Threads for dfrey

  1. 2

    I seem to recall that there we an announcement from a pijul author that pijul was in maintenance mode and that he was working on a new VCS. I can’t find mention of this VCS now though. Does anyone remember this?

    1. 2

      I’m the author, this is totally wrong.

      1. 1

        Thank you for the clarification. I’m not sure how I ended up remembering something that never happened.

      2. 2

        I seriously doubt this is the case. There’s been a huge amount of work on pijul and it’s related ecosystem.

        If I’m wrong, I’d love to know otherwise.

      1. 4

        In my experience, the answer is always “tomorrow”.

        1. 4

          This is an incredibly well produced and well thought out video. In case anyone is interested, late in the video, it’s mentioned that 4:54.265 is the fastest tool assisted time for the game vs 4:54.948 which is the record setting time for a complete play-through by a human.

          1. 2

            What’s interesting is that, even if the TAS is allowed to cheat by holding left and right simultaneously (something not possible on a real controller), it still is 4:54.something, meaning that it’s unlikely we’ll ever see a 4:53 in SMB1 (unless something truly crazy happens a la the credit warp in SMW, which a human can do in like 30 seconds but it’s incredibly difficult).

          1. 11

            I’m not sure to what extent this is still the case, but 5 or so years ago when I was more actively interested in Haskell, I was frustrated by the prevalence of academics in the Haskell community. People seemed to want to intentionally complicate things such that a thesis explaining them is necessary. It seemed like everyone was building abstractions or trying to understand abstractions and nobody had any time left to build applications.

            1. 3

              I’m building lots of fun command line things if you like learning from small useful projects.

              1. 2

                When I was in University a half a decade ago, I was interested in Haskell.

                But I was interested in it to actually make things. I think I felt some of this pain - building abstractions is pretty much the definition of the web programming model a lot of the libraries had built up. Almost needed a degree in math.

              1. 12

                There’s no real meat here. The article doesn’t say which brand and model of device was compromised nor does it describe how.

                1. 11

                  My god the conclusion here. “What can we do about it? Nothing. Keep buying internet-connected garbage, and just be sure to hire more IT personnel to keep patching it.” Come onnnnnnnnnn ugh.

                  1. 4

                    I found several news articles that reported on this, but most of them aren’t from technical publications. A 2017 SecurityWeek news article “Hacked Smart Fish Tank Exfiltrated Data to ‘Rare External Destination’” was more rigorous, though:

                    A weakness in the report is that it is sparse on details. A Darktrace spokesman explained that this is due to customer usage. How each customer uses its technology is different and Darktrace itself isn’t privy to that information. It examines network behavior, but not traffic content. The result is that the information provided gives examples of incidents detected by Darktrace, but little technical detail on the incident itself.

                    Darktrace quickly detected “anomalous data transfers from the fish tank to a rare external destination.” In fact, 10GB of data was transferred outside of the network, via the fish tank. What isn’t specified, however, is what the data comprised, where on the network it came from, how it was moved to the fish tank for exfiltration, nor whether the malware methodology used to acquire the data before exfiltration was also discovered.

                    I don’t know how “10 GB of unknown data” became the “high-roller database”, though. 🤷

                  1. 2

                    Personally, my favorite date format (for paper, not programs) is D/M Y, which Y being optional. Today, for instance, is 26/2. It’s great not having to specify the year, but it still being clear (at least where I live) that it is a date.

                    1. 3

                      A week from now it will be 5/3 and this will be a much harder sell. If I see 5/3, I have no idea whether it’s M/D or D/M.

                      1. 3

                        Yeah, but as I said, it depends on where you live. In Sweden, this format is common and widely recognized. Nobody would interpret it as M/D.

                    1. 23

                      I used to think this was the case until I realized that Google funds Firefox through noblesse oblige, and so all the teeth-gnashing over “Google owns the Internet” is still true whether you use Chrome directly or whether you use Firefox. The only real meaningful competition in browsers is from Apple (God help us.) Yes, Apple takes money from Google too, but they don’t rely on Google for their existence.

                      I am using Safari now, which is… okay. The extension ecosystem is much less robust but I have survived. I’m also considering Brave, but Chromium browsers just gulp down the battery in Mac OS so I’m not totally convinced there yet.

                      Mozilla’s recent political advocacy has also made it difficult for me to continue using Firefox.

                      1. 19

                        I used to think this was the case until I realized that Google funds Firefox through noblesse oblige, and so all the teeth-gnashing over “Google owns the Internet” is still true whether you use Chrome directly or whether you use Firefox.

                        I’m not sure the premise is true. Google probably wants to have a practical monopoly that does not count as a legal monopoly. This isn’t an angelic motive, but isn’t noblesse oblige.

                        More importantly, the conclusion doesn’t follow–at least not 100%. Money has a way of giving you control over people, but it can be imprecise, indirect, or cumbersome. I believe what Google and Firefox have is a contract to share revenue with Firefox for Google searches done through Firefox’s url bar. If Google says “make X, Y and Z decisions about the web or you’ll lose this deal”, that is the kind of statement antitrust regulators find fascinating. Since recent years have seen increased interest in antitrust, Google might not feel that they can do that.

                        1. 9

                          Yes, I agree. It’s still bad that most of Mozilla’s funding comes from Google, but it matters that Mozilla is structured with its intellectual property owned by a non-profit. That doesn’t solve all problems, but it creates enough independence that, for example, Firefox is significantly ahead of Chrome on cookie-blocking functionality - which very much hits Google’s most important revenue stream.

                          1. 4

                            Google never has to say “make X, Y and Z decisions about the web or you’ll lose this deal,” with or without the threat of antitrust regulation. People have a way of figuring out what they have to do to keep their job.

                          2. 17

                            I’m tired of the Pocket suggested stories. They have a certain schtick to them that’s hard to pin down precisely but usually amounts to excessively leftist, pseudo-intellectual clickbait: “meat is the privilege of the west and needs to stop.”

                            I know you can turn them off.

                            I’m arguing defaults matter, and defaults that serve to distract with intellectual junk is not great. At least it isn’t misinformation, but that’s not saying much.

                            Moving back to Chrome this year because of that, along with some perf issues I run into more than I’d like. It’s a shame, I wanted to stop supporting Google, but the W3C has succeeded in creating a standard so complex that millions of dollars are necessary to adequately fund the development of a performant browser.

                            1. 2

                              Moving back to Chrome this year because of that, along with some perf issues I run into more than I’d like. It’s a shame, I wanted to stop supporting Google, but the W3C has succeeded in creating a standard so complex that millions of dollars are necessary to adequately fund the development of a performant browser.

