1. 4

    The only thing we need: Reflective, self-disciplined individuals who learn from their mistakes.

    Throw everything else in the dumpster and light it on fire. Geezus.

    1. 1

      While I agree change is needed - let’s (on the topic of language needing to be updated) call “the dragon’s appetite,” and “ambient privacy,” what they are:

      People freely handing over information and (continuing) to have conversation in the public discourse.

      Until there is change, we should own our behavior and stop expecting a government (who we have so little faith in anyway /s?) to slap the hands of those (who are just operating according to the principles of the free market /s?) we can’t stop freely giving information.

      I have no pity for those individuals; especially after they post articles like, “I tried to stop using Amazon, or Google, BUT IT FELT SO GOOD and IT’S IMPOSSIBLE.”

      You would find a way, if you can’t, start solving the problem by removing yourself from the public commentary.

      1. 5

        I have no pity for those individuals; especially after they post articles like, “I tried to stop using Amazon, or Google, BUT IT FELT SO GOOD and IT’S IMPOSSIBLE.”

        Well, it’s been demonstrated in the past that at least some companies would build and maintain a profile even on non-users, based on data collected about them from other people. And I’d be surprised if it weren’t still happening today.

        Browser fingerprinting and “supercookie” techniques are such that unless you have well-above-average knowledge of how the technology works you’re unlikely to be able to use the web without being surveilled and profiled. Merely installing an ad-blocking extension, for example, is not enough, and some of the supercookie techniques exploit things (like HSTS) that are deliberately not meant to be blockable.

        So even someone who’s intelligent and reasonably tech-savvy likely cannot avoid inadvertently being tracked, profiled, and so on by major tech companies. You say you have no pity for those people, but I do. And I wonder why it is that they should have to completely disengage from modern society just to have the sort of basic privacy people took for granted a mere generation ago.

        You would find a way, if you can’t, start solving the problem by removing yourself from the public commentary.

        Being exiled from society should not be the cost of suggesting that we should improve society somewhat.

        1. 4

          I can’t agree more. The information assymetry between the “big dragons” (Google, Facebook) and an individual user is staggering.

          The analogy with the environment drawn in the article is apt - everyone needs to breath, eat and drink water. If these resources are threatened by environmental degradation, you can’t just tell people to stop breathing.

          Privacy is higher up on Maslow’s hierarchy, but it’s still a right as fundamental as being able to breath without getting sick.

          1. 1

            Being exiled from society should not be the cost of suggesting that we should improve society somewhat.

            But it should - absurdity for absurdity.

            There was no cost to the individual to make the suggestion in the first place. “Suggestions for free” is a bizarre notion upon which to build real societal change.

            Substitute “cost” for “effort” if you please, for this scenario.

            In what absurd world do we expect something for nothing?

          2. 3

            I must wonder if I am worthy of your pity.

            While Google+ existed, I had a profile there. I didn’t want one. I didn’t make one. But enough other people uploaded their address books that Google+ knew I existed and knew who a whole bunch of my friends and acquaintances were, even though I didn’t want it to know of me. In the end I claimed my profile just so I could write that on it and to tell people who had me in their circles to please not share things with me on there because I wasn’t going to see them. Hooray. How successful do you think I would have been if I emailed all of these people and told them to please either not use Google+ or to selectively not share the data they have about me with Google+?

            Facebook does the same thing, but secretly, and calls it “shadow profiles”. How successful do you think I’m going to be if I try to convince all my relatives to stay off of Facebook or not upload any photos or other data that includes me?

            Aside from that, there is a whole bunch of social activity I have self-excluded myself from because I refuse to use Facebook (or one of its other properties). And I’m glad I’m no longer a student, because if I were, that wouldn’t even be possible. How successful do you think I’m going to be if I try to convince the people in my ballroom dance class not to use a WhatsApp group?

            I’ve never so much as looked at the signup page for GMail, but GMail nevertheless has probably 80% of my mail, because it’s the mail service used by so many of the people I send mail to. Is it feasible for me to refuse to send mail to my boss because he uses GMail?

            It goes on and on.

            The problem is this: I do not exist in a vacuum.

