1. 11

    I worked in Identity Management for a University at one point in my life. There are several things wrong going on here.

    Looks like he had a peaceful termination (contract just ended) so the systems locked him out slowly. That seems right, but the fact that this was irreversible is insane. Contractors came and went at the University, as well as associate professors, adjuncts, etc. We had a pretty complex system for ensuring no person got two accounts. If anyone left, the account is always disabled and always kept.

    Even if they are just a student and graduated 8 years ago, so long as HR gets the same SSN and DOB as their old student account, we just reactivated their old student account (although it would have had student removed and alumni added) and add a staff or faculty role to it. If a new account had the same name and birthday of another account, but different SSN, it’d get flagged for us to look at it manually (we had rules for similar names, reversed months/days on birthdays and other rules to try to catch things). Sometimes we’d find someone got two accounts by accident and we’d have to go through the painful process of trying to merge them.

    If someone was fired, we used a “kill bit,” which would lock them out of nearly everything in less than an hour. It was something we were very careful with, because if that happened, you lost your SIDs and all your roles on most of the systems. That was a bitch to reverse if we needed to, but it was still doable (although you’d probably be requesting all the permissions you needed for about a week).

    We used Novell’s IDM to push things downstream, but all the actual identity management integrations and services we wrote ourselves, and we’d always be able to reverse a situation like this in less than a day.

    I’m glad the author left that shop. Big companies have so much garbage like this; probably a bunch of off-the-shelf garbage where they handle none of the integration work and have no real IDM team to deal with accounts. There was no reason for this to happen. They should have paid him for those weeks off. He’d have a good case if he went to a labor lawyer. The company would probably just settle.

    1. 7

      I grew up in the 1990s; the days of FSF and GNU and Linux. We had pretty different expectations of open source back then. I think the landscape has changed significantly. I wrote a post about this a while back:

      https://penguindreams.org/blog/the-philosophy-of-open-source-in-community-and-enterprise-software/

      1. 15

        I recently discovered how horribly complicated traditional init scripts are whilst using Alpine Linux. OpenRC might be modern, but it’s still complicated.

        Runit seems to be the nicest I’ve come across. It asks the question “why do we need to do all of this anyway? What’s the point?”

        It rejects the idea of forking and instead requires everything to run in the foreground:

        /etc/sv/nginx/run:

        #!/bin/sh
        exec nginx -g 'daemon off;'
        

        /etc/sv/smbd/run

        #!/bin/sh
        mkdir -p /run/samba
        exec smbd -F -S
        

        /etc/sv/murmur/run

        #!/bin/sh
        exec murmurd -ini /etc/murmur.ini -fg 2>&1
        

        Waiting for other services to load first does not require special features in the init system itself. Instead you can write the dependency directly into the service file in the form of a “start this service” request:

        /etc/sv/cron/run

         #!/bin/sh
         sv start socklog-unix || exit 1
         exec cron -f
        

        Where my implementation of runit (Void Linux) seems to fall flat on its face is logging. I hoped it would do something nice like redirect stdout and stderr of these supervised processes by default. Instead you manually have to create a new file and folder for each service that explicitly runs its own copy of the logger. Annoying. I hope I’ve been missing something.

        The only other feature I can think of is “reloading” a service, which Aker does in the article via this line:

        ExecReload=kill -HUP $MAINPID

        I’d make the argument that in all circumstances where you need this you could probably run the command yourself. Thoughts?

        1. 6

          Where my implementation of runit (Void Linux) seems to fall flat on its face is logging. I hoped it would do something nice like redirect stdout and stderr of these supervised processes by default. Instead you manually have to create a new file and folder for each service that explicitly runs its own copy of the logger. Annoying. I hope I’ve been missing something.

          The logging mechanism works like this to be stable and only lose logs in case runsv and the log service would die. Another thing about separate logging services is that stdout/stderror are not necessarily tagged, adding all this stuff to runsv would just bloat it.

          There is definitively room for improvements as logger(1) is broken since some time in the way void uses it at the moment (You can blame systemd for that). My idea to simplify logging services to centralize the way how logging is done can be found here https://github.com/voidlinux/void-runit/pull/65. For me the ability to exec svlogd(8) from vlogger(8) to have a more lossless logging mechanism is more important than the main functionality of replacing logger(1).

          1. 1

            Ooh thankyou, having a look :)

          2. 6

            Instead you can write the dependency directly into the service file in the form of a “start this service” request

            But that neither solves starting daemons in parallel, or even at all, if they are run in the ‘wrong’ order. Depending on network being setup, for example, brings complexity to each of those shell scripts.

            I’m of the opinion that a dsl of whitelisted items (systemd) is much nicer to handle than writing shell scripts, along with the standardized commands instead of having to know which services that accepts ‘reload’ vs ‘restart’ or some other variation in commands - those kind of niceties are gone when the shell scripts are individually an interface each.

            1. 6

              The runit/daemontools philosophy is to just keep trying until something finally runs. So if the order is wrong, presumably the service dies if a dependent service is not running, in which case it’ll just get restart. So eventually things progress towards a functioning state. IMO, given that a service needs to handle the services it depends on crashing at any time anyways to ensure correct behaviour, I don’t feel there is significant value in encoding this in an init system. A dependent service could also be moved to running on another machine which this would not work in as well.

              1. 3

                It’s the same philosophy as network-level dependencies. A web app that depends on a mail service for some operations is not going to shutdown or wait to boot if the mail service is down. Each dependency should have a tunable retry logic, usually with an exponential backoff.

              2. 4

                But that neither solves starting daemons in parallel, or even at all, if they are run in the ‘wrong’ order.

                That was my initial thought, but it turns out the opposite is true. The services are retried until they work. Things are definitely paralleled – there is not “exit” in these scripts, so there is no physical way of running them in a linear (non-parallel) nature.

                Ignoring the theory: void’s runit provides the second fastest init boot I’ve ever had. The only thing that beats it is a custom init I wrote, but that was very hardware (ARM Chromebook) and user specific.

              3. 5

                Dependency resolving on daemon manager level is very important so that it will kill/restart dependent services.

                runit and s6 also don’t support cgroups, which can be very useful.

                1. 5

                  Dependency resolving on daemon manager level is very important so that it will kill/restart dependent services

                  Why? The runit/daemontools philsophy is just to try to keep something running forever, so if something dies, just restart it. If one restarts a service, than either those that depend on it will die or they will handle it fine and continue with their life.

                  1. 4

                    either those that depend on it will die or they will handle it fine

                    If they die, and are configured to restart, they will keep bouncing up and down while the dependency is down? I think having dependency resolution is definitely better than that. Restart the dependency, then the dependent.

                    1. 4

                      Yes they will. But what’s wrong with that?

                      1. 2

                        Wasted cycles, wasted time, not nearly as clean?

                        1. 10

                          It’s a computer, it’s meant to do dumb things over and over again. And presumably that faulty component will be fixed pretty quickly anyways, right?

                          1. 5

                            It’s a computer, it’s meant to do dumb things over and over again

                            I would rather have my computer do less dumb things over and over personally.

                            And presumably that faulty component will be fixed pretty quickly anyways, right?

                            Maybe; it depends on what went wrong precisely, how easy it is to fix, etc. We’re not necessarily just talking about standard daemons - plenty of places run their own custom services (web apps, microservices, whatever). The dependency tree can be complicated. Ideally once something is fixed everything that depends on it can restart immediately, rather than waiting for the next automatic attempt which could (with the exponential backoff that proponents typically propose) take quite a while. And personally I’d rather have my logs show only a single failure rather than several for one incident.