                              In case you haven’t heard of it, this might be worth checking out: https://ungoogled-software.github.io/

                              1. 1

                                Except as of a few days ago Google is cutting off access to certain APIs like Sync that Chromium was using.

                                1. 1

                                  Straight out of the Android playbook

                            2. 4

                              Mozilla’s recent political advocacy has also made it difficult for me to continue using Firefox.

                              Can you elaborate on this? I use FF but have never delved into their politics.

                              1. 16

                                My top of mind example: https://blog.mozilla.org/blog/2021/01/08/we-need-more-than-deplatforming/

                                Also: https://blog.mozilla.org/blog/2020/07/13/sustainability-needs-culture-change-introducing-environmental-champions/ https://blog.mozilla.org/blog/2020/06/24/immigrants-remain-core-to-the-u-s-strength/ https://blog.mozilla.org/blog/2020/06/24/were-proud-to-join-stophateforprofit/

                                I’m not trying to turn this into debating specifically what is said in these posts but many are just pure politics, which I’m not interested in supporting by telling people to use Firefox. My web browser doesn’t need to talk about ‘culture change’ or systemic racism. Firefox also pushes some of these posts to the new tab page, by default, so it’s not like you can just ignore their blog.

                                1. 6

                                  I’m started to be afraid that being against censorship is enough to get you ‘more than de-platformed’.

                                    1. 10

                                      Really? I feel like every prescription in that post seems reasonable; increase transparency, make the algorithm prioritize factual information over misinformation, research the impact of social media on people and society. How could anyone disagree with those points?

                                      1. 17

                                        You’re right, how could anyone disagree with the most holy of holies, ‘fact checkers’?

                                        Here’s a great fact check: https://www.politifact.com/factchecks/2021/jan/06/ted-cruz/ted-cruzs-misleading-statement-people-who-believe-/

                                        The ‘fact check’ is a bunch of irrelevant information about how bad Ted Cruz and his opinions are, before we get to the meat of the ‘fact check’ which is, unbelievably, “yes, what he said is true, but there was also other stuff he didn’t say that we think is more important than what he did!”

                                        Regardless of your opinion on whether this was a ‘valid’ fact check or not, I don’t want my web browser trying to pop up clippy bubbles when I visit a site saying “This has been officially declared by the Fact Checkers™ as wrongthink, are you sure you’re allowed to read it?” I also don’t want my web browser marketer advocating for deplatforming (“we need more than deplatforming suggests that deplatforming should still be part of the ‘open’ internet.) That’s all.

                                        1. 15

                                          a bunch of irrelevant information about how bad Ted Cruz and his opinions are

                                          I don’t see that anywhere. It’s entirely topical and just some context about what Cruz was talking about.

                                          the meat of the ‘fact check’ which is, unbelievably, “yes, what he said is true, but there was also other stuff he didn’t say that we think is more important than what he did!”

                                          That’s not what it says at all. Anyone can cherry-pick or interpret things in such a way that makes their statement “factual”. This is how homeopaths can “truthfully” point at studies which show an effect in favour of homeopathy. But any fact check worth its salt will also look at the overwhelming majority of studies that very clearly demonstrate that homeopathy is no better than a placebo, and therefore doesn’t work (plus, will point out that the proposed mechanisms of homeopathy are extremely unlikely to work in the first place, given that they violate many established laws of physics).

                                          The “39% of Americans … 31% of independents … 17% of Democrats believe the election was rigged” is clearly not supported by any evidence, and only by a tenuous interpretation of a very limited set of data. This is a classic case of cherry-picking.

                                          I hardly ever read politifact, but if this is really the worst fact-check you can find then it seems they’re not so bad.

                                          1. 7

                                            This article has a few more examples of bad fact checks:

                                            https://greenwald.substack.com/p/instagram-is-using-false-fact-checking

                                          2. 7

                                            Media fact-checkers are known to be biased.

                                            [Media Matters lobby] had to make us think that we needed a third party to step in and tell us what to think and sort through the information … The fake news effort, the fact-checking, which is usually fake fact-checking, meaning it’s not a genuine effort, is a propaganda effort … We’ve seen it explode as we come into the 2020 election, for much the same reason, whereby, the social media companies, third parties, academic institutions and NewsGuard … they insert themselves. But of course, they’re all backed by certain money and special interests. They’re no more in a position to fact-check than an ordinary person walking on the street … — Sharyl Attkisson on Media Bias, Analysis by Dr. Joseph Mercola

                                            Below is a list of known rebuttals of some “fact-checkers”.

                                            Politifact

                                            • I wanted to show that these fact-checkers just lie, and they usually go unchecked because most people don’t have the money, don’t have the time, and don’t have the platform to go after them — and I have all three” — Candace Owens Challenges Fact-Checker, And Wins

                                            Full fact (fullfact.org)

                                            Snopes

                                            Associated Press (AP)

                                            • Fact-checking was devised to be a trusted way to separate fact from fiction. In reality, many journalists use the label “fact-checking” as a cover for promoting their own biases. A case in point is an Associated Press (AP) piece headlined “AP FACT-CHECK: Trump’s inaccurate boasts on China travel ban,” which was published on March 26, 2020 and carried by many news outlets.” — Propaganda masquerading as fact-checking

                                            Politico

                                            1. 4

                                              I’m interested in learning about the content management systems that these fact checker websites use to effectively manage large amounts of content with large groups of staff. Do you have any links about that?

                                              1. 3

                                                The real error is to imply that “fact checkers” are functionally different from any other source of news/journalism/opinion. All such sources are a collection of humans. All humans have bias. Many such collections of humans have people that are blind to their own bias, or suffer a delusion of objectivity.

                                                Therefore the existence of some rebuttals to a minuscule number of these “fact checks” (between 0 and 1% of all “fact checks”) should not come as a surprise to anyone. Especially when the rebuttals are published by other news/journalism/opinion sources that are at least as biased and partisan as the fact checkers they’re rebutting.

                                                1. 1

                                                  The real error is to imply that “fact checkers” are functionally different from any other source of news/journalism/opinion.

                                                  Indeed they aren’t that different. Fact-checkers inherit whatever bias that is already present in mainstream media, which itself is a well-documented fact, as the investigative journalist Sharyl Atkisson explored in her two books:

                                                  • The Smear exposes and focuses on the multi-billion dollar industry of political and corporate operatives that control the news and our info, and how they do it.
                                                  • Slanted looks at how the operatives moved on to censor info online (and why), and has chapters dissecting the devolution of NYT and CNN, recommendations where to get off narrative news, and a comprehensive list of media mistakes.
                                          3. 5

                                            After reading that blog post last week I switched away from Firefox. It will lead to the inevitable politicization of a web browser where the truthfulness of many topics is filtered through a very left-wing, progressive lens.

