1. 13

    It’s funny, the one thing that hooked me on Erlang/Elixir was exactly the ‘hotfix tiny portions of code in a live system’ workflow it encourages. I love it, you see how the new code responds to the existing state – within a second of saving your changes. You do this 100 times in a few minutes, and in terms of understanding your system, you feel like you’ve saved an hour compared to a traditional “save, compile, rerun, look at error” workflow.

    This “truly interactive” is great, we need more of it, and clearly you can get a “truly interactive” experience without being Common Lisp!

    1. 2

      AWS account IDs are not secret information. You can publicly post them and in certain cases, you probably want to. For instance when you try to use cross account IAM auth the other party needs your account id to establish the trust relationship. You would def. put that into your public docs and that is perfectly fine from AWS’ point of view.

      1. 3

        There’s a big difference in “information that is safe to disclose if you chose” and “an oracle that discloses information whether or not you chose to disclose it.”

        Exposing an oracle that allows the ownership of http://owens-website.com to be linked to http://some-politically-sensitive-site.com, http://employer-sucks.com, or http://my-strange-fetish-site.com may open me up to significant reputational harm and possibly personal risk.

        @arkadiyt, I’d encourage you to re-report the issue to AWS: what may have been an abstract and unimportant bug in 2018 may be seen differently now that it can be leaked to a concrete leakage of data.

        1. 1

          How is there a big difference w.r.t. security though? If you base keys/passwords on something that can be known, you are doing it wrong. The account id is not a secret, so don’t base anything on it.

          1. 2

            User privacy is a security concern.

            If account IDs are not meant to be secret in the first place, then this bug likely doesn’t have security implications (in the sense of having your AWS keys leaked). I think @owen’s point is that this information leakage definitely has privacy implications. Even if a user doesn’t know what an AWS account ID is, someone can extract that ID to identify a user across their separate Cloudfront domains, something they may not otherwise be able to do.

      1. 1

        Wow, this is an incredible gold mine of a paper, props!

        (1) You ever look inside Flash games and find (multiple) drop-in tracking scripts in nearly every Flash game you used to play? (decompiling SWFs – highly recommended activity if you are curious about game tracking!) That’s as easy as it’ll ever get when it comes to figuring out what game companies track you on.

        (2) Okay, I thought I knew so much about pervasive tracking in gaming, but no, apparently:

        There are methods for computing a “financial risk factor” from gameplay behavior, for instance, based on which a user may be denied a loan or a credit line extension [19], or methods to assess “essential qualities” based on gameplay data in order to determine a player’s suitability for certain jobs [20]

        what the heck,

        (3) Another very thought-provoking bit about the limitations of the “informed consent” approach to privacy:

        Furthermore, as indicated by the persistence and prevalence of the nothing-to-hide argument [86], there still seems to be widespread ignorance about the serious risks that can arise from personal data being available to malicious or negligent parties. Thus, it can be questioned whether the doctrine of “informed consent” found at the core of even the most progressive data protection laws, such as EU’s GDPR [92], is appropriate and based on realistic assumptions, or whether more extensive forms of government intervention are needed to protect individuals from consequences of their own unawareness.

        Consequences like invasive targeted advertising, mass surveillance, price discrimination?

        There’s a [93] at the end of the section that references a whole paper about these limitations: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3881776

        (4) I like to think there’s a place for data collection in gaming, and it’s not “how can I extract the maximum value from the customer.” Instead it could be really cool if my data was available to me in a way that teaches me more about my own behavior. I quite like what Quantic Foundry is doing – they aggregate voluntary surveys to study motivations for gaming, and publish their results in their blog.

        1. 1

          (1) You ever look inside Flash games and find (multiple) drop-in tracking scripts in nearly every Flash game you used to play? (decompiling SWFs – highly recommended activity if you are curious about game tracking!) That’s as easy as it’ll ever get when it comes to figuring out what game companies track you on.

          I still miss Flash games :’( (That said, HTML5 makes the tracking detection a little easier, because now it’s in JS that UBO can handle.)