                            But, there are merits to having a super-simple system too, I can see that. It depends on your needs and preferences. I think both ways of handling things are valid; I prefer dependency management, but I’m not a fan of Systemd.

                            1. 4

                              I would rather have my computer do less dumb things over and over personally.

                              Why, though? What’s the technical argument. daemontools (and I assume runit) do sleep 1 second between retries, which for a computer is basically equivalent to it being entirely idle. It seems to me that a lot of people just get a bad feeling about running something that will immediately crash.

                              Maybe; it depends on what went wrong precisely, how easy it is to fix, etc. We’re not necessarily just talking about standard daemons - plenty of places run their own custom services (web apps, microservices, whatever).

                              What’s the distinction here? Also, with microservices the dependency graph in the init system almost certainly doesn’t represent the dependency graph of the microservice as it’s likely talking to services on other machines.

                              I think both ways of handling things are valid

                              Yeah, I cannot provide an objective argument as to why one should prefer one to the other. I do think this is a nice little example of the slow creep of complexity in systems. Adding a pinch of dependency management here because it feels right, and a teaspoon of plugin system there because we want things to be extensible, and a deciliter of proxies everywhere because of microservices. I think it’s worth taking a moment every now and again and stepping back and considering where we want to spend our complexity budget. I, personally, don’t want to spend it on the init system so I like the simple approach here (especially since with microservies the init dependency graph doesn’t reflect the reality of the service anymore). But as you point out, positions may vary.

                              1. 2

                                Why, though? What’s the technical argument

                                Unnecessary wakeup, power use (especially for a laptop), noise in the logs from restarts that were always bound to fail, unnecessary delay before restart when restart actually does become possible. None of these arguments are particularly strong, but they’re not completely invalid either.

                                We’re not necessarily just talking about standard daemons …

                                What’s the distinction here?

                                I was trying to point out that we shouldn’t make too many generalisations about how services might behave when they have a dependency missing, nor assume that it is always ok just to let them fail (edit:) or that they will be easy to fix. There could be exceptions.

                            2. 2

                              Perhaps wandering off topic, but this is a good way to trigger even worse cascade failures.

                              eg, an RSS reader that falls back to polling every second if it gets something other than 200. I retire a URL, and now a million clients start pounding my server with a flood of traffic.

                              There are a number of local services (time, dns) which probably make some noise upon startup. It may not annoy you to have one computer misbehave, but the recipient of that noise may disagree.

                              In short, dumb systems are irresponsible.

                              1. 2

                                But what is someone supposed to do? I cannot force a million people using my RSS tool not to retry every second on failure. This is just the reality of running services. Not to mention all the other issues that come up with not being in a controlled environment and running something loose on the internet such as being DDoS’d.

                                1. 2

                                  I think you are responsible if you are the one who puts the dumb loop in your code. If end users do something dumb, then that’s on them, but especially, especially, for failure cases where the user may not know or observe what happens until it’s too late, do not ship dangerous defaults. Most users will not change them.

                                  1. 1

                                    In this case we’re talking about init systems like daemontools and runit. I’m having trouble connecting what you’re saying to that.

                            3. 2

                              If those thing bother you, why run Linux at all? :P

                          2. 2

                            N.B. bouncing up and down ~= polling. Polling always intrinsically seems inferior to event based systems, but in practice much of your computer runs on polling perfectly fine and doesn’t eat your CPU. Example: USB keyboards and mice.

                            1. 2

                              USB keyboard/mouse polling doesn’t eat CPU because it isn’t done by the CPU. IIUC the USB controller generates an interrupt when data is received. I feel like this analogy isn’t a good one (regardless). Checking a USB device for a few bytes of data is nothing like (for example) starting a Java VM to host a web service which takes some time to read its config and load its caches only to then fall over because some dependency isn’t running.

                            2. 1

                              Sleep 1 and restart is the default. It is possible to have another behavior by adding a ./finish script to the ./run script.

                          3. 2

                            I really like runit on void. I do like the simplicity of SystemD target files from a package manager perspective, but I don’t like how systemd tries to do everything (consolekit/logind, mounting, xinet, etc.)

                            I wish it just did services and dependencies. Then it’d be easier to write other systemd implementations, with better tooling (I’m not a fan of systemctl or journalctl’s interfaces).

                            1. 1

                              You might like my own dinit (https://github.com/davmac314/dinit). It somewhat aims for that - handle services and dependencies, leave everything else to the pre-existing toolchain. It’s not quite finished but it’s becoming quite usable and I’ve been booting my system with it for some time now.

                          4. 4

                            I’d make the argument that in all circumstances where you need this you could probably run the command yourself. Thoughts?

                            It’s nice to be able to reload a well-written service without having to look up what mechanism it offers, if any.

                            1. 5

                              Runits sv(8) has the reload command which sends SIGHUP by default. The default behavior (for each control command) can be changed in runit by creating a small script under $service_name/control/$control_code.

                              https://man.voidlinux.eu/runsv#CUSTOMIZE_CONTROL

                              1. 1

                                I was thinking of the difference between ‘restart’ and ‘reload’.

                                Reload is only useful when:

                                • You can’t afford to lose a few seconds of service uptime (OR the service is ridiculously slow to load)
                                • AND the daemon supports an on-line reload functionality.

                                I have not been in environments where this is necessary, restart has always done me well. I assume that the primary use cases are high-uptime webservers and databases.

                                My thoughts were along the lines o: If you’re running a high-uptime service, you probably don’t care about the extra effort of writing ‘killall -HUP nginx’ than ‘systemctl reload nginx’. In fact I’d prefer to do that than take the risk of the init system re-interpreting a reload to be something else, like reloading other services too, and bringing down my uptime.

                              2. 3

                                I hoped it would do something nice like redirect stdout and stderr of these supervised processes by default. Instead you manually have to create a new file and folder for each service that explicitly runs its own copy of the logger. Annoying. I hope I’ve been missing something.

                                I used to use something like logexec for that, to “wrap” the program inside the runit script, and send output to syslog. I agree it would be nice if it were builtin.

                              1. 31

                                at this point most browsers are OS’s that run (and build) on other OS’s:

                                • language runtime - multiple checks
                                • graphic subsystem - check
                                • networking - check
                                • interaction with peripherals (sound, location, etc) - check
                                • permissions - for users, pages, sites, and more.

                                And more importantly, is there any (important to the writers) advantage to them becoming smaller? Security maybe?

                                1. 11

                                  Browsers rarely link out the system. FF/Chromium have their own PNG decodes, JPEG decodes, AV codecs, memory allocators or allocation abstraction layers, etc. etc.

                                  It bothers me everything is now shipping as an electron app. Do we really need every single app to have the footprint of a modern browser? Can we at least limit them to the footprint of Firefox2?

                                  1. 10

                                    but if you limit it to the footprint of firefox2 then computers might be fast enough. (a problem)

                                    1. 2

                                      New computers are no longer faster than old computers at the same cost, though – moore’s law ended in 2005 and consumer stuff has caught up with the lag. So, the only speed-up from replacement is from clearing out bloat, not from actual hardware improvements in processing speed.