            I may have individual choice in what data about me I give to tech giants, but I can’t feasibly tell everyone I send an email to to not store my address in their address books (and certainly not in their inboxes, if their mail is hosted by GMail), or similarly control everything other people know about me.

            I do all I can do block adtech and other tracking on the web and generally to keep my data profile low. But if my parents knowing who I am becomes a potential privacy breach, the problem isn’t with my individual choice and consent.

            And I said that I may have individual choice in what data about me I give to tech giants – but actually I don’t. You dismiss the notion that it’s impossible to quit the tech giants, but it actually is. Check out this article series about trying to block all of one’s traffic to them, and specifically the experiences with Amazon and Microsoft: because they sell services to other businesses (in a very big way), you cannot possibly elect to avoid at least those two. And to a somewhat lesser extent the author found this to also apply to Google. (The only tech giant the author found feasible to opt out of is – surprised? – Apple.)

            So:

            start solving the problem by removing yourself from the public commentary

            Yes, and move to the desert, and become unborn by your parents. If you aren’t willing to move to the desert and to have no relationships and to never participate in society, then you aren’t interested in privacy and shouldn’t be talking about it.

            The emptiness of this notion of privacy is the point of Maciej’s essay.

          1. 2

            Groups are about The Other

            Yes! And in Shirky’s words: “… the users are there for [the other/] one another.”

            Thank you, truly, for linking Shirky’s talk. It is an absolute gem.

            1. 0

              This post was originally posted on Collabora.com and reads like a PR piece.

              1. 4

                I had no idea that Nextcloud and Collabora were so tightly linked.

                I used to work for Collabora and it was an absolute nightmare - for me, this is not a good association.

                1. 1

                  Nor did I. The necessary Collabora server is closed source it appears? (Every time I searched for code to download a different way, I instead got blurbs about “Enterprise Sales”…) If true, this is extremely timely information for me. Thank you for the comment

                  1. 1

                    Why would I care as a user (I understand developer frustration). If Collabora works for the job in question, and there is no alternative, then its a good thing, no ?

                    1. 1

                      No, it’s not a “good” thing.

                      1. There’s always an alternative.
                      2. There’s always an alternative.
                      3. “Because there’s no better option,” is one of the the worst excuses in existence for settling
                      1. 0

                        Link to alternative or go away.

                        1. 1

                          My alternative to the choices you’ve given me is this: “No”.

                          But if you would like to have a real discussion about alternative staffing and consulting agencies, or alternative self-hosted cloud services, you know where to find me.

                          1. 1

                            Let me grasp this:

                            I said there is Collabora and I didn’t find any other alternative, you said, there’s always an alternative 2 times then I said link please and you bailed. Serious?

                    2. 1

                      In what way are they linked, other than through the optional Collabora app? Collabora Online Development Edition (currently at 4.0.4) is available as a Docker image here:

                      https://www.collaboraoffice.com/code/

                      The source can be found here:

                      http://cgit.freedesktop.org/libreoffice/online/

                      That source link already shows what the Collabora server really is: Libreoffice Online under a different name. Collabora describes it as CODE is a somewhat more conservative version – but still a development edition – of LibreOffice Online, and is built around the Collabora Office core. I guess this means it should be possible to use Libreoffice Online instead of the Collabora server, I have not tried this though.

                    1. 2

                      You had me until the really weird turn at the end about family planning and curbing global population growth. But that was the point, right? That it got bad when we wanted to reduce a population of the earth using knowledge (because global war- I mean), but then we became enlightened, and now we want to reduce the population of the earth (because global warming), using knowledge… wait, it wasn’t the point?

                      The author of the post also misquoted his own source, making a connection where there was none: “Two solutions influence family size and [therefore] global population…”

                      The original source is below:

                      Two solutions influence family size and global population: educating girls and family planning. Because the exact dynamic between these solutions is impossible to determine, our models allocate 50 percent of the total potential impact to each. We assume that these impacts result from…

                      And it’s still not comforting - “Two solutions…”? “Because the exact dynamic… is impossible to determine…”? “Our models…”? “Potential impact…”? “We assume…”?

                      So what it seems is really being posited is… nothing! A whole bunch of suppositions based on a metric ton of assumptions.

