to use it because the iOS apps just aren’t very good. Conversations and Yaxim on Android are both better than any iOS alternative.
-
That being said, I can’t get my wife to use it because the iOS apps just aren’t very good.
https://monal-im.org/ is being actively developed and has been my go-to recommendation for iOS users, with reasonably good feedback from my server’s users (I don’t use Apple stuff, so I can’t say myself).
-
-
-
Your argument doesn’t make sense because most of us early adopters left XMPP behind before conversations was good or even available.
It’s been 10 years, but from the top of my head: Android was in it’s infancy, apps were bad in general, XMPP clients sucked your battery dry, no/bad push notifications. I don’t 100% remember if you could easily post images or attachments, I think not - it was mostly text chat. Forget about video/audio.
And that is leaving out the XEP and presence issues other people mentioned.
Because I hate being vague when I make such accusations, but the conversations website says “Copyright 2014–2021” and the earliest release I can find on Github is from 2017.
For my personal usage, I happen to have a few sentences I wrote in my end of year blog posts.
2014 - Jabber - moderately often 2015 - Jabber - very seldom, everyone seems to have moved on and I can’t blame them 2016 - Jabber - practically dead this year
and apparently I shutdown my server only in 2019, I would’ve guessed it was sooner.
So that means me and my peer group (and also one ex-company) used XMPP as the messenger protocol of choice ca 2010-2014. Before that even the desktop clients were terrible (looking at you Psi) or lacking features (was that Trillian?). I think I got my first Android phone in 2009 or ‘10, so that’s probably a good 2-4 years of giving it a try. So yeah, maybe we gave up too soon but I don’t even remember prosody being a thing back then (wikipedia says 2008) but I don’t think most people switched until 2011-13.
-
-
I hate captcha. I consider the premises of captcha completely broken, stupid and an insult to all the people with disabilities
And then it’s just left there. As if Signal is doing this captcha thing for fun, or just to mess with their users. Does the author (or anyone really) want to suggest alternatives to combating large scale automated abuse against public account signup systems? It seems like an important topic, and one that won’t really be solved by federation. Once you hit a certain scale, it seems like the need for this kind of thing is inevitable.
-
I’ve never needed to solve a captcha to either sign up for or use my email account, even though my phone is one of those Android phones that doesn’t use any Google services (including no Google Play). Email is federated. It’s the primary example of a federated protocol that is subject to large scale automated abuse, but I have no problem with captchas. I pay my email provider $50 per year for email service – this is a personal choice I made, I wanted a solid reliable provider that has tech support, and doesn’t have a surveillance capitalism business model. A large scale automated account signup “attack” against my provider would spend $50 for each account created, and maybe that’s why captcha isn’t needed? If my email provider starts behaving like Signal, then I can just switch providers. I own my email address, so this is straightforward.
-
-
-
I’m sorry, I should have specified: other than asking for money. Obviously that is an easier way to prevent abuse, but it turns off far more users than a captcha does. Signal would never be able to grow to the size it is today if they had demanded $50/yr from each user. Or even $1/year. People complain endlessly about the phone number requirement. Can you imagine how irrelevant it would be if the “private” messenger also wanted your 16 digits and full billing address?
edit: not to suggest the main issue would be forking over the data for most people. For most people it would be forking over the money. But even if they somehow got past that, the cryptonerds would complain about forking over the data.
-
asking for money. Obviously that is an easier way to prevent abuse
Sort of. Battling the horde of stolen credit cards is nontrivial in its own right
-
-
this isn’t about funding, this discussion is about creating reasonable barriers to entry when allowing signups from the public internet, such that normal users aren’t too inconvenienced but large-scale abusers are. Charging money is one way to do that, regardless of how much it costs to run the service.
-
-
-
-
-
One abuse prevention mechanism that probably doesn’t scale but I think might be interesting is the one employed by lobste.rs itself. I wonder what an “invite-only” Signal would look like. I’m sure there would be a lot of problems, I’m not sure there would be more problems than the phone number + captcha system they employ today. There would certainly be more people mad about it.
-
Invite only seems pretty sensible for something like Signal. It’s of no value if you don’t know at least one other person with a Signal account.