                                      (Maybe secondary storage speed will have a big bump, if you’re moving from hard disk to SSD, but that only happens once.)

                                      1. 3

                                        moore’s law ended in 2005 and consumer stuff has caught up with the lag. So, the only speed-up from replacement is from clearing out bloat, not from actual hardware improvements in processing speed.

                                        Are you claiming there have been no speedups due to better pipelining, out-of-order/speculative execution, larger caches, multicore, hyperthreading, and ASIC acceleration of common primitives? And the benchmarks magazines post showing newer stuff outperforming older stuff were all fabricated? I’d find those claims unbelievable.

                                        Also, every newer system I had was faster past 2005. I recently had to use an older backup. Much slower. Finally, performance isn’t the only thing to consider: the newer, process nodes use less energy and have smaller chips.

                                        1. 2

                                          I’m slightly overstating the claim. Performance increases have dropped to incremental from exponential, and are associated with piecemeal attempts to chase performance increase goals that once were a straightforward result of increased circuit density through optimization tricks that can only really be done once.

                                          Once we’ve picked all the low-hanging fruit (simple optimization tricks with major & general impact) we’ll need to start seriously milking performance out of multicore and other features that actually require the involvement of application developers. (Multicore doesn’t affect performance at all for single-threaded applications or fully-synchronous applications that happen to have multiple threads – in other words, everything an unschooled developer is prepared to write, unless they happen to be mostly into unix shell scripting or something.)

                                          Moore’s law isn’t all that matters, no. But, it matters a lot with regard to whether or not we can reasonably expect to defend practices like electron apps on the grounds that we can maintain current responsiveness while making everything take more cycles. The era where the same slow code can be guaranteed to run faster on next year’s machine without any effort on the part of developers is over.

                                          As a specific example: I doubt that even in ten years, a low-end desktop PC will be able to run today’s version of slack with reasonable performance. There is no discernible difference in its performance between my two primary machines (both low-end desktop PCs, one from 2011 and one from 2017). There isn’t a perpetually rising tide that makes all code more performant anymore, and the kind of bookkeeping that most web apps spend their cycles in doesn’t have specialized hardware accelerators the way matrix arithmetic does.

                                          1. 5

                                            Performance increases have dropped to incremental from exponential, and are associated with piecemeal attempts to chase performance increase goals that once were a straightforward result of increased circuit density through optimization tricks that can only really be done once.

                                            I agree with that totally.

                                            “Multicore doesn’t affect performance at all for single-threaded applications “

                                            Although largely true, people often forget a way multicore can boost single-threaded performance: simply letting the single-threaded app have more time on CPU core since other stuff is running on another. Some OS’s, esp RTOS’s, let you control which cores apps run on specifically to utilize that. I’m not sure if desktop OS’s have good support for this right now, though. I haven’t tried it in a while.

                                            “There isn’t a perpetually rising tide that makes all code more performant anymore, and the kind of bookkeeping that most web apps spend their cycles in doesn’t have specialized hardware accelerators the way matrix arithmetic does.”

                                            Yeah, all the ideas I have for it are incremental. The best illustration of where rest of gains might come from is Cavium’s Octeon line. They have offloading engines for TCP/IP, compression, crypto, string ops, and so on. On rendering side, Firefox is switching to GPU’s which will take time to fully utilize. On Javascript side, maybe JIT’s could have a small, dedicated core. So, there’s still room for speeding Web up in hardware. Just not Moore’s law without developer effort like you were saying.

                                  2. 9

                                    Although you partly covered it, I’d say “execution of programs” is good wording for JavaScript since it matches browser and OS usage. There’s definitely advantages to them being smaller. A guy I knew even deleted a bunch of code out of his OS and Firefox to achieve that on top of a tiny, backup image. Dude had a WinXP system full of working apps that fit on one CD-R.

                                    Far as secure browsers, I’d start with designs from high-assurance security bringing in mainstream components carefully. Some are already doing that. An older one inspired Chrome’s architecture. I have a list in this comment. I’ll also note that there were few of these because high-assurance security defaulted on just putting a browser in a dedicated partition that isolated it from other apps on top of security-focused kernels. One browser per domain of trust. Also common were partitioning network stacks and filesystems that limited effect of one partition using them on others. QubesOS and GenodeOS are open-source software that support these with QubesOS having great usability/polish and GenodeOS architecturally closer to high-security designs.

                                    1. 6

                                      Are there simpler browsers optimised for displaying plain ol’ hyperlinked HTML documents, and also support modern standards? I don’t really need 4 tiers of JIT and whatnot for web apps to go fast, since I don’t use them.

                                      1. 12

                                        I’ve always thought one could improve on a Dillo-like browser for that. I also thought compile-time programming might make various components in browsers optional where you could actually tune it to amount of code or attack surface you need. That would require lots of work for mainstream stuff, though. A project like Dillo might pull it off, though.

                                        1. 10
                                          1. 3

                                            Oh yeah, I have that on a Raspberry Pi running RISC OS. It’s quite nice! I didn’t realise it runs on so many other platforms. Unfortunately it only crashes on my main machine, I will investigate. Thanks for reminding me that it exists.

                                            1. 2

                                              Fascinating; how had I never heard of this before?

                                              Or maybe I had and just assumed it was a variant of suckless surf? https://surf.suckless.org/

                                              Looks promising. I wonder how it fares on keyboard control in particular.

                                              1. 1

                                                Aw hell; they don’t even have TLS set up correctly on https://netsurf-browser.org

                                                Does not exactly inspire confidence. Plus there appears to be no keyboard shortcut for switching tabs?

                                                Neat idea; hope they get it into a usable state in the future.

                                              2. 1

                                                AFAIK, it doesn’t support “modern” non-standards.

                                                But it doesn’t support Javascript either, so it’s way more secure of mainstream ones.

                                              3. 8

                                                No. Modern web standards are too complicated to implement in a simple manner.

                                                1. 3

                                                  Either KHTML or Links is what you’d like. KHTML would probably be the smallest browser you could find with a working, modern CSS, javascript and HTML5 engine. Links only does HTML <=4.0 (including everything implied by its <img> tag, but not CSS).

                                                  1. 2

                                                    I’m pretty sure KHTML was taken to a farm upstate years ago, and replaced with WebKit or Blink.

                                                    1. 6

                                                      It wasn’t “replaced”, Konqueror supports all KHTML-based backends including WebKit, WebEngine (chromium) and KHTML. KHTML still works relatively well to show modern web pages according to HTML5 standards and fits OP’s description perfectly. Konqueror allows you to choose your browser engine per tab, and even switch on the fly which I think is really nice, although this means loading all engines that you’re currently using in memory.

                                                      I wouldn’t say development is still very active, but it’s still supported in the KDE frameworks, they still make sure that it builds at least, along with the occasional bug fix. Saying that it was replaced is an overstatement. Although most KDE distributions do ship other browsers by default, if any, and I’m pretty sure Falkon is set to become KDE’s browser these days, which is basically an interface for WebEngine.

                                                  2. 2

                                                    A growing part of my browsing is now text-mode browsing. Maybe you could treat full graphical browsing as an exception and go to the minimum footprint most of the time…

                                                2. 4

                                                  And more importantly, is there any (important to the writers) advantage to them becoming smaller? Security maybe?

                                                  user choice. rampant complexity has restricted your options to 3 rendering engines, if you want to function in the modern world.

