1. 0

    Undocumented opcodes? Please call them bugs. Anything outside the documented ISA should be an illegal instruction exception. If it’s not documented and it doesn’t cause an illegal instruction exception, it is a bug.

    This kind of thing is a major factor of x86 and derivatives making me sick. It is good RISC-V is taking off.

    1. 4

      To be fair these aren’t special to x86 — The undocumented/illegal instructions in 6510 NMOS CPUs are (relatively) well-known, and they aren’t alone in this, at all.

      And RISC-V doesn’t seem to be free from this either: while anyone can implement the spec freely, and some implementations are also freely available, it’s still incredibly hard to figure out what the actual hardware could be doing.

      1. 4

        I strongly bet most RISC-V implementations will end up being undocumented and put into deep embedded microcontroller scenarios. That’s where the money is (including the money that doesn’t want to give ARM money), and where almost all RISC-V interest is coming from.

        1. 2

          Yes, these bugs aren’t limited to x86, but x86 is a currently wide-deployed architecture that suffers from this problem. x86 is extremely complex, full of historical baggage.

          RISC-V implementations can indeed have undocumented instructions, but due to the extensible instruction space, this is less likely.

          I also do honestly expect most hardware to use the royalty-free OSHW cores, as they are very good. These are unlikely to have undocumented instructions, due to their open nature.

      1. 2

        I always associated the stdio functions more with the portable subset part of C, rather than Unix specifically. For Unix-specific I/O, I’d think of open, read, write, and one of our many friends, creat.

        1. 2

          The C APIs are more friendly in some ways. For example, stdin and stdout are buffered, so an fread may be satisfied without a system call (and, when it does a system call, will ready a large chunk of data in a single call, typically all of the available input for interactive things), whereas a read on STDIN_FILENO is a system call (POSIX doesn’t require it to be one, but it is practically everywhere). In addition, a read is allowed to spuriously return early. If your process receives a signal, then a blocking read will return EINTR if it doesn’t read all of the requested data, or simply the amount that it did read otherwise. In contrast, fread will hide that from you.

          Most of the times I’ve seen people use the raw POSIX APIs, they’ve failed to correctly handle spurious failure. If I remember correctly, OpenBSD (and OpenSSH) has some lightweight wrappers that do the right thing.

        1. 8

          From that site’s CSS:

          ::-moz-selection,
          ::selection {
           background:white
          }
          

          This is more insidious than anything I’ve seen anyone complain about blogs doing on here. I spent several seconds drag clicking wondering if Firefox locked up. I actually have no idea what drove this person to do this.

          1. 3

            I dealt with this trying to copy and paste the title! I thought I was hallucinating!

            1. 1

              It appears the author’s removed this property now.

          1. 3

            A lot of early operating systems had native support for structured data on their filesystems. These fell out of use because programmers inevitably wanted subtly different data types and because anything that you can implement on an OS with record types, you can implement with a library on an OS with only flat files.

            Having structured data isn’t sufficient for interop. You need some form of ontology. You can agree out-of-band on what the data in a particular structured format means, but then you’ve just invented file formats, or you can try to make something self-describing. A load of people have tried the second approach, but none that I’m aware of have succeeded.

            1. 1

              Macintosh resource forks had agreed upon structures, FWIW. I think a file with a custom kind of resource would have often shipped with the templates needed in ResEdit to make sense of them.

              1. 1

                As I recall, that’s only partially true. Originally, HFS supported only two forks, a data fork and a resource fork, along with some extra metadata that other filesystems often lack (in particular, a 32-bit content type and creator type, instead of a file extension). By convention, the resource fork contained a particular format. HFS+ added support for an arbitrary number of forks (as did NTFS, for AFP support, but NT didn’t add any tools for enumerating forks and didn’t report their contents in file size, so for a long time you could hide files from NT admins and from quotas by sticking them in alternative data streams of a tiny text file). There were no conventions as to the other forks.

                Even with the resource forks, the contents had an agreed structure only by convention. The OS exposed it as a stream. There was nothing stopping you from putting any other structured or unstructured data in there. It was equivalent to having every file agree to a common header format or to the DOS convention of using .EXE to denote executable files: a load of stuff would break if you didn’t follow the rules, but nothing enforced them and the low-level APIs didn’t care if you violated the conventions.

            1. 2

              I flagged this because there’s no meat to this link for anyone. It’s just a patch for bhyve users. Where’s the context? A writeup?

              Just because it’s tagged freebsd doesn’t necessarily mean it’s a fit for the site. Otherwise, we’d just post random commits…

              1. 42

                I really hope JS will not be mandatory anytime to be able to read wikipedia.

                1. 41

                  Comment copied from HN:

                  Hi HN – I’m one of the authors of this proposal. I’d like to clarify a few points here:

                  • Wikipedia is not becoming an SPA
                  • Wikipedia is not dropping support for non-js users
                  • This proposal is not about changing our current browser-support matrix[1] (which includes IE11 as a first-class target; Vue.js ecosystem still supports IE 11)
                  • This proposal is about changing the way we develop enhanced, JS-only features across our projects; many such features exist already, but they are written in jQuery and an in-house framework called OOUI
                  • These features will continue to be delivered in a progressively-enhanced way on top of the PHP-rendered baseline for the forseeable future. We are interested in how server-side rendering of JS components can integrate with this but we’re still looking into how this might work
                  • We will continue to prioritize accessibility, internationalization, and performance in everything we ship
                  1. 6

                    These features will continue to be delivered in a progressively-enhanced way on top of the PHP-rendered baseline for the forseeable future.

                    I think that’s a much bigger problem.

                    The WikiMedia codebase is a Lovecraftian fever dream of 15 years of accumulated technical debt, written in PHP.

                    It’s like everything is barely held together with bubblegum that’s now starting to decompose; and they are not able to change anything, because all the hacks, bots and workarounds invented to deal with WikiMedia’s limitations would stop working the minute they did that.

                    Basically: fixing WikiMedia would mean things would get far worse in the short-/mid-term, and no one is willing to pay the price for long-term improvements as the situation deteriorates further and further.

                    1. 4

                      The MediaWiki History page is a pretty interesting read. It’s worth reading in full, but the tl;dr is that Wikipedia started as a small experiment with a flat file database, became much more popular than expected, and developers spent a few years fire-fighting to keep up with performance/scaling demands.

                      This quote probably sums it up quite well:

                      Despite the improvements from the PHP script and database back-end, the combination of increasing traffic, expensive features and limited hardware continued to cause performance issues on Wikipedia. In 2002, Lee Daniel Crocker rewrote the code again, calling the new software “Phase III”. Because the site was experiencing frequent difficulties, Lee thought there “wasn’t much time to sit down and properly architect and develop a solution”, so he “just reorganized the existing architecture for better performance and hacked all the code”. Profiling features were added to track down slow functions.

                      In early 2003, developers discussed whether they should properly re-engineer and re-architect the software from scratch, before the fire-fighting became unmanageable, or continue to tweak and improve the existing code base. They chose the latter solution, mostly because most developers were sufficiently happy with the code base, and confident enough that further iterative improvements would be enough to keep up with the growth of the site.

                      I’m not sure if I would have done better in the same situation to be honest.

                      1. 5

                        I’m not sure if I would have done better in the same situation to be honest.

                        Agreed, as someone who has spent a good chunk of his career rewriting legacy software, the rewrite never goes as smoothly as you think it will. Maybe a rewrite in 2003 would have been great, but it also could have turned out horribly and Wikipedia might have even gone defunct (who knows).