        1. 4

          The example code has at least two bugs:

          1. The recursive call could blow the stack on a large list.
          2. The call to malloc is not checked for NULL.

          Furthermore, as has been pointed out, it’s completely incomprehensible and not something a human would ever write. Here’s a less straw-man version, that fixes one of the bugs:

          #include <stddef.h>
          #include <stdlib.h>
          
          typedef struct List List;
          
          struct List {
          	int data;
          	List *next;
          };
          
          // Wraps malloc(), aborts if allocation fails.
          void *errmalloc(size_t sz) {
          	void *ret = malloc(sz);
          	if(!ret) {
          		abort();
          	}
          	return ret;
          }
          
          List *listcopy(List *src) {
          	if(!src) {
          		return NULL;
          	}
          	List *dest = (List *)errmalloc(sizeof(List));
          	dest->data = src->data;
          	dest->next = listcopy(src->next);
          	return dest;
          }
          

          I see the value in formal verification, but (1) it doesn’t save you from mistakes in your model (in this case, ignoring stack overflow and getting the contract for malloc() wrong), and (2) given the quality of the output it’s not clear why you’d bother with C as a target in the first place, instead of say LLVM.

          1. 2

            I’m not affiliated with this project, but I’m studying synthesis and can offer opinions on both (1) and (2):

            (1) Program synthesis and verification can’t save you from correcting mistakes in your model, because humans still develop the model in order to write the synthesizer. The thing is, programming without a synthesizer can’t save you from mistakes either. The advantage of synthesis is that you can provably fix the stack overflow and malloc issues in the synthesizer (i.e. for all future synthesized programs), as opposed to having to prove and fix each buggy program in order to declare it verified.

            Obviously, this is all brand new, and so there are a lot of bugs in the synthesizer, but this post seems to be looking towards a future vision where the big bugs have been (provably) squashed.

            (2) The first section answers it – there’s a lot of interest in verifying C, perhaps due to the existence of famous bugs in C, and (my guess:) more interest means nonzero grant money. This doesn’t mean synthesizing LLVM isn’t an attractive problem to solve, but if you had to choose one…

            (edit) Another reason might be the irreplacability of C as opposed to LLVM – like sure Rust exists, and so every C memory bug can be ‘solved’ by being in Rust instead, but you can’t just turn all C infrastructure into Rust, so having a way to synthesize provably verified C is the next best thing.

          1. 3

            Am I the only one who finds “Felleisen is abusive” to be the less important takeaway? January 2020 was 16 months ago – given that Matthew B is posting this now, has the Racket community really spent 16 months making excuses for abusive behavior?

            1. 22

              Probably much, much longer than 16 months.

              My only impression of Felleisen is from a talk at Strange Loop, where he was extremely That Confrontational Guy In The Audience during questions. I find it very easy to believe he’s a bully in general.

              Edit: It was yomimono’s talk, which was from nearly six years ago.

              1. 4

                Is there a video of this situation?

                1. 2

                  Very likely, but I don’t remember what talk it was. Someone else might.

                  Edit: Linked above.

                  1. 17

                    He was That Confrontational Guy in the Audience during Q&A at a talk of mine at Strange Loop. He was so much That Confrontational Guy that the video doesn’t include the Q&A at all.

                    1. 2

                      That’s right, it was your talk. 😬

                      1. 1

                        Thanks. I’ve skimmed the video and the presentation seems to be well done.

                        But the short answer to the question whether there is a video of the situation is: “no”.

                        1. 3

                          It still happened, though, and there were plenty of people in the room. Are you assuming that everybody for years who has independently had the experience of him being a bully is lying unless there’s a video?

                          1. 1

                            No, I’m not assuming anyone is lying. But sometimes a person can say the truth that happens to be incorrect. I simply don’t know that until I see it. You might be really well informed since you’ve been there and you saw it on your own eyes, but I didn’t. I simply wanted to check for myself how a “confrontational guy” sounds and behaves. Is that so bad I’m not taking it on faith?

                          2. 1

                            Thanks. I’ve skimmed the video and the presentation seems to be well done.

                            Aw, thanks!

                            Some years ago I went looking for the video of this Q&A to try to get a more objective view of what the questions/comments had been, which is why I knew offhand that it wasn’t attached to the talk video. My own memory of the experience is a blur (as it is for most talks), so I myself rely mostly on other folks’ recollections. I will say that Q&A experience was more “difficult” than most I’ve been through, including presentations at academic conferences where difficult questions are encouraged.