-
my concern would be about the perceived level of trust extended to invitees. it would almost certainly be higher than the perceived level of trust extended to people you talk to on Signal. That is to say: I might be willing to give some rando on the internet my Signal # to talk to them, but I probably wouldn’t give them a Signal invite if their potential misbehavior could come back to bite me.
-
I think this is closely related to my biggest problem with Signal. Like the phone network and email, it conflates an identity with a capability. For giving contact info to a company, I really want to be able to mint a single use capability that allows the to run a key exchange protocol precisely once and then be able to contact me from a specific account, but which doesn’t allow them to share that ability with anyone else. Once you make that separation, you can do a lot of interesting things. You can still have a rule that allows anyone that I have in my contacts to contact me with no further authentication.
-
-
-
-
Since Signal requires a telephone # anyway, they could do a code via SMS/phone call. That could be automated on Signal’s side. It would cost more, since someone has to pay for sending those messages. They seem to have plenty of funding still though. I believe this is what Gmail does now if you want to open a new account with them.
-
-
-
Captchas typically cost money: https://cloud.google.com/recaptcha-enterprise/pricing
-
-
-
-
Proof of work. Since captcha only slow down (but not stop) serious bots these days it’s really the same effectiveness.
-
-
Re: the sub-discussion about free software projects that use Discord or Slack, I’ve never heard this point made, so I’ll make it now. Most of these services would not exist without free or open source software. There’s a huge digital commons, and VC-funded companies have shown up to exploit it and enclose it. With the exception of Apple and Microsoft, the big tech companies are all built on a foundation of free software.
So when free software projects use these lock-in services like Discord, they’re basically saying “We love being exploited. Do it some more!” And when people like me, or Drew Devault, or others are attacked as zealots, our attackers are often just hypnotized by the shiny things dangled in front of them by the masters of illusion in Silicon Valley.
-
So when free software projects use these lock-in services like Discord, they’re basically saying “We love being exploited. Do it some more!” And when people like me, or Drew Devault, or others are attacked as zealots
Well, I think I ought to be the one who decides whether I feel “exploited”. If you think you should get to decide that for me, then I will pretty strongly disagree, though I don’t know if that counts in your mind as you being “attacked” as a “zealot”.
But a lot of this seems to be the usual perma-flame-war between people who want everything everywhere to be GPL/copyleft, and people who prefer permissive licenses. I am very much in the latter group. I write permissive-licensed software because it’s more useful to me and to other developers like me. I don’t feel “exploited” when someone uses it and doesn’t contribute code back, or when someone uses it and doesn’t pay me, or when someone uses it and gets a commercial benefit from their use, or when someone uses it and then doesn’t open-source their entire tech stack. I didn’t write it to try to force people to follow an ideology; I wrote it in the simple hope it would useful, and gave it to the world with no expectation of either me, or anyone else, receiving anything in return.
Anyway. Perhaps you would feel “exploited” in such cases, and there are licenses you can choose to use for your software to try to prevent that. But that’s a decision you get to make for you, not a decision you get to make for me. And my objection begins at the moment when it feels like you are trying to make the decision for me.
-
Agreed, I don’t like the language of exploitation around large companies making use of free software - they are generally using it under the same terms that anyone, myself included, can make use of free software (and when they don’t, organizations like the FSF can and do sue companies for copyright violations). I certainly dislike lock-in proprietary services, but I care a lot more about free software being available for any person or organization to use, even if they want to use it in a way that makes the original author of the software angry.
-
-
I don’t mind that the services are proprietary, but I do object to their terms of service and so I end up not being involved with projects that use them. I wish an org like the FSF or Linux Foundation would provide Matrix instances for F/OSS projects with a sane privacy policy and one-click deployment.
LLVM pays for hosted Discourse and their T&Cs and privacy policies are ones I’m actually happy to agree with. This was a key requirement for moving there from the self-hosted mailing lists.
-
macOS and iOS are both build on a FreeBSD userland and their kernel, XNU, originally derives from a free software Carnegie Mellon research kernel called Mach.
Windows’ networking stack is also based on the BSD TCP/IP stack, and many of its networking utilities come from BSD. Source that I cribbed from Wikipedia.