                                                  1. 3

                                                    When reimplementing malloc and testing it out on several applications, I found out that Firefox ( at the time, I don’t know if this is still true) had its own internal malloc. It was allocating a big chunk of memory at startup and then managing it itself.

                                                    Back in the time I thought this was a crazy idea for a browser but in fact, it follows exactly the idea of your comment!

                                                    1. 3

                                                      Firefox uses a fork of jemalloc by default.

                                                      1. 2

                                                        IIRC this was done somewhere between Firefox 3 and Firefox 4 and was a huge speed boost. I can’t find a source for that claim though.

                                                        Anyway, there are good reasons Firefox uses its own malloc.

                                                        Edit: apparently I’m bored and/or like archeology, so I traced back the introduction of jemalloc to this hg changeset. This changeset is present in the tree for Mozilla 1.9.1 but not Mozilla 1.8.0. That would seem to indicate that jemalloc landed in the 3.6 cycle, although I’m not totally sure because the changeset description indicates that the real history is in CVS.

                                                    2. 3

                                                      In my daily job, this week I’m working on patching a modern Javascript application to run on older browsers (IE10, IE9 and IE8+ GCF 12).

                                                      The hardest problems are due the different implementation details of same origin policy.
                                                      The funniest problem has been one of the used famework that used “native” as variable name: when people speak about the good parts in Javascript I know they don’t know what they are talking about.

                                                      BTW, if browser complexity address a real problem (instead of being a DARPA weapon to get control of foreign computers), such problem is the distribution of computation among long distances.

                                                      Such problem was not addressed well enough by operating systems, despite some mild attempts, such as Microsoft’s CIFS.

                                                      This is partially a protocol issue, as both NFS, SMB and 9P were designed with local network in mind.

                                                      However, IMHO browsers OS are not the proper solution to the issue: they are designed for different goals, and they cannot discontinue such goals without loosing market share (unless they retain such share with weird marketing practices as Microsoft did years ago with IE on Windows and Google is currently doing with Chrome on Android).

                                                      We need better protocols and better distributed operating systems.

                                                      Unfortunately it’s not easy to create them.
                                                      (Disclaimer: browsers as platforms for os and javascript’s ubiquity are among the strongest reasons that make me spend countless nights hacking an OS)

                                                    1. 2

                                                      I don’t want to poop on your work or anything; thanks for writing it and sharing it with the community.

                                                      That being said, if I migrate any of my existing sites or create something new, I’m going to do it in CSS Grid and I suggest everyone else does to. CSS Grid is a standard, and it allows you to do a lot of really complex layouts and not need crazy div classes or tags anywhere.

                                                      The only reason to create a new site with a CSS framework today is if you need to support IE11. Everything else has supported CSS grid for at least a year. Browsers are moving faster today and we no longer have to wait for the IE6 catchup game.

                                                      1. 2

                                                        Yes but don’t think that CSS Grid can do everything. Maybe this video can help you…I think you should know who she is https://www.youtube.com/watch?v=hs3piaN4b5I

                                                      1. 1

                                                        I remember those old Dos extenders (namely DOS/4G) as well as having a startup menu to chose my boot configuration (EMS, XMS, other settings to maximize the amount of base ram for some games).

                                                        I think Falcon and Wing Commander II were the most difficult as they needed a lot of base ram. My cousin ended up going through the EMS command line options and ended up overlapping two ranges to get the right amount of space. I was just a kid; wish I still had those .bat files so I could see what he did. They’re long gone though.

                                                        1. 9

                                                          I have been doing remote work for 5 years and I think the “work room for work” and “don’t work in your pyjamas” rules are overrated. I am doing just fine typing this from my couch while waiting for a build to finish.

                                                          1. 8

                                                            For my first two years working remotely I had a dedicated office in my house. I think that helped me to build the discipline and boundaries necessary.

                                                            6 years in, I can work effectively and with balance in about any situation.

                                                            1. 5

                                                              Same here; I think the rules for “transitioning from office-based work to remote work” are very different from “effective remote work for someone who’s used to it”.

                                                              1. 1

                                                                I found out that when my home office became my work office my new home office was the coffee shop after working hours.

                                                              2. 1

                                                                I work from home about 2 days a week (at my last job it was 3 to 4). I often didn’t shower until the end of my work day and I’ve never been in a place large enough to have a separate work room.

                                                                I do run multiple X servers. Ctrl+Alt+F8 is my work X11 instance and I have a different username for it. My git repos have my work/home laptops as each others remotes so I can push branches back and fourth without touching origin. (I often squash some of those intermediate commits before creating a real origin pull request).

                                                                I often find my time at home is way more productive. Open work spaces such and even my fancy noise cancelling headphones can’t drown out some of the chatter around me.

                                                              1. 1

                                                                I’ve considered building a small ITX NAS. My roommate paid like $700+ for a fancy one plus disks. I’ve found a couple of ITX cases with 4 trays/bays, but the difficulty is finding reasonably priced motherboards with 5 SATA ports (one for the boot disk and 4 for the caged drives) … although I could just buy a SATA3 PCI-E card and go with a cheaper board.

                                                                1. 4

                                                                  I’d seriously consider this HP Microserver Gen10. I’m running one (bought for more $ at CDW a month back). I’m not sure why this is so cheap, so read the fine print. Mine was diskless and I added another 8GB HP RAM and ended up around $625, shipped.

                                                                  4 full-sized cold-swap disk slots plus space for either an optical drive or a laptop drive, 5 SATA ports, ECC RAM, two GigE ports, many USB ports, …

                                                                  It has two problems, both of which are pretty easy to work around.

                                                                  1. It doesn’t get along with those little SanDisk USB Flash Drives (I tried several models, sigh…). It’s quite happy with the analogous drive from Samsung and works with various full sized SanDisk sticks I have (but the full sized one stick out and are an accident waiting to happen).

                                                                  2. There’s a problem that keeps it from booting from the current FreeBSD and FreeNas media. The fix described here, I used option 1 is to stop grub as it’s booting from the installer image, add a tunable in the boot menu, then continue. Once you have FreeNAS installed you make the change permanent through the Web UI. If you’re running FreeBSD you’d just make it in the loader.conf.

                                                                  I’m not sure how it does on the performance front. I have a 16GB Gen8 server right next to it on a GS105ev2 switch, both configured with 4 not-cutting-edge SATA drives in a RAIDZ config. When I replicated a large filesystems I was seeing sustained network traffic of 300Mbps between them.

                                                                  It’s not silent, but I have to listen carefully hear it.

                                                                  1. 1

                                                                    Thanks for informative comment.

                                                                    I have also considered HP/HPE MicroServer in the past, I even got very similar own made setup with the same Intel G1610T CPU inside, but that was also with active cooling, both for the CPU and PSU as this CPU has TDP of 35W.

                                                                    I like that GEN8 has IPMI but it does not have any ‘modern’ graphics output such as HDMI or DisplayPort, so its for NAS mostly, one can put AMD Radeon 5450 PCIe x1 there which is well supported under FreeBSD to get the needed display.

                                                                    As I checked the dual-core version of GEN10 it has same performance as G1610T GEN8 (which is ok) and uses only 12-15W but the GEN10 lacks IPMI with dedicated LAN port (which is very pity in that hardware class) but also offers now TWO DisplayPort ports and this is very nice addition, also has two PCIe ports which also broads optional features.

