1. 52

    The question is, what is the alternative? I see two main funding models:

    Paywalls. You pay with your money.

    Ads. You pay with your attention.

    It’s also possible to fund projects through donations, or as hobbies, but producing most of what there is to read requires more money.

    Has capitalism really progressed so far that we can no longer even conceive of collective funding models? No wonder people put up with privatised prisons, schools and healthcare systems.

    Yes I am suggesting software/news/services could be funded from taxes. Content that is a necessary part of our social infrastructure should be. Content that serves only a luxury/entertainment purpose could be covered by art grants to supplement the models the author listed.

    Increasingly we require certain software and internet services to function in society, we should view this as basic infrastructure.

    1. 9

      Let us be distinct about funding infrastructure maintenance compared with funding software development or other artistic production. Then, indeed, infrastructure could be maintained through taxes in a non-controversial application of socialist logic. However, the design of that infrastructure will be by committees and incumbent power structures. Similarly, art grants could be extended to software authors, with all of the controversy over ownership and licensing that would result.

      But for infrastructure, there’s at least one additional option, which is perhaps more communist than socialist: the cooperative. The Bittorrent network is a popular example; folks each contribute a small amount of bandwidth and disk space, and create a vast content-distribution network which becomes faster and more available as content keys become hotter.

      1. 4

        However, the design of that infrastructure will be by committees and incumbent power structures.

        Socialism is all about upsetting the incumbent power structure and putting the people in charge. In recent conceptions this has included nationalising utilities and putting them under the control of a board of stakeholders including service users, workers, and government (Labour party, 2019). There’s also the municipal socialism model where this is devolved to a local level (and quite a few essential services are delivered by municipally owned organisations, some of which are even meaningfully democratic).

        Sure, there will still be committees, but there’s no reason that they have to be more onerous than they are in capitalist organisations. There’s nothing stopping a small group from doing its own thing and then trying to persuade the world to adopt it, indeed, if you don’t need to devote less of your time to wage labour you have more capacity to do such things and if the stakeholders don’t need surveillance capitalism then there should be less of an incentive mismatch.

        Small aside: Lots of socialist parties support the co-operative movement. The Labour party in the UK has been in electoral coalition with the co-operative party for decades.

        1. 2

          For an implementation that’s a lot closer in spirit to what you describe, see freenet.

        2. 8

          I’ve noticed a similar phenomenon when discussing English football (soccer) in the aftermath of the attempt to form a breakaway league. (If you aren’t following it, the short version is that some historically profitable clubs tried to start a new league from which they cannot be relegated to guarantee their income, where the “they” in “their” is the owners who treat it as a business rather than the cultural entity it is.)

          Any ideas that in any way restrict the freedom of the owners of these clubs - culture and wider society be damned - are out of the question.

          We are now so deeply within this economic orthodoxy that we can no longer conceive of ideas that don’t neatly fit within it.

          1. 7

            Has capitalism really progressed so far that we can no longer even conceive of collective funding models? No wonder people put up with privatised prisons, schools and healthcare systems.

            Yes I am suggesting software/news/services could be funded from taxes. Content that is a necessary part of our social infrastructure should be. Content that serves only a luxury/entertainment purpose could be covered by art grants to supplement the models the author listed.

            We could fund things that way, and maybe we should fund things that way. But we aren’t funding things that way, which means that for right now there are only a handful of practical funding models that work, and none of them are good.

            1. 5

              Paywalls. You pay with your money.

              These are annoying indeed but there are plenty of websites where you pay for content but can freely share a number of articles each month or so with non-subscribers, like LWN or The Correspondent. There are plenty of people paying them. And no ads!

              Ads. You pay with your attention.

              Like others say, this completely bypasses the deeply invasive ways ads on the internet track you. See also this other post showing how Facebook doesn’t even want to expose this to users because they’re too ashamed of it.

              It also ignores the “user experience” of ads, which is often terrible - making your machine slow, hijacking your attention with big boxes that you have to click away etc. I don’t mind a well-designed ad here and there like you used to have in magazines, but the current ad experience is just hellish.

              1. 5

                It also ignores the “user experience” of ads, which is often terrible - making your machine slow

                Indeed we collectively pay for ads through bandwidth and power consumption. Why is this never factored in?

                1. 3

                  The Cost of Mobile Ads on 50 News Websites estimated ads are >50% of mobile data usage.

                2. 4

                  Ads. You pay with your attention.

                  Like others say, this completely bypasses the deeply invasive ways ads on the internet track you.

                  It’s not just the tracking. Ads are intentionally manipulative. A lot of the techniques in modern advertising date back to the propaganda techniques from the early 20th century and have been progressively refined. There are benign ads, which try to inform customers and rely on the fact that the product serves a real need and is better than the competition for a specific use, but they’re in the minority. The vast majority are using psychological tricks to try to manipulate people into spending money.

                  If your motivation for working on ads is rooted in the idea that there’s a lot of wealth disparity and so a lot of people who couldn’t afford paywalled content, maybe you shouldn’t work in an industry that’s predicated on finding the most vulnerable people in society and taking money from them?