                      Dear god.

                      1. 1

                        I think the post confuses things a bit as it jumps from one thing to another. It would make more sense to talk about avoided rather than reduced emissions.

                        I believe it’s commonly accepted that educating girls leads to a reduction in birth rate. Hence, we end up with a reduction in population growth, and eventually a stable or declining population. Compared to continued population growth, it results in lower total emissions.

                        I haven’t looked closely at how Project Drawdown arrives at 51 gigatons, but I think they’ve at least put quite a bit of work into analysing different ways of reducing emissions.

                        However, I think it’s a stretch to call the web an emissions reduction mechanism.

                      1. 3

                        @sangy and I are happy to answer questions you have. Thanks!

                        1. 1

                          This is an interesting bundle of statements:

                          To the best of our knowledge, we are the first in the industry to discuss how to build such a compromise-resilient CI/CD system: that is, we protect the authenticity and integrity of Agent integrations, from the moment that our developers commit source code, to the point that our end-users install them as packages.

                          1. What exactly is your CI/CD system? You discussed to technologies in use by your CI/CD system, but not the exact system itself.

                          2. There was a post here on lobste.rs just a few weeks ago about compromised CI/CD systems and how to make them better. You don’t have to believe me, but I have been a part of many discussions on my own team, since 2017, discussing the security of our CI/CD system and making it more secure.

                          3. Essentially it sounds like you are using two mechanisms that both borrow from existing package-management tools as a part of your CI/CD pipeline. But the usage doesn’t guarantee a “compromise-resilient” CI/CD pipeline - just like attempting to integrate a build artifact signing and verification step into an existing Jenkins pipeline doesn’t guarantee a “compromise-resilient” Jenkins instance.

                          1. 1

                            Hi @crunxi,

                            1. What exactly is your CI/CD system? You discussed to technologies in use by your CI/CD system, but not the exact system itself.

                            The point is that the exact CI/CD system we use — whether Jenkins, CircleCI, Travis, GitLab, Bamboo — is not important. We could replace what we use with any other CI/CD system, and we would still get exactly the same security guarantees.

                            1. There was a post here on lobste.rs just a few weeks ago about compromised CI/CD systems and how to make them better. You don’t have to believe me, but I have been a part of many discussions on my own team, since 2017, discussing the security of our CI/CD system and making it more secure.

                            I’m not aware of this post, and while I’m sure that others have worked on trying to secure their CI/CD systems, I’m not aware of any other compromise-resilient one.

                            1. Essentially it sounds like you are using two mechanisms that both borrow from existing package-management tools as a part of your CI/CD pipeline. But the usage doesn’t guarantee a “compromise-resilient” CI/CD pipeline - just like attempting to integrate a build artifact signing and verification step into an existing Jenkins pipeline doesn’t guarantee a “compromise-resilient” Jenkins instance.

                            The two mechanisms, TUF and in-toto, that we use do not borrow from existing package-management tools — in fact, it’s the other way around: many existing package-management tools borrow techniques now in TUF.

                            When used correctly, combining both TUF and in-toto does guarantee a compromise-resilient pipeline, because attacking any part of it between developers and end-users does not result in the total failure of the system: you cannot forge developer signatures.

                            I hope this makes sense. If it is unclear, please see our Kubecon talk and USENIX paper linked in the blog post. Thanks!

                        1. 4

                          It’s not just Kubernetes.

                          Any tooling that DevOps proposes as being a great solution has - what I selfishly dubbed in my padded cell a few years back - a “persistent data store blindspot”.

                          It’s one of two things I like to throw at any DevOps-y anybody (in theory, being one myself) to see how fast they can scramble.

                          The other is: “… but what about .NET Framework projects?”

                          1. 1

                            I really wish that Google were still making tablets like the Nexus 7. That was an awesome device: stock Android, great form-factor.

                            OnePlus were really good and near-stock for a long time, but they got rid of the headphone jack (and they are Chinese, which has bad privacy I’m, and they had a bad privacy fail a few years ago).

                            1. 1

                              story time: when I moved to iOS after it died (just kidding, it didn’t, I loved the screen off it and a well-meaning relative gifted me a new phone + service) I named my new Apple device in its honor: Nexus 5.