-
-
-
-
I still like Zulip after about 5 years of use, e.g. see https://oilshell.zulipchat.com . They added public streams last year, so you don’t have to log in to see everything. (Most of our streams pre-date that and require login)
It’s also open source, though we’re using the hosted version: https://github.com/zulip
Zulip seems to be A LOT lower latency than other solutions.
When I use Slack or Discord, my keyboard feels mushy. My 3 GHz CPU is struggling to render even a single character in the browser. [1]
Aside from speed, the big difference between Zulip and the others is that conversations have titles. Messages are grouped by topic.
The history and titles are extremely useful for avoiding “groundhog day” conversations – I often link back to years old threads and am myself informed by them!
(Although maybe this practice can make people “shy” about bringing up things, which isn’t the message I’d like to send. The search is pretty good though.)
When I use Slack, it seems like a perpetually messy and forgetful present.
I linked to a comic by Julia Evans here, which illustrates that feature a bit: https://www.oilshell.org/blog/2018/04/26.html
[1] Incidentally, same with VSCode / VSCodium? I just tried writing a few blog posts with it, because of its Markdown preview plugin, and it’s ridiculously laggy? I can’t believe it has more than 50% market share. Memories are short. It also has the same issue of being controlled by Microsoft with non-optional telemetry.
-
+1 on zulip.
category theory https://categorytheory.zulipchat.com/ rust-lang https://categorytheory.zulipchat.com/
These are examples of communities that moved there and are way easier to follow than discord or slack.
-
Zulip is light years ahead of everything else in async org-wide communications. The way the messages are organized makes it extremely powerful tool for distributed teams and cross-team collaboration.
The problems:
- Clients are slow when you have 30k+ unread messages.
- It’s not easy (possible?) to follow just a single topic within a stream.
- It’s not federated.
-
We used IRC and nobody except IT folks used it. We switched to XMPP and some of the devs used it as well. We switched to Zulip and everyone in the company uses it.
We self-host. We take a snapshot every few hours and send it to the backup site, just in case. If Zulip were properly federate-able, we could just have two live servers all the time. That would be great.
-
-
Sorry for a late reply.
It is definitely a problem. It makes it hard for two organizations to create shared streams. This comes up e.g. when an organization with Zulip for internal communications wants to contract another company for e.g. software development and wants them to integrate into their communications. The contractor needs accounts at the client’s company. Moreover, if multiple clients do this, the people working at the contracted company now have multiple scattered accounts at clients’ instances.
Creating stream shared and replicated across the relevant instances would be way easier, probably more secure and definitely more scalable than adding wayf to relevant SSOs. The development effort that would have to go into making the web client connect to multiple instances would probably be also rather high and it would not be possible to perform it incrementally. Unlike shared streams that might have some features disabled (e.g. custom emojis) until a way forward is found for them.
But I am not well versed in the Zulip internals, so take this with a couple grains of sand.
EDIT: I figure you might be thinking of e.g. open source projects each using their own Zulip. That sucks and it would be nice to have a SSO service for all of them. Or even have them somehow bound together in some hypothetical multi-server client. I would love that as well, but I am worried that it just wouldn’t scale (performance-wise) without some serious though about the overall architecture. Unless you are thinking about the Pidgin-style multi-client approach solely at the client level.
-
-
-
Also off-topic: performant isn’t a word.
-
-
-
-
VSCode’s telemetry can be disabled
https://code.visualstudio.com/docs/getstarted/telemetry#_disable-telemetry-reporting
-
It still sends some telemetry even if you do all that
https://github.com/VSCodium/vscodium/blob/master/DOCS.md#disable-telemetry
That page is a “dark pattern” to make you think you can turn it off, when you can’t.
In addition, extensions also have their own telemetry, not covered by those settings. From the page you linked:
These extensions may be collecting their own usage data and are not controlled by the telemetry.telemetryLevel setting. Consult the specific extension’s documentation to learn about its telemetry reporting and whether it can be disabled.
-
It still sends some telemetry even if you do all that
I’ve spent several minutes researching that, and, from the absence of clear evidence that telemetry is still being sent if disabled (which evidence should be easy to collect for an open codebase), I conclude that this is a misleading statement.