                3. 3

                  Can you give more detail on how you would have government funding of media without government control of the media? Maybe a dedicated tax, the way the BBC is authorized to collect an annual fee from anyone in the UK who owns a television?

                  Maybe it’s better to have a media landscape beholden to a government which we (in the US) mostly elect than one beholden to a few giant ad companies, but not that much better.

                  1. 2

                    Here are some options:

                    1. Make them financially independent by giving investments or a trust fund rather than recurring grants (this is how The Guardian (partially) funds itself, and how many universities and charities in the USA are funded)
                    2. Encourage individuals to do the funding (this is how lots of public broadcasting in the USA is funded now, especially in the US. Possibly increase minimum wage or issue vouchers to get more funding from poorer people)
                    3. Get a more trustworthy government (Proportional representation, better parties, funding reform, gerrymandering, etc, etc)

                    I’d also argue that the existing corporate media in the USA is beholden to government, or at the very least has a deeply untrustworthy relationship with it. The corporate media are well known for uncritically repeating lies fed to them by intelligence officers (Glenn Greenwald and others have written about this often) and political journalists are dependent on “access” to government ministers and officials for their stories, which requires them to be chummy with the people they are supposedly holding to account.

                  2. 2

                    I once asked an economist doing monetary policy studies for African nations how she thought the world could work without currency (a la Star Trek, or similar) and she legit could not concieve of such a thing, said it was impossible.

                    1. 1

                      Well, she would’ve probably thought of something like the Economic Calculation Problem and decided it wasn’t worth her time to solve…

                      1. 1

                        You have the same failure of imagination. Conceivably, a post-scarcity world where you have a matter replicator at home and you can just walk up to it and say what you want and it gets fabricated for you on the fly would conceivably not need a market, hence its absence in Star Trek TNG for example.

                        It’s ridiculously far-fetched, but it’s just an exercise in imagination. We’re as a society so fixated on current economics and politicization, we can’t even conceive of different systems. Is what we have now the end state? If so, we’ve stopped dreaming and evolving.

                        1. 3

                          I was going to make some joke about fully-automated luxury communism or the like but thought we were talking from within the bounds of possibility.

                  1. 6

                    Most products are a much better fit for some people than others. If you tried selling bicycles to fish very few would be interested, and you’d mostly be wasting their attention. This means advertising is worth a lot more when you can put the right ad in front of the right person.

                    I wonder if a major problem with ads is that they mostly aren’t good fits. Almost no ads I see ever are for things I want. With is a fundamental failing of adtech: there are lots of things I want! There are even lots of things I don’t know I want, but would want if I saw the right ad!

                    But I don’t think what I actually want is easily inferable from my browsing habits, no matter how much datamining you do. The only thing that could work is if an advertising company worked directly with me to find out my interests, and so tailor the ads they send me. I’d happily opt in if it meant seeing fewer, higher-quality ads. But I don’t think that strategy scales, so it wouldn’t work for internet advertising.

                    1. 4

                      I wonder if a major problem with ads is that they mostly aren’t good fits. Almost no ads I see ever are for things I want.

                      Ironically, this became true when Google started to go all Big Brother. In the early ‘00s, Google ads were plain text, non-intrusive, and based on the content of the page on which they were displayed. I actually clicked on a bunch of them because they showed products directly related to the thing that I was interested in at precisely the point when they showed me the ad. Now, they’re based on a trailing indicator of my preferences from a complex psychological model of me and so even when they show things I’m interested in, they rarely show things I’m interested in at the precise moment that they show the ads.

                      1. 1

                        People keep saying this, but if plain text ads based on the content of the page really outperformed datamining then why wouldn’t Google do that? I’m sure Google will have run trials comparing page-content ads and surveillance-ads.

                        1. 2

                          It’s probably different for different people. In my case, I use various privacy-oriented extensions that have the effect of blocking all content from domains that have been observed attempting to track me across the ’net. So sites that host their own ads related to the content of the site get seen by me, whereas things served up by ad networks based on some imagined profile of what I want derived from my browsing habits get blocked.

                          So in my case, it is unequivocally true that plain text ads based on the content of the page outperform the more invasive ones, purely by virtue of the fact that I will participate in the former but not the latter.

                          I suspect I’m not the only one here in that boat. I also suspect that my configuration is over-represented here vs the overall web using population.

                          While it seems likely that google has run the trials, keep in mind that the trials would have been designed/executed by and the results analyzed by people who make their livelihood doing the surveillance/data mining thing. And that it’s easier to monitor results from that, due to, y’know, surveillance.

                      2. 1

                        I feel similarly, but I also know people who say they spend too much money browsing Instagram because they keep seeing ads that lead to purchases.

                      1. 4

                        Thank you for writing this up so clearly! I look forward to reading the later parts :)

                        1. 3

                          I would love it if some of the concepts of erlang supervisor trees are applied. Things like recovering from partial failure of a subsystem by progressive rollback and restart.

                          1. 1

                            How do you imagine that working?

                          1. 6

                            This may occur because collisions modify a ball’s position but not its velocity. Balls are also attracted to each other more the further away they are from each other, which is wacky.