                            I don’t think this is particularly good “evidence” either, for what it’s worth. I think even if it had been posted, it wouldn’t be very illustrative, because IIRC none of the audience questions were on-mic, and most of Matthias’s questions and comments were long enough that I had trouble summarizing and repeating them on-mic.

                2. 4

                  When I was a student at Northeastern, Felleisen was well known for being “scary”. I was never actually clear on what that entailed, and wasn’t sure if it was just that he was intense, or gave hard assignments, or was outright abusive, or had a German accent, or what. I never actually took his classes, since he was mostly teaching grad students at the time. This was in 2009 to 2011.

                  I think this piece gives me a better understanding of what other students were talking about.

                1. 1

                  Curious how this URL works! It redirects me to https://pn.com, which on the surface looks like a privacy-oriented tech news site.

                  1. 12

                    That’s probably your browser “helpfully” guessing where you want to go instead.

                    The actual site should just show

                    It works! This is the default web page for this server.

                    The web server software is running but no content has been added, yet.

                  1. 12

                    There’s a real interesting historical connection here. The author of this, Wouter van Oortmerssen, also created FALSE in 1993. Not only was FALSE one of the first “true” esolangs, it inspired Chris Penner’s Befunge and Urban Müller’s… brainfuck! I don’t think esolangs would be nearly as vibrant today without Wouter’s work.

                    1. 3

                      Wouter was huge in the Amiga scene. He created the E programming language, which was definitely my favorite language to use on the Amiga.

                      EasyGUI (also written by Wouter, I believe), was the sweet spot for GUI development on the Amiga. It got you 80% of the way to MUI without needing MUI (and trust me, GUI development on the Amiga without something BOOPSI-based like MUI was terrible.)

                      Wouter then went on to develop Flat Buffers at Google. He’s had an amazing career.

                      1. 5

                        He also did TreeSheets!

                        1. 4

                          which is written in Lobster, incidentally!

                          1. 8

                            That’s what I would do if I’d write it today, but it is actually in C++ (using wxWidgets), though nowadays has a way to script it in Lobster. TreeSheets actually predates Lobster by a few years (2008 vs 2010 or so).

                        2. 1

                          He created the E programming language

                          I’m assuming this is a different E than the one of capabilities fame created by Mark Miller ?

                          EDIT: nm, the wikipedia page links to AmigaE, which is the one you were referring to.

                          1. 1

                            Yeah, sorry. This one: https://en.wikipedia.org/wiki/Amiga_E

                        3. 2

                          Can you enlighten me on what an esolang is?

                          1. 3
                            1. 1

                              Hey it’s not a “previously on” because I never submitted that one to lobsters :P

                              (The lecture is definitely going up, if it doesn’t kill me first. One more week to go…)

                              1. 2

                                Wouter’s homepage is worth a browse.

                              2. 1

                                inspired Chris Penner’s Befunge

                                just to clarify (incase anyone else was confused like me), it’s Chris Pressey that invented Befunge; Chris Penner is someone else; at least I think so :)

                                1. 1

                                  Mea culpa! No idea why I wrote “Penner”

                                2. 1

                                  The visual programming language he did for his PhD thesis (late ’90s) is interesting as well: http://strlen.com/aardappel-language/

                                1. 2

                                  Looks extremely cool and polished! One criticism so far: I had a hard time figuring out how to insert rows/columns. Would love to see it take inspiration from TreeSheets, which lets you select and type into a cell border in order to create new rows/columns.

                                  1. 4

                                    Loved a game, the game was open source, it had an easy how-to-contribute (at the time)! The game was: https://github.com/CleverRaven/Cataclysm-DDA

                                    1. 4

                                      It’s remarkable how long this battle between botters and the bot detection system has been going on. Jagex claims to be banning thousands of bots per month. More details here on the backstory, written from Paul Gower, one of the creators of RuneScape, just over 10 years ago: https://imgur.com/a/eAuN6uT

                                      As an additional aside, not only has this ongoing battle led to more sophisticated botting techniques to “win” at the game, but reverse engineering the game client has in and of itself led to the creation of “private server” communities. Jagex hasn’t open sourced the RuneScape server software, so players have gone off and written their own server software instead, based on reverse engineering the game client code to understand the game’s protocol.

                                      1. 2

                                        The issue with bots are bad game designs around non-fun gameplay i.e. grinding. You only want to bot the grind. If the game is fun there’s no point in botting because you are playing to have fun.