                                            1. 23

                                              I feel like “the election wasn’t stolen” isn’t a left- or right-wing opinion. It’s just the truth.

                                              1. 15

                                                To be fair, I feel like the whole idea of the existence of an objective reality is a left-wing opinion right now in the US.

                                                1. 5

                                                  There are many instances of objective reality which left-wing opinion deems problematic. It would be unwise to point them out on a public forum.

                                                  1. 8

                                                    I feel like you have set up a dilemma for yourself. In another thread, you complain that we are headed towards a situation where Lobsters will no longer be a reasonable venue for exploring inconvenient truths. However, in this thread, you insinuate that Lobsters already has become unreasonable, as an excuse for avoiding giving examples of such truths. Which truths are being silenced by Lobsters?

                                                    Which truths are being silenced by Mozilla? Keep in mind that the main issue under contention in their blog post is whether a privately-owned platform is obligated to repeat the claims of a politician, particularly when those claims would undermine democratic processes which elect people to that politician’s office; here, there were no truths being silenced, which makes the claim of impending censorship sound like a slippery slope.

                                                    1. 4

                                                      Yeah but none that are currently fomenting a coup in a major world power.

                                                2. 16

                                                  But… Mozilla has been inherently political the whole way. The entire Free Software movement is incredibly political. Privacy is political. Why is “social media should be more transparent and try to reduce the spread of blatant misinformation” where you draw the line?

                                                  1. 5

                                                    That’s not where I draw the line. We appear to be heading towards a Motte and Bailey fallacy where recent events in the US will be used as justification to clamp down on other views and opinions that left-wing progressives don’t approve of (see some of the comments on this page about ‘fact checkers’)

                                                    1. 7

                                                      In this case though, the “views and opinions that left-wing progressives don’t approve of” are the ideas of white supremacy and the belief that the election was rigged. Should those not be “clamped down” on? (I mean, it’s important to be able to discuss whether the election was rigged, but not when it’s just a president who doesn’t want to accept a loss and has literally no credible evidence of any kind.)

                                                      1. 2

                                                        I mentioned the Motte and Bailey fallacy being used and you bring up ‘white supremacy’ in your response! ‘White Supremacy’ is the default Motte used by the progressive left. The Bailey being a clamp down on much more contentious issues. Its this power to clamp down on the more contentious issues that I object to.

                                                        1. 6

                                                          So protest clamp downs on things you don’t want to see clamp downs on, and don’t protest clamp downs on things you feel should be clamped down on? We must be able to discuss and address real issues, such as the spread of misinformation and discrimination/supremacy.

                                                          But that’s not even super relevant to the article in question. Mozilla isn’t even calling for censoring anyone. It’s calling for a higher degree of transparency (which none of us should object to) and for the algorithm to prioritize factual information over misinformation (which everyone ought to agree with in principle, though we can criticize specific ways to achieve it).

                                                          1. 4

                                                            We are talking past each other in a very unproductive way.

                                                            The issue I have is with what you describe as “…and for the algorithm to prioritize factual information over misinformation”

                                                            Can you not see the problem when the definition of ‘factual information’ is in the hands of a small group of corporations from the West Coast of America? Do you think that the ‘facts’ related to certain hot-button issues will be politically neutral?

                                                            It’s this bias that i object to.

                                                            This American cultural colonialism.

                                                            1. 3

                                                              Can you not see the problem when the definition of ‘factual information’ is in the hands of a small group of corporations from the West Coast of America?

                                                              ReclaimTheNet recently published a very good article on this topic

                                                              https://reclaimthenet.org/former-aclu-head-ira-glasser-explains-why-you-cant-ban-hate-speech/

                                                              1. 3

                                                                That’s an excellent article. Thank you for posting it.

                                                                1. 3

                                                                  You’re welcome. You might be interested in my public notes on the larger topic, published here.

                                                  2. 3

                                                    Out of interest, to which browser did you switch?

                                              2. 2

                                                if possible, try vivaldi, being based on chromium, it will be easiest to switch to f.e. you can install chromium’s extensions in vivaldi. not sure about their osx (which seems to be your use-case), support though, so ymmv.

                                              1. 35

                                                e-mail has a lot of legacy cruft. Regardless of the technical merits of e-mail or Telegram or Delta Chat, Signal, matrix.org or whatever, what people need to be hearing today is “WhatsApp and Facebook Messenger are unnecessarily invasive. Everyone is moving to X.” If there isn’t a clear message on what X is, then people will just keep on using WhatsApp and Facebook Messenger.

                                                It seems clear to me that e-mail is not the frontrunner for X, so by presenting it as a candidate for replacing WhatsApp and Facebook Messenger, I think the author is actually decreasing the likelihood that most people will migrate to a better messaging platform.

                                                My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                1. 26

                                                  Signal is a silo and I dislike silos. That’s why I post on my blog instead of Twitter. What happens when someone buys Signal, the US government forces Signal to implement backdoors or Signal runs out of donation money?

                                                  1. 10

                                                    Signal isn’t perfect. My point is that Signal is better than WhatsApp and that presenting many alternatives to WhatsApp is harmful to Signal adoption. If Signal can’t reach critical mass like WhatsApp has it will fizzle out and we will be using WhatsApp again.

                                                    1. 12

                                                      If Signal can’t reach critical mass like WhatsApp has it will fizzle out

                                                      Great! We don’t need more silos.

                                                      and we will be using WhatsApp again.

                                                      What about XMPP or Matrix? They can (and should!) be improved so that they are viable alternatives.

                                                      1. 13

                                                        (Majority of) People don’t care about technology (how), they care about goal (why).

                                                        They don’t care if it’s Facebook, Whatsapp, Signal, Email, XMPP, they want to communicate.

                                                        1. 14

                                                          Yeah, I think the point of the previous poster was that these systems should be improved to a point where they’re just really good alternatives, which includes branding and the like. Element (formerly riot.im) has the right idea on this IMHO, instead of talking about all sorts of tech details and presenting 500 clients like xmpp.org, it just says “here are the features element has, here’s how you can use it”.

                                                          Of course, die-hard decentralisation advocates don’t like this. But this is pretty much the only way you will get any serious mainstream adoption as far as I can see. Certainly none of the other approaches that have been tried over the last ~15 years worked.