                        1. 2

                          mostly because most developers were sufficiently happy with the code base, and confident enough that further iterative improvements would be enough to keep up with the growth of the site

                          That sounds like the history of PHP.

                          I’m not sure if I would have done better in the same situation to be honest.

                          Given the amount of money the foundation has available, I can’t imagine a worse outcome. The state of WIkimedia makes the BER look like a perfectly managed project.

                          1. 6

                            Can you provide some examples ?! You seem to be biased about php code in general and comparing a working wikipedia with BER, which isn’t finished even today nor working.

                            1. 2

                              Well, they didn’t have a lot of money in 2002/2003 ($80k in 2003-2004), and it would be challenging to rewrite it all with even thousands of existing pages (never mind hundreds of thousands or millions) since you either need to maintain compatibility with the (organically grown) syntax or 100% reliably transform that to something else.

                              In hindsight, perhaps the biggest mistake they made was making MediaWiki generic Wiki software, instead of just “the software that powers Wikipedia”. I completely understand why they did that, but it does make certain things a lot harder.

                              Either way, I don’t envy the position MediaWiki developers are in, and have been in for the last ~20 years.

                          2. 4

                            Do you know this because you’ve actually hacked on the code or are you guessing? Because this sounds like something anyone could say about any 15 year old code base, while that code base could actually be a reasonable state.

                          3. 1

                            Bit late, but to be clear: this is not my comment; I am not the commenter who wrote this on HN. I simply copied it here, because it answered the question.

                          4. 6

                            hopefully it doesn’t become a progressive web app, with all of those cpu and memory-intensive pages that these ui frameworks create.

                            1. 14

                              … is there a synonym for ‘progressive web app’ that we can use? I would really like to reserve progressive, in a web context, for progressive enhancement, but I lack an alternative term to use for these offline-tolerant web apps.

                              For the unfamiliar: progressive enhancement is when you design the HTML to work on its own, and then enhance it with CSS and Javascript. The effect is that the page still works without JavaScript (necessary for low-end devices), or without JS and CSS (necessary for screen readers and programs).

                              1. 5

                                the page still works without JavaScript (necessary for low-end devices), or without JS and CSS (necessary for screen readers and programs

                                Pretty much all screen readers can deal with CSS and JavaScript, and have for many years. And low-end devices can deal fine with JavaScript as long as it’s reasonable. Actually, a click event to load some data dynamically is less resource intensive than a full page refresh in most cases.

                                1. 1

                                  Thoughtful points, thank you for that.

                                  You’re right, I think, that Javascript is not always the screen reader / accessibility problem it once was; but AFAIK it’s still capable of overwhelming slow devices, especially the copious gunk in aaaadvertisements, which also triggers lots of requests, which doesn’t help. In that way, surfing the web with JS turned off can still be a huge battery saver for many, even though a few well-designed sites use JS to save the user’s battery. (NB: am not an expert on accessibility, and have no experience of depending on it. Take my opinions with grains of salt.)

                                  For the screen readers I wasn’t so much thinking that they can’t handle CSS, but more that the (ordering of the) content should alread make sense as it appears in the HTML, without the CSS’s layout.

                                  Click events to load some data dynamically can indeed be an improvement; but you can have that and progressive enhancement, and indeed most commonly find such unobtrusive Javascript on progressive pages.

                                  There is also a category of non-progressive pages that do not work with Javascript turned off; and usually that is because they use JS for a lot more than on-click loading of data.

                                  1. 5

                                    Sure, excessive or low performing JavaScript is an issue, but that doesn’t mean all JavaScript is. The thing is that building complex-ish web applications that work 100% without JavaScript quickly becomes very cumbersome since you’ll be duplicating a lot of code in the backend; code which usually doesn’t get tested that well as may not even work correct.

                                    For example the application I’m currently developing worked 100% without JavaScript in the first versions, but eventually let that go as it just became too much effort with very little return. The JS is about 800 lines of fairly straight-forward code, and I think getting an entire application in return for that isn’t too bad actually. The alternative is a desktop application with tens of thousands of lines of code.

                                2. 4

                                  Annnnd it turns out that the ‘progressive’ in PWA stands for ‘progressive enhancement’! (1, 2, 3, search for ‘enhance’). But on the other hand I’m not at all sure how progressive your web app is if it requires at minimum a service worker — that feels like giving developers license to skip the ‘make the essentials work with HTML + forms + a server’ step.

                                  Anyway, I’m getting upvotes but no suggestions, so: please suggest synonyms!

                                  • Installable Web App
                                  • Hybrid Web App
                                  • Advanced Web App
                                  • Enhanced Web App
                                  • Local Web App
                                  • Near-native Web App
                                  1. 5

                                    If your app doesn’t work without JS it’s not a PWA.

                                    Single Page App is a term I see people use.

                                    1. 1

                                      If your app doesn’t work without JS it’s not a PWA.

                                      Can you point to sources for that claim? (edit: or just say what to use instead of service workers :) )

                                      All PWAs require at minimum a service worker and a manifest

                                      https://en.wikipedia.org/wiki/Progressive_web_application

                                      says otherwise, there are sources pointing at both Mozilla and Google for that quote.

                                      1. 1

                                        If you have a Progressive Web Page (in the “progressive enhancement” sense), you can add a service worker (as one more step along the progression) to make it a Progressive Web App. Like any other progressive enhancement, it’s OK for the “app” part to require JS as long as without JS it regresses to an ordinary web page, and not to a pile of useless bytes.

                                        1. 1

                                          I’m not sure I follow.

                                          […] you can add a service worker […]

                                          Only if my client supports and has JS enabled, which was my argument :)

                                          I think you’re saying that running an installed PWA (i.e. if service workers was not a requirement of installing it), doesn’t need JS to function? To me, that sounds like a saved HTML page (possibly with static assets), as in “what you get from ctrl+s in a desktop browser”. I don’t think that fulfills either the W or the A in PWA.

                                          1. 3

                                            Imagine a hypothetical to-do list service, implemented as a PWA.

                                            If a client has no JS, you can just type to-do items and click Submit to store them on the server, or tick a box and Submit to clear them.

                                            If a client has basic JS, you can create and complete items in real-time and those actions will be sent to the server asynchronously in the background, without reloading the page.

                                            If a client support service workers and the full nine yards, if you’re offline it also caches the changes locally and automatically syncs them back to the server, and lets you install it to your home screen as an app, etc. etc.

                                            If a particular client doesn’t support JS, that particular client won’t be able to install the page as an app and run it offline. But that’s OK: if that client can still use the website, and other, more featureful clients can use it as an app, that makes it a Progressive Web App.

                                3. 6

                                  What else would they (wikimedia) do with more money than they know how to spend?

                                  1. 9

                                    I always thought they should put the money into professionals making textbooks. Then, they sell them plus the course materials to colleges (esp community colleges). They start with general education just to make sure the books cost about nothing to students. They’re online for free, too, either immediately or after a time period. Then, they move into subjects like business, comp sci, etc. Gradually, we get a professional version of Wikipedia for both personal learning and career advancement.

                                    1. 3

                                      So, something like Wikibooks?

                                      1. 2

                                        I looked at them a long time ago. I can’t remember if they’re of the quality that business professionals and colleges would buy to replace existing resources. If they are, it’s a just marketing problem. If not, then it wouldn’t be what I was aiming for.

                                    2. 3

                                      Did wikimedia fall into a lot more money recently?

                                      1. 7

                                        Wikipedia gets more and more money every year: https://en.wikipedia.org/wiki/User:Guy_Macon/Wikipedia_has_Cancer

                                      2. 1

                                        Invest it and stop begging so much.