                                        When you have to kill 1000000000 boars to progress obviously it’s only gonna be bots doing that.

                                        1. 7

                                          That’s not the only reason people use bots. If your game has a market, someone is going to game the market. If your game has PVP, someone will want top tier PVP gear without earning it. And if your game has other people in it at all, someone is going to figure out a way to grief or harass them.

                                          1. 1

                                            i agree - whether the game is fun or not is not the important factor here, it’s the existence of the open market that leads to these issues. (If there’s no market, then bots don’t negatively effect the experience of other player as much either)

                                          2. 2

                                            Automation like this will emerge in any online space with competitive elements. For online games, this means competition for economic or social standing. If a leaderboard exists in some capacity, someone will begin finding a way to cheat it, and botting is one way that manifests.

                                          3. 1

                                            runescape bot detection is somewhat notorious for its false positives – there’s a significant community of innocent players who have been falsely banned for botting and unable to appeal! if playing the game legitimately puts players in danger of irrevocable bans, perhaps aggressive bot detection effectively makes botting the only real way to play the game…

                                          1. 2

                                            Published… on April first….

                                            1. 5

                                              unfortunately it is very real! here’s a linked site that mirrors a screenshot of the leak: https://www.ransomwatch.org/

                                            1. 24

                                              Since it’s a medium post with a clickbait title here’s a TLDR:

                                              While attempting to hack PayPal with me during the summer of 2020, Justin Gardner (@Rhynorater) shared an interesting bit of Node.js source code found on GitHub.

                                              The code was meant for internal PayPal use, and, in its package.json file, appeared to contain a mix of public and private dependencies — public packages from npm, as well as non-public package names, most likely hosted internally by PayPal. These names did not exist on the public npm registry at the time.

                                              The idea was to upload my own “malicious” Node packages to the npm registry under all the unclaimed names, which would “phone home” from each computer they were installed on.

                                              Apparently, it is quite common for internal package.json files, which contain the names of a javascript project’s dependencies, to become embedded into public script files during their build process, exposing internal package names. Similarly, leaked internal paths or require() calls within these files may also contain dependency names. Apple, Yelp, and Tesla are just a few examples of companies who had internal names exposed in this way.

                                              This type of vulnerability, which I have started calling dependency confusion, was detected inside more than 35 organizations to date, across all three tested programming languages.

                                              Feels weird and scary that this had always been possible! Another incident to add to the “package management is solved” meme. Great article.

                                              1. 10

                                                public packages from npm, as well as non-public package names, most likely hosted internally by PayPal.

                                                Even if you’re not using npm’s organization feature to host your modules, you probably want to use names scoped to an npm account or organization you control, so others can’t publish packages with matching names to the public registry.

                                                That said, dependency managers probably shouldn’t be running arbitrary code on users machines during installation, as in the case with the preinstall used in this example. Unfortunately, this was reported back in 2016 (VU#319816) and nothing came of it.

                                                1. 8

                                                  I don’t really know how anything about npm dependency fetching works, but shouldn’t the logic be, “Do we have an internal package called ‘foo’? If not, look for public packages called ‘foo’.”? Based on the article description it sounds like it must be doing, “Is there a public package called ‘foo’? If not, look for an internal one”. Is this really how it works?

                                                  1. 7

                                                    npm has a limited concept of different registries. It fetches all packages from the one set in the global configuration file, a environment variable, or a CLI flag. The exception is scoped modules (modules whose names look like @mycompany/foobar), where each scope (the @mycompany part) can be assigned a registry.

                                                    If you pay npm, you can set scoped packages published on their registry to only be installable by users logged into your organization.

                                                    Before scoped modules were added to npm, the best you could do is create unscoped packages that didn’t exist, and point npm at a proxy that decided what backend to fetch a package from based on the requested name. A common implementation checked an internal registry first, and if it didn’t exist, then it fetches from the public registry.

                                                    The author of this post provides examples of internal modules being unscoped, so I’m assume these companies are relying on developers connecting to a proxy to fetch the correct dependencies. I could easy invision scenarios where new developers, CI systems, IDEs are improperly configured and fetch those names instead from the public registry, thus this vulnerability.

                                                    1. 3

                                                      If the package exists on both [the internal and public], it defaults to installing from the source with the higher version number.