                            Here’s the most relevant code:

                            https://github.com/johnBuffer/NoCol/blob/d60bc4029186dac888a96b38a7410e81aea89471/src/main.cpp#L97-L123

                            Dunno why that makes it converge, but those are some differences from normal elastic collision.

                            1. 3

                              Correction: balls aren’t attracted to each other, they’re attracted to the centre and they’re more attracted the further away they are, which gives us orbit type things (but I think not the ones gravity would give).

                            1. 76

                              Imagine you lived in a country that has a strange tradition where children, once a year, go to stranger’s homes and are given candy. Then, someone, in order to study the safety of this tradition, decide to give out candies laced with a mild and provably non-lethal toxin to children. This someone has a fool-proof plan to inform the children’s parents before anyone gets hurt. Not all parents tests candies for toxins, but enough do – since things like this can happen and parents of this country takes safety reasonably seriously. One parent detected this toxin in the children’s candies. All the parents are informed and said candies were thrown out. No harm, no foul?

                              Imagine you lived in a country where no neighbors can be trusted. Imagine you worked in a low trust environment. Imagine stopping the OSS model because none of the contributors can be trusted.

                              That’s not the kind of world we want to operate in.

                              1. 32

                                I think this sums up why I felt a bit sick about that whole story. It undermines the community and is essentially antisocial behaviour disguised as research. Surely they could have found a way to prove their point in a more considerate way.

                                1. 8

                                  Surely they could have found a way to prove their point in a more considerate way.

                                  Could you propose some alternative approaches? As the saying goes, POC || GTFO, so I suppose the best way to prove something’s vulnerability is a harmless attack against it.

                                  The kernel community appears to assume good faith in every patch they receive from random people across the Internet, and this time they get mad when the researchers from UMN prove this wishful assumption to be false. On the other hand, cURL goes to great lengths to prevent the injection of backdoors. The kernel is clearly more fundamental than any userland utilities, so either the cURL developers are unnecessarily cautious against supply chain attacks, or the kernel hackers are overly credulous.

                                  1. 16

                                    Another possible approach is to ask the lead maintainers if you can perform such an experiment. Linux has a large hierarchy and I think the top level maintainers pull huge patch sets as a bundle.

                                    If they had permission to use an unrelated e-mail address then it could be pretty much as good. Honestly I would think a umn.edu address would give more credence to a patch, since it seems like its from someone a reputable institution.

                                    Of course they might not agree, in which case you don’t have consent to do the research.

                                    1. 18

                                      This. You ask for permission. Talk to the kernel maintainers, explain your research and your methods, and ask if they want to participate. You can do things like promise a maximum number of bogus patches and a timeframe where they may occur, so people know they won’t get deluged with crap for the rest of time. You could even make a list of email addresses the patches will come from ahead of time and hand it to someone trustworthy involved in the kernel project who won’t be reviewing those patches directly, so once the experiment is over they can easily revert all the bad patches even if the researcher is hit by a bus in the mean time. It’s not that hard to conduct this sort of research ethically, these researchers just didn’t do it.

                                      1. 6

                                        That’s a fair point, but I want to point out that the non-lead reviewers are still unknowingly participate in the research, so that’s still not super ethical to them. Doing so merely shifts the moral pressure to the lead maintainers, who need to decide whether or not to “deceive” the rest of the community.

                                        But yeah, only lead reviewers can revert commits and have enough influence in the tech world, so getting their permission is probably good enough.

                                        1. 6

                                          A top comment in a cousin thread on HN suggests, that with proper procedure, AFAIU actually all reviewers could be informed. The trick seems to be to then wait some long enough time (e.g. weeks or more) and send the patches from diverse emails (collaborating with some submitters outside your university). There should be also some agreed upon way of retracting the patches. The comment claims that this is how it’s done in the industry, for pen testing or some other “wargames”.

                                      2. 5

                                        In the subsystems that I’ve contributed to, I imagine that it would be possible to ask a maintainer for code review on a patchset, with phrasing like, “I am not suggesting that this be merged, but I will probably ask you to consider merging it in the future.” After the code review is given, then the deception can be revealed, along with a reiterated request to not merge the patches.

                                        This is still rude, though. I don’t know whether it’s possible to single-blind this sort of study against the software maintainers without being rudely deceptive.

                                        1. 2

                                          I think you could ask them if you can anonymously submit some patches sometime over the next few months and detail how some of them will contain errors that you will reveal before merging.

                                          They might say no, but if they say yes it’s a reasonably blind test, because the maintainer still won’t know which patches are part of the experiment and which are not.

                                          Another way to do it would be to present the study as something misleading but also do it in private and with compensation so that participants are not harmed. Say you just want to record day-in-the-life stuff or whatever and present them with some patches.

                                          Finally, you could look at patches historically and re-review them. Some existing patches will have been malicious or buggy and you can see if a more detailed review catches things that were missed.

                                    2. 17

                                      This research was clearly unethical, but it did make it plain that the OSS development model is vulnerable to bad-faith commits. I no longer feel what was probably a false sense of security, running Linux. It now seems likely that Linux has some devastating back doors, inserted by people with more on their minds than their publication records.