                                    3. 5

                                      This comment seems to indicate they’re serious about having server-side rendering, so it looks like that’s not a concern.

                                      1. 3

                                        Vue.js is pretty modular and has support for server-side rendering

                                        1. 1

                                          I agree with this, but I also think javascript can be used to improve the user experience. I would love to see a modern Wikipedia and would imagine the legacy site sticking around as well.

                                          1. 1

                                            Core reading and editing functionality should be left alone for now. A good test-case feature would be one that provides an enhancement to functionality that has a more basic, no-JS fallback.

                                          1. 3

                                            Chrome is rapidly becoming the new IE as Google keeps adding things to it without even bothering to go through W3C. This leaves other browsers playing catch up with Chrome putting them at a direct disadvantage. I think it’s a really dangerous situation to end up with only a single viable browser engine implementation that’s tightly controlled by an advertising company.

                                            1. 5

                                              Except this is standardized, supported by every major browser, and legitimately useful (not some WebUSB spec only useful for Chromebooks). I don’t like the Google monopoly as much as everyone else, but let’s not get angry over imagined reasons.

                                              1. 1

                                                ah, didn’t see that it got standardized

                                            1. 3

                                              Last I checked the stuff surrounding web components works in all web browsers.

                                              1. 9

                                                This is essentially Pale Moon developers admitting “we don’t have the resources to maintain a browser, please don’t use web standards”.

                                                1. 4

                                                  Not so quick. I quote: “[…] creates complex web page structures that cannot be saved, archived or even displayed outside of the designated targeted browsers”. The third of those is about the resources to maintain a browser, the first and second are about what users are able to do with the page.

                                                  I like archive.org. You may think that site’s a detail, not worth considering, only rendering in the browser is what matters. If so, I respectfully disagree.

                                                  1. 7

                                                    This is BS though. Nothing about web components prevents saving of pages. IIRC this comes from an old bug in Chromium that was fixed a long time ago.

                                                    1. 1

                                                      I upvoted for the note about Chromium… do you mean that using those “web components” do not add more third-party components, even components that are necessary in order to understand the page?

                                                      1. 1

                                                        I mean it’s just some nice JS APIs, not something that fundamentally changes how web pages work.

                                                        It’s actually more friendly to normal “document” pages with some “progressive enhancement” JS elements than frameworks with custom ad-hoc component models like React are. You can build similar full client-side apps with both, but those frameworks encourage that a bit more. It’s a bit harder to instantiate a React component inside a normal static document. Not hard but you do need to write a little script that would select an element and instantiate React there. Like you would do <script>$(".thingy").someGallery({config:"stuff"})</script> with jQuery plugins back in the day. With web components you can just have markup like <fancy-gallery><img ...><img ...></fancy-gallery> and the element would work without writing a single line of JS (only loading the script that registers the element itself).

                                                        1. 1

                                                          That sounds as if it tends to complicate rather than simplify static analysis of the web page. I assume that services like archive.org use static analysis, carefully and conservatively I’m sure.

                                                    2. 3

                                                      That is just factually incorrect. You can in fact save and/or archive a page with WebComponents. All browsers except for niche ones support their display. Nothing in that open letter is factual.

                                                1. 1

                                                  Note that this book dates from the early ‘90s. (I couldn’t find a copyright date, but the introduction says

                                                  A forthcoming book on active database systems is [DW94]

                                                  and I didn’t see any reference in the bibliography dated later than 1992.

                                                  This would explain why there are no references to non-relational (“NoSQL”) databases…

                                                  1. 4

                                                    This would explain why there are no references to non-relational (“NoSQL”) databases…

                                                    There were NoSQL databases in use then, but most were legacy. Think MUMPS (used widely in healthcare… now YottaDB rebrands it as a hip new NoSQL database!), hierarchical pre-System R databases on mainframes, and Pick/MultiValue “lol arrays in SQL”. More mainstream back then would be Domino (replicated document database… yes, that Domino) and dBase (flat).

                                                    1. 1

                                                      What’s your exposure to MUMPS? My dad has worked with MUMPS in healthcare programming for the last twenty years. I learned the MUMPS REPL as a kid and my first programming internship was at a company my dad used to work for where I learned more MUMPS.

                                                      1. 2

                                                        I know someone who writes MUMPS for a living in the healthcare industry; that, and if you play with old DEC stuff, they have a very robust MUMPS implementation available. Heck, VistA is public domain, if you want such an example!

                                                      2. 1

                                                        Domino was Lotus Notes, right? Notes was a huge influence on CouchDB.

                                                        I know there were databases prior to the relational/SQL wave, but my impression is that after SQL took over they were relegated to the dustbin of history for a while … until web developers and proto-big-data analysts got fed up trying to make MySQL scale and began (re)inventing distributable systems like memcached.

                                                        (And yeah, I work at Couchbase, which has considerable DNA from both CouchDB and memcached.)

                                                        1. 2

                                                          Time again to share this epic tale of Damian Katz rewriting Lotus Notes’ Formula engine:

                                                          http://damienkatz.net/2005/01/formula-engine-rewrite.html

                                                      3. 1

                                                        This would explain why there are no references to non-relational (“NoSQL”) databases

                                                        Distributed systems aside there’s not a ton of innovation in most “NoSQL” from an implementer’s perspective. One might argue that they’re making different/better tradeoffs but it’s hard to distinguish that from immaturity from the outside.

                                                        1. 1

                                                          I think you’ve got it backwards: there’s not a ton of novel theory behind a lot of NoSQL, but plenty of interesting implementation to make them fast and scalable.

                                                          ( “distributed systems aside” is a very big aside. :)

                                                          1. 2

                                                            but plenty of interesting implementation to make them fast and scalable

                                                            They’re interesting case studies, sure, and their relative naïveté can make them easier to grok in a lot of cases. But there’s nothing fundamentally “fast” or “scalable” about throwing out SQL - it’s mostly different points in the design space.

                                                            1. 1

                                                              Um. Do you have an ax to grind here? Your tone is coming off as kind of db-theory hipster.

                                                              NoSQL is an problematic name, of course, because it isn’t actually about SQL, it’s about non-relational. Several “NoSQL” databases support variants of SQL. What’s more important are things like eventual consistency, partition tolerance, flexible schemas, etc.

                                                      1. 9

                                                        As for the .NET CLI, it just never seems to have caught on for realsies much outside of the Microsoft world. I’m really not sure why; it’s a technological improvement to the JVM in basically every way that I am aware of

                                                        According to conversations I’ve had with Rich Hickey (who has written multiple compilers targeting each runtime) the optimizations that the CLI does tend to lean a lot more heavily on having type information available at compile time, whereas the hotspot optimizations in the JVM rely on runtime tracing data, even for languages with static types. Plus the GC implementations available on the JVM are much more efficient. Then on top of that there’s the fact that the very idea that programs could be portable across operating systems is a relatively recent development in CLI-land.

                                                        1. 11

                                                          Unavailability on desired platforms and being publicly dropped by Microsoft before they started porting .NET was definitely a huge factor. ironruby and ironpython were rather visibly discontinued. .NET CLI and .NET in general would have had a huge impact if Microsoft had pushed towards multiplatform earlier.

                                                          1. 2

                                                            Better late than never :P

                                                          2. 4

                                                            Then on top of that there’s the fact that the very idea that programs could be portable across operating systems is a relatively recent development in CLI-land.