                                                                    I did not find the information about the PSU format in the HP/HPE MicroServer boxes, is it SFX type? Can You confirm or check what is the PSU type in the GEN8/GEN10 machines? Thanks in advance if that is not a problem.

                                                                    I also see that people sometimes change their PSU in MicroServer to Pico PSU like here for example: http://www.thespicers.net/microserver

                                                                    1. 1

                                                                      I don’t miss the IPMI, for my “home use” needs it was a waste of resources on the Gen8. There’s something incongruous about the desktop cube form factor and remote management, but your mileage may vary.

                                                                      The powersupply is not SFX type, but the motherboard connector appears to be standard. The PSU is a ‘Delta Model DPS-200200PB-209 A’. I can’t find any exact matches searching for it, but that did lead me to this site , https://post.smzdm.com/p/595585/, (which I can’t read…) that has a good series of pictures showing the internals, including the power connector.

                                                                      1. 1

                                                                        Thank you for the provided information and the link.

                                                                    2. 1

                                                                      One other point, the Gen10 does not use disk carriers, you simply screw some posts into the drive and it slots right into the chassis. I spent an embarrassingly long time looking for the posts and was convinced that they were missing from my shipment until an online post’s stray comment made me realize that they’re shipped screwed into a series of holes in the chassis, right above the slots. They’re clearly visible in the images I link to in my comment below. It’s a great place for them to live, once you’re aware of it. They’re proprietary and there aren’t any spares though, which might become a problem some day.

                                                                    3. 2

                                                                      I would install the system on a USB stick as talked in the article, or even on two USB sticks as ZFS mirror.

                                                                      But if You insist on using a SATA drive for the system, then I would get ASRock J4105 ITX motherboard which comes with 4 SATA ports and is priced new at about $100 and would get SYBA SY-PEX40039 SATA III Controller PCI-e 2.0 x1 Card with 2 additional SATA ports for about $22 for the total 6 SATA ports.

                                                                      That means that You would be either to have two disks for the system (mirror) or a SPARE drive for the 4 drives pool.

                                                                      There are also cheaper ($60-80) Mini-ITX boards that have 3 SATA ports, with that 2 SATA ports controller that would also fit your goal.

                                                                      Here is up-to-date list with tested controllers for FreeBSD: http://blog.zorinaq.com/from-32-to-2-ports-ideal-satasas-controllers-for-zfs-linux-md-ra/

                                                                    1. 11

                                                                      I feel like we’re missing a central piece of the discussion here–the creation of, and maintenance of mailing lists. The post touches on it, but it’s a hassle to host your own email. The community, as a whole, would benefit from some innovation in mailing list hosting and interactions. I’ve not seen anyone even enter this space since Librelist… close to 10 years ago at this point. And, Librelist seems to be rotting…

                                                                      1. 1

                                                                        Man, I don’t think I’ve setup a Mailman instance for a project since like 2012.

                                                                      1. 7

                                                                        Do not top-post.

                                                                        Keep quoted text small and relevant

                                                                        Sadly, this advice is just not followed most of the time on the mailing lists I follow. As much as top-posting bothers me, I have to resign myself to the fact that demanding it is basically me becoming the old man who yells at clouds. All attempts to stop it by others have not worked. I don’t think it’s going away.

                                                                        1. 1

                                                                          List managers could stop it by bouncing top-posts.

                                                                          1. 1

                                                                            I still reply to e-mails with top posts (although I’m on very few mailing lists these days and contribute to nearly zero).

                                                                            At least with personal e-mails, it makes more sense for your reply to be at the top and not have to scroll all the way to the bottom.

                                                                            But whatevs. It’s tabs vs spaces at this point.

                                                                            1. 3

                                                                              You shouldn’t have to scroll far - you only quote enough to make it clear what you are talking about, then you talk about it. If you want to see the whole message, you can just go back to the other email.

                                                                              1. 2

                                                                                An apt comparison, just like so-called “tabs-vs-spaces” the claim that there are two equivalent options misses the point entirely.

                                                                                The point is not to uselessly quote everything and put your post at the bottom instead of uselessly quoting everything and putting your post at the top. The point is to stop uselessly quoting everything.

                                                                              2. 1

                                                                                This particular battle is lost. I doubt there is any mail client with more than 3% marketshare that does not use top-posting as standard.

                                                                                In the business world, where clients like Outlook hold sway, someone who doesn’t top post and doesn’t drag along the entire previous conversation (including disclaimer signatures, cutesy “consider the environment before printing this email” PNGs, and potentially embarrassing discussions of someone who was just added as a CC by a 3rd party) is seen as a weirdo.

                                                                              1. 4

                                                                                If you want to do this on FreeBSD with OpenVPN and automate it, I wrote an Ansible role as part of my Bee2 projects that you can look at here:

                                                                                https://github.com/sumdog/bee2/tree/master/ansible/roles/vpn

                                                                                1. 10

                                                                                  This just makes me think of when Facebook bought Oculus and everyone was like, “Well fuck, I really wanted on, but I guess not now.”

                                                                                  It’s interesting even how, a decade past the days of Bill Gates as a Borg, even as our community has matured and we don’t had on MS anywhere near as much as we use to, we still see this as not something we really want.

                                                                                  I agree, Microsoft is really not the company to be running Github. I wonder if it will still stay strong or end up going the way of Source Forge.

                                                                                  1. 32

                                                                                    Well, for me, it’s not the ancient past so much as present. They patent troll the crap out of companies. That’s anti-innovation that will control an innovation hotbed. The Windows 8 UI debacle and them putting ads on paid services like Live makes me weary of UI-facing changes they might do. Then, they put surveillance into their products mostly for advertisers but maybe governments, too. They do this is in paid products which arent those you expect to sell your info.

                                                                                    So, the company’s current actions show they suck in a lot of ways which include screwing over their customers and suing innovators. Bad fit for Github.

                                                                                    1. 33

                                                                                      Not even the ancient past:

                                                                                      • Spying on your activities through telemetry
                                                                                      • Not providing full opt-outs in compliance with GDPR
                                                                                      • Installing stuff onto your computer without your consent like Candy Crush
                                                                                      • Forced updates, sometimes regardless of whether you’re doing something uninterruptable at the time

                                                                                      That’s just off the top of my head for Windows 10 as of now.

                                                                                      1. 10

                                                                                        Spying on your activities through telemetry

                                                                                        Telemetry seems to be getting built into everything now as well, Visual Studio and Code, SQL Server, the OS (backported into Win 7 and 8 too), not sure about Office (offline) but it can’t be far behind if not already in there.

                                                                                        1. 1

                                                                                          It’s in .NET IIRC.

                                                                                        2. 3

                                                                                          Installing stuff onto your computer without your consent like Candy Crush

                                                                                          Is the crapware issue really on Microsoft, or OEMs like Dell and HP?

                                                                                          1. 1

                                                                                            Its my understanding its on the home/free versions. The LTSB version is the cleanest.

                                                                                              1. 1

                                                                                                Damn. Windows got even shittier. I honestly didn’t think it possible.

                                                                                        3. 6

                                                                                          It doesn’t matter to me if it’s Microsoft or not. If Microsoft hadn’t acquired Github, then some other megacorporation probably would have. It just so happens that Microsoft is trying to mind its manners after getting pimp-slapped by Google, Apple, and Facebook, but I’m not going to trust them just because they’re currently the underdog.