                                                          1. 7

                                                            …instead of talking about all sorts of tech details and presenting 500 clients like xmpp.org, it just says “here are the features element has, here’s how you can use it”.

                                                            Same problem with all the decentralized social networks and microblogging services. I was on Mastodon for a bit. I didn’t log in very often because I only followed a handful of privacy advocate types since none of my friends or other random people I followed on Twitter were on it. It was fine, though. But then they shut down the server I was on and apparently I missed whatever notification was sent out.

                                                            People always say crap like “What will you do if Twitter shuts down?”. Well, so far 100% of the federated / distributed social networks I’ve tried (I also tried that Facebook clone from way back when and then Identi.ca at some point) have shut down in one way or another and none of the conventional ones I’ve used have done so. I realize it’s a potential problem, but in my experience it just doesn’t matter.

                                                            1. 4

                                                              The main feature that cannot be listed in good faith and which is the one that everybody cares about is: “It has all my friend and family on it”.

                                                              I know it’s just a matter of critical mass and if nobody switches this will never happen.

                                                            2. 1

                                                              Sure, but we’re not the majority of people.. and we shouldn’t be choosing yet another silo to promote.

                                                            3. 5

                                                              XMPP and (to a lesser extent) Matrix do need to be improved before they are viable alternatives, though. Signal is already there. You may feel that ideological advantages make up for the UI shortcomings, but very few nontechnical users feel the same way.

                                                              1. 1

                                                                Have you tried joining a busy Matrix channel from a federated homeserver? It can take an hour. I think it needs some improvement too.

                                                                1. 2

                                                                  Oh, definitely. At least in the case of Matrix it’s clear that (1) the developers regard usability as an actual goal, (2) they know their usability could be improved, and (3) they’re working on improving it. I admit I don’t follow the XMPP ecosystem as closely, so the same could be the same there, but… XMPP has been around for 20 years, so what’s going to change now to make it more approachable?

                                                              2. 4

                                                                […] it will fizzle out

                                                                Great! We don’t need more silos.

                                                                Do you realize you’re cheering for keeping the WhatsApp silo?

                                                                Chat platforms have a strong network effect. We’re going to be stuck with Facebook’s network for as long as other networks are fragmented due to people disagreeing which one is the perfect one to end all other ones, and keep waiting for a pie in the sky, while all of them keep failing to reach the critical mass.

                                                                1. 1

                                                                  Do you realize you’re cheering for keeping the WhatsApp silo?

                                                                  Uh, not sure how you pulled that out of what I said, but I’m actually cheering for the downfall of all silos.

                                                                  1. 2

                                                                    I mean that by opposing the shift to the less-bad silo you’re not actually advancing the no-silo case, but keeping the status quo of the worst-silo.

                                                                    There is currently no decentralized option that is secure, practical, and popular enough to be adopted by mainstream consumers in numbers that could beat WhatsApp.

                                                                    If the choice is between WhatsApp and “just wait until we make one that is”, it means keeping WhatsApp.

                                                                2. 3

                                                                  They can be improved so that they are viable alternatives.

                                                                  Debatable.

                                                                  Great! We don’t need more silos.

                                                                  Domain-name federation is a half-assed solution to data portability. Domain names basically need to be backed by always-on servers, not everybody can have one, and not everybody should. Either make it really P2P (Scuttlebutt?) or don’t bother.

                                                                  1. 2

                                                                    I sadly agree, which is why logically I always end up recommend signal as ‘the best of a bad bunch’.

                                                                    I like XMPP, but for true silo-avoidance you need you run your own server (or at least have someone run it under your domain, so you can move away). This sucks. It’s sort of the same with matrix.

                                                                    The only way around this is real p2p as you say. So far I haven’t seen anything that I could recommend to former whatsapp users on this front however. I love scuttlebutt but I can’t see it as a good mobile solution.

                                                                3. 8

                                                                  Signal really needs a “web.signal.com”; typing on phones suck, and the destop app is ugh. I can’t write my own app either so I’m stuck with two bad options.

                                                                  This is actually a big reason I like Telegram: the web client is pretty good.

                                                                  1. 3

                                                                    I can’t write my own app either so I’m stuck with two bad options.

                                                                    FWIW I’m involved with Whisperfish, the Signal client for Sailfish OS. There has been a constant worry about 3rd party clients, but it does seem like OWS has loosened its policy.

                                                                    The current Whisperfish is written in Rust, with separate libraries for the protocol and service. OWS is also putting work into their own Rust library, which we may switch to.

                                                                    Technically you can, and the risk should be quite minimal. At the end of the, as OWS doesn’t support these efforts, and if you don’t make a fool of them, availability and use increases their brand value.

                                                                    Don’t want to know what happens if someone writes a horrible client and steps on their brand, so let’s be careful out there.

                                                                    1. 2

                                                                      Oh right; that’s good to know. I just searched for “Signal API” a while ago and nothing really obvious turned up so I assumed it’s either impossible or hard/hackish. To be honest I didn’t look very deeply at it, since I don’t really care all that much about Signal that much 😅 It’s just a single not-very-active chatgroup.

                                                                      1. 1

                                                                        Fair enough, sure. An API might sound too much like some raw web thing - it is based on HTTPS after all - but I don’t think all of it would be that simple ;)

                                                                        The work gone into the libraries has not been trivial, so if you do ever find yourself caring, I hope it’ll be a happy surprise!

                                                                    2. 2

                                                                      The Telegram desktop client is even better than the web client.

                                                                      1. 3

                                                                        I don’t like desktop clients.

                                                                        1. 4

                                                                          Is there a specific reason why? The desktop version of Telegram is butter smooth and has the same capabilities as the phone version (I’m pretty sure they’re built from the same source as well).

                                                                          1. 3

                                                                            Security is the biggest reason for me. Every other week, you hear about a fiasco where a desktop client for some communication service had some sort of remote code execution vulnerability. But there can be other reasons as well, like them being sloppy with their .deb packages and messing up with my update manager etc. As a potential user, I see no benefit in installing a desktop client over a web client.

                                                                            1. 4

                                                                              Security is the reason that you can’t easily have a web-based Signal client. Signal is end-to-end encrypted. In a web app, it’s impossible to isolate the keying material from whoever provides the service so it would be trivial for Signal to intercept all of your messages (even if they did the decryption client-side, they could push an update that uploads the plaintext after decryption).

                                                                              It also makes targeted attacks trivial: with the mobile and desktop apps, it’s possible to publish the hash that you get for the download and compare it against the versions other people run, so that you can see if you’re running a malicious version (I hope a future version of Signal will integrate that and use it to validate updates before it installs them by checking that other users in your network see the same series of updates). With a web app, you have no way of verifying that you’re running the same code that you were one page refresh ago, let alone the same code as someone else.