                                                      The kicker there being you can make an arbitrarily higher-versioned package e.g., 9000.0.1 to force the public (malicious, in this context) dependency. The article also describes that same behavior in Artifactory which is popular within companies to host various internal packages (including npm):

                                                      Artifactory uses the exact same vulnerable algorithm described above to decide between serving an internal and an external package with the same name.

                                                      I think for npm, using the save-exact feature would be a fix—and imho a sane default—but I’m not 100% certain.

                                                      1. 2

                                                        I’m not sure this is accurate, or at least it wasn’t the implementation of any proxies I worked on or with back when I was still working on npm.

                                                        npm would ask the proxy for information about a package name. All the ones I used would query that metadata from an internal version, and only if it returned nothing, did it fetch information from the public proxy.

                                                        This implementation choice was made in the proxies to allow teams to hold back or override open source modules they used (especially useful with deeply nested dependencies before lockfiles) and to avoid situations where someone else claimed the same name to try to get you to fetch it instead (this being before scoped modules).

                                                        I haven’t been in the Node.js community for about 4 years now, and have never had access to Artifactory, so I can’t confirm or deny what implementation they’re using now. It would be a shame if they forged ahead without the security concerns open sourced alternatives had long considered.

                                                        1. 1

                                                          I’ll be honest: not sure on the technical differences to how Artifactory works compared to the proxies you worked with. When I’ve previously used Artifactory (as a humble user) it’s effectively worked as a pull-through cache of sorts: serve a package that exists internally then fall back to the public if necessary. What comes to mind as of recent was the change by Docker Hub that rate-limited requests.

                                                          Anyways, your reply made me think more specifically about the Node.js/npm vector from the article:

                                                          Unless specified otherwise (via --registry or in a .npmrc) then the default (public) registry is used. Given that, I think it’s not out of question for a npm install acme-co-internal-package to be blindly ran which would hit the public (malicious) package if there’s no internal registry specified. Just my $0.02.

                                                          1. 2

                                                            Yeah, that’s the conclusion I wrote up thread.

                                                            I could easy invision scenarios where new developers, CI systems, IDEs are improperly configured and fetch those names instead from the public registry, thus this vulnerability.

                                                            1. 1

                                                              D’oh, I missed that. Just like the pesky step in a project’s README that tells (hypothetical) you to set the internal registry. ;^]

                                                              I’m sure it’s a curious sight internally at npm to see all the 404ing requests for packages—many of which exist in an internal registry.

                                                  2. 3

                                                    The article is (intentionally, I believe) vague about it, but I’m curious how they came across all the dependency declaration files in the first place.

                                                    common for internal package.json files, which contain the names of a javascript project’s dependencies, to become embedded into public script files

                                                    I don’t quite follow. Anyone have insights on the semantics of “leak” in this context?

                                                    1. 1

                                                      I think they might be concatenated into the production minified js file due to a misconfigured js build pipeline, but that’s just a guess.

                                                  1. 10

                                                    oh my gosh, the new errors are beautiful! my favorite:

                                                    error: Syntax error
                                                       ┌─ /Users/a/parser_test/src/parser_test.gleam:13:38
                                                       │
                                                    13 │ pub external fn a(name: String, Int, ,) -> Bool =
                                                       │                                      ^ This is an extra delimiter.
                                                    
                                                    Hint: Try removing it?
                                                    
                                                    1. 5

                                                      Thank you, Greg did a fantastic job there!

                                                    1. 3

                                                      I really like the idea of giving programmer tools the goal of reducing “friction”, in contrast to achieving speedups. It’s not always about saving time doing a task (‘increase productivity’), it’s about making you think about doing the useful task in the first place. It sounds like the core of the refutation here is the idea of productivity, which has evolved far beyond “minimize time-spent-on-task” since when Brooks made his argument.

                                                      1. 3

                                                        I know this “N KB Club” meme is becoming trite now but someone asked for it, so this had to be done! :-)

                                                        1. 6

                                                          10 KB club is cringe.

                                                          – This post made by 1 KB club

                                                          1. 4

                                                            1K?! LUXURY! When I was young 12 bytes and a piece of cheese was all we ever needed.

                                                            1. 4

                                                              You try and tell the Electron users of today that, they won’t believe you!