                              Such an amazing device. Everyone spouting off about things giving you joy, but looking back, that thing was the only electronic device I’ve ever owned that did. Followed closely by the first iPhone.

                            1. 11

                              I don’t want to normalize marketing material. I’m worried that making a tag will make people more likely to post stuff that doesn’t belong.

                              1. 7

                                Agreed, obviously.

                                Another post like this is basically just a product page.

                                The problem with these things is that they tend to attract upvotes by people going “oh neat” (like they would do at the orange site or Reddit or wherever) and then they’re very hard to dislodge.

                                My only suggestion is to complain loudly, persistently, in every comments section where they come up for the encouragement of others.

                                1. 4

                                  I agree: no marketing tag, please.

                                  1. 1

                                    Yeah, that makes sense. But I wonder what steps we could take to properly flag these posts.

                                    It is normally not too difficult to distinguish a post with heavy marketing from another (or in the case of my example, just a lazy link dump).

                                    So, what else?

                                    1. 4

                                      You seem too worried about how to get low-vote content off the front page. It will fall off or disappear on its own if people submit better content. So, just submit better content and/or upvote better things in Recent if the front page looks unsatisfactory.

                                      Since you brought it up, I’m the one that upvoted it. There was a lot of non-in-depth stuff on the front page which included marketing and ideology. It was late Friday or into Saturday where we rarely have in-depth content. I already did my submission to try to improve things. So, I look at Recent. I didn’t quite get how the design differences in that submission might play out in different applications. I figured that someone might ignore the marketing crap to discuss the data structures or whatever in this database along with other use cases.

                                      Hey, look at that. The discussion almost happened.

                                      1. 2

                                        This is a totally fair point but also posting for the sake of posting doesn’t sound good either.

                                        Whenever I publish something which could be useful to someone else, I try to share it here.

                                        I was just asking whether we could do something about these, especially when people like you might upvote an obvious ad just for the sake of a possible discussion in the comments.

                                        1. 0

                                          Someone here once pointed out the people that do metas about what should be allowed dont submit a lot of quality content themselves. That if they instead were doing that the articles they didnt like might get little to no views having been outcompeted.

                                          I see you have about two submissions in four months. You and like-minded people here could just submit more of the stuff you’d like to see. Grab a pile of interesting articles. Trickle them out over time. Then, I could upvote them instead. It helps that stuff from one day stays on for the next day pretty often with small number of slots on front page.

                                          Meanwhile, there wasn’t much good stuff, only a small number of people actually contributed content, some were good, and I had a series of lower-impact articles left to work with in Recent. Seems the problem is the reader/contributor ratio as usual for these sites. I’ll upvote better articles if you and everyone that agrees with you submits them here. I usually do on yours if I see them.

                                          1. 1

                                            It helps that stuff from one day stays on for the next day pretty often with small number of slots on front page.

                                            Which is exactly why marketing material is so harmful. :(

                                            1. -1

                                              It topped out at 1 or 2 and was barely noticeable due to the “more votes for better stuff” effect I described. So, I’m not seeing the grave harm if more people just submit more good content.

                                  1. 7

                                    My ADHD-inattentive kicked in about 10 lines in -

                                    With that bias exposed: what is this article even about? Is there a problem the author is attempting to solve? There is most certainly a gap -

                                    “So my conclusion is that there is a gap which none of the current Free Software tools can fill.”

                                    But the gap is actually two, both of his own creation:

                                    1. “Why don’t we use the same data store for both versioning and building?”

                                    and, now that we’re living in the author’s world,

                                    1. “[…] now that we store the source code and the build artifacts in the same storage, why do we use different tools?”

                                    There doesn’t appear to be a solution, because there never was a problem. Certainly not one - of which I am aware or that the author didn’t just make up out of the blue - upon which I would “invest a decade of work on.”

                                    Am I missing something? Did I completely miss some bit of irony or sarcasm in the original post?

                                    1. 6

                                      You are right, the problem is not well specified. The problem is software development at scale. If you work with a hundred developers and a repository of a few gigabytes, then git reaches its limits. We use submodules, LFS, sparse checkouts, and shallow clones. It is not pretty. Yes, I know that Microsoft made it work somehow, but knowing little details I believe they sacrificed a lot of git.