                                      1. 15

                                        This is something every engineer, and every human needs to be aware at some point. Of course, given enough effort, you can fool another human into doing something wrong. You can send anthrax spores via mail, you can fool drivers to drive off a cliff by carefully planted road signs, you can fool a maintainer into accepting a patch with a backdoor. The reason it doesn’t happen all the time is that most people are not in fact dangerous sociopath having no problem causing real harm just to prove their point (whatever that is).

                                        The only societal mechanism we have for rare incidents such as this one is that they usually get eventually uncovered either by overzealous reviewers or even by having caused some amount of harm. That we’re even reading about patches being reverted is the sign that this imperfect mechanism has in fact worked in this case.

                                      2. 2

                                        This country’s tradition is insanely dangerous. The very fact that some parents already tested candy is the evidence that there was some attempts to poison children in the past — and we don’t know how many of these attempts actually succeeded.

                                        So, if we assumed that the public outcry from this event lead to all parents testing all the candy, or changing tradition altogether, then doing something like this would result in more overall good than evil.

                                        1. 10

                                          Meanwhile in real life, poisoned Hallowe’en candy is merely an urban legend: According to Snopes, “Police have never documented actual cases of people randomly distributing poisoned goodies to children on Halloween.”

                                          The very fact that some parents already tested candy is the evidence that there was some attempts to poison children in the past

                                          Not really. Again in the real world, hospitals run candy testing services in response to people’s fears, not actual risks. From the same Snopes article: “Of several contacted, only Maryland Hospital Center reported discovering what seemed to be a real threat — a needle detected by X-ray in a candy bar in 1988. … In the ten years the National Confectioners Association has run its Halloween Hot Line, the group has yet to verify an instance of tampering”.

                                      1. 7

                                        I am curious, is this illegal in some way? They are effectively on purpose introducing bugs or security holes into a ton of computer systems including ones that are run by various government agencies and they admit openly to doing it.

                                        1. 7

                                          Probably not illegal, but there is no evidence of ethics approval. Chances are they can’t get ethics on it.

                                          I’ve spoken to a couple of academics about this case and they can’t quite believe someone is trying to pull this in the name of research.

                                          Also, looking at the funding sources they cite, they seem pretty out of bounds on that front:

                                          https://nsf.gov/awardsearch/showAward?AWD_ID=1931208 https://nsf.gov/awardsearch/showAward?AWD_ID=1815621

                                          1. 5

                                            I think it’s borderline. Pen-testing is legal, and it’s generally done “on the sly” but with management’s approval.

                                            1. 18

                                              I don’t think this is pen-testing, their code reached the stable trees supposedly. Once that happens they actually introduced bugs and security issues and potentially compromised various systems. This is not pen-testing anymore.

                                              https://lore.kernel.org/linux-nfs/CADVatmNgU7t-Co84tSS6VW=3NcPu=17qyVyEEtVMVR_g51Ma6Q@mail.gmail.com/

                                              1. 1

                                                Whether their code reached stable trees is irrelevant to whether or not it’s pen-testing - you can just as easily imagine a pen-tester accidentally leaving a back-door in a system after their contract has expired. Criminal negligence? Yes. Evidence of an unethical practice in the first place? Not in the slightest.

                                                Similarly, the researchers said that, as soon as one of their patches was accepted, they would immediately notify the tree maintainer. If they did that, and the maintainer was paying attention, the patch would never make it to a stable tree.

                                                Whether someone is ethical or not is completely unrelated to its outcome.

                                              2. 2

                                                Pentesting comes with contracts and project plans signed by both the tester(s) and the company main stakeholder(s). So, no it’s not at all the same.

                                              3. 4

                                                Probably not, opensource is “no warranty” all the down.

                                                1. 1

                                                  Almost certainly… For instance the following seems appropriate.

                                                  18 U.S. Code § 2154 - Production of defective war material, war premises, or war utilities

                                                  Whoever, when the United States is at war, or in times of national emergency as declared by the President or by the Congress, […] with reason to believe that his act may injure, interfere with, or obstruct the United States or any associate nation in preparing for or carrying on the war or defense activities, willfully makes, constructs, or causes to be made or constructed in a defective manner, or attempts to make, construct, or cause to be made or constructed in a defective manner any war material, war premises or war utilities, or any tool, implement, machine, utensil, or receptacle used or employed in making, producing, manufacturing, or repairing any such war material, war premises or war utilities, shall be fined under this title or imprisoned not more than thirty years, or both

                                                  Probably also various crimes relating to fraud…

                                                  1. 8

                                                    when the United States is at war,

                                                    Except it’s not, so, this is not appropriated at all.

                                                    There’s no contract, no relationship, no agreement at all between an opensource contributor and the project they contribute to. At most some sort of contributor agreement that is usually in there only for handling patents. When someone submits a patch they’re making absolutely no legal promises as for the quality of said patch, and this propagates all the way to whoever uses the software. The licenses don’t say THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND for nothing. Sure, the US army or whatever might use Linux, but they do it at their own peril.

