The article does not address this point at all.

To remove all undefined behaviour in C would severely impact the performance of C programs.

The post does suggest that trap-on-overflow is a superior alternative to wrap-on-overflow, and of course you could apply it to both debug and release builds if this optimisation instability concerns you. Even if you apply it just to your debug build, you’ll at least avoid the possibility that something works in the debug build but not in the release.

From the twitter thread:

Systemd does not of course log any sort of failure message when it gives up on setting up the DynamicUser private namespace; it just goes ahead and silently runs the service in the regular filesystem, even though it knows that is guaranteed to fail.

It sounds like the system had an opportunity to point out an anomaly that would guide the operator in the right direction, but instead decided to power through anyways.

So you never had legacy systems (or configurations) to support? I read Chris’ blog regularly, and he works at a university on a heterogeneous network (some Linux, some other Unix systems) that has been running Unix for a long time. I think he started working there before systemd was even created.

Why do you say that the FUSE mounts were broken? As far as we can see they were just set up in a uncommon way https://twitter.com/thatcks/status/1027259924835954689

It does look brittle that broken fuse mounts prevent the ntpd from running. IMO the most annoying part is the debugability of the issue.

Yes, it seems melodramatic, even to my anti-systemd ears. It’s a documentation and error reporting problem, not a technical problem, IMO. Olivier Lacan gave a great talk last year about good errors and bad errors (https://olivierlacan.com/talks/human-errors/). I think it’s high time we start thinking about how to improve error reporting in software everywhere – and maybe one day human-centric error reporting will be as ubiquitous as unit testing is today.

The challenging open issue I see with this sort of idea is the question of what links people will see by default when they view a page.

This is something we were concerned with at Xanadu during the development of XanaSpace (since we had all links in the form of loadable ODLs). The conclusion we came to was that a document author could recommend a particular set of links to go with their document, and that furthermore, people would produce and share collections of links (which, since they are not part of the content & are bidirectional, combine with transclusion to add additional context even to documents where the author is unaware of them) in sort of the same way as kottke.org or BoingBoing curates collections of other people’s web pages. Any resident links (including formatting links) would be applied when relevant (i.e., when the original source of any transcluded content overlapped with something mentioned in a link), and a person’s personal link collection would be private until shared.

This sort of mirrors the fediverse / SSB model of requiring intentional hops between independent communities. Taking advantage of default link sets for spamming purposes only makes sense when the landscape is flat – where everybody sees everything unless they take countermeasures, and thus anything, no matter the quality, scales up indefinitely with no further human input. If, on the other hand, things only spread when they are actively shared by individuals from across different communities (each acting as curator for the sake of their community), the impact of these problems becomes small and it ceases to be worth the effort for bad actors.

Ultimately, the links that appear on the page should be controllable by the person viewing the page, just like the formatting of the page should be under their control. In the case of links, that probably means trusting your friends and a handful of professional curators to have good taste & not scam you.

According to the guy behind handmade hero:

The fact that we currently have hardware vendors shipping both hardware and drivers (with USB and GPUs being to major examples), rather than just shipping hardware with a defined/documented interface, a la x64, or the the computers of the 80s, is a very large contributor to the fact that we have basically 3 consumer-usable OSes, and each one is well over 15 million lines of code. These large codebases are a big part of the reason that using software today can be rather unpleasant

He proposes that if hardware vendors switched form a hardware+drivers to hardware that was well-documented in how it was controlled, so that most programmers could program it by feeding memory to/from it (which he considers an ISA of sorts), we’d be able to eliminate the need for drivers as such, and be able to go back to the idea of a much simpler OS.

I haven’t watched the whole thing yet, but that’s the highlights

ZFS recordsize is extremely confusing. That description is correct at a filesystem level, but not at a file level; for a single file (or zvol), there is only one logical block size and if the file has multiple blocks, that logical block size will be the filesystem recordsize. So on a normal filesystem, if you have a file larger than 128 Kb, all its logical blocks will be 128 Kb and if you modify one byte, you do indeed rewrite 128 Kb. I had to go through an entire process of writing test files under various circumstances and dumping them with zdb to understand what was going on.

(Compression may create different physical block sizes. One potentially surprising form of this compression is compressing the implicit zero bytes at the end of files that are not exact multiples of 128 Kb. So with compression, your 160 Kb incompressible file will come out close to 160 Kb allocated on disk, instead of 256 Kb.)