                                                              1. 3

                                                                I’ll just put an end to this by registering the 1 bit club and implement the only two possible websites myself.

                                                          1. 1

                                                            On Mac, shell script arguments are passed under NFD normalization (individual jamo) when you usually want NFC (syllable blocks).

                                                            Is there a way to change that default? I’ve been using this to convert to NFC, which doesn’t seem elegant:

                                                            echo "$1" | node -e 'console.log(require("fs").readFileSync(0, "utf-8").normalize("NFC"))' | ...
                                                            
                                                            1. 3

                                                              They are likely passed however they were typed, so it would be an input system setting more than a shell setting.

                                                              1. 27

                                                                Can I have yours?

                                                                1. 2

                                                                  I am not giving you the photo of my face.

                                                                  Is the likeness of my face also secret information? Do you cover your head when you go out in public?

                                                                  1. 3

                                                                    A number is easier to copy than a face in practice.

                                                                    1. 2

                                                                      Do you print your personal ID number at the back of your jacket when you go out in public? It’s not about photo, it’s about a number. If you read the post, you’d see that with the number, we could then

                                                                      Activate a SIM card (and so get an internet connection that’s traceable to you, not them, hiding them from the government)

                                                                      and then do some real damage in your name. That’s the point.

                                                                      1. 4

                                                                        It’s not about photo, it’s about a number.

                                                                        It’s actually about information, which photos do qualify as.

                                                                        If you read the post, you’d see that with the number, we could then Activate a SIM card

                                                                        Just because you can activate a sim card with a non-secret, does not in anyway make the non-secret a secret, or justify that the non-secret should be a secret.

                                                                        and then do some real damage in your name. That’s the point.

                                                                        And my point is non-secrets are not secrets. And that if an authentication system was built on a shaky foundation, that also does not justify or make non-secrets into secrets.

                                                                        1. 2

                                                                          And my point is non-secrets are not secrets. And that if an authentication system was built on a shaky foundation, that also does not justify or make non-secrets into secrets.

                                                                          Okay, with this addition, your point makes sense now. But your original comment, “Passport number is hardly secret information” doesn’t state that explicitly. It seemed to me (and I suspect to the guy asking for your pass #) as if you don’t think sharing it should be a problem because it’s not secret information.

                                                                          Just a bunch of nerds being a bit literal, I guess.

                                                                          1. 1

                                                                            I’m afraid that if a “non-secret” piece of information is considered secret by others then in fact it is secret. If someone can use your passport number to affect your life by entering into phone contracts in your name then you need to stop giving it out. To that extent, what you need to keep secret is decided by others which is admittedly a huge pain in the bum.

                                                                            Very common with government issued numbers of any kind sadly.

                                                                            1. 1

                                                                              Another thing with this is that you can’t even avoid it in a lot of places. There’s this number, OIB, in Croatia, which is kind of like your government-issued, personal ID number that you shouldn’t give to anyone because it’s used to verify you are you. Except you have to give it to your bank (okay, they need to watch my secrets anyway), my phone company (they sell my info for ads?) or like anywhere you want to get a loyalty card at.

                                                                              1. 1

                                                                                We have that here in Sweden too (“personnummer”). It is not seen as a secret at all. It’s simply a numerical representation of identity.

                                                                                1. 1

                                                                                  Yep, here too. But when you call e.g. your telecom, “hi, I’m X and I need to change my contract.” - “sure, what’s your totally-not-secret #”?

                                                                                  Edit: well, not here, but back there. I’m not in Croatia any more.

                                                                                  1. 1

                                                                                    My real name is not a secret to the government or my bank, but it is to you. No information is either all secret or all non-secret. Secrecy has domains.

                                                                    2. 12

                                                                      I wish we were totally clear as a society about which pieces of info are just identifiers and which represent some kind of authentication or authorization, so we could focus on protecting the right info. And if instead of repurposing IDs as passwords we designed something for authentication from the start, it could be a lot better: we wouldn’t have to handle and store everything in the clear and rotating secrets could be routine instead of a huge deal.

                                                                      (The current mess is also self-perpetuating: the standard approach to authenticating people is pretty weak, but because it’s the standard approach no company using it to book tickets for you, etc. is likely to face much liability!)

                                                                      However, we aren’t in the universe where identifiers and secrets are cleanly separated, so practically speaking I more-or-less understand the qualms about disclosing passport numbers, US Social Security numbers, etc.