                                                            I’m still mad about all the FUD…

                                                            1. 3

                                                              As I understand it, Mono is a reimplementation of C# and .NET. I think the perception of many developers who are not already familiar with C# and .NET is that two runtimes (Microsoft and Mono) creates a lot of added complexity versus just running Java or Python or whatever on all platforms.

                                                              I don’t think that’s completely unreasonable to be honest, in spite of seeing most of my Linux games run quite well with Mono/Unity.

                                                              1. 1

                                                                Mono is great, but it was seen as an effort that Microsoft didn’t quite want for a long time. To be quite frank, I think Microsoft not immediately jumping on the Mono train has not helped them.

                                                                1. 3

                                                                  A lot of it was:

                                                                  1. .NET developers ignoring a workable Mono for years

                                                                  2. The GNU/Linux community spreading FUD (not helped by the FSF promoting dotGNU instead, which was a shitshow from rms appointing someone who used the label to develop PHP groupware), going as far as cancelling people over Mono. This didn’t help the lack of polish on GNU/Linux despite the tight integration with things like GTK.

                                                                  3. Now people pay attention to .NET on non-Windows, but I feel the .NET ecosystem might not be moving in a good direction (Core’s long-time dislike of DllMap and seeming desire to reinvent bad solutions like JNI when Mono had workable solutions to real problems, emphasis on performance above other concerns, potential Scala/C++ level featuritis in C#, etc.)

                                                                  But this is just my own opinion, of course.

                                                                  1. 1

                                                                    Ah, that’s what you mean with FUD. Yes, agree on all points.

                                                            1. 2

                                                              I’m probably one of the unlucky ones. I switched my Ubuntu to Gnome from Unity and found a lot of pretty serious regressions in experience. Like:

                                                              • There are intermittent freezes of the lock screen when it isn’t interactive for dozens of seconds. They seem to be network related, like when you open a laptop at a new location where there’s a few new WiFi networks available.
                                                              • YouTube videos seem to play using non-accelerated rendering, I can see frame redrawing artifacts. I realize the problem could be anywhere in the stack, but it did work fine on Unity, with fractional scaling, without a hitch.
                                                              • Desktop “folder” is now a hack, and sometimes resets the icon arrangement.
                                                              • Without HUD some menu-heavy software with troubled UX history like GIMP has become unusable once again.
                                                              • There is no way to disable screen lock using settings available by default. I don’t need my screen locked about 99% of the time I open my laptop. And there is a screen lock setting, it simply has no effect.
                                                              • Various stock apps (like Calendar and Nautilus) seem to crash a lot more often. Looks like GNOME really doesn’t like long uptimes and wants you to reboot for things to stay manageable. (It’s just a feeling, not an analysis.)

                                                              P.S. In case you wonder why wouldn’t I file bugs for all of those? This is because I had enough emotionally painful experiences filing bugs to big Open Source projects over the years. I don’t want to be treated like an annoyance when I willingly donate my time for them.

                                                              P.P.S No, I don’t think GNOME developers owe me anything. I’m writing it not as a complaint, but as a precaution to those who would like to try GNOME, so they could adjust their expectations. I’ll be happy for everyone who doesn’t experience any of those bugs.

                                                              1. 2

                                                                Without HUD some menu-heavy software with troubled UX history like GIMP has become unusable once again.

                                                                pst

                                                                1. 1

                                                                  YouTube videos seem to play using non-accelerated rendering, I can see frame redrawing artifacts. I realize the problem could be anywhere in the stack, but it did work fine on Unity, with fractional scaling, without a hitch.

                                                                  It’s interesting that it worked well before, because all major browser vendors (Firefox, Chrome) disable video acceleration by default on Linux. Browsers need to be compiled with support and you have to pass an option to disable the blacklist (which blacklists all GPUs on Linux). The good news is that Firefox 75 is making strides when it comes to VA-API support:

                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1616185

                                                                  P.S. In case you wonder why wouldn’t I file bugs for all of those? This is because I had enough emotionally painful experiences filing bugs to big Open Source projects over the years. I don’t want to be treated like an annoyance when I willingly donate my time for them.

                                                                  FWIW: I have submitted some gnome-shell/mutter bug reports when the Wayland support was just new (it was very crashy) and I’ve found the mutter developers to be very appreciative and they fixed bugs very quickly. I do not have experience with submitting bugs for other GNOME projects though.

                                                                  1. 1

                                                                    all major browser vendors (Firefox, Chrome) disable video acceleration by default on Linux. Browsers need to be compiled with support and you have to pass an option to disable the blacklist (which blacklists all GPUs on Linux)

                                                                    That kinda conflates video (VAAPI) with graphics (OpenGL). “frame redrawing artifacts” usually means something wrong with the graphics stack. Accelerated video decoding only improves power usage/performance, but should never be necessary to avoid artifacts.

                                                                    You pretty much never had to recompile Firefox to enable GL compositing by the way, just go to about:config and tick layers.acceleration.force-enabled. Now also the MOZ_WEBRENDER=1 env variable should be sufficient to enable WebRender (more powerful than basic GL layers compositing).

                                                                1. 66

                                                                  We used to log things into a single file. It was fun! [..] Do you happen to have several servers? Good luck finding any required information in all of these files and ssh connections.

                                                                  We’ve had syslog since the 80s. It doesn’t require 3 Docker containers, a database, and a management tool to manage the containers, so guess it’s not hip enough 🤷‍♂️

                                                                  1. 12

                                                                    I love the contrast between “logging infrastructure is hard” and “use Sentry” … which is … ummm… easy to start, hard to scale. In both cases, though, you can use SaaS providers and deal only with getting the data out of your app and into their systems.

                                                                    1. 1

                                                                      and deal only with getting the data out of your app and into their systems.

                                                                      That’s not as easy in the world of GDPR. You have to be able to purge data from SaaS tools when there is leakage. Developers don’t check what they are logging unless you have virtually unworkable processes in place and end up leaking PII which doesn’t get noticed until someone else is troubleshooting a problem.

                                                                      Clearing the PII from the SaaS provider can be challenging in many cases, but longer-term they also become a potential target for attackers. At minimum, keeping a short retention window is good. Overall, it’s just another thing to think about, but many people do get time to think about this topic until it’s too late.

                                                                    2. 6

                                                                      Syslog usually means your application needs to make a dgram Unix socket connection, which is kind of exotic and not available everywhere. Your application also needs a switch for it, or someone may try to run it in the foreground and wonder why everything’s quiet. Collecting logs from several servers is also finicky configuration and kind of unreliable in my experience.

                                                                      Just print to stderr and let the service manager handle it.

                                                                      1. 16

                                                                        I posted my comment late last night, and is probably a bit more snarky and abrupt that it should have been. To expand a little:

                                                                        I don’t think syslog is perfect, or suitable for every situation, or that other solutions don’t have advantages over syslog; the gripe I have is that the situation is presented as “oh, look at the old way, how antiquated! Here’s a new super-complex solution for you to use” whereas in fact, people discovered exactly the same problems and invented solutions for it (such as syslog) before most of us were involved in computing, or even born. Turns out people doing computing in the 80s weren’t complete blubbering idiots.

                                                                        This is part of a general pattern of annoyance I’ve seen recently where “old” solutions are misrepresented as being much more simplistic than they actually are – usually out of ignorance, not malice – before declaring we should all be using this really complex “modern” solution. Sometimes that’s the case, but a lot of the times it’s not, or at least more nuanced. For a lot – though obviously not all – of cases, “old” solutions like logging to files, syslog, or stderr is just fine.