My understanding is that ZFS only compresses blocks separately, since it has to be able to do random IO to them. With small block sizes on some drives, this can create a surprisingly low space savings from compression due to the fact that ZFS can only write disk-level blocks. If your disks are using 4K physical blocks (ie they’re ‘advance format’ drives) and you’re using, say, 8K logical blocks, in order to save any space from compression you need at least a 50% compression ratio, so that your original 8K block can be written in a single 4K physical block; if it doesn’t compress that much, it has to be written using two 4K blocks and you save no space. If you’re using 128 Kb logical blocks you can win from much smaller compression ratios, because you don’t have to shrink as much in order to need fewer physical blocks.

(SSDs are somewhat inconsistent in whether they report having 512 byte physical blocks or 4K physical blocks. It’s all smoke and mirrors on SSDs anyway, so the whole mess is inconvenient for ZFS.)

This is somewhat disingenuous. Web browser’s HTML parser needs to be compatible with existing web, but W3C’s HTML4 specification couldn’t be used to build a web-compatible HTML parser, so reverse engineering was required for independent implementation. With WHATWG’s HTML5 specification, for the first time in history, a web-compatible HTML parsing got specified, with its adoption agency algorithm and all. This was a great achievement in standard writing.

Servo is a beneficiary of this work. Servo’s HTML parser was written directly from the specification without any reverse engineering, and it worked! To the contrary to your implication, WHATWG lowered barrier to entry for independent implementation of web. Servo is struggling with CSS because CSS is still ill-specified in the manner of HTML4. For example, only reasonable specification of table layout is an unofficial draft: https://dbaron.org/css/intrinsic/ For a laugh, count the number of times “does not specify” appear in CSS2’s table chapter.

This is an interesting interpretation, but I’d call it incorrect.

• the reason to create whatwg wasn’t about control
• XHTML had little traction, because of developers
• html5 (a whatwg standard fwiw) was the first meaningful HTML spec because it actually finally explained how to parse it
• w3c didn’t “start working on a new Dom”. They copy/backport changes from whatwg hoping to provide stable releases for living standards
• this has nothing to do with DRM (or EME). These after completely different people!
• this isn’t about lobby groups, neither is this avout influencing politics in the US or anywhere.

I’m not speaking on behalf of my function in the w3c working group I’m in, nor for Mozilla. But those positions provided me with the understanding and background information to post this comment.

XHTML was fairly clearly a mistake and unworkable in the real world, as shown by how many nominally XHTML sites weren’t, and didn’t validate as XHTML if you forced them to be treated as such. In an ideal world where everyone used tools that always created 100% correct XHTML, maybe it would have worked out, but in this one it didn’t; there are too many people generating too much content in too many sloppy ways for draconian error handling to work well. The whole situation was not helped by the content-type issue, where if you served your ‘XHTML’ as anything other than application/xhtml+xml it wasn’t interpreted as XHTML by browsers (instead it was HTML tag soup). One result was that you could have non-validating ‘XHTML’ that still displayed in browsers because they weren’t interpreting it as XHTML and thus weren’t using strict error handling.

(This fact is vividly illustrated through syndication feeds and syndication feed handlers. In theory all syndication feed formats are strict and one of them is strongly XML based, so all syndication feeds should validate and you should be able to consume them with a strictly validating parser. In practice plenty of syndication feeds do not validate and anyone who wants to write a widely usable syndication feed parser that people will like cannot insist on strict error handling.)

The mention of Trump is pure trolling—as you yourself point out, the dispute predates Trump.

My understanding is that part of Canon’s edge in the 1990s ultimately came from the fact that they were willing to move to a new mount in order to enable better AF and other things (FD to EOS/EF in 1987). Arguably Canon could afford to do this because they were the underdogs; moving to a new mount and thus instantly orphaning all of their existing customers wasn’t the huge deal it would have been for Nikon, because Canon didn’t have as many customers.

(In the context of this Medium story, I think this is an important difference. It shifts the lessons from ‘Nikon not grasping things’ to ‘underdogs can afford to do disruptive things that leaders can’t’.)

Hello..ouch light on sourcing :-) I included photos of magazine articles, ads, and brochures as well as my own lens ;-) What am I missing.

I tried not to gloss over this but clearly it didn’t sink in. Nikon was extremely focused on professionals and took a very conservative approach for this reason. They tended to view AF as a consumer feature and kept a very clean separation between consumer and pro cameras over concerns of both cannibalization and making pro cameras seem too gimmicky (even to the degree of worrying about having a backup mechanical shutter in the f3).

There are many magazine articles at the time debating autofocus and critical of the speed. The F3AF is horrendously slow and because it required a special finder and body and had only two slow lenses it was much more of an experiment. But the speed made it seem self-fulfilling.

it is worth noting that Nikon’s AF lens line came out the same year as the EF mount. It was also the same year as the Nikon F4 which was a pro camera with autofocus. The F4 was a big improvement over the F3 even without autofocus which led to a slower ramp up time of AF with Pros. I posted on FB a photo of the full range of AF lenses introduced at the time. Worth noting is that shortly after intro the AF lenses were all revised again to add “D” designation for distance information from lens to camera—already in the EF series.