                                                                      1. 4

                                                                        whenever I see a wish for X to be designed differently, I love to bring up Chesterton’s Fence:

                                                                        There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, “I don’t see the use of this; let us clear it away.” To which the more intelligent type of reformer will do well to answer: “If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.”

                                                                        here’s a source regarding why the US Social Security number-as-identifier is the way it is, which really emphasizes how the problem was never about designing good authentication systems, but about developing national authentication in a society that opposes the very idea of national authentication.

                                                                        1. 3

                                                                          That SSA link seems to describe part of what I’m saying (a government record identifier got widely adopted by private DBs), and notes “it lacks…the means to authenticate a person’s identity”, which, yes. It’s not the SSA making a record identifier for themselves that bugs me, or even others using it as a DB key, it’s when folks use it as if it were proof of identity.

                                                                          Spelled-out theory of how we got here: large private entities (airlines, CC issuers, etc., etc.) are capable of better auth than passing around not-all-that-secured numbers in the clear (see chip and PIN, login systems with 2FA or USB keys, etc.). They have been slow to do it (e.g. late introduction of chip and PIN for card-present transactions in the US), and sometimes just have left things a mess (CC card-not-present transactions, and everything using SSN as proof of identity), for a bunch of reasons, including (like I mentioned in the other comment) that they’re not liable for most of the cost/annoyance when the auth system is janky–with credit cards, for instance, the merchants pay the monetary costs and cardholders deal with the fuss of card reissues and false alarms from fraud filters. Competition hasn’t solved it (“use my non-janky payment system/airline/…”) because the network effects protecting incumbents are strong.

                                                                          FWIW, very different to say “it can be informative to look at history” versus assuming historical decisions are wise or ideas are bad unless presented with reams of historical analysis. To me, analogous to “that weird behavior sounds intentional, peek at the history before you change it” vs. a posture that just makes touching your old code nearly impossible.

                                                                          (‘Nother fun thing: the Chesterton quote comes from an essay arguing that proper domesticity was being undermined in the 1920s as indicated by “a multitude of modern manifestations, from the largest to the smallest, ranging from a divorce to a picnic party”. Which is a position that, uh, hasn’t aged well to my eyes and makes you think about the principle used to justify it.)

                                                                          1. 1

                                                                            that’s a really fair point regarding making past mistakes untouchable because of a less-than-useful need for “reams of evidence”. feels like red tape against changing old ideas. thanks for the view

                                                                            I retract what I wrote, I’m not one to advocate for fallacious red tape

                                                                    1. 12

                                                                      One of the smaller pain points on the Mac is that there’s no built in paint tool. I want to use it just often enough that I miss it, but not enough that I want to learn what’s out there and/or pay money for a sophisticated tool.

                                                                      I realize there’s some subjectivity to this, but I think a simple paint tool ought to be part of what’s comes included with every “normal” machine.

                                                                      1. 5

                                                                        I’m using Acorn for MacOS, after seeing a recommendation or two. It’s light, fast and easy (for me) to understand. It was also cheap. I don’t do much - just cropping, copying, pasting, drawing an arrow, etc.

                                                                        1. 3

                                                                          I also endorse Acorn, it’s a great tool. One under appreciated aspect of it- you can open an image, modify it, command + s and it saves it over the original file. No “export as” or “save for web” nonsense.

                                                                          1. 1

                                                                            Boxy SVG is really nice and free.

                                                                            1. 1

                                                                              This one? https://boxy-svg.com/

                                                                              Looks great, but not free to use (15-day free trial is available though). Restricted version is available for free on Linux, but only snap (which I don’t want to use)

                                                                              1. 2

                                                                                That’s the one. I guess I’ve just been so used to using it that I completely forgot it wasn’t free.

                                                                                I’m using the Mac version. I guess since I got it from the MAS and didn’t have to go through the license activation rigamarole, it was easy to forget.

                                                                                Sorry about that.

                                                                                1. 1

                                                                                  sure no problem, the suggestion is still a good one :)

                                                                                  1. 2

                                                                                    No worries. I’ll definitely be more careful about double checking things from a while back or qualifying them.

                                                                            2. 1

                                                                              I second Acorn recommendation, although it’s not really a Paint clone. It’s more like a “subset of Photoshop that a Paint user would recognize”.