                                                                              1. 1

                                                                                A web based client has no advantages with regards to security. They are discrete topics. As a web developer, I would argue that a web based client has a significantly larger surface area for attacks.

                                                                                1. 1

                                                                                  When I say security, I don’t mean the security of my communications over that particular application. That’s important too, but it’s nothing compared to my personal computer getting hacked, which means my entire digital life getting compromised. Now you could say a web site could also hijack my entire computer by exploiting weaknesses in the browser, which is definitely a possibility, but that’s not what we hear every other week. We hear stupid zoom or slack desktop client containing a critical remote code execution vulnerability that allows a completely unrelated third party complete access to your computer.

                                                                              2. 1

                                                                                I just don’t like opening a new window/application. Almost all of my work is done with one terminal window (in tmux, on workspace 1) and a browser (workspace 2). This works very well for me as I hate dealing with window management. Obviously I do open other applications for specific purposes (GIMP, Geeqie, etc) but I find having an extra window just to chat occasionally is annoying. Much easier to open a tab in my browser, send my message, and close it again.

                                                                      2. 3

                                                                        The same thing that’s happening now with whatsapp - users move.

                                                                        1. 2

                                                                          A fraction of users is moving, the technically literate ones. Everyone else stays where their contacts are, or which is often the case, installs another messenger and then uses n+1.

                                                                          1. 2

                                                                            A fraction of users is moving, the technically literate ones

                                                                            I don’t think that’s what’s happening now. There have been a lot of mainstream press articles about WhatsApp. The technical users moved to Signal when Facebook bought WhatsApp, I’m now hearing non-technical folks ask what they should migrate to from WhatsApp. For example, one of our administrators recently asked about Signal because some of her family want to move their family chat there from WhatsApp.

                                                                            1. 1

                                                                              Yeah these last two days I have been asked a few times about chat apps. I have also noticed my signal contacts list expand by quite a few contacts, and there are lots of friends/family who I would not have expected to make the switch in there. I asked one family member, a doctor, what brought her in and she said that her group of doctors on whatsapp became concerned after the recent announcements.

                                                                              I wish I could recommend xmpp/OMEMO, but it’s just not as easy to set up. You can use conversations.im, and it’s a great service, but if you are worried about silos you are back to square one if you use their domain. They make using a custom domain as friction-free as possible but it still involves DNS settings.

                                                                              I feel the same way about matrix etc. Most people won’t run their own instance, so you end up in a silo again.

                                                                              For the closest thing to whatsapp, I have to recommend Signal. It’s not perfect, but it’s good. I wish you didn’t have to use a phone number…

                                                                        2. 2

                                                                          What happens when someone buys Signal, the US government forces Signal to implement backdoors or Signal runs out of donation money?

                                                                          Not supporting signal in any way, but how would your preferred solution actually mitigate those risks?

                                                                          1. 1

                                                                            Many different email providers all over the world and multiple clients based on the same standards.

                                                                            1. 6

                                                                              Anyone who has written email software used at scale by the general public can tell you that you will spend a lot of time working around servers and clients which do all sorts of weird things. Sometimes with good reasons, often times with … not so good reasons. This sucks but there’s nothing I can change about that, so I’ll need to deal with it.

                                                                              Getting something basic working is pretty easy. Getting all emails handled correctly is much harder. Actually displaying all emails well even harder still. There’s tons of edge cases.

                                                                              The entire system is incredibly messy, and we’re actually a few steps up from 20 years ago when it was even worse.

                                                                              And we still haven’t solved the damn line wrapping problem 30 years after we identified it…

                                                                              Email both proves Postel’s law correct and wrong: it’s correct in the sense that it does work, it’s wrong because it takes far more time and effort than it really needs to.

                                                                              1. 2

                                                                                I hear you (spent a few years at an ESP). It’s still better than some siloed walled garden proprietary thing that looks pretty but could disappear for any reason in a moment. The worst of all worlds except all others.

                                                                                1. 2

                                                                                  could disappear for any reason in a moment

                                                                                  I’m not so worried about this; all of these services have been around for ages and I’m not seeing them disappear from one day to the next in the foreseeable future. And even if it does happen: okay, just move somewhere else. It’s not even that big of a deal.

                                                                                  1. 1

                                                                                    Especially with chat services. There’s not that much to lose. Your contacts are almost always backed up elsewhere. I guess people value their chat history more than I do, however.

                                                                        3. 11

                                                                          My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                          I’ve recently started using it, and while it’s fine, I’m no fan. As @jlelse, it is another closed-off platform that you have to use, making me depend on someone else.

                                                                          They seem to (as of writing) prioritize “security” over “user freedom”, which I don’t agree with. There’s the famous thread, where they reject the notion of distributing Signal over F-Droid (instead having their own special updater, in their Google-less APK). What also annoys me is that their desktop client is based on Electron, which would have been very hard for me to use before upgrading my desktop last year.

                                                                          1. 6

                                                                            My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                            What I hate about signal is that it requires a mobile phone and an associated phone number. That makes it essentially useless - I loathe mobile phones - and very suspect to me. Why can’t the desktop client actually work?

                                                                            1. 2

                                                                              I completely agree. At the beginning of 2020 I gave up my smartphone and haven’t looked back. I’ve got a great dumb phone for voice and SMS, and the occasional photo. But now I can’t use Signal as I don’t have a mobile device to sign in to. In a word where Windows, Mac OS, Linux, Android, and iOS all exist as widely used operating systems, Signal is untenable as it only as full featured clients for two of these operating systems.

                                                                              Signal isn’t perfect.

                                                                              This isn’t about being perfect, this is about being accessible to everyone. It doesn’t matter how popular it becomes, I can’t use it.

                                                                              1. 1

                                                                                They’ve been planning on fixing that for a while, I don’t know what the status is. The advantage of using mobile phone numbers is bootstrapping. My address book is already full of phone numbers for my contacts. When I installed Signal, it told me which of them are already using it. When other folks joined, I got a notification. While I agree that it’s not a great long-term strategy, it worked very well for both WhatsApp and Signal to quickly bootstrap a large connected userbase.

                                                                                In contrast, most folks XMPP addresses were not the same as their email addresses and I don’t have a lot of email addresses in my address book anyway because my mail clients are all good at autocompleting them from people who have sent me mail before, so I don’t bother adding them. As a result, my Signal contact list was instantly as big as my Jabber Roster became after about six months of trying to get folks to use Jabber. The only reason Jabber was useable at all for me initially was that it was easy to run an ICQ bridge so I could bring my ICQ contacts across.