The way I understand it, VS Code is a “modern app”, which uses a boatload online services. It does network calls to update itself, update extensions, search in the settings and otherwise provide functionality to the user. Separately, it collects gobs of data without any other purpose except data collection.
Telemetry disables the second thing, but not the first thing. But the first thing is not telemetry!
- Does it make network calls? Yes.
- Can arbitrary network calls be used for tracking? Absolutely, but hopefully the amount of legal tracking allowable is reduced by GDPR.
- Should VS Code have a global “use online services” setting, or, better yet, a way to turn off node’s networking API altogether? Yes.
- Is any usage of Berkeley socket API called “telemetry”? No.
-
It took me awhile, but the source of my claim is from VSCodium itself, and this blog post:
https://www.roboleary.net/tools/2022/04/20/vscode-telemetry.html
https://github.com/VSCodium/vscodium/blob/master/DOCS.md#disable-telemetry
Even though we do not pass the telemetry build flags (and go out of our way to cripple the baked-in telemetry), Microsoft will still track usage by default.
Also, in 2021, they apparently tried to deprecate the old setting and introduce a new one:
https://news.ycombinator.com/item?id=28812486
So basically it seems like it was the old trick of resetting the setting on updates, which was again very common in the Winamp, Flash, and JVM days – dark patterns.
However it looks like some people from within the VSCode team pushed back on this.
Having worked in big tech, this is very believable – there are definitely a lot of well intentioned people there, but they are fighting the forces of product management …
I skimmed the blog post and it seems ridiculously complicated, when it just doesn’t have to be.
So I guess I would say it’s POSSIBLE that they actually do respect the setting in ALL cases, but I personally doubt it.
I mean it wouldn’t even be a dealbreaker for me if I got a fast and friendly markdown editing experience! But it was very laggy (with VSCodium on Ubuntu.)
-
-
These extensions may be collecting their own usage data and are not controlled by the telemetry.telemetryLevel setting.
That is an … interesting … design choice.
-
At the risk of belaboring the point, it’s a dark pattern.
This was all extremely common in the Winamp, Flash, and JVM days.
The thing that’s sad is that EVERYTHING is dark patterns now, so this isn’t recognized as one. People will actually point to the page and think Microsoft is being helpful. They probably don’t even know what the term “dark pattern” means.
If it were not a dark pattern, then the page would be one sentence, telling you where the checkbox is.
-
They probably don’t even know what the term “dark pattern” means.
I’d say that most people haven’t been exposed to genuinely user-centric experiences in most areas of tech. In fact, I’d go so far as to say that most tech stacks in use today are actually designed to prevent the development of same.
-
The thing that feels new is how non-user-centric development tools are nowadays. And the possibility of that altering the baseline perception of what user-centric tech looks like.
Note: feels; it’s probably not been overly-user-centric in the past, but they were a bit of a haven compared to other areas of tech that have overt contempt for users (social media, mobile games, etc).
-
-
-
-
-
-
Good question! First option is to not let them make arbitrary network requests, or require the user to whitelist them. How often does your editor plugin really need to make network requests? The editor can check for updates and download data files on install for you. Whitelisting Github Copilot or whatever doesn’t feel like too much of an imposition.
-
Capability security is a general approach. In particular, https://github.com/endojs/endo
For more… https://github.com/dckc/awesome-ocap
-
-
More fun: you have to design a plugin API that doesn’t allow phoning home but does allow using network services. This is basically impossible. You can define a plugin mechanism that has fine-grained permissions and a UI that comes with big red warnings when things want network permissions though and enforce policies in your store that they must report all tracking that they do.
-
-
nothing prevents a plug-in from calling home, except for the goodwill of the author.
Traditionally, this is prevented by repos and maintainers who patch the package if it’s found to be calling home without permission. And since the authors know this, they largely don’t add such functionality in the first place. Basically, this article: http://kmkeen.com/maintainers-matter/ (http only, not https).
-
We don’t necessarily need mandatory technical enforcement for this, it’s more about culture and expectations.
I think that’s the state of the art in many ecosystems, for better or worse. I’d say:
- The plugin interface should expose the settings object, so the plugin can respect it voluntarily. (Does it currently do that?)