Nikon was loathe to introduce electronic aperture since new lenses would not work at all with older cameras. It is only with the E and G lenses that the break has finally been made. Again they started with consumer lenses interestingly enough.

This specific study is Nightly only. In general I’d expect and hope that similar studies would only be run against Nightly for various reasons. However, as far as I can tell the current Mozilla privacy policy makes no difference between Nightly and Beta, and therefore Mozilla could consider themselves to have permission to run these opt-out studies on Beta, just as they have with Nightly. Mozilla may clarify this in the future.

On a pragmatic level, doing something like this with Beta would probably be much more visible and produce many more annoyed people and bad publicity, so I think Mozilla probably has good reasons to avoid it unless they have a study that they consider really important. Beta also has enough visibility that news about such an opt-in study would probably be widely distributed and well know, so you’d hear of it enough in advance to do something.

(I’m the author of the article.)

I mean, it’s POSIX specified behavior that any file that is executed that isn’t a loadable binary is passed to /bin/sh (”#!” as the first two bytes results in “implementation-defined” behavior), and it’s POSIX specified behavior that absent anything else, a shell script exits true.

It’s no more coincidental and implicit than “read(100)” advances the file pointer 100 bytes, or any other piece of standard behavior. Sure, it’s Unix(-like)-specific, but, well, it’s on a Unix(-like) operating system. :)

yes an empty file signifying true violates the principle of least astonishment.However if there were a way to have metadata comments about the file describing what it does, how it works, and what version it is without having any of that in the file we’d have the best of both worlds.

true being implementable in Unix as an empty file isn’t elegant—it’s coincidental and implicit.

But isn’t this in some sense exactly living up to the “unix philosophy”?

Why is it weird that true need be a command at all?

To me, the issue is whether it is prone to error. If it is not, it is culture building because it is part of the lore.

Any application that has downloaded a piece of content serves that content to peers.

The other issue with this is what if the content is illegal? (classified government information, child abuse, leaked personal health records, etc.) There are some frameworks like Zeronet where you can chose to stop serving that content, and others like FreeNet where yo don’t even know if you’re serving that content. (These come with a speed vs anonymity trade-off of course).

I do agree with the idea that any content you fetch, you should reserve by default, maybe with some type of blockchain voting system to pass information along to all the peers if some of the content might be questionable, giving the user a chance to delete it.

My view is that the most important division between a shell language and a programming language is what each is optimized for in terms of syntax (and semantics). A shell language is optimized for running external programs, while a programming language is generally optimized for evaluating expressions. This leads directly to a number of things, like what unquoted words mean in the most straightforward context; in a fluid programming language, you want them to stand for variables, while in a shell language they’re string arguments to programs.

With sufficient work you could probably come up with a language that made these decisions on a contextual basis (so that ‘a = …’ triggered expression context, while ‘a b c d’ triggered program context or something like that), but existing programming languages aren’t structured that way and there are still somewhat thorny issues (for example, how you handle if).

Shell languages tend to wind up closely related to shells (if not the same) because shells are also obviously focused on running external programs over evaluating expressions. And IMHO shells grow language features partly because people wind up wanting to do more complex things both interactively and in their dotfiles.

(In this model Perl is mostly a programming language, not a shell language.)

Thanks, glad you like the blog.

So maybe these are good reasons (not sure if they are or aren’t) why Ruby and Python scripts aren’t clearly better than shell scripts.

Well, if you know Python, I would suggest reading the linked article about replacing shell with Python and see if you come to the same conclusion. I think among people who know both bash and Python (not just Python), the idea that bash is better for scripting the OS is universal. Consider that every Linux distro uses a ton of shell/bash, and not much Python (below a certain level of the package dependency graph).

The main issue is that people don’t want to learn bash, which I don’t blame them for. I don’t want to learn (any more) Perl, because Python does everything that Perl does, and Perl looks ugly. However, Python doesn’t do everything that bash does.

But again, it doesn’t seem to clearly answer why the domain language for manually interacting with the operating system should be the same language used to write complex scripts that interact with the operating system.

There’s an easy answer to that: because bash is already both languages, and OSH / Oil aim to replace bash.

Also, the idea of a REPL is old and not limited to shell. It’s nice to build your programs from snippets that you’ve already tested. Moving them to another language wouldn’t really make sense.