                                                                                1. 1

                                                                                  Support for using it without a phone number remains a work in progress. The introduction of PINs was a stepping stone towards that.

                                                                                2. 1

                                                                                  What I hate about signal is that it requires a mobile phone and an associated phone number.

                                                                                  On the bright side, Signal’s started to use UUIDs as well, so this may change. Some people may think it’s gonna be too late whenever it happens, if it does, but at least the protocols aren’t stagnant!

                                                                              1. 1

                                                                                These microbenchmarks are interesting in the sense that they might help to identify areas of the code that need a closer look. There are a few cases where the ARM CPU takes twice as long or even 10 times as long as the Intel CPU.

                                                                                What would be more interesting (to me) is to also see how long it takes to run a real world job. For example, use Hugo to generate a substantially large website and measure how long that takes.

                                                                                1. 2

                                                                                  Do we really want the map to be screaming bright red? Red is a very emotive colour. It has meaning. It can connotates danger, and death, which is still statistically extremely rare for coronavirus.

                                                                                  I remember hearing/reading that associating red with danger and violence is a western thing and that other cultures have their own associations. Maybe you could show a different colored map based on the geographic location of the viewer?

                                                                                  1. 3

                                                                                    A common example is in China Japan and Korea, red is associated with fortune so when a stock increases in price, that increase is red, and a decrease is in green. This is opposite of how it’s done in the US.

                                                                                  1. 8

                                                                                    The codebase should already be “good” or time needs to be spent to describe all of the things that are bad about it. Otherwise, the jr. developer will pick up bad habits from the patterns in the codebase.

                                                                                    1. 1

                                                                                      A long time ago when I had a flip phone and no data plan, I used procmail and a little script to send myself new e-mail notifications via sms by using an sms gateway. It was often useless because it was hard to fit sender, subject and enough body to be useful into the sms without going over the sms character limit.

                                                                                      1. 1

                                                                                        Wow thats interesting. To be honest I made this for fun or sometimes if i want to send something to my phone i can just simply use the terminal

                                                                                      1. 2

                                                                                        This article sort of touches on why I am mostly allergic to javascript. It’s not my primary or even secondary language and the ecosystem changes so fast that it’s a full-time job trying to just keep up with what is idiomatic. I guess it’s not the javascript language itself that is the issue. It’s more the libraries and tooling that create this problem.

                                                                                        1. 1

                                                                                          Nah, I disagree. Evolving syntax and other (missing) languages features are part of the problem. Lisp languages avoid those trauma…

                                                                                        1. 3

                                                                                          I use split ergonomic keyboards both at work and at home: https://github.com/omkbd/ErgoDash The repo contains all the files one needs to have the PCB and case plates fabricated (not my work).

                                                                                          I had the PCBs made at jlc pcb and soldered it all together at home, see: https://images.yourfate.org/#15521316686517 It runs QMK firmware: https://qmk.fm/

                                                                                          While it has more keys than a 40% I still use a lot of layered keys. My favorite layer feature is having a “numpad” on the righ thalf of the board, with 456 being on jkl when I press a mod key on the other half. Makes entering many numbers very fast.

                                                                                          AMA I guess…

                                                                                          1. 3

                                                                                            I feel like it would be difficult to type on this if the two parts weren’t always the same distance apart and at the same angle of rotation. Do you find that you’re constantly making micro-adjustments to get the two parts into your preferred position?

                                                                                            1. 3

                                                                                              No, I actually sometimes move them apart to have stuff like documents, a notepad, or food between them. I can use them In lots of distances, as long as the angles of my wrists are right, which you can adjust on the fly.

                                                                                            2. 2

                                                                                              What do you think of the QMK firmware? Did you use a ready made solution before this?

                                                                                              1. 3

                                                                                                I like that in QMK I can easily remap keys and create new functions on layers. They have an online configurator where you can edit the layout to your liking and get a new firmware binary: https://config.qmk.fm/#/ergodash/rev1/LAYOUT

                                                                                                You can also edit the layout locally and compile it yourself, some advanced functions are not available in the configurator.

                                                                                                I have used many ready made keyboards before, but liked the idea of the ergodash. I’m very happy with these keyboards so far.

                                                                                              2. 2

                                                                                                Can you report on how painful it is to have the {/} and [/] keys split between the left half and the right half?

                                                                                                I experimented with similar designs here, but I was always concerned about this issue.

                                                                                                1. 2

                                                                                                  I have them somewhere else. I have them on a layer on P and the button to the right of it. I press the layer button on the left half, then P and the button to the right of it are [].

                                                                                                  This works nicely for me. In general I have my layout set up so that it’s always the opposite hand pressing the layer button (i.e. left hand switching layers for the right hand and vice versa).

                                                                                                  If you’re interested, my config.json is here: https://gitlab.com/youRFate/keymaps/blob/master/ergodash/layers.json

                                                                                                  You can dl it and plug it into https://config.qmk.fm/ to see the layers etc.

                                                                                                  1. 2

                                                                                                    I have ([{/}]) on separate hands, it needs a little getting used to, but once that happens, it’s very, very nice to have them that way.

                                                                                                    It’s only a problem when one of your hands is mousing, but for that, I have a trackball between the halves, so very little hand movement is required between keyboard and ball, and thus, no real issue with hitting either part of the pair.

                                                                                                1. 2

                                                                                                  I have seen lots of software projects that use almost exclusively tabs or spaces, but by some accident one or two of the wrong type of indentation character slips in and the devs either don’t notice or don’t care. I personally, don’t really consider that to be a mixture of tabs and spaces.

                                                                                                  1. 4

                                                                                                    No other developer contributing to the software has made more than 2,586 commits.

                                                                                                    How bad do you feel if you’re the person who made 2586 commits to curl and you just got told your contributions are insignificant?

                                                                                                    1. 3

                                                                                                      Context:

                                                                                                      Of the 25,000 “commits,” or updates, made to the GitHub repository for cURL, Stenberg created 14,000 of them. No other developer contributing to the software has made more than 2,586 commits.

                                                                                                      That means Stenberg wrote over half the commits, while the second-most-active committer wrote about a tenth. I don’t think that’s significant, but it is lopsided.

                                                                                                      1. 2

                                                                                                        Almost as bad as the “single full-time developer” on OpenSSL the author blames for Heartbleed?

                                                                                                        1. 1

                                                                                                          Why has curl become so complex that somebody can contribute 2586 commits and not even measure up?