                                      For a monorepo approach with only using Free Software, I would try Subversion and Bazel, but I had not much opportunity to pursue that combination yet. Subversion certainly has some well known problems and it does not get much attention to improve it. Continuing these thoughts, I wanted to write down one aspect of it. Thus, this blog post.

                                      1. 1

                                        Thank you for your reply, and your honesty.

                                        In continuation of writing down one aspect of a thing to more clearly define a problem/solution: perhaps an easily attainable first step could not be storing binaries or other build artifacts in a version control system?

                                        1. 1

                                          I agree with that sentiment, using separate version control systems. Source code and binaries go together like oil and water. In my case, I don’t want to keep every version of a binary, only the versions I’ve tagged as release. In the case of source code, I do want to keep every version I’ve committed so I can compare and revert if needed. In the past, I’ve switched out my individual repository with newer, best-of-class (CVS to Subversion for source code, and Maven Central + local repositories to Artifactory for binaries). I also was able to migrate from Maven to Ant+Ivy for the build process. I feel like if I ever went with a single monolithic build manager, I’d lose the flexibility of these interchangable pieces. My builds are still reproducible because my code revisions are marked in the release metadata of each binary, and a complete archive of the source code and documentation is also bundled alongside each corresponding binary - that is just the usual Java approach.

                                          1. 2

                                            Don’t you sometimes push something to CI and unit tests fail there? Do you debug that by building it again locally?

                                            1. 2

                                              Yes, frequently. Jenkins marks such builds as failed and they show up red on the dashboard. More often, it is an integration test that fails further down the pipeline, and those are easy to spot as well. The unit tests can also be run in the local development environment prior to committing to the repository, but I’ve found that it is faster to let Jenkins handle it. The results of those unit tests and builds can be retrieved back into the local development environment via Mylyn. It is a closed loop.

                                      2. 2

                                        If you think about large repositories

                                        is a pretty big problem in my current life as a developer in a monorepo that is home to hundreds of “micro”services & scratchpad of hundreds of full-time engineers that make hundreds of commits/workday. We use git and pants, and it still /sorta/ holds together, but definitely past obnoxious at this point.

                                      1. -1
                                        1. -1

                                          Null comment detected.

                                          1. 1

                                            1. 2

                                              Username checks out :D

                                              1. 2

                                                Do those comments seem empty to you? On my machine I see: ¥√π¶°€dgt$#_7;d

                                                1. 1

                                                  Yes, they don’t show anything for me. Chrome on Windows:

                                                  https://www.dropbox.com/s/18k0ujhh87bpy4s/lobsters%20-%202019-05-27%2013-10-13.png?dl=0

                                                  1. 1

                                                    I was making a joke about reading from 0x0

                                        1. 20

                                          Appreciated the write up, including the mention of git’s request pull option

                                          However I found the underlying tone of GitHub being an ensnaring agent of malicious intent a little distracting.

                                          More words spent on the bazaar model and furthering git’s proper use in support of that model (clone, add remote, fetch?) will always be appreciated.

                                          1. 2

                                            Github is a capitalist entity and ofc it doesn’t care about anything else but profits

                                          1. 1

                                            It’s one thing to call the internet a dark forest because of your personal choice to remove yourself from it - it’s another thing to create a faceless evil and call it a dark forest because of some hand-wavey notion that that online world is getting worse in your absence.

                                            I am all for taking two steps back to take one step forward - I am completely against spreading the view that the world is a dark and terrible place, and getting darker, and all of us would be better off hiding from it.

                                            1. 3

                                              tomorrow-night, is that you?

                                              1. 2

                                                It seems unintentional, but I like the derivative on slide #39: “keep is simple stupid”.

                                                Still works.

                                                1. 8

                                                  I mean, go ahead and delete my code - it’s a git repo - I have it all locally.

                                                  And then I read the “We will make your code public or use them otherwise.”

                                                  Even then. Is it bad that doesn’t sound too bad to me?

                                                  I mean, we aren’t storing credentials and other secrets in our repos, right guys? Right?