                                                                                          The problem isn’t Microsoft. The problem is the way we allow corporations to operate in the US. Every time one corporation acquires another, the acquiring corporation becomes bigger and more powerful.

                                                                                          This might seem quaint, but I don’t think that corporations as large as Microsoft, Facebook, Apple, AT&T, Alphabet, Comcast, Samsung, Disney, etc. should be permitted to exist. I think they’re inherently inimical to free markets and to democracy. I think that when a corporation’s market capitalization exceeds a certain threshold, it should either be regulated as a public utility, broken up, or dissolved.

                                                                                        1. 1

                                                                                          Even with hardware RAID presenting one logical device, you still need driver support for that RAID controller. I remember way back in the 2000s, I had to wait for Dell to release their Percraid drivers so we could finally update Redhat on one of our machines. I think that’s in mainline though now.

                                                                                          This post is pretty spot on. I’m so use to mdadm and Linux RAID that I thought I could just extend Intel Rapid Store volumes if I just cloned them to a new disk. That totally didn’t work:

                                                                                          https://penguindreams.org/videos/upgrading-the-ssd-on-an-msi-gs60-laptop/

                                                                                          The Linux kernel does have support for showing Rapid Store (fake raid) drives, so you can use it, but the only reason you should is if you need to dual boot Windows.

                                                                                          1. 1

                                                                                            Can you still access things like Play Books purchases when using microG + Yalp Store?

                                                                                            1. 3

                                                                                              You can link your own Google account through Yalp

                                                                                              Q: Is it legal to use Yalp Store with my own Google account? A: No. Yalp Store violates §3.3 of Google Play Terms of Service. Your account might be disabled, robbing you of any apps you have purchased.

                                                                                              Q: Is it safe to use Yalp Store with my own Google account? A: Yes. Software like Yalp Store, Google Play Crawler and Raccoon has been used for years and it seems to be safe. Never heard of any real cases of accounts being disabled.

                                                                                              Although I personally wouldn’t use Yalp to get stuff I bought from Google. If I really wanted to not have Google on my phone, I’d try to download what I had bought and serve it through a different channel (like a cloud or something).

                                                                                            1. 14

                                                                                              I really hate browser notifications. I never click yes ever. It feels like preventing browsers from going down this hole is just yet another hack. The Spammers and the CAPTCHAers are fighting a continuous war, all because of the 2% of people who actually click on SPAM.

                                                                                              1. 7

                                                                                                I’m amazed there is no “deny all” setting for this

                                                                                                1. 5

                                                                                                  My firefox has that in the settings somewhere:

                                                                                                  [X] Block new requests asking to allow notifications

                                                                                                  This will prevent any websites not listed above from requesting permission to send notifications. Blocking notifications may break some website features.

                                                                                                  help links here: https://support.mozilla.org/en-US/kb/push-notifications-firefox?as=u&utm_source=inproduct

                                                                                                  1. 2

                                                                                                    Did anyone find the about:config setting for this, to put in ones user.js? I am aware of dom.webnotifications.enabled, but I don’t want to disable it completely because there are 3 websites which notifications I want.

                                                                                                    1. 3

                                                                                                      permissions.default.desktop-notification = 2

                                                                                                  2. 1

                                                                                                    there always has been in Chrome and Safari and since very recently, there’s also one in Firefox. It’s the first thing I turn off whenever I configure a new browser. I can’t possibly think of anybody actually actively wanting notifications to be delivered to them.

                                                                                                    Sure, there’s some web apps like gmail, but even there - I’d rather use a native app for this.

                                                                                                    1. 3

                                                                                                      I can’t possibly think of anybody actually actively wanting notifications to be delivered to them.

                                                                                                      Users of web-based chat software. I primarily use native apps for that, but occasionally I need to use a chat system that I don’t want to bother installing locally. And it’s nice to have a web backup for when the native app breaks. (I’m looking at you, HipChat for Windows.)

                                                                                                  3. 5

                                                                                                    There is a default deny option in Chrome, takes a little digging to find though. But I agree that it’s crazy how widespread sites trying to use notification are. There’s like 1 or 2 sites that I actually want them from, but it seems like every single news site and random blog wants to be able to send notifications. And they usually do it immediately upon loading the page, before you’ve even read the article, much less clicked something about wanting to be notified of future posts or something.

                                                                                                    1. 1

                                                                                                      The only time I have clicked “yes” for notifications is for forums (Discourse only at this point) that offer notifications of replies and DMs. I don’t see a need for any other websites to need to notify me.

                                                                                                    1. 12

                                                                                                      Wow, that’s a lot of bloat, and a great demonstration of why I don’t use Gnome (or KDE).

                                                                                                      I’m much happier with StumpWM, which just does its job and doesn’t try to integrate with everything.

                                                                                                      1. 12

                                                                                                        Unfortunately, if you want Wayland — and I do, as it really has made all my vsync/stuttering/tearing issues go away; Fedora is now as smooth as my mac/windows — your choices are limited. Sway is starting to look good but otherwise there’s not much at the minimal end of the spectrum.

                                                                                                        If I have to choose between GNOME and KDE, I pick GNOME for the same reasons the author of this piece does. I was hoping the tips would come down to more than “uninstall tracker, evolution daemons et al. and hope for the best”. I’ve done that before on Fedora and ended up wrangling package dependancies in yum. I really wish GNOME/Fedora would take this sort of article to heart and offer a “minimal GNOME” option which is effectively just gnome-shell.

                                                                                                        1. 3

                                                                                                          Why is Wayland so poorly implemented? Is it because few distributions have it as default or is it because it’s harder? I see many tilling wm written in 50 different languages and it seems that sway is getting slowly it’s way to a usable wm, but it seems like a slow adoption from my point of view.

                                                                                                          1. 4

                                                                                                            It is a slow adoption, I’m not particularly sure why. Most (all?) of the tiling wms for X leverage Xlib or XCB, right? Perhaps it’s just needed some time for a similarly mature compositor lib to appear for Wayland (indeed, Sway is replacing their initial use of wlc with wlroots which may end up being that).

                                                                                                            As for why Wayland in general isn’t more prevalent, I’d guess compatibility. X is just so well established that replacing it is inherently a lot of work in the “last mile”. Fedora/GNOME/Wayland works great for me with my in-kernel open AMD driver. Maybe it’s not as good for Intel iGPUs? Maybe it’s not so good on Nvidia systems? Maybe it doesn’t work at all on arm SoC things? I have no idea, but I can easily understand distros holding off on making it default.

                                                                                                            1. 3

                                                                                                              Maybe it’s not so good on Nvidia systems?

                                                                                                              Exactly, the proprietary driver does not support GBM, they’ve been pushing their own thing (EGLStreams) that compositors don’t want.

                                                                                                              Maybe it’s not as good for Intel iGPUs? Maybe it doesn’t work at all on arm SoC things?

                                                                                                              Everything works great with any open drivers, including VC4 for the RPi.

                                                                                                              1. 2

                                                                                                                Maybe it’s not as good for Intel iGPUs?

                                                                                                                Just a data point: I’ve got a new thinkpad recently, installed linux on it, together with gnome3. Only yesterday I’ve discovered it was running on wayland the whole time, with no apparent problems what-so-ever. And that includes working with a dock with two further displays attached, and steam games. Even the touch panel on the screen works without any further config.