                                                                                                          1. 4

                                                                                                            Old set of protocols that are successfully deployed with various level of rigor means lots of edge cases to support.

                                                                                                            1. 1

                                                                                                              spelling errors in comments?

                                                                                                          1. 16

                                                                                                            Dark is a holistic programming language, editor, and infrastructure for building backends. You write in the Dark language, using the Dark editor, and your program is hosted on Dark’s infrastructure.

                                                                                                            It sounds like they took everything I want in a programming language ecosystem and then did the opposite.

                                                                                                            1. 9

                                                                                                              Does anyone else think this announcement is written using unusually simple English prose? It has a sort of Simple English Wikipedia vibe to it.

                                                                                                              1. 41

                                                                                                                Python has a massive user base, many for whom English is not their first language. Making this as clear and unambiguous as possible is good.

                                                                                                                1. 9

                                                                                                                  That’s one reason I advocate for plain English in business (esp support/docs/training) and government (esp anything mandatory). It also helps the illiterate and people with bad memory that forget uncommon words.

                                                                                                                  1. 11

                                                                                                                    Applicable: Native English speakers are the world’s worst communicators

                                                                                                                    often talk too fast for others to follow, and use jokes, slang and references specific to their own culture

                                                                                                                    This can even be a problem among English speaker. I was meeting this fella from NYC a few weeks ago via couchsurfing, and told him via WhatsApp that I’d join him for the craic after getting back from the chipper. He had no idea what I was on about. English is tricky because there are so many variants, and once you get in to the habit of using a regional variant of it, it’s hard to get rid of that.

                                                                                                                    1. 11

                                                                                                                      Applicable: Native English speakers are the world’s worst communicators

                                                                                                                      More accurate title: “Native English speakers are worse at communicating with ESL folk than ESL folk are at communicating with other ESL folk, in English.”

                                                                                                                      Like c’mon it’s not like English is the only language with slang

                                                                                                                      1. 1

                                                                                                                        Did he ask if there was chance for a shift? (… in your diction?)

                                                                                                                  2. 14

                                                                                                                    What language would you expect? It’s specifically meant for all users, including those that “just use” Python 2.

                                                                                                                    I think it is very clear (except the word “sunsetting”, which is worst of US marketing speak and is not understandable to many second language speakers).

                                                                                                                    1. 3

                                                                                                                      I believe you meant to write “sunsetting”. I do agree that “subsetting” is hard to understand 😉

                                                                                                                      1. 8

                                                                                                                        Correct. lobste.rs is pretty usable on mobile, but that also makes it vulnerable to autocorrect :D.

                                                                                                                    2. 11

                                                                                                                      They’re trying to communicate with people who are still using Python 2 in 2019.

                                                                                                                      1. 2

                                                                                                                        I bet there are a lot. The “tech industry” is lead by people following closely the upstream projects, but a long long tail of activities just getting stuff done imitating the others follow, and changing that will be long.

                                                                                                                        There are also many code bases in production to convert. There is a tendency to not daring to touch to anything in production if it works, even though maintenance is required.

                                                                                                                      2. 5

                                                                                                                        A lot of people don’t have the necessary attention span time to be able to read long blog posts, announcements or messages. They refer to such messages as “it doesn’t tell about anything”, “meaningless” and “they don’t want to waste time”. I think by using simplest language possible, they’re trying to embrace the short-attention-span people so that they’ll be able to actually read and “digest” the message.

                                                                                                                        I’ve used “they”, but I know I’m not separated from this issue myself. Many times when I’m stumbling over some article in English, I’m discouraged by the overly flowery language, which I often can’t easily understand (as I’m not a native speaker). So I perfectly understand why the Python note uses Simple English mode :)

                                                                                                                        1. 4

                                                                                                                          It’s not you, I had the same reaction. From the tone of the article my impression was that their target audience is four years old. I get that shrouding a simple message in complicated verbiage is a great way to alienate readers but going to far in the opposite direction makes it sound condescending which is possibly worse. But in this case I’m sure that was not the intent of the author, my assumption is that English is not the writer’s first language and they were trying to be very sure they didn’t make anything unclear or misleading. Sometimes my own writing turns into this after I’ve rewritten it 20 times.

                                                                                                                          1. 6

                                                                                                                            To quote my mentor at Amazon: “Communication is impossible”.

                                                                                                                            Have you ever watched a really painful exchange between a non native English speaker and well meaning but frustrated people on a chat channel trying to help?

                                                                                                                            The non native English speaker asks a question in the best way they can, using imprecise wording and breaking every rule in the English language because, to non speakers, they make no sense :)

                                                                                                                            So yeah, this announcement is written in a way that optimizes for minimizing mis-understanding, and in this context I see that as the right choice, and if I’m reading you right, so do you :)

                                                                                                                          2. 1

                                                                                                                            I’m guessing it’s because they wrote sentences starting with And and But a fair bit, which is potentially easy to read but makes all of the sentences seem really short. It’s a little strange, but much better than paragraph-length sentences.

                                                                                                                          1. 0

                                                                                                                            It still makes me sad to think about the fact that we never managed to figure out how to make BitTorrent work while respecting intellectual property. There is this amazing technology that enables us to share a vast amount of data in a wonderfully efficient way. Still, using it you’re most likely doing something that is considered illegal in your country.

                                                                                                                            1. 13

                                                                                                                              [..] to make BitTorrent work while respecting intellectual property.

                                                                                                                              BitTorrent optimises sharing; intellectual property, as I understand it is mostly used, works as a stop-mechanism to sharing.

                                                                                                                              Thus, to me, it seems they have conflicting interests.

                                                                                                                              Of course it is a simplistic perspective on the subject.

                                                                                                                              But every time I think about sharing and intellectual property in digital age, I think about libraries and books, and how the standard copyright notice

                                                                                                                              No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher […]

                                                                                                                              and libraries co-exist. (Highlight on distributed is mine.)

                                                                                                                              Of course it is simply a mental exercise and I have no solution to it.

                                                                                                                              1. 6

                                                                                                                                How do you define “respecting intellectual property”? Users get to decide whether to download a torrent and participate in the swarm. If it’s illegal, then they are breaking the law. If I use a kitchen knife to cut roast beef, that’s legal. If I use a kitchen knife to cut roast rhino, that’s likely illegal. It’s not the knife maker’s responsibility to ensure that I’m not using the knife to cut endangered species.

                                                                                                                                1. 0

                                                                                                                                  It’s definitely illegal to kill people with that knife, in case you needed a clearly illegal act.

                                                                                                                                2. 4

                                                                                                                                  There is this amazing technology that enables us to share a vast amount of data in a wonderfully efficient way. Still, using it you’re most likely doing something that is considered illegal in your country.