                                                                        1. 2

                                                                          Sorry, mine was equally snarky. And I missed the underlying point, which I do agree with. :-)

                                                                        2. 8

                                                                          kind of exotic and not available everywhere

                                                                          What universe are we living in where making a Unix socket connection is “kind of exotic”? Oh yeah, a world where Unix won, fair and square. There’s nothing exotic or strange about Unix sockets. They’re supported on every platform. Any platform that doesn’t support them is a bad platform.

                                                                          1. 4

                                                                            There’s a lot exotic and strange about Unix sockets.

                                                                            When someone says ‘Unix socket’, they usually mean SOCK_STREAM, and that is often well supported. But syslog uses SOCK_DGRAM, which for example Node.js doesn’t support out of the box. You can also have SOCK_SEQPACKET Unix sockets, apparently, but I’ve never seen that in practice.

                                                                            But people do all sorts of arguably exotic things with Unix sockets, like passing file descriptors or using the remote UID for authentication.

                                                                            1. 6

                                                                              I don’t think any behaviour standardised by POSIX is “exotic”.

                                                                              1. 6

                                                                                There’s a lot of baroque and antiquated stuff in POSIX if you read the spec. A lot of it is a tortured attempt to avoid standardizing things like tar (see pax).

                                                                                1. 1

                                                                                  Antiquated and exotic are not the same thing.

                                                                                  1. 4

                                                                                    Sometimes it’s actually both. Ever seen POSIX AIO?

                                                                                    1. 1

                                                                                      POSIX AIO is not exotic. Nothing standardised by POSIX is exotic, almost by definition. It’s the set of standardised interfaces common to all operating systems. It’s the portable operating system standard.

                                                                                      POSIX AIO might be bad but exotic it is not.

                                                                                    2. 1

                                                                                      I guess it depends on what you mean with “exotic”, but there are certainly some parts of POSIX that almost no one uses, for example the sccs VCS, batch functionality (q* commands), messaging tools (write, talk, etc), iso646.h (macros && to and etc), and probably some more.

                                                                                      These parts are rarely seen, and many people don’t even know about it, thus “exotic” sounds like a pretty apt description.

                                                                                2. 1

                                                                                  Most modern syslog daemons support TCP sockets as well. Additionally you can always send messages via “regular” (non-UNIX) UDP socket bound on loopback address. So I do not think that is much of the problem. It can be a little bit more problematic in case of systemd journal, but in such cases you can always fall back to just logging to stdout and binding that to the journal via StandardOutput=journal.

                                                                                  1. 1

                                                                                    I agree. I don’t know if you already used the C API for passing file descriptors over sockets with recvmsg because it’s rather… very special. Even the best possible man page about this would be rather very confusing and hard to understand, and since it’s a lot about allocating buffers of the correct size I’m very concerned about security. It’s probably the weirdest C API I’ve ever seen.

                                                                            1. 3

                                                                              It might be interesting to compare the ARM implementation with the CHERI, SPARC, and (undocumented) Power tagged memory extensions.

                                                                              1. 8

                                                                                Have you read Bill Kent’s essay on this? I think you’d really like it.

                                                                                The choice of syntax is partially due to heritage: F# is based on ML, which is based on math, and JavaScript syntax is based on Java -> C -> Algol -> FORTRAN.

                                                                                This is incorrect. Algol does not derive from FORTRAN. Additionally, neither Algol nor FORTRAN follow C’s style of equality and assignment. Algal uses := for assignment and = for equality, while FORTRAN uses = and .EQ.. C actually gets its style from BCPL, which got its own style from a deliberate simplification of CPL. I wrote a bit more about this here.

                                                                                Also, ML has mutable assignments with :=.

                                                                                1. 3

                                                                                  Thanks for the correction; I’ll update the post.

                                                                                  No, I hadn’t seen that essay; thanks!

                                                                                  Edit: This chart indicates otherwise? It’s a minor point in the article, but I’m interested in the truth. Why do you say “Algol does not derive from FORTRAN?”

                                                                                  1. 4

                                                                                    Edit: This chart indicates otherwise? It’s a minor point in the article, but I’m interested in the truth. Why do you say “Algol does not derive from FORTRAN?”

                                                                                    Oop, I could be completely wrong here! I’d have to go and review all my notes on that. This is all stuff I’m now pulling out of my butt:

                                                                                    In Favor:

                                                                                    • John Backus worked on both
                                                                                    • Everybody knew about Fortran at the time

                                                                                    Against:

                                                                                    • None of the Algol material I could dig up mentioned FORTRAN
                                                                                    • I haven’t found any “language cognates” in Algol that could have come from FORTRAN
                                                                                    1. 3

                                                                                      I suspect the truth is somewhere in between. Lots of languages influenced Algol, but a straight line from FORTRAN may be overstating the facts.

                                                                                    2. 4

                                                                                      Fortran originally just had .EQ., .NE., .GT., etc. Support for = came later.

                                                                                      Fortran and Algol coevolved to some degree, so they cannot be placed in a tree.

                                                                                      1. 3

                                                                                        I think ALGOL derived from FORTRAN about as much as any other language [edit: ..that existed at the time]. It would depend if we’re talking ALGOL 60 specifically, or 58 (arguably closer to FORTRAN), or the whole “family”.

                                                                                        The last page of The Early Development of Programming Languages sums it up really well.

                                                                                      2. 2

                                                                                        Also ALGOL is based heavily on mathematics.

                                                                                        1. 2

                                                                                          Have you read Bill Kent’s essay on this?

                                                                                          I think we need to give you the “Bill Kent Stan Account” hat. Not that I’m complaining; I’ve liked what I’ve read.

                                                                                          1. 4

                                                                                            This is the nicest thing anyone’s ever said to me

                                                                                            1. 1

                                                                                              Hey, at least it’s a Twitter display name!

                                                                                        1. 8

                                                                                          Using plain PHP templates is a bad idea because

                                                                                          • it relies on the fact that PHP treats accesses to undefined variables as something relatively normal
                                                                                          • it doesn’t do any kind of string quoting/escaping by default and there’s no way to add default processing. Yes, you could be using htmlspecialchars everywhere, but forget it once and you have an XSS at your hand. Proper template engines escape by default. Forget to mark something as HTML and you have visible markup on the page which is way better than XSS.
                                                                                          • PHP templates allow unmitigated access to global state and due to the they how PHP keeps request state as mutable global dictionaries, this means that PHP templates can even mutate request state at will.
                                                                                          • include() puts the template file into the current scope, so a template gets access to all of the variables in scope inside of the rendering function (which, as the article explained, also included $this.
                                                                                          • Because the templates are plain PHP, there’s nothing a template can’t do, including accessing external resources, reading the file system, etc. Yes. you shouldn’t put business logic in your templates, but it happens and then you’re screwed a few years down the line.

                                                                                          People have invented template engines for reasons. Most of them were and still are valid reasons.

                                                                                          1. 2

                                                                                            Author here. You are mostly right, but in most cases I’d consider those a feature and not necessarily a problem. Those features help keeping things simple. Of course you can abuse those features, but you shouldn’t.

                                                                                            As for the escaping to avoid XSS: you are very right. This is the weakest point of this approach to doing templates and requires a certain amount of developer discipline when designing the templates…

                                                                                            1. 2

                                                                                              I’d consider those a feature and not necessarily a problem

                                                                                              so did I nearly 20 years ago and now I wish I hadn’t.

                                                                                              Of course you can abuse those features, but you shouldn’t.

                                                                                              people always think that and poof 10 years (if you’re lucky. probably sooner) later they drown in technical dept and the rewriting-effort starts to get going.