- The IDE vendor sets the expectation that plugins respect the setting
- A plugin that doesn’t respect it can be dealt with in the same way that say malware is dealt with.
I don’t know anything about the VSCode ecosystem, but I imagine that there’s a way to deal with say plugins that start scraping everyone’s credit card numbers out of their e-mail accounts.
Every ecosystem / app store- type thing has to deal with that. My understanding is that for iOS and Android app stores, the process is pretty manual. It’s a mix of technical enforcement, manual review, and documented culture/expectations.
I’d also not rule out a strict sandbox that can’t make network requests. I haven’t written these types of plugins, but as others pointed out, I don’t really see why they would need to access the network. They could be passed the info they need, capability style, rather than searching for it all over your computer and network!
-
That’s exactly how it works: https://code.visualstudio.com/api/extension-guides/telemetry
-
Sure, but they don’t offer a “disable telemetry” setting.
What I’d do, would be to sandbox plugins so they can’t do any network I/O, then have a permissions system.
You’d still rely on an honour system to an extent; because plugin authors could disguise the purpose of their network operations. But you could at least still have a single configuration point that nominally controlled telemetry, and bad actors would be much easier to spot.
-
There is a single configuration point which nominally controls the telemetry, and extensions should respect it. This is clearly documented for extension authors here: https://code.visualstudio.com/api/extension-guides/telemetry#custom-telemetry-setting.
-
-
-
-
-
-
-
I wonder if he’s changed his mind since then?
To each their own, but a debugger makes my life as a developer 100x easier, and without any evidence the whole idea that a debugger somehow makes a person “less careful” or more prone to errors is a straw man.
-
You could try asking.
A straw-man example of a debugger making a person “less careful” would be: “oh, there’s a
NULLpointer dereference. Let me put a NULL check and return an error there” without investigating further as to why aNULLpointer is being passed in (in my opinion, that’s a bug—such checks tend to hide them).Personally, I don’t use debuggers that often. In my career, I’ve been in too many environments (like
DEBUG.EXEwhen trying to debug an MS-DOS program) or used languages that lack decent debuggers that I’m comfortable usingprintf()debugging. At my last job, I rarely used a debugger. My coworker was constantly in a debugger. Neither one of us was better than the other, just different.-
-
-
A straw-man example of a debugger making a person “less careful” would be: “oh, there’s a NULL pointer dereference. Let me put a NULL check and return an error there” without investigating further as to why a NULL pointer is being passed in (in my opinion, that’s a bug—such checks tend to hide them).
I’m not sure of the argument being made here. A debugger doesn’t force that solution in any way. For me, a debugger makes it easier to fix that type of bug correctly because I can move up and down the stack to understand exactly how the null reference came about at runtime. printf has its place, but it generally there’s too much recompile/recreate overhead for my liking.
-
-
-
I’d argue while Alto was hugely important for its vision of the office of the future, Ethernet, etc., in terms of the GUI, it had a lot less influence than its commercial product successor, the Star. Except for Smalltalk, GUIs on the Alto tended to be ad-hoc experiments, whereas the Star had not just a recognizable desktop metaphor and a common toolkit, but concepts taken for granted in offices like roaming profiles.
-
Yeah, even by 1980 Smalltalk still had a pretty primitive GUI. Partly this was because the only graphics primitive it had was bitblit, which copied/filled rectangles. So for example it couldn’t clip to non-rectangular regions, which meant you couldn’t draw into a partly-obscured window. In practice, drawing only occurred in the front/active window.
You also couldn’t just drag windows to move or resize them — you had to right-click and choose Move or Grow from a menu first. And don’t even get me started on the weirdo scroll bars.
The Alto was a first-generation machine, and the second and third generations were more powerful and capable. The Dolphin is what became the Star hardware, and there were a bunch of OSs on it like Tajo, Cedar, and InterLISP that were in many ways more advanced than ST80.
-
-
In general, I use the “happy path” - I’m usually working on other peoples’ systems, and I never got much value out of tweaking, so I basically stay bone stock with only minor tweaks. I also tend to use whatever’s popular for an environment. So:
- If I’m developing for Apple stuff (Swift/Objective-C, etc.), I just use Xcode. The UI is a bit of a cipher, but it does seem to be actually improving.