                                                                                                            2. 1

                                                                                                              Unfortunately, if you want Wayland — and I do, as it really has made all my vsync/stuttering/tearing issues go away; Fedora is now as smooth as my mac/windows

                                                                                                              And effortless support for multiple displays with different DPIs, plus better isolation of applications. I completely agree, when I switched to Wayland on Fedora 25 or 26, it was the first time I felt in a long time that the Linux desktop is on par again with macOS and Windows (minus some gnome-shell bugs that seem to have been mostly fixed now).

                                                                                                              At some point, I might switch to Sway. But with Sway 0.15, X.org applications are still scaled up and blurry on a HiDPI screen (whereas they work fine in GNOME). I’ll give it another go once Sway 1.0 is out.

                                                                                                              1. 1

                                                                                                                not much at the minimal end of the spectrum

                                                                                                                Weston! :)

                                                                                                                My fork even has fractional scaling (Mac/GNOME style downscaling) and FreeBSD support.

                                                                                                                1. 1

                                                                                                                  There’s a Wayland for FreeBSD? I thought Wayland had a lot of Linux specific stuff in it?

                                                                                                                  1. 3

                                                                                                                    Sure, there is some, but who said you can’t reimplement that stuff?

                                                                                                                    • libwayland, the reference implementation of client and server libraries, uses epoll. We have an epoll implementation on top of kqueue.
                                                                                                                    • Most compositors use libinput to read from input devices, and libinput:
                                                                                                                      • reads from evdev devices (via libevdev but that’s a really thin lib). We have evdev support in many drivers, including Synaptics (with TrackPoint support).
                                                                                                                      • uses libudev for device lookup and hotplug. We have a partial libudev implementation on top of devd.
                                                                                                                    • For GPU acceleration, compositors need a modern DRM/KMS/GBM stack with PRIME and whatnot. We have that.
                                                                                                                    • Compositors also need some way of managing a virtual terminal (vt), this is the fun part (not).
                                                                                                                      • direct vt manipulation / setuid wrapper (weston-launch) is pretty trivial to modify to support FreeBSD, that’s how Weston and Sway work right now
                                                                                                                      • I’m building a generic weston-launch clone: loginw
                                                                                                                      • ConsoleKit2 should work?? I think we might get KDE Plasma’s kwin_wayland to work on this??
                                                                                                                      • there were some projects aimed at reimplementing logind for BSD, but they didn’t go anywhere…
                                                                                                                    1. 1

                                                                                                                      For GPU acceleration, compositors need a modern DRM/KMS/GBM stack with PRIME and whatnot. We have that.

                                                                                                                      Do NVidia’s drivers use the same stack, or are they incompatible with the Wayland port? I’d give Wayland a try, but it seems hard to find a starting point… I’m running CURRENT with custom Poudriere-built packages, so patches or non-standard options aren’t a problem, I just can’t find any info on how to start.

                                                                                                                      1. 2

                                                                                                                        No, proprietary nvidia drivers are not compatible. Nvidia still does not want to support GBM, so even on Linux, support is limited (you can only use compositors that implemented EGLStreams, like… sway 0.x I think?) Plus, I’m not sure about the mode setting situation (nvidia started using actual proper KMS on Linux recently I think?? But did they do it on FreeBSD?)

                                                                                                                        It should be easy to import Nouveau to drm-next though, someone just has to do it :)

                                                                                                                        Also, you can get it to work without hardware acceleration (there is an scfb patch for Weston), but I think software rendering is unacceptable.

                                                                                                                2. 1

                                                                                                                  I tried to give Wayland a try twice, on both my media PC and a new Laptop. It’s still really not there yet. I use i3 on X11 and Sway is really buggy, lacks a lot of backwards compatibility stubs (notification tray icons are a big one) and just doesn’t quite match i3 yet. Weston, the reference window manager, had a lot of similar problems when using it with my media PC.

                                                                                                                  I want to move on to Wayland, and I might give that other i3 drop-in for Wayland a try in the future, but right now it’s still not there yet.

                                                                                                              1. 9

                                                                                                                Note: you may get the impression this is proxy’s fault, but it isn’t. Host: registry.npmjs.org:443 is, although unusual, a valid HTTP request. (Host: registry.npmjs.org is usual.) It’s NPM registry that is in violation of HTTP standard here.

                                                                                                                1. 6

                                                                                                                  Huh, interesting, I definitely would have assumed that it would only include the “host”, but you’re totally right:

                                                                                                                  Host = "Host" ":" host [ ":" port ] ; Section 3.2.2

                                                                                                                  https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23

                                                                                                                  1. 2

                                                                                                                    That is kinda weird/interesting. If browsers did report the port, I could see mismatched Host header vs real port when behind a load balancer (typically handled by the load balancer adding X-Forwarded-For headers). But most browsers probably don’t do this, unless it’s a totally non-standard port?

                                                                                                                    1. 2

                                                                                                                      You can also mismatch TLS Server Name Indication and Host header. For example, nginx treats TLS and HTTP separately so it does not care if it mismatches.

                                                                                                                1. 1

                                                                                                                  I feel like the GDPR is a legal solution to a technology problem. I really want to see more articles about the effects the GDPR has on running federated/distributed systems from virtual servers in the EU by EU members? If I open up a Mastodon instance to registration from my friends, what are my GDPR responsibility? What about sharing via IPFS or ZeroNet? What about PeerTube, dTube, etc? What if I allow anyone to sign up to some invite limit?

                                                                                                                  The XMPP community has started to draft some documents: https://wiki.xmpp.org/web/GDPR/Privacy_Policy_Template

                                                                                                                  ..and I’m sure these tools will start to at least try to implement data portability, but the very nature of distributed content systems is to prevent things from being lost or deleted. It may not be possible to remote or port your data from the very systems people in the tech community want to embrace to get away from the giants of FB/Twitter/MS/Apple/Google.

                                                                                                                  1. 5

                                                                                                                    Posts like this are refreshing and I feel like they bring back some sanity to the crypto-currency madness.

                                                                                                                    We are talking about massive wastes of energy for creating what? I’ve had one friend say better money. I really like to think of money as a problem (read: Debt: The First 5,000 Years) and I’d hope humanity would one day move past money and a resource scarcity based economy.

                                                                                                                    Bitcoin is just more resource scarcity. Fuck crypto-currency in general at sending prices for video cards and dram through the fucking roof. I can’t even build a new system today because DDR4 prices and GPU prices have doubled since last year!

                                                                                                                    1. 3

                                                                                                                      For what it’s worth, DRAM manufacturers have allegedly been conspiring to fix the price higher. So it’s not totally crypto’s fault.

                                                                                                                    1. 27

                                                                                                                      Agreed wholeheartedly with everything on this list (esp. Docker and Nix) except for the Code of Conduct line. Sadly, we’re living in a time where assholes need to be explicitly uninvited.

                                                                                                                      1. 15

                                                                                                                        I don’t share the concept of gender with the FreeBSD CoC. When growing up, i observed the world with my own eyes, and found that its an rather arbitrary abstraction not providing value. Should others be allowed to force me to use that concept against my conscience? I’m not rude or disrespectful towards peers (inc. actual transgender persons) because of that.

                                                                                                                        Does that make me an asshole that needs to be explicitly uninvited?

                                                                                                                        1. 20

                                                                                                                          If you do the things that the FreeBSD CoC says you shouldn’t do (calling people by names they’ve explicitly said shouldn’t be used especially) then yes. Otherwise I don’t really see how it affects you?