                                                                                              requires a certain amount of developer discipline when designing the templates

                                                                                              discipline doesn’t work. Never has. You only need to forget a single htmlspecialchars() to get the equivalent security of having none. A solution that requires the developer to take care of all instances of something when all an attacker needs is a single instance can’t scale.

                                                                                              Simplicity is nice, but not at this price.

                                                                                              1. 2

                                                                                                I appreciate where you are coming from. I’ve worked in “enterprise” software development where my approach would make people lose their shit. I’m trying to get that way of working out of my system and build neat simple solutions that are not perfect, but are worth considering, probably for many (smaller) projects. If nothing else, it introduces you to some nice long forgotten PHP features :-)

                                                                                              2. 1

                                                                                                It would be possible to write a template validator that inspects template PHP files and has a whitelist of acceptable PHP features. Things like <?=$var?> could be flagged, and the Tpl class could have an extra function so that you can do <?=$this->unescaped($var)?> if you really mean it. You only need to run the validator when you ship the template, in the same way you already run the rest of your code through Phan and/or Psalm.

                                                                                                About $this being in the scope, I do think that’s a feature, but for shorter templates, would it be possible to make in-scope functions, so that you can write <?=e($var)?> instead of <?=$this->e($var)?>?

                                                                                              3. 2

                                                                                                This is a bit contradictory as all PHP template engines suffer from these problems.

                                                                                                1. 2

                                                                                                  That doesn’t mean they’re good. There are template engines that can give you at least default escaping. I’ve used to maintain PHPTAL that has context-sensitive escaping and even ensures HTML is well-formed.

                                                                                                  Some template engines claim to be “universal” or “format-independent”, so that you can use the same syntax for HTML, e-mails, and even SQL if you want. But in practice it means they’re not good for anything: you get XSS, messed up e-mail encodings, and SQL injections.

                                                                                                  “Just don’t write bugs” approach doesn’t work, so you really need a template engine where security vulnerability isn’t the default behavior.

                                                                                                  1. 2

                                                                                                    There is no default escaping. There is only code. If you rely on the template engine you’re relying on someone else to do the escaping for you.

                                                                                                    All output is done using ‘echo’, ‘print’, etc. Make a custom “always escaping” function or method, and you have just as good “default escaping” as any template engine can provide.

                                                                                                    1. 2

                                                                                                      “There is only code” entirely misses the point of secure defaults. If you have to remember to use an escaping function, you will eventually forget it, and create an XSS vuln.

                                                                                                      PHP templates == XSS, and this is a people problem, not a code problem.

                                                                                                      PHP makes it particularly messy:

                                                                                                      • Humans are bad at noticing absence of things, so a code review is more likely to miss <?=$foo than it would ${foo|unsafe} (both equally risky, but one looks more innocent).

                                                                                                      • Escaping is technically required pretty much everywhere in HTML for syntax correctness, but there’s a commonly held belief that escaping is only for “untrusted” data or strings that “contain unsafe characters”. Or that strings can be “sanitized” by stripping tags. This creates disagreements about what even has to be escaped.

                                                                                                      1. 2

                                                                                                        You’re missing the point. The people who make the engine also have to remember to escape and what not, they will eventually forget it too. It doesn’t matter.

                                                                                                        Besides, when you add a huge monster of a template engine the chance of errors, mistakes, and security issues increase exponential.

                                                                                                        Adding some engine doesn’t automatically solve these problems. Good coding solves these problems.

                                                                                                        1. 1

                                                                                                          There are far less boundaries/inputs in the template engine than there are in your own code, combined with the amortization of effort.

                                                                                                          “Good coding” doesn’t solve the massive safety issues we have with programming the same way that “good driving” makes seatbelts redundant.

                                                                                                2. 1

                                                                                                  I think it’s fine for smaller projects; e.g. the type where everything is just in one or a few pages. Not having an external dependency is a pretty good advantage in those cases.

                                                                                                1. 7

                                                                                                  First comment in this HN thread is from someone who worked on it.

                                                                                                  1. 1

                                                                                                    remove description; linux -> networking since it’s about a network protocol

                                                                                                      1. 11

                                                                                                        They changed the way it works a while ago: unclaimed contributions are refunded, rather than claimed by Brave.

                                                                                                        1. 25

                                                                                                          The guy I caught pulling wallet out of my pocket returned it when I caught and confronted him.

                                                                                                          He’s trustworthy again.

                                                                                                          1. 4

                                                                                                            To be honest, I’m not sure if I understand where these assumptions of malice come from. My own much more optimistic interpretation is that Brave is trying to figure out a new/better revenue model for the web, and in doing so it made a (now-corrected!) mistake in how it works.

                                                                                                            Whether their new model actually is better is another discussion, but I’ve never really seen anything to justify calling it a “scam” or comparisons to pickpockets.

                                                                                                            1. 7

                                                                                                              The guy I caught pulling wallet out of my pocket returned it when I caught and confronted him.

                                                                                                              How on Earth is that an appropriate analogy?

                                                                                                              It’s more like, someone created an economy you had no clue about (still have no clue about), and made some changes to make it more fair. You were given money by said economy, and now you’re being given money in a more fair way by that economy. Money you did not do any job for. Money you signed no contract to get. Money that someone else labored for you to have.

                                                                                                              1. 4

                                                                                                                After taking another economy I was using

                                                                                                                1. 5

                                                                                                                  Anecdote alert. The only people I know who use Brave are the ones who would use an adblocker regardless. So any funds Brave provides from their visits are funds that the website otherwise would never receive.

                                                                                                                  1. 1

                                                                                                                    Heavily disagree. They are marketing to people that do not currently use an adblocker. They are increasing the ad-blocking population, and giving them ads regardless. And regardless, I do not care if somebody blocks ads on my site with an adblocker, as it’s usually their own choice. I do care if someone changes the ads that are given to others to their own, ripping me off in the process. The difference is similar to that of someone choosing not to buy anything above essentials in a store(which are often sold at a very low profit margin, or even loss) and someone swapping a few shelves in my store with their own with a separate checkout. Would you be fine with the first one? Probably yes, as it’s a reasonable thing for someone to do. Would you be fine with the second one? I don’t think so.

                                                                                                                    1. 2

                                                                                                                      They are increasing the ad-blocking population, and giving them ads regardless. [..] someone changes the ads that are given to others to their own, ripping me off in the process

                                                                                                                      As a publisher, I have the option to “Allow Brave to serve ads on my website”, which is displayed prominently on the dashboard and off by default. So as I understand it, you’re pretty much in control yourself, and Brave isn’t deciding anything for you regarding the ads on your website. AFAIK it has always worked like this.

                                                                                                                      1. 2

                                                                                                                        Heavily disagree.

                                                                                                                        You can disagree with someone, but that doesn’t make you right. Here’s a list of false statements you just made:

                                                                                                                        and giving them ads regardless.

                                                                                                                        False. Ads in Brave are opt-in.

                                                                                                                        I do care if someone changes the ads that are given to others to their own, ripping me off in the process

                                                                                                                        False. You’re being compensated. (Possibly even better than whatever you’re making from selling out your visitors and violating their security and privacy.)

                                                                                                                        someone swapping a few shelves in my store with their own with a separate checkout.

                                                                                                                        False. Unless you are the creator of these ads, or are in the business of selling ads, your website’s content is not being changed and this analogy breaks down. Someone else’s content — a malvertiser that you’ve chosen to subject your users to without their consent, whose content you have little to no control over — is being blocked.

                                                                                                                        1. 1

                                                                                                                          False. Ads in Brave are opt-in.

                                                                                                                          And I don’t care if they are opt in. People in a store can choose if they want to buy from their put in shelf.