                                                    Now, they might get in trouble for being sketchy about the ethical approval and stuff, but that will only get them in professional trouble at most, like loosing their jobs.

                                                    1. 3

                                                      You missed the second half of the disjunction

                                                      or in times of national emergency as declared by the President or by the Congress,

                                                      This clause is true… many times over https://en.m.wikipedia.org/wiki/List_of_national_emergencies_in_the_United_States

                                                      Edit: The US army does not do it at their own peril against actively malicious activities. Civil contracts do not override statutory law, rather the other way around.

                                                      1. 2

                                                        Hmm, yeah, I stand corrected (partially, at least).

                                                        However, the law you’re quoting says war stuff or stuff used to make war stuff. I’m not even sure software would qualify as stuff, as described in there. But yeah, I’m less sure they are not screwed now. Also, from the names, they might not be US citizens, which could make things worse.

                                                        That said, I’m somewhat skeptical anyone would pursue this kind of legal action.

                                                        1. 7

                                                          The definition of what’s protected here is really broad. Is the linux kernel used a tool to help operate the telecommunications infrastructure for the company making uniforms for the military? If so it’s protected.

                                                          It’s almost like it was written for actual times of war, not this nonsense of a constant 30 national emergencies going on. Blame congress.

                                                          I agree it’s unlikely to be prosecuted, unless there is significant damage attributable to the act of sabotage (someone deploys some ransomware to a hospital that exploits something they did, for instance), or someone in power decides that the act of sabotage’s main purpose was actually sabotage not getting papers… If it is prosecuted I also think it’s likely that they’ll find some more minor fraud related crime to actually charge… I just found this one by googling “sabotage, us law”.

                                                          1. 3

                                                            There’s what the law says (or can be construed to say) and what a court will actually accept. I think a lawyer would have a hard time convincing a jury that a silly research paper was war sabotage.

                                                            1. 3

                                                              I wish I had your faith in the system. I think a lot of this stuff depends on whether prosecutors choose to make an example of the person. I can’t see that happening here; I very much doubt that the US federal government sees its own power threatened by this irresponsible research. However, if you look at the history, there are examples that I find similarly absurd which did lead to convictions. The differentiating factor seems to not be any genuine legal distinction, but simply whether prosecutors want to go all-out.

                                                              Furthermore, the ones the public knows about are the ones that happened in regular courts. Decisions by FISA courts or by military tribunals do not receive the same scrutiny, and thus we must assume the injustice is even greater in those venues.

                                                              1. 1

                                                                I don’t deny that unjust laws are often enforced, despite jury trial, I just think that in this case it would be pretty unlikely for that to happen.

                                                                I think the state/ruling class is more likely to abuse its power when it is threatened, embarassed (journalists, whistleblowers (Wikileaks), minor hackers) or when there is the opportunity to harm an out-group or political opponent (e.g. non-dominant ethnic groups, leftist movements, sometimes extreme right-wing groups); and I don’t think any of those really apply here.

                                                              2. 1

                                                                Feels like a case ripe for independent reinvention of jury nullification.

                                                  1. 2

                                                    A function does not need to be parsed and statically analyzed to figure out what it does. The function itself will tell you: Just call it and see.

                                                    The function will speak to you in a language determined by the arguments you pass it.

                                                    I like this idea, but isn’t it limited to straight-line code? Or, maybe it depends on which primitives your programming language lets you customize.

                                                    Suppose you want to pretty-print this function:

                                                    def square(x):
                                                        return x*x
                                                    

                                                    You can do it in Python because you can customize __mul__. But you probably can’t do it in Javascript.

                                                    Or suppose you want to pretty-print this function:

                                                    def abs(x):
                                                        if x < 0:
                                                            return -x
                                                        else:
                                                            return x
                                                    

                                                    You can customize __lt__, __neg__, and even __bool__, but you can’t make the if take both branches.

                                                    1. 4

                                                      Yeah, what you can get this way are traces. Not pretty-prints.

                                                      1. 2

                                                        Or suppose you want to pretty-print this function:

                                                        The trick here is to avoid primitive control flow.

                                                        For example, if you expose a list that the user can iterate over with a for-loop, that for-loop won’t be visible to you.

                                                        But if you expose a “foreach” method to which the user passes a function - that works just fine.

                                                        Or as another example, instead of returning a boolean that indicates whether a function is successful, return a Result object (like in Rust) which has a .or_else or .map method used to extract the value. Then you can take both branches by both calling, and not calling, the function passed to the .or_else or whatever method.

                                                        Of course, this is not always the most natural way to do things, but it can get pretty far. And in functional languages, that kind of design is fairly normal.

                                                        1. 4

                                                          Python doesn’t want you to avoid primitive control flow. If you write something you’d need monads (and therefore higher-kinded types), people will tell you it’s not idiomatic Python.

                                                          Since there isn’t any do-notation, it’d also going to look super weird, even before we start composing effects with monad transformers.

                                                          1. 1

                                                            But you can do quite a lot without monads or do-notation, as the examples show.