I’ve done this (for a different reason; I originally started it because I wanted to use my window manager to track open pages, which is far more effective than the browser’s pitiful tab bar) but I’ve noticed similar benefits of making the browser seem like less of a “place”.

Bear in mind that often much of what you’ll see about anything, systemd included, is complaints; people write less praise for things for various reasons, and such praise often gets less publicity than juicy bad news like this. I say this as the original entry’s author and someone who has written about, eg, things that systemd gets right and my overall views on systemd, to go along with the various bad things I’ve written about systemd (this latest annoyance included).

The specific NFS issue involved here is not a trivial one to solve and past solutions in other init systems have had their own fragilities, where they might do things like kill necessary daemons too early because the init system didn’t know you had an unusual configuration. In one sense systemd appears to be doing exactly what it was told to do, and part of the issue is that Ubuntu created an overall configuration where they didn’t make sure that everything would happen in the right order. Systemd could do better but a reasonably general solution would require some policy decisions and possibly significantly more work.

There’s also https://github.com/golang/go/issues/19348; they’ve laid some groundwork to inline more, but they need to keep stack traces correct and compile-time cost reasonable.

This bit is interesting:

I already expressed dislike for //go:noinline, and I will firmly object any proposal for //go:mustinline or something like that, even if it’s limited to runtime.

Can anyone elaborate on this? Is it just a matter of abuse? I not-so-infrequently find myself in a position where a function i want inlined doesn’t get inlined, and I’m thankful that i have the tools to force the issue. I’ve found the other direction useful as well, particularly for profiling.

There is a reasonable explanation from a former Red Hat developer who worked on btrfs. I have quoted most of his comment for convenience:

People are making a bigger deal of this than it is. Since I left Red Hat in 2012 there hasn’t been another engineer to pick up the work, and it is a lot of work.

For RHEL you are stuck on one kernel for an entire release. Every fix has to be backported from upstream, and the further from upstream you get the harder it is to do that work.

Btrfs has to be rebased every release. If moves too fast and there is so much work being done that you can’t just cherry pick individual fixes. This makes it a huge pain in the ass.

Then you have RHEL’s “if we ship it we support it” mantra. Every release you have something that is more Frankenstein-y than it was before, and you run more of a risk of shit going horribly wrong. That’s a huge liability for an engineering team that has 0 upstream btrfs contributors.

The entire local file system group are xfs developers. Nobody has done serious btrfs work at Red Hat since I left (with a slight exception with Zach Brown for a little while.)

https://news.ycombinator.com/item?id=14909843

Pure speculation on my part: RHEL/CentOS uses XFS now by default. I guess this is “good enough” and due to changing requirements of their customers, mostly towards virtualization, container technology, overlay filesystems etc., btrfs became a solution looking for a problem?

Maybe they have a plan to use ZFS at some point? I wish they had included some explanation for dropping support.

My suspicion is that when Red Hat added btrfs to RHEL 6 as a technology preview they expected it to stabilize and to move to a fully supported thing within a major release or two of RHEL, but now Red Hat’s engineering no longer believes that this is going to happen soon enough. Based on a three to four year release cycle, RHEL 8 is probably going to be released within a year (RHEL 7 came out June 2014), so now is about when Red Hat could be making engineering decisions about what will be included and what won’t be.

FastCGI was from an era when putting a scalable HTTP server in your process was super expensive. This is still (largely) the case for some languages, e.g. Ruby and Python, which is why things like rack, and wsgi exist. Those solutions are just specialized, Lang specific implementations of the FastCGI ideals, really.

So, the history here, briefly:

1. Documents only
2. CGI for dynamic responses (with Perl being super common)
3. JSP with “application servlet containers”
4. mod_perl / mod_php embedding the Lang into apache
5. SCGI / FastCGI (for persistent external to web server processes)
6. Rack / WSGI to isolate the application from the details of how it interacts with the outside world
7. Phusion passenger / mod_wsgi which adopt those Lang ideals into the web server
8. PHP over FastCGI rises (for some reason?)
9. Gunicorn, uwsgi, and the surge of Lang specific web servers (very similar to Java container servers, really)
10. Node.js / golang / application is the web server (where we are now)

(I’m on my phone, so some liberties taken)

FastCGI and other similar protocols also have the advantage that they don’t muddle or confuse HTTP headers and so on from the forwarding with HTTP headers from the original request (because the forwarding is handled through a completely different protocol). Given FastCGI or SCGI, it’s very easy for a HTTP app to be given the complete original headers and to act as if it’s directly in the context of the original HTTP server; this is not so true for HTTP forwarding, where you’re going to be stitching up various things at some level (either the app or in your reverse proxy server).