                                                                                                                          False. You’re being compensated.

                                                                                                                          I am not being compensated. I am being offered a compensation, that I may or may not take, or even be aware about. I know about them, but do others? Doubt so.

                                                                                                                          False. Unless you are the creator of these ads, or are in the business of selling ads, your website’s content is not being changed and this analogy breaks down. Someone else’s content — a malvertiser that you’ve chosen to subject your users to without their consent, whose content you have little to no control over — is being blocked.

                                                                                                                          Excuse me, but this does not sound coherent to me. Attention to adverts is a way of payment for my content so to say. And usually it’s the content provider that dictates what choices of payment someone should be able to use. It might be ads, it might be subscription/patreon or whatever. If the client does not agrees to those terms they will not get the product(content) from me. Brave wants to force me to accept their way of payment. Now, I don’t know about you, but I doubt that if you, for example, went to your local store, wanted to buy something, and when asked for what method you’ll use to pay for it, answered “Bitcoin”, the store would accept it. They will not care if you say “but the credit cards are used for tracking spendings”. They dictate the rules here, and they don’t want bitcoin. This is what makes Brave’s detection evasion more egregious. People think they are supporting publishers, where really, they just put money in a hidden spot for publishers to take, but only if the publisher knows that it exists from somewhere else can they take it.

                                                                                                                          (Possibly even better than whatever you’re making from selling out your visitors and violating their security and privacy.)

                                                                                                                          Oh, you think I cannot choose ad publishers that respect my clients privacy, do you?

                                                                                                                          1. 4

                                                                                                                            And I don’t care if they are opt in.

                                                                                                                            The point is you shouldn’t make false statements. Your arguments become stronger without them.

                                                                                                                            People in a store can choose if they want to buy from their put in shelf.

                                                                                                                            So you are selling advertisements? Note that I did include the exception for such cases in my comment above.

                                                                                                                            I know about them, but do others? Doubt so.

                                                                                                                            I believe Brave sends out emails to domain owners informing them.

                                                                                                                            Now, I don’t know about you, but I doubt that if you, for example, went to your local store,

                                                                                                                            My local store does not offer to sell me items by forcing me to watch advertisements and calling that payment. Nor does my local store, as far as I know, inject me with viruses or other forms of disease, in order to pay for the products on their shelves. And if they did, I would be well within my right to sue them for doing so, or repay them with some other form of retaliation. You’re lucky your visitors haven’t sued you yet.

                                                                                                                            What stores do instead is they ask me to pay for the products with some sort of currency.

                                                                                                                            Brave is protecting users from website owners who don’t know how to monetize their content properly. You should be thanking Brave for making your work and website appear better than it is. Maybe Brendan Eich even saved you from some lawsuits.

                                                                                                                            Oh, you think I cannot choose ad publishers that respect my clients privacy, do you?

                                                                                                                            I do.

                                                                                                                            1. 0

                                                                                                                              The point is you shouldn’t make false statements. Your arguments become stronger without them.

                                                                                                                              The statement was not false, it was not entirely true. They do give them ads after blocking them, just not all the time.

                                                                                                                              People in a store can choose if they want to buy from their put in shelf.

                                                                                                                              You once again misunderstood. In that metaphor, I am selling things to look at. Content, that people come for, is sold at a loss, while ads, is the things that bring me the profits. And Brave swaps several shelves of my items that bring me money, and swaps it with their own. And it’s not their stuff that brings people to the store, it’s my content.

                                                                                                                              I believe Brave sends out emails to domain owners informing them.

                                                                                                                              After them earning 100$ in 90 days if I recall correctly. A lot of sites don’t bring that kind of money.

                                                                                                                              My local store does not offer to sell me items by forcing me to watch advertisements and calling that payment. Nor does my local store, as far as I know, inject me with viruses or other forms of disease, in order to pay for the products on their shelves.

                                                                                                                              That’s a strawman. I did not said that the local store would force you to watch advertisements. In my argument, they offer payment methods that can be tracked, credit card to be exact. Surprise surprise, some people using consider credit cards as invading their privacy, and want to use cryptocurrencies instead. The business that does not want to deal with cryptocurrencies looses out on some potential customers, but the share is small enough, that they don’t really care. In my websites case, those potential customers are Brave users. I don’t want them and their stupid cryptocurrencies. Sadly, they really want to disguise themselves as legitimate credit card users.

                                                                                                                              And also, “force”? No one is forcing to buy at that store, nor to visit my website. If you don’t want to, you can just not look at the content that I’m presenting, thus not looking at the ads, and not giving me profit. It’s a free choice.

                                                                                                                              And if they did, I would be well within my right to sue them for doing so, or repay them with some other form of retaliation. You’re lucky your visitors haven’t sued you yet.

                                                                                                                              You’re out of your mind. I would enjoy seeing you try to come up with actual legal reasons for it. You might as well try, because if you do, you could make one of the biggest class action lawsuits ever.

                                                                                                                              What stores do instead is they ask me to pay for the products with some sort of currency.

                                                                                                                              And the currency I ask for is attention to ads.

                                                                                                                              Brave is protecting users from website owners who don’t know how to monetize their content properly. You should be thanking Brave for making your work and website appear better than it is.

                                                                                                                              No thanks, how do I disable it. Oh wait, I cannot, since its their profit.

                                                                                                                              Maybe Brendan Eich even saved you from some lawsuits.

                                                                                                                              Ok, I don’t understand why are you bringing lawsuits anymore. Please just stop ridiculing yourself.

                                                                                                                              Oh, you think I cannot choose ad publishers that respect my clients privacy, do you?

                                                                                                                              I do.

                                                                                                                              Well, the publishers I choose trust me with their ad delivery. Brave doesn’t.

                                                                                                                              1. 2

                                                                                                                                And Brave swaps several shelves of my items that bring me money, and swaps it with their own.

                                                                                                                                Yes, Brave does remove ads from your website. But Brave does not swap these ads with anything, “of their own” or otherwise. (Well, unless you count whitespace.)

                                                                                                                                1. 2

                                                                                                                                  Huh, must have misread that part somewhere. I still do think the practice is equivalent, as it is presented as a way support the content creators you watch, which traditional ads already do.

                                                                                                                                  1. 2

                                                                                                                                    Brave revamped rewards at least once (see comment about them no longer keeping unclaimed rewards), so maybe had considered replacing ads at some point. Currently:

                                                                                                                                    “Brave Ads are presented as native system notifications or background images in a new tab, separate from the web content being viewed.” https://brave.com/brave-rewards/

                                                                                                                                    So the user must first opt-in, and then only sees Brave’s ads on a separate tab or notification.

                                                                                                                                    it is presented as a way support the content creators you watch, which traditional ads already do

                                                                                                                                    Yes, ads are a way to support content creators. But for users who would block ads regardless, any funds Brave provides from their visits are funds that the website otherwise would never receive.

                                                                                                                                    An analogy might be a taxi that gives a cut of the fare to any store the rider visits.

                                                                                                                                    1. 2

                                                                                                                                      Correction:

                                                                                                                                      Apparently Brave has recently started testing an “Allow Brave to serve ads on my website” option for creators. (Thanks to arp242 for the heads up!)

                                                                                                                                      This would indeed make it possible for Brave to block existing ads on a website and effectively swap them out for Brave’s ads – but only with the permission of the site owner.

                                                                                                                            2. 2

                                                                                                                              I’d rather not get into all of this, but I’m curious about your last sentence.

                                                                                                                              How did you/how does one choose ad publishers that respect your clients’ privacy?