                                                  1. 5

                                                    Some folks keep private repositories on GitHub.

                                                    So yeah, if you’re just using GitHub as public Git hosting and you don’t rely on their issue tracking, then maybe it’s not such a big deal. But if it’s your startup, it could be devastating. Then again, if that’s the case, you should be using decent passwords and 2FA.

                                                    1. 1

                                                      I’m not familiar with private repos on GitHub - I only have a public one myself.

                                                      Can anyone other than the project owner or GH themselves access it?

                                                      I don’t think this was a very high-effort attack. I think only public repos were scanned for credentials, these were used to impersonate the repo owner, and the code was deleted/made inaccessible and a ransom demand made.

                                                    2. 3

                                                      Even if you were, 10 Days is plenty of time to damage control.

                                                    1. 1

                                                      We use Confluence on the job which is better than it has been or could be.

                                                      I personally have been learning roff/troff, and then converting everything into whatever.

                                                      Confluence likes HTML (sometimes)? roff/troff to HTML

                                                      Business likes PDF? roff/troff > ps > PDF

                                                      Confluence sometimes hates HTML? roff/troff > ASCII/any format text > text

                                                      GitHub likes a smattering of formats? roff/troff > smattering of formats

                                                      1. 1

                                                        Are you enjoying learning roff, and would you recommend it to others? Also, what inspired you to learn it?

                                                        (I have a casual interest in old software.)

                                                        1. 2

                                                          I am enjoying learning roff. Yes I would recommend it to others.

                                                          I was inspired by reading man pages and wondering how the heck something so pervasive, yet so standardized (ish… but I won’t spoil it for you) comes to be.

                                                      1. 1

                                                        Now I can run a job on my local machine in the EXACT same environment that the build system would use.

                                                        Trick of the trade that others should know about:

                                                        Put your Jenkins slave on a box with Nix. Make a script that looks like this and toss it in the root of your project (bear with me if there’s a typo here). Name it something like nixify and chmod it executable.

                                                        #!/bin/sh
                                                        
                                                        if command -v nix-shell >/dev/null 2>&1; then
                                                            exec nix-shell --run "$SHELL $@" --pure
                                                        else
                                                            echo "This build might work better with Nix." >&2
                                                            exec "$SHELL" "$@"
                                                        fi
                                                        

                                                        Then make your Jenkins scripts look like this:

                                                        stage('Build') {
                                                            sh '''#!nixify
                                                                echo "In a nix shell!"
                                                                make
                                                            '''
                                                        }
                                                        

                                                        (The magic: Jenkins defaults to #!/bin/sh, but you can change this by providing your own shebang and Jenkins won’t write out a script with a shebang.)

                                                        Stick your dependencies in a default.nix in the root of your project and you’re set. (You can use this with things like FHS envs too, just mind the lifetime of things like gradle daemon, since the FHS env goes away after you return). Boom, now you can build your code anywhere you can install Nix, even without Jenkins.

                                                        1. 2

                                                          Using Nix instead of Docker is a good idea.

                                                          The deeper question here is if the CI should be burdened with the environment. You could argue that the build system should ensure reproducible builds independent of the environment.

                                                          1. 0

                                                            The deeper question here is if the CI should be burdened with the environment

                                                            I’d argue that it shouldn’t be. The CI’s purpose should just be to kick off the build and collect artifacts and results. Your environment should be branch-specific, and the branch config should just live in the repo.

                                                            Regarding reproducibility: nix-shell isn’t perfect, but in practice it’s been pretty damn close. (For instance, I did have some really amazing “broken on the build server” issues recently due to an errant script that concatenated something with an environment variable I forgot to unset, but only when it was running from CI - but that was my fault for forgetting to unset it in my default.nix. Locale issues running Nix on a non-NixOS machine didn’t seem to be, though.)

                                                          2. 2

                                                            This. Also, substitute bash scripts for whatever script your shell prefers. Bash? Jenkins supports it. Batch? Jenkins supports it. PowerShell? Jenkins supports it.

                                                            Let your shell scripts do all the work, make Jenkins call them using a Jenkinsfile and scripted (!Declarative) syntax.