                                                          2. 1

                                                            I’m failing to see the point of all this. I have this function (Lua, where ‘//’ is integer division):

                                                            function dayofweek(date)
                                                              local a = (14 - date.month) // 12
                                                              local y = date.year - a
                                                              local m = date.month + 12 * a - 2
                                                              local d = date.day
                                                                      + y
                                                                      + y // 4
                                                                      - y // 100
                                                                      + y // 400
                                                                      + 31 * m // 12
                                                              return (d % 7) + 1
                                                            end
                                                            

                                                            Straightforward code, so no issues with flow control. In Lua, you can override each of the operators, but that still fails to capture the assignments, and even the return statement.

                                                            1. 3

                                                              It depends on what you want out. You’ll lose the assignments, but you could capture an expression tree of the arithmetic that needs to be done and print that or code generate from it or whatever.

                                                              Suppose that date is some object with overloaded arithmetic and it all falls out. The final return is of an expression including d, which referenced date, so if you have enough overloads you’ll get what you wanted out.

                                                              Kind of off-topic, but I like how a system with open classes and where all operations are really functions lets you do this stuff easily. For a prosiac example, consider the Measurements.jl package for Julia. It defines a type that contains a number and the uncertainty associated with that number. Overloaded functions allows you to pass an object of this type into any numeric function you like and get out a new measurement that has the uncertainty correctly propagated, but you can go beyond numeric functions and overload methods in plotting libraries and elsewhere and inexpensively get error propagation working with libraries that never considered it.

                                                            2. 1

                                                              The trick here is to avoid primitive control flow.

                                                              In case you are advocating indirection through operating on data structures, self-introspectable code, etc, I believe you should name particular concepts, otherwise you are doing an evil job.

                                                              Also In case you mean that - probably your post should be titled “Write intepreters, not compilers”?..

                                                            3. 1

                                                              If could possibly be implemented by allowing overloading branching on the if condition. Probably better if if itself is an expression.

                                                              The real problems are state changes and loops. Maybe if you statically rewrote loops into recursive calls, and just avoided mutation?

                                                              1. 1

                                                                Loops can be avoided cleanly - see my sibling comment about using foreach instead of loops.

                                                                State changes are fine if you’re doing those through methods that are part of an interface (rather than, say, directly reassigning a mutable variable to a different value)

                                                            1. 13

                                                              I think it would be very funny if a language used yeet instead of throw.

                                                              1. 9

                                                                I’ve got git aliases set up for yeet == push and yoink == pull for this precise reason :)

                                                                1. 7

                                                                  Nice!

                                                                  I have discovered that you can do const c╯°□°ↄ╯ = throw in Julia, which is pretty fun :)

                                                                2. 3

                                                                  Perl has a Carp module that clucks and croaks.

                                                                  1. 1

                                                                    Lolcode https://github.com/justinmeza/lolcode-spec/blob/master/v1.2/lolcode-spec-v1.2.md has not defined exceptions yet and it’s been written up before yeet was a meme, so there’s a chance for an update. If you ever wanted to YEET a BUKKIT OF YARN, now’s your chance.

                                                                  1. 5

                                                                    I really like using a font called “JuliaMono” because it has nicely designed mathematical symbols and brackets. It makes programming with unicode (which I think is cute) a lot more enjoyable for me.

                                                                    e.g. a function to test if its input is a pangram can look like this:

                                                                    ispangram(str) = lowercase(str) ⊆ 'a':'z'
                                                                    

                                                                    Which is both a beautifully simple way of describing what a pangram is and (in my opinion) a cute way to write it. Using a font where the subset symbol fits nicely with the monospace font makes it look more natural and makes me more likely to do it.

                                                                    1. 3

                                                                      I was looking exactly for a font like Julia for working with Isabelle/HOL, since it also heavily relies on Unicode. Thanks for this tip!

                                                                      1. 2

                                                                        Happy to help! I hope it works well for you :)

                                                                      2. 1

                                                                        I was going to reflexively complain that JuliaMono is sans-serif only , but I now see it has serif versions too, which is frankly a bit weird, but not unwelcome.

                                                                        It’s sans-serif straight through, see below…

                                                                        1. 1

                                                                          It does? Where are they?

                                                                          And yeah, obviously any particular font won’t be for everyone, but that’s all right and I like JuliaMono :)

                                                                          1. 2

                                                                            OK, I retract my comment, the examples here https://cormullion.github.io/pages/2020-07-26-JuliaMono/#examples were just placeholders as the webfont hadn’t loaded in. That’s fine, the “serif fonts” were kinda meh ;)

                                                                      1. 4

                                                                        See also Immer, a similar, popular library. A comparison:

                                                                        immutability-helper
                                                                        import update from 'immutability-helper';
                                                                        
                                                                        const newData = update(data, {
                                                                          x: {y: {z: {$set: 7}}},
                                                                          a: {b: {$push: [9]}}
                                                                        });
                                                                        
                                                                        Immer
                                                                        import produce from 'immer';
                                                                        
                                                                        const newData = produce(data, draftData => {
                                                                          draftData.x.y.z = 7;
                                                                          draftData.a.b.push(9);
                                                                        });
                                                                        
                                                                        1. 2

                                                                          I’m a big fan of immer. One of the other things you can do is get it to output the changes in (near) standard JSONPatch format.