                                                                                                                              1. 2

                                                                                                                                Like how Troy Hunt does it. Serve the ads yourself with the publisher trusting your numbers.

                                                                                                                                1. 1

                                                                                                                                  Verfassungsblog also does that, and found advertisers among its readers (AIUI it’s now one of the most important fora for European constitutional law, and carries job offers etc).

                                                                                                                                  How did you find some advertisers willing to do along with that?

                                                                                                                                  1. 1

                                                                                                                                    The linked site cannot be reached. Misspelled domain?

                                                                                                                                    1. 1

                                                                                                                                      Sorry. Sleepless typist syndrome.

                                                                                                                                      Verfassungsblog is great BTW, it often has the bestest coverage of constitutional principles and background questions. Recommended for those who like long text more than up-to-the-minute headlines.

                                                                                                                          2. 1

                                                                                                                            giving them ads regardless

                                                                                                                            Except for the ads that make it past the built-in ad block, I was unaware that Brave had ever shown any user an ad regardless of the user’s choices. Do you have a link where I can read up on this?

                                                                                                                        2. 3

                                                                                                                          Sorry I don’t follow. What other economy has Brave taken that you were using?

                                                                                                                          1. 3

                                                                                                                            The ads that were supporting me. To put it the analogy again:

                                                                                                                            The guy I caught pulling wallet out of my pocket returned it when I caught and confronted him.

                                                                                                                            Brave was caught taking my ad revenue away, and returns it when I caught that and asked for it. Literally.

                                                                                                                            1. 3

                                                                                                                              Are you saying that you claimed and received ad revenue, and Brave then took it out of your account before you could transfer it elsewhere, then returned it? What happened, could you give any details?

                                                                                                                              1. 3

                                                                                                                                I was gaining ad revenue, then Brave came and took some of it away, and I can only get it back if I ask them for it. That is not how it should be. Simply said, I find it unethical from Brave(which really take pride on being ethical) to swap my way of supporting myself. I chose that I want support myself with ads, and now they are changing that choice without asking me.

                                                                                                                                1. 3

                                                                                                                                  I chose that I want support myself with ads, and now they are changing that choice without asking me.

                                                                                                                                  Understandable.

                                                                                                                                  Regarding ads, e.g. uBlock origin removes your option to support yourself with ads. Do you find uBlock origin less/more/equally unethical?

                                                                                                                                  1. 1

                                                                                                                                    No, I don’t find uBlock origin unethical, since some people need it(ADHD, etc.) and it is more akin with stealing, when Brave is more similar to paying someone else for my content, which is basically plagiarism. Maybe it might not be plagiarism, it feels a bit like plagiarism to me in it’s nature.

                                                                                                                                    1. 3

                                                                                                                                      I understand the analogy between uBlock origin and stealing. It also seems to match up with your example of a customer who only buys the essentials and/or loss leaders.

                                                                                                                                      Brave is more similar to paying someone else for my content which is basically plagiarism

                                                                                                                                      I’m not understanding the analogy between Brave and plagiarism. Can you expound on that a bit more?

                                                                                                                                      1. 1

                                                                                                                                        In plagiarism, the content is the same, just with a few details changed(name, wording, etc.) With Brave, the content is the same, just the ads have been changed.

                                                                                                                                        1. 4

                                                                                                                                          With Brave, the content is the same, just the ads have been changed.

                                                                                                                                          Brave does not change the ads on your site. Brave simply blocks them, just like uBlock Origin does. Brave changes your site by removing ads (like any adblocker would), but does not change your site by swapping in anything of its own. I’m still not understanding how this part is different than any other adblocker.

                                                                                                                              2. 3

                                                                                                                                Brave is not “taking your ad revenue away and returning it”. Users are protecting themselves from your attempts to subject them to trackers and malvertisers.

                                                                                                                                The money Brave is giving you has absolutely nothing to do with that. It has to do with the ads that Brave users have agreed to view. Which have nothing to do with your website. You’re being compensated by the fact that users have agreed to use software that allocates advertising revenue proportionally based on the websites they visit.

                                                                                                                                1. 1

                                                                                                                                  I would then very much would then like a way to block users that use Brave. But noooo, I cannot, since they are “protecting their users privacy” by spoofing their user agent with one of a legitimate browser. More like protecting their unethical source of revenue. I don’t want your shitty cryptocurrencies, and I don’t want you fooling my viewers with it.

                                                                                                                                  1. 3

                                                                                                                                    There’s nothing wrong with a computer user spoofing their user agent in order to prevent a website admin from blocking them based on the user agent string. I don’t use Brave myself so I don’t know how much control the software gives to the end-user about spoofing the user agent string - it may be less control than I’d prefer - but I don’t think that end users have any responsibility to provide accurate information about themselves or their software stacks to the websites they visit, particularly if those websites want to use that information against the user.

                                                                                                                                    1. 1

                                                                                                                                      Notably even SEO bots have higher morals and use user-agents representing themselves. If the website admin doesn’t want you to see the content on his website, then it is morally correct for you to agree with that.

                                                                                                                                      Brave just imitates user-string of the last Chrome release by default.

                                                                                                                              3. 2

                                                                                                                                It block ads that fund many sites, no?

                                                                                                                                1. 3

                                                                                                                                  You mean the ads, malware, and privacy-violating trackers that users hate and never consented to receiving? Yes, it blocks those.

                                                                                                                                  1. 1

                                                                                                                                    AIUI it blocks the trackers that feed the ads, rather.

                                                                                                                                    I was quite amazed at the effect when I configured Ghostery to block all trackers and let the rest through. I didn’t see an ad for weeks.

                                                                                                                      1. 3

                                                                                                                        More ideas off the top of my head:

                                                                                                                        • Easily scriptable GUIs. Think VBA at its most primitive, and AppleScript being able to fully automate across multiple applications. For a more macro approach, AutoHotKey.

                                                                                                                        • TUIs with different ideas: It appears I’m going to be the local IBM i user, so: F4 prompting everywhere for suggestions and prompts more powerful than tab completion (it basically has a form), context sensitive help everywhere (done on GUIs too, see balloon help on the classic Mac OS), separating commands from programs (commands handle structured arguments and wrap the program; also done by VMS), and using its richer object based environment.

                                                                                                                        • Embracing shells as documents and transcripts - Mathematica, Jupyter, MPW, Oberon, Acme.

                                                                                                                        1. 2

                                                                                                                          (Why start at version v1.20.0? To provide clarity. We do not anticipate APIv1 to ever reach v1.20.0, so the version number alone should be enough to unambiguously differentiate between APIv1 and APIv2.)

                                                                                                                          This is an uh, questionable interpretation of SemVer…

                                                                                                                          1. 1

                                                                                                                            Does the Go project use semver?

                                                                                                                            1. 1

                                                                                                                              Normally I’m pretty pragmatic, but this bugs me a lot. Yes, google.golang.org/protobuf/v2 is longer, but it also signals to new users that this isn’t just the existing v1 code moved to a new import path. IMO, they should have:

                                                                                                                              • Put the old v1 library at google.golang.org/protobuf in addition to it’s current github.com/golang/protobuf path.
                                                                                                                              • Put the new one at google.golang.org/protobuf/v2.

                                                                                                                              It also feels weird that Google gets a special subdomain on the golang.org domain. I know they wrote the language, but isn’t it supposed to be open source and owned by the community?

                                                                                                                              1. 4

                                                                                                                                isn’t it supposed to be open source and owned by the community?

                                                                                                                                No, not at all. (And open source doesn’t imply any community involvement.)