                                                          1. 5

                                                            I’ve been thinking about these issues in depth too. Like the problem you mention of passing a float between programs, what if we could pass more than text - but arbitrary structured, typed data. This is not science-fiction, it’s really simple to implement. We know things about programming that weren’t really known or understood back in the early UNIX times. The difficulty is that we can’t just implement it in the shell, it also needs to be common to the userspace binaries we work with all the time (like all the GNU coreutils). At the very least, why couldn’t we at least experiment with a UNIX shells and applications that interchange using tab separated values?

                                                            On hypertext, there’s been so much excellent theory worked out - but other than the WWW - very little of it rolled out it’s worth mentioning purplenumbers on the topic of being able to link to specific parts of a document https://communitywiki.org/wiki/PurpleNumbers - we can also ask about annotations and snapshotting segments of documents to be included in others.

                                                            1. 10

                                                              Had me at “arbitrary structured, typed data.” - immediately thought of PowerShell, which - while just one tool of many - meets your requirement of “be(ing) common to the user space binaries we work with…”

                                                              1. 6

                                                                The structured-ness of PowerShell is nice in theory, but, like every other Microsoft product, the rest of PS is totally botched in implementation. Between long, awkward-to-type command names, lack of laziness for piped data, generally poor COM support in software, and pervasive slowness, it’s easier and faster to write a shell script with grep, awk, and sed.

                                                                The unix shell is arcane, but I’ve yet to find anything that’s as good for quickly getting to the information I need. SQL is probably the closest, but requires data to be structured from the start.

                                                                1. 5

                                                                  PowerShell Core is even available for Linux, complete with installation instructions. I haven’t yet taken time to get my head around PowerShell, even on Windows, but maybe I should.

                                                                  1. 4

                                                                    It’s not obvious to me how to do this completely properly. OO is the wrong approach IMHO, as you don’t want to be passing behaviour downstream. Something like algebraic data types might be promising, but then you have to send a description of the data down the pipe before any data itself?

                                                                    Erlang’s a bit on my mind today (RIP Joe), but maybe something like its pattern-matching system would work well here?

                                                                    1. 3

                                                                      As a paradigm, object-oriented may not be the best approach, especially when attempting to solve the problem mentioned in the link.

                                                                      PowerShell and ‘OO’ also don’t have to go hand-in-hand.

                                                                    2. 2

                                                                      PowerShell is an interesting approach. Unfortunately it has one giant mistake that makes me hate using it — the choice of Verb-Noun naming rather than Noun-Verb means I have to use Google to figure out the command I need rather than just hitting tab. (Because I nearly always know the noun already — what I need is the verb.) Unless I’m missing something, which would be great…

                                                                    3. 8

                                                                      what if we could pass more than text - but arbitrary structured, typed data. This is not science-fiction, it’s really simple to implement. We know things about programming that weren’t really known or understood back in the early UNIX times.

                                                                      Wasn’t that done back in UNIX times on Lisp machines? And then, given it’s dynamic, maybe a bit later on Smalltalk systems?

                                                                      If not arbitrary, Flex Machine seems like it fit. That was late 1970’s to 1980’s. Fewer people knew about it, though. There was also people like Hansen doing OS’s in Pascal. A brief skim of Solo paper led me to this statement: “Pascal programs can call one another recursively and pass arbitrary parameters among themselves… Solo is the first major example of a hierarchical concurrent program implemented in terms of abstract data types (classes, monitors and processes) with compile-time control of most access rights.”

                                                                      Clearly, there were already ideas there for people to build on for doing something other than text. They just couldn’t be or weren’t applied. Then, the UNIX authors and others continued building on their ideas with minimal adoption of alternatives. Eventually, Linux ecosystem started adopting pieces of many ideas kind of bolted into and on top of it the existing system. Although it’s a legacy system, a clean-slate project could certainly do things differently. We’re seeing that start to happen with virtual machines and unikernels that reuse hosts’ drivers.

                                                                      1. 3

                                                                        Shells using some kind of messagepack-style interface could be interesting

                                                                        1. 2

                                                                          what if we could pass more than text - but arbitrary structured, typed data. This is not science-fiction, it’s really simple to implement

                                                                          So, a BMessage then? :)