                                                                          1. 1

                                                                            Could you share an example of how to produce a patch with immer?

                                                                            1. 2

                                                                              There’s some good doc on it here: https://immerjs.github.io/immer/patches/

                                                                              1. 1

                                                                                Very cool!

                                                                          2. 1

                                                                            How does immer avoids deeply copying the source object?

                                                                            1. 2

                                                                              I think draftData is similar to a Proxy that records what you try to do, and the docs and source code of immer seem to support that, though I have not checked much.

                                                                              1. 1

                                                                                Could someone explain in plain english how does immer leverage Proxy to implements strucural sharing?

                                                                                1. 2

                                                                                  When you say draftData.x.y.z = 7, draftData intercepts the accesses to x, y and z, recording the path and the value 7. After the drafting function returns, it knows where to make copies as needed to support the modifications requested.

                                                                            1. 1

                                                                              but Valve has already done most of the work with the presence of the Steam Runtime to make single Linux binaries run pretty much on any distro.

                                                                              Nope. Only on distros using glibc. Not on any distro.

                                                                              1. 11

                                                                                Only a few distros don’t ship glibc, and their users are probably sadly used to lots of things being broken…

                                                                                1. 7

                                                                                  … and they typically offer a glibc install for those that want/need it.

                                                                                  1. 3

                                                                                    There’s also gcompat too. I always thought the Steam Runtime included its own libc, so it’d be completely standalone… (edit: except i realize libGL exists. oops!)

                                                                              1. 13

                                                                                I think I agree with the first person who wrote him a letter. There is a difference between finding more novel and varied examples and picking examples designed to goad your readers.

                                                                                Please in the future, remember that we, the book buyers, are looking for information about using PL/SQL. I am as tired of the emp and dept tables as you are, but less distracting examples would have been more appropriate.

                                                                                Everyone has a political view and sometimes that arises legitimately in technology but I think it’s just basic self-control to express your political view only where it really might help something.

                                                                                1. 20

                                                                                  The dude’s point is that we all have a political perspective, and we’re expressing it, either explicitly or implicitly. He chose to express his explicitly through the examples in his textbook.

                                                                                  If you write a database text and fill it with department / employee type examples, shopping examples, and so forth, then you are implicitly promoting a capitalist world view, the same world view that does not bat an eye when using degrading terms like “human resources”. At least here in the US, this sort of thing goes unquestioned, because of the dominant ideology.

                                                                                  1. 4

                                                                                    Yes, it’s implicit, it’s unquestioned and nobody bats an eye - and that’s why it makes for better examples.

                                                                                    Examples require the use of social territory. That territory can be either unquestioned good or questioned territory. When choosing examples in questioned territory, you engage in active cultural participation; when choosing examples in unquestioned territory, you engage in passive cultural participation. Examples should engage in passive participation, because that way they are relatable to the greatest number of readers.

                                                                                    (You can also use unquestioned bad territory, such as defining a database schema to count Jews in the Holocaust for the Nazis, but then nobody will buy your book.)

                                                                                    1. 9

                                                                                      I don’t see why “nobody bats an eye” is a desirable quality for examples or why “active cultural participation” is a bad thing.

                                                                                      It’s not at all clear to me that the examples given are not relatable or that “relatable to the greatest number of readers” should even be a core value. Perhaps provocative examples engage readers more and cause them to think about the examples more.

                                                                                      1. 4

                                                                                        Would be curious how you’d feel if it were something sorting countries by iq or something.

                                                                                        Would you be happy to be engaged, or be distracted by a thinking about testing methodology and things like that?

                                                                                        1. 3

                                                                                          I’d have to see it in context to find out how I’d react. IQ is strongly related to class and similarity to the people who devised the test, and such a table might be part of a demonstration of that.

                                                                                          Certainly if an example just seemed pointlessly offensive I would think less of the author and maybe choose a different textbook.

                                                                                          But I think equating a hypothetical very racist example with some examples that are a bit left of centre in the USA is unfair.

                                                                                          1. 2

                                                                                            A substantial amount of political dispute in the English speaking world is precisely about what speech counts as racist and therefore legitimately stigmatizable. Using data that implies that cognitive capacity is meaningfully different between different countries of the world in a programming example constitutes a political assertion that this idea is not stigmatizable; in the same way that the article’s example about a war criminal database constitutes a political assertion about how people should see Henry Kissinger.

                                                                                      2. 6

                                                                                        But now you’ve thought about it, so it has become active participation. From now on you are obliged to make sure your examples completely apolitical.

                                                                                        Consider engineers have a code of ethics, https://en.wikipedia.org/wiki/Order_of_the_Engineer

                                                                                        If your work includes producing examples they should “serve humanity”. I cannot conscientiously make examples that promote capitalism, but giving examples that might make people think about world affairs would be okay.