- If I’m developing for Windows (native or .NET), Visual Studio. Despite working with weird awful Unix-shaped things for years, I started with it and it’s mothers’ milk to me. Developing for Windows actually feels right - it’s the bar I judge other IDEs by.
- For anything else/on Unix-shaped things, regardless of stack: I hate Vim, but I can’t use anything else - both out of being used to it, and because it’s often the only option I have for requirements including “developing on a remote system, no Emacs on the platform, autotools as build system”. I don’t even use the fancy stuff like CtrlP or LSPs. I’d love to try stuff like CLion, but I’m rarely in the situation, and when I am, I forget to.
-
I use Bitwarden’s “emergency access” feature for this. You can designate one or more other Bitwarden users as emergency contacts. They request access to your vault, and if you don’t reject the request within a configurable amount of time, they’re in.
In addition, since my contacts are less tech-savvy than me, I wrote a Google doc that I shared with my emergency contacts. It has no sensitive information, but it tells them how to request access and where to look (in the vault) for more detailed instructions from me. It’s also where I keep my equivalent of OP’s “how to transition away from hosting I was taking care of” instructions, since those have no secrets to worry about.
Would this setup withstand a sustained effort by a state-level adversary? Probably not, but that’s not my threat model.
-
The solution seems sensible enough from a security point-of-view (provided you are not the target of a targeted attack). However what about the reliability (especially in the long term) of the whole scheme?
- what if you don’t pay Bitwarden anymore, and they decide to close your vault? (emergency access is not provided for free from what I see;)
- what if Google decides they no longer want to have you as a client, and just deletes your account and all your data? (it’s not very likely, but who knows how you manage upset the company…)
-
In both cases, I’d switch to something else. It’s not a requirement that the system be something I can set up once and then forget about for decades. I update both the vault and the Google doc regularly as my information changes; they aren’t static.
The failure mode would be if my accounts were closed during the time window between something happening to me and one of my contacts attempting to take over my vault. Which is of course possible, but I don’t consider it a significant enough risk to spend a lot of effort mitigating.
-
I agree about the time frame and the ease of switching. However:
- I assume you’ve given the link to that document to your close family members; perhaps even printed and laminated a copy of that URL to make sure it’s not lost; how easy is it to just switch that link to another one? would your family members know which is the latest URL?
- how long is that timeframe until your family tries to access your vault? I assume it won’t be less than a few months (mourning, other more important / immediate affairs to settle, postponing, etc.) what if your subscription lapses in that timeframe?
-
-
-
-
-
There is no single killer feature that’s Better Than Vim,
The lack of … any configuration required is what sold me on
hxover Vim. The way it is out of the box is just the way I need it on any machine.-
Conversely, while I think Helix is very well executed (and if it existed ~10 years ago, I likely would have picked it up instead of Vim), the lack of configuration is one of the main reasons I’m sticking with Neovim. Configuration can be tedious and frustrating when you just want to Get Things Done, but once you get over the initial hill, the infinite extensibility of editors like Neovim or Emacs becomes addicting and hard to part with. After close to a decade of tinkering with Vim and experimenting with different things, my editor is a tool that fits like a perfect glove. It can morph into the exact form that I need and that works with whatever my current workflow is.
One-size-fits-all editors like Helix or VS Code cannot achieve that. For many, that’s a worthwhile tradeoff to not have to deal with configuration at all (a position I sympathize with), but for me, I don’t think I can go back.
-
…the infinite extensibility of editors like Neovim or Emacs becomes addicting and hard to part with.
See, I haven’t actually ever felt this. XD Either I’ve never bothered getting over the initial hill, or my brain is just wired differently. I find it easier to mutate my workflow than to mutate the editor.
-
-
Uhu. In particular, when I am using a code editor, I actually expect the editor maintainers to already think through which workflows work best. There are a lot of things I don’t actually know I want. Eg, it’s very important that the default keymap is reasonable, because it tells you what workflows to use.