                                                                            3. 4

                                                                              there’s definitely money in it! after trying a bunch of paint alternatives I settled on (not even joking ) renting a $5/mo Windows compute server from Azure for the sole purpose of using MS Paint…

                                                                              1. 1

                                                                                You can run MS Paint using Wine. Super easy to install with WineBottler too.

                                                                              2. 3

                                                                                If your goal is to draw over a screenshot or an existing picture, you can use Preview for this. It’s not exactly a “dumb” image editor like MS Paint but it has a couple of additional features like recognizing the shapes you draw by hand. It’s very convenient for annotating screenshots if you use “File > New from Clipboard”. Otherwise you can use Pages or Keynote as a vector graphics editor.

                                                                                1. 2

                                                                                  I’ve used Preview for existing screenshots, but I’d also like to be able to start from scratch and scribble.

                                                                                  I didn’t realize that Pages and Keynote were free until just now, but they’re not built-in, so they still fail one test. I’d also suggest that using a document editor to do scribbling/painting is a little surprising and not the thing that comes to mind so easily.

                                                                                  1. 1

                                                                                    Mmm, I don’t think they have a mac flavor, but the best thing for screenshots is flameshot.

                                                                                2. 2

                                                                                  I’m with you on this. Both macOS and Linux need a good Paint clone. The other way I battled for hours with Inkscape to do a basic image manipulation with cutting and pasting, something that would take seconds on Paint. Not because Inkscape is a bad application, but rather because I haven’t learned it and don’t have the need to do it for my daily tasks.

                                                                                  1. 4
                                                                                    1. 2

                                                                                      kolourpaint.

                                                                                      1. 1

                                                                                        I wouldn’t use inkscape, it’s more of a vector thing, I use GIMP for images. It doesn’t matter though because I think your point still stands, the learning curve is steep.

                                                                                        The closest I have come to something simpler out of the box is Krita.

                                                                                      2. 1

                                                                                        I had the same complaint, and apparently I installed this: https://paintbrush.sourceforge.io/. Although I can’t remember when I last used it.

                                                                                      1. 6

                                                                                        ooo, I was thinking of writing something like this! here are a few seriously insane ones, but I won’t say what they do:

                                                                                        • try dragging the border of a window as if to resize, but instead dragging in the orthogonal direction. like drag the bottom edge to the left. useful if you like having a million tabs open and don’t want to drag from the top
                                                                                        • try cmd-dragging menu bar items! (like the battery indicator, wifi, date/time)
                                                                                        • try cmd-dragging the buttons in the finder hotbar!
                                                                                        • go to /Applications in finder. cmd-drag an app like Terminal onto the finder hotbar. then try holding down the little folder icon next to “/Applications” and dragging onto that Terminal icon. (I often use this feature for iterm, firefox, and sublime text)
                                                                                        • when you get a notification with so much text that it gets cut off, drag its bottom edge down as if to resize it (before it disappears)
                                                                                        • hover over a dock icon and scroll up (it must be up)

                                                                                        we should really appreciate how awful these features are in terms of discoverability! like you can’t get worse than this. that’s why I left out what they actually do

                                                                                        1. 3

                                                                                          Well done and super cool talk! I love how the density of J lets the whole implementation plus benchmarks fit in a hundred-line appendix!

                                                                                          I’m reading that this is motivated by the need for fast logic reasoning in statistical computing, what would that look like? (like: solving an example of an interesting logic problem using MicroKanren in J rather than e.g. Datalog)

                                                                                          1. 6

                                                                                            The idea is to logically relate numerical datasets by logical relations. I work in medicine and while statistical machine learning is full of cool concepts, one issue is how to ascertain that your model does the thing you expect when an exceptional datapoint lies outside the expected range.

                                                                                            The model is a blackbox, so you can try to constrain it from outside but that becomes a difficult exercise for a faillible human. If the human misses part of the spec, you’ve got a problem. So the idea is to have a high-level logic language relating low-level statistical datasets. This directly corresponds to how some robotic artificial intelligence is modeled, and I’d like to try to emulate medical reasoning following the same process. That’s why I did that in J, inspired by Aaron Hsu’s Co-dfns compiler. I thought it would be easier to transition from a language with strong numerical capabilities and implement relational programming in it than going the other way round.