                                                                                                                                  Perhaps it is the laws that are at fault, and not the technology. Intellectual Property is predicated on the zero-sum logic of property–for you to have something, I must lose it. Clearly that is not the case with information.

                                                                                                                                  1. 0

                                                                                                                                    Clearly that is not the case with information.

                                                                                                                                    Perhaps, but people don’t create information for free. There is an expectation that you will get reimbursed in some way, and if you don’t then you are indeed operating at a loss. After all you could have done something else with your time.

                                                                                                                                    Edit; and that doesn’t include the patent argument where an inventor would have indeed lost something, business, if people enroach on the intellectual property at the core of that business.

                                                                                                                                    1. 5

                                                                                                                                      Neither of those statements are accurate, right–you and I are both (to the best of my knowledge) creating works here without getting paid. People strumming to themselves on guitars and singing madeup songs while working aren’t getting paid. The idea that all creation is motivated by economic activity seems easy to disprove.

                                                                                                                                      The patent thing isn’t about losing something due to encroachment. It’s about saying “Hey, we’ll give you a limited monopoly to give you even more value in the market, in order to incentivize discovery of new techniques and then to explicitly force you to share that intellectual property by having public record of how you did what you did.” That second part is critical, and one very much lost in modern software and legalese.

                                                                                                                                      Also, real talk: the American publishing industry was founded on copyright infringement. The spread of semiconductor techniques and thus the information age was predicated on the sharing of information via folks like the Traitorous Eight and so forth. The bootstrapping of the Chinese tech manufacturing in places like Shenzhen is massively driven by infringement on IP.

                                                                                                                                      Enforcement of IP is just about rent seeking, and not societal good. Anyways, happy to continue in DMs–this is off-topic for the site. :)

                                                                                                                                  2. 3

                                                                                                                                    never managed to figure out how to make BitTorrent work while respecting intellectual property

                                                                                                                                    You could say the same thing about any protocol. HTTP, FTP, NNTP, Email, etc.

                                                                                                                                    1. 3

                                                                                                                                      Yeah, but of those two, which is the important one?

                                                                                                                                      There are several problems. One big problem is that copyright’s terms are for years, but it only takes a few days for information to be broadcast to all target markets. The biggest Hollywood films, for example, are released near-simultaneously globally and make most of their sales within the first two weeks. Books once took years to print in serious quantity, but now take months to print and weeks to ship. Music can be recorded in a weekend and be streamable within a week. Youtube and Twitch permit global publication within under a minute of recording.

                                                                                                                                      Consider a world where copyright is extremely short, due to the rapid speed at which information can be broadcasted. In such a world, a copyright holder might release their artwork over BitTorrent. In order to do this, they would sell tickets which each have a unique private tracker URL. Then, when the artwork is published, the ticket-holders are sent torrent metadata and can download their own private copies of the artwork hours or even possibly days ahead of non-paying viewers.

                                                                                                                                      Another big problem is that it’s not at all clear whether information, in the information-theoretic sense, is a medium through which expressive works can be created; that is, it’s not clear whether bits qualify for copyright. Certainly, all around the world, legal systems have assumed that bits are a medium. But perhaps bits have no color. Perhaps homomorphic encryption implies that color is unmeasurable. It is well-accepted even to legal scholars that abstract systems and mathematics aren’t patentable, although the application of this to computers clearly shows that the legal folks involved don’t understand information theory well enough.

                                                                                                                                      I wonder why this makes you sad. As a former musician, I know that there is no way to train a modern musician, or any other modern artist, without heavy amounts of copyright infringement. Copying pages at the library, copying CDs for practice, taking photos of sculptures and paintings, examining architectural blueprints of real buildings. The system simultaneously expects us to be well-cultured, and to not own our culture. I suggest that, of those two, the former is important and the latter is yet another attempt to coerce and control people via subversion of the public domain.

                                                                                                                                      1. 2

                                                                                                                                        I really like the idea of selling tickets for private tracker URLs. This would make decentralized distribution possible while making sure that content creators get their revenue.

                                                                                                                                        Besides the hardly measurable cultural loss due to restrictive copyright law, I think what this also comes down to is waste of resources. I wonder how much money could be saved by switching to a decentralized infrastructure when distributing files on the internet.

                                                                                                                                        Keep in mind all those judges, laywers and prosecutors whose resources are bound in disputes concerning copyright. If there were better ways of regulating intellectual property, I believe that many economies could benefit from this.

                                                                                                                                    1. 8

                                                                                                                                      Because it is your computer that runs the code, you can use a lot of different techniques. But that also may cause a problem, because you can use any algorithm if it fits in the timeout given. This means that if you have the hardware for it, you could train a neural net with 1M parameters and run it against others. You would probably win, but at a cost. Basically, I think that this could create a pay-to-win problem.

                                                                                                                                      1. 5

                                                                                                                                        I personally support anyone wanting to solve this game using machine learning, because that’s an interesting problem in itself, as long as they keep it from impeding/discouraging beginners :-)

                                                                                                                                        They have multiple divisions in the tournament (Beginner, Intermediate, Advanced). While that is not a perfect solution, because you can’t enforce it, in practice I think anyone training a neural net would take that to the Advanced division where it’s fair game and go for the gold. The Battlesnake community is full of friendlies and I doubt anyone would take that level of bot into the beginner’s division, which would just be blatantly unfair, and not really worth the Beginner prize in a tournament anyway. In Advanced, there’s still going to be a cut-off point where the cost of your hardware grows past the potential of winning a prize, and even then, there’s enough random chance in the game that it’s not a guaranteed win.

                                                                                                                                        1. 3

                                                                                                                                          If this ever became a legitimate problem, you could say “You must run your code on a Raspberry Pi” or “Your code will be run in a docker container with certain resource limits set”.

                                                                                                                                          1. 2

                                                                                                                                            The problem is that then you cannot enforce such requirements using what they have now, and moving to Docker containers could open remote code execution problems, which are hard to deal with, because sandboxing is hard. There is no universal solution. CodeCombat solution is to have their own language subsets, which they then can control how are executed. Obviously, the techniques are then limited.

                                                                                                                                            1. 2

                                                                                                                                              The engine is open source and you can easily run it on your own network. So if you want to, you can host your own event where everyone brings a Raspberry Pi to run on.

                                                                                                                                            2. 2

                                                                                                                                              This seems like complaining that surfing is pay-to-win because some surfers can buy better boards. It’s not strictly incorrect, but it appears to be a great distance away from the point of surfing.