-
-
One-size-fits-all editors like Helix or VS Code cannot achieve that. For many, that’s a worthwhile tradeoff to not have to deal with configuration at all (a position I sympathize with), but for me, I don’t think I can go back.
That’s how I feel about it too. I wrote my own task runner for neovim! Took about an hour. I love how easy it is to write your own stuff.
-
-
-
-
A year or so back I met an engineer who proudly proclaimed his principle accomplishment that he got the Midori project killed. I think he expected awe or praise as opposed to the cocked eyebrow and mild look of disbelief he got from me.
-
-
-
-
It didn’t really. One of the problems with Midori was that it had more unmanaged code providing the CLR than most microkernels had in total. The size of the unmanaged TCB was very large. In other respects it suffered primarily from bad timing. Turning Windows into a libos added about 30 MiB of RAM overhead per app. That was a lot at the time, now it’s noise (and probably would have been largely offset by the savings from the large amount of safe sharing possible between system services).
-
-
-
-
-
Apple’s standards engineers have a long and inglorious history of stalling tactics in standards bodies to delay progress on important APIs, like Declarative Shadow DOM (DSD).
Here is the thing though. The Shadow DOM is a shitty API. It’s absolute bollocks. If it were good, then the JS framework people would be using it. It’s not like they don’t have things they want. You can read whole reams of text from them if you’re interested. Instead, a handful of ideologically driven JS people are using Shadow DOM for Web Components which have not and will not catch on because they’re just SPAs with a web standards veneer. Declarative Shadow DOM is an attempt to stop the pop-in for WC, but really the whole thing is just a dead end. It’s like getting excited for a car with a Wankel engine when all the effort for the last few years has been moving to electric cars. The isolation that Shadow DOM provides is better provided as a feature of CSS, and Custom Elements are just reactivity plus MutationObserver. Build reactivity and morphDOM into the browser and watch as all the JS framework people jump up and down to add it.
Anyway, the moral is the Chrome team has lots of bad idea. Dart was a bad idea. Web Components were an interesting idea and sort of happened anyway, but the actual API is older than React and very bad and should be abandoned. I for one am glad that not all of Chrome’s ideas are instantly implemented. It’s good to have some modicum of friction before things get added to the browser. Unlike a normal GUI API like Win32 or AppKit, the browser is forever. It’s never going anywhere. Old features can’t be removed (although Chrome team did try to remove
alert!). Therefore, it’s not good to just add everything as quickly as possible. Some level of moderation is needed. Was Safari goldbricking for a long time? Yeah, probably. But there has to be something in between “Whatever Google farts out gets added to the browser tomorrow” and “Let’s wait five years for Apple to add a feature.”-
To be clear this “inglorious” history he’s talking about is because Alex is not a good engineer, and basically takes the stand in every standards body that anyone not worshipping his glorious and mostly half baked and poorly conceived APIs is an anti-open web enemy. Hence he regards any attempts to try and not create brand new APIs that are half baked, poorly conceived, filled with privacy problems, etc is a “stalling tactic”.
Apple engineers, MS (at the time) engineers, Mozilla engineers, and even other google engineers understood that creating a good specification and API takes effort, and put effort into doing just that.
But Alex doesn’t understand that - he’s an arrogant and opinionated asshole that has apparently never had to maintain an API, but has never had an issues insulting anyone in a standards committee who dared to disagree with him, or suggest that their were factors beyond his own tech demos that needed to be considered.
As for why he has made hating Apple (and shitting on those apple engineers just trying to avoid creating new shitty APIs that have to be maintained forever) his personality I don’t know.
-
Yeah, I just listened to the JS Party episode he was on talking about “The Market for Lemons” and it felt like a lot of hot air to me. It is clear from reading him that he doesn’t think Vue, Svelte, WC are crap. He just dislikes React and Angular. So, he’s not actually against SPAs, just bad SPA frameworks. Which is fine, whatever, but the conversation was so high level it’s hard to see that this is his actual position unless you read his blog thoroughly.
Similarly, he talked about how he would meet with PMs and ask to see their phones and be made that it was a new iPhone instead of an old Moto G4. I own a Moto G4. I bought it for work. I turn it on every month or two to look at our site when we launch new features. But I don’t carry it around and use it as my daily driver. Does that make me a bad person?