                                                                                        1. 3

                                                                                          Yes, it’s implicit, it’s unquestioned and nobody bats an eye - and that’s why it makes for better examples.

                                                                                          That assumes a lot from the readership. For a mundane, apolitical example, I submit children to this discussion. For most my childhood due to various reasons, I only had access to a Pentium. It didn’t have a network connection, and I eventually installed Linux on it. Because Linux made it so easy to code, I would try to check out books from the library and learn how to write code, but all the examples were completely unrelatable to me as a pre-teen. Employee this, business that, I realized even at the time that the examples were meant to be highly relatable to practitioners, but I honestly found math much more interesting than these soulless books because I was unable to relate to them in any way. That was one of the big reasons I started out coding by trying to write games; game programming books felt much more relatable to me as a kid who read a lot of books and played video games than these soulless books about employee hierarchies and recipes.

                                                                                          Also, it’s important to keep in mind that the conditions that make something unpolitical are pretty restricted in context. Someone growing up in a developing country or a country with a very different economic ideology will probably find these staid business examples just as unrelatable as children. International editions of textbooks frequently do change examples for exactly this reason.

                                                                                      3. 5

                                                                                        Everyone has a political view and sometimes that arises legitimately in technology but I think it’s just basic self-control to express your political view only where it really might help something.

                                                                                        I am totally with you on this, and do my best to keep my political perspectives away from the technology work I do as much as I can. I have worked on projects with ethical/political considerations (whether someone might consider a few of these projects ethical depends on their personal political leanings.) Definitely a touchy subject.

                                                                                        That being said, I have a really hard time empathizing with the readers who wrote in to complain that the examples are too distracting. I believe a database book aught to have concrete examples while teaching the abstract concepts (e.g. it’s a book about writing databases in general, not “how to keep track of war criminals”). My own personal reaction to the examples talked about are “ok, whether I agree with the premise or not, these examples have interesting abstract concepts that they’re illustrating.” There are lots of systems that exist in this world whose existence I fundamentally disagree with, but where I’d also love to pop the hood and figure out how they work!

                                                                                        In fact, as I sat here thinking about this, I started wondering if, for me, this style of examples might actually help cement specific concepts with easy mental look-up keys; I can imagine coming to a database design problem and thinking “oh, this is like the Kissinger problem.”

                                                                                      1. 5

                                                                                        I think it’s actually the RFCs and the old email softwares that are wrong. What actual benefit is there of accepting email addresses that aren’t in the form word@hostname?

                                                                                        We don’t need relay servers any more and trying to do anything with them except error is a bad idea.

                                                                                        1. 2

                                                                                          All of these assume that the developers are to be trusted. What if that is not the case? What if Daniel goes rogue?

                                                                                          1. 11

                                                                                            Trust is an interpersonal thing. If you don’t trust Daniel or anyone who reviews his work then either you just have to use something else that is controlled or reviewed by people you trust enough.

                                                                                            No technical measure will get you around that.

                                                                                            1. 1

                                                                                              You put curl in a sandbox on your machine.

                                                                                              1. 1

                                                                                                That’s ok for privilege escalations, but many other backdoors are possible. Sandbox won’t help you if curl is patched to generate tls keys guessable by a 3rd party.

                                                                                                1. 1

                                                                                                  Then you can either not run it and run something else, or you can audit the source code and then build it (instead of relying on distro/other package management to build possibly unknown source for you).

                                                                                                  1. 1

                                                                                                    It’s a nice idea, but not realistic for any normal project. People don’t have time/budget/skills to do this. Realistically it’s cheaper to write the part of curl you want to use yourself than to audit curl to a a degree where you have confidence there’s no hidden backdoor.

                                                                                                    1. 1

                                                                                                      My point being, those are your options. That’s it. If you trust no one, then write things yourself.

                                                                                            1. 7

                                                                                              Obviously elitism is harmful, but people do have meaningful preferences about programming languages, and evangelism can help people discover languages that are a better fit for them or their needs.

                                                                                              This rant also reduces programming to just the job, just the business needs. Presumably because the author believes in the primary importance of productivity, another thing without universal appeal. Programming is also a hobby, an art and a medium of scientific discovery.

                                                                                              Sure, programming can be “mental masturbation”, but what’s wrong with that?

                                                                                              1. 3

                                                                                                Looks like you can boot people off the network by disabling a peer, but it’s unclear when other peers will start dropping connections to disabled peers (if ever). I’ve opened an issue so hopefully we can find out :)

                                                                                                https://github.com/tonarino/innernet/issues/9

                                                                                                1. 18

                                                                                                  Really wish he wouldn’t. A few months back he resigned because of press attention to his long history of being a creep (v weird and unwelcoming behaviour with women on the MIT campus and at FSF events, support for pedophilia, support for Epstein, etc).

                                                                                                  MIT and the FSF board shouldn’t have kept him as long as they did and the FSF shouldn’t be bringing him back.

                                                                                                  1. 5

                                                                                                    I misremembered. Stallman was defending Marvin Minsky, not Epstein. The other stuff is enough on its own even if that whole email chain was ignored, though.