I also run a US-centric site, so I don’t care about how slow my site is for users outside of the US. I do care about how it is for rural users with bad cell connections, but that’s not necessarily the same set of issues, so it’s sort of weird to collapse them.
Anyway, I agree that Apple the company deliberately under-resourced the WebKit team for a while because they didn’t care about the web strategically, but I don’t think that’s the same as saying that e.g. the Web device APIs are a good idea (I really don’t want websites to start popping up a box asking for permission to use Bluetooth!!).
-
-
Really a lot of these APIs are tacked-on workarounds so the browser can be the ultimate run anything app. So that developers can only write Javascript. If developers weren’t so self stigmatizing about what they do and don’t know (ex. stigma: C++ can be harder than JS) then we’d probably have more native app developers.
-
Yeah, a lot of Google’s “standardizing” is mostly to give Chrome feature parity with an operating system. Which helps Google because they ship Chrome as, effectively, an operating system on Chromebooks, and encourage companies and schools to adopt “do and run everything in Chrome” workflows.
-
-
-
cross platform UI doesn’t work because different platforms have fundamentally different UI semantics, and so “cross platform” toolkits generally just become “a linux app on windows” or “a windows app on Mac”. E.g. everything using windows key chords for shortcuts instead of the correct Mac ones, using ctrl where command is correct, not using shared pasteboards. This is before we get to text entry where you get all sorts of incorrect handling of IMEs depending on the original OS for the framework (if they even handle IMEs at all, which many don’t).
-
-
-
Fundamentally blink/chrome get their text entry logic from webkit, which does the correct thing if you’re targeting macOS (for obvious reasons). Things go wrong when people decide to handle text entry themselves because “it can’t be that hard”, yet it remains something devs (often webdevs) seem hell bent on doing :-/
-
-
-
The old phrase “what Intel giveth, Microsoft taketh away” was quaint by comparison.
-
-
-
-
-
I’ve been having wonderful experiences with Qt as of late, which has JS/Python interfaces and even some of their own ECMA-esque interfaces QML language.
I believe GTK also has cross platform bindings or at least interfaces with JS/Python languages.
I’m not trying to be facetious but what makes the web a terrible experience and it’s offering of the available toolkit, frameworks, libraries, etc. is the churn of the “it’s supported, no it isn’t, but here’s a new paradigm”. I think it’s a great place to start but I think more developers, especially new ones should try typed, compiled stacks and then rack the idea of a browser against what you’re actually trying to build.
-
-
Qt is pretty bad on macOS as well. It implements its own controls, which behave in subtly different ways to the native ones that end up being really jarring.
-
I’d almost prefer if Qt just used a generic KDE skin on macOS. It would be less jarring if these non-native components didn’t pretend to be native.
-
-
-
-
-
-
Google’s and Apple’s software distrobution model is hardly the icing on the cake. Good for you though.
You’ll still end up with code that checks the platform, whether it’s Windows or Safari. Your write once efficiency is still a moving target.
-
-
-
-
It’s like getting excited for a car with a Wankel engine when all the effort for the last few years has been moving to electric cars.
This is completely unrelated, but there are in fact many people getting excited about the new Wankel engine coming in the Mazda MX-30 PHEV, and that car even happens to be partially electric.
-
-
Seems isopenbsdsecu.re is already on it.
-
-
-
The person who’s maintaining the website is one of the persons who’s doing the talk but not walking the walk, i.e. a blabbermouth.
Qualys on the other hand is actively trying to exploit the latest OpenSSH vulnerability and found some valid shortcomings in OpenBSD’s malloc. otto@ who wrote otto-malloc, acknowledged them and is already working on an improved version.
-
I’m feeling some cognitive dissonance between “friendly beginner language for scripting FortNite” and “innovative post-functional language with a bunch of powerful but weird features.” I found a slide deck by Peyton-Jones (set in Comic Sans?!) and halfway through I’m getting confused by variables bound to series of values, and “narrowing”…
You’d be surprised by how quick people can pick up concepts without any preconceptions. I’d be really curious if we see some sort of Fortnite mod to functional programmer pipeline.