                                                                                                                          1. 10

                                                                                                                            Having control over the abstractions people use also limits what those people can express. Achilles and the Tortoise is a good illustration of that.

                                                                                                                            Forcing these abstractions over people is what violates their autonomy, which is why the FreeBSD CoC was so controversial in the first place. Its that the proponents argue that you have nothing to fear if you are “a good person”, equating lawfulness with being a good person. Which is fundamentally wrong. Yes, Edward Snowden violated laws, but i doubt he is a bad person because of that.

                                                                                                                            1. 11

                                                                                                                              Can you be more practical, less philosophical, and provide an example of something you’d say, that the CoC would consider wrong? (No bad intentions or hidden agenda in this question, just generally wondering how a real life example of the issue looks like for you).

                                                                                                                              1. 12

                                                                                                                                “/me hugs nullp0tr

                                                                                                                                “You shouldn’t beat your children tho”

                                                                                                                                “I dislike that you program killer robots for the CIA”

                                                                                                                                1. 6

                                                                                                                                  Thanks for the examples. I understand your frustration with it a bit more now. How would you deal with someone who’s constantly hugging or backrubbing someone else after being asked to stop? and how does your view on gender affect your empathy towards people with a different view and who get offended by someone who’s constantly using the wrong pronoun?

                                                                                                                                  1. 11

                                                                                                                                    Constantly harassing another user will get you warned, kicked or even banned with our without a CoC. Worst case (if the channel moderation doesn’t care) is that you need to block/set them on your ignore list.

                                                                                                                                    I don’t have an generic attitude on that, and i didn’t have IRL conflicts on pronouns yet. The transgender persons i interacted with were respectable persons and individually got me to use their preferred pronoun without force.

                                                                                                                                    Conflict is a component of daily life. Persons who handle conflict by getting offended and expecting others to change their mind are akin to the kid in the mall throwing a tantrum because mom wont buy the gummy bears. That’s just shitty diplomacy and wont get you anywhere. Embodying such an attitude into an community law will make your community a toxic place.

                                                                                                                                    1. 6

                                                                                                                                      I don’t have an generic attitude on that, and i didn’t have IRL conflicts on pronouns yet. The transgender persons i interacted with were respectable persons and individually got me to use their preferred pronoun without force.

                                                                                                                                      So is it okay in your opinion to intentionally use the wrong pronoun if the persons in question were not respectable?

                                                                                                                                      Constantly harassing another user will get you warned, kicked or even banned with our without a CoC. Worst case (if the channel moderation doesn’t care) is that you need to block/set them on your ignore list.

                                                                                                                                      What’s the difference between having a written rule about what would get you banned and not having one?

                                                                                                                                      Conflict is a component of daily life. Persons who handle conflict by getting offended and expecting others to change their mind are akin to the kid in the mall throwing a tantrum because mom wont buy the gummy bears. That’s just shitty diplomacy and wont get you anywhere. Embodying such an attitude into an community law will make your community a toxic place.

                                                                                                                                      How would you handle conflicts created by racism, sexism, etc in a non toxic way?

                                                                                                                                      1. 9

                                                                                                                                        So is it okay in your opinion to intentionally use the wrong pronoun if the persons in question were not respectable?

                                                                                                                                        If people start interacting with me by insulting me, then i definitely wont let them tell me how to call them.

                                                                                                                                        What’s the difference between having a written rule about what would get you banned and not having one?

                                                                                                                                        Power. Rulemakers wield extraordinary power because they are the ones who interpret a situation as lawful or unlawful. Not getting in trouble with the law is, to an extent, doing good diplomacy with the rulemakers.

                                                                                                                                        How would you handle conflicts created by racism, sexism, etc in a non toxic way? Ideally:

                                                                                                                                        • Tell that i did not find it appropriate, explain why
                                                                                                                                        • Optional discussion, quite often its just an misunderstanding
                                                                                                                                        • Avoid being antagonistic, not calling them sexist or insults (burns bridges instantly)

                                                                                                                                        Best case is that i can base my standpoint upon their values. Using authoritative power to deploy sanctions should always be the last resort.

                                                                                                                                        1. 3

                                                                                                                                          If people start interacting with me by insulting me

                                                                                                                                          What are the ways you get insulted? What if someone does it by accident?

                                                                                                                                          If people start interacting with me by insulting me, then i definitely wont let them tell me how to call them.

                                                                                                                                          Didn’t you just say being diplomatic is key?

                                                                                                                                          Persons who handle conflict by getting offended…

                                                                                                                                          I’m confused why you would revert to being a kid in the mall by not calling someone by their preferred pronoun if they insulted you. I agree with your overall idea of being diplomatic.

                                                                                                                                          1. 2

                                                                                                                                            Thanks for taking the time to clarify your stand.

                                                                                                                                            It seems you’d rather have an environment of mutual respect and no single/few figures that can decide on what constitutes as wrong doing selectively, and you’d rather solve the issues the FreeBSD CoC tries to address through diplomacy and listening to all parties?

                                                                                                                                            How would you go about implementing your ideal conflict resolution approach in real communities? (alternatively, do you have an example of a community that already does that or something similar?)

                                                                                                                                            1. 4

                                                                                                                                              My preference aren’t as exotic at it seems on the first view.

                                                                                                                                              I dont need to implement it on my own, its already live in such an community, an local instance of the Chaos Computer Club in germany. Hacker culture tends to be decentral and skeptical of authorities in general, probably because hackers tend to be persons that value personal autonomy high. Socially adjacent communities (alot of artists here!) and companies share alot of the mindset.

                                                                                                                                              Edit: These communities are also the ones where most positive feedback about my CoC-critical stuff comes from. I think i hit a nerve there that already bothered quite some people

                                                                                                                                  2. 7

                                                                                                                                    “I think that the memo that James Damore wrote about gender diversity efforts at Google was by and large correct and that Google was wrong to fire him. He should be considered welcome to contribute in good standing to this open-source software project if he so chooses.”

                                                                                                                                    Any code of conduct that allowed me to say that sentence is (probably) fine; any code of conduct that treated me saying that sentence as a violation is not fine.

                                                                                                                                    1. 5

                                                                                                                                      That is a surprisingly good litmus test. Regardless of your actual view on the Damore memo or subsequent furore, a CoC that can penalize you for expressing your view about a person or situation like that is probably overstepping the mark.

                                                                                                                                      It’s not whether someone would agree with you that he should be welcome to contribute to a project, it’s whether you are allowed to say it. In that regard I really like it as an overreach test.

                                                                                                                                      1. 4

                                                                                                                                        I’ve read the whole memo. I think he gets some things wrong and disagree with him here and there, but I’m glad I read it. Overall he does have a lot of good points, and it does show a big problem with the “leftness” of silicon valley tech culture.

                                                                                                                                        Instead of trying to get more women in STEM/tech, how about we make it more socially acceptable for everyone, both men and women, to go after things they actually like to do. How many people do you know in tech, both men and women, hate their cubeville life. So many people I know, no matter how enthusiastic they might seem at times, deep down, do not like their jobs. We’ve got Dilbert, Office Space, We the Robots and so many other things in entertainment that show how awful these jobs can be. People want to escape.

                                                                                                                                        I feel like there is a lot of pressure on men (and I guess now more on women) to earn enough to provide for a family. We mock people with English or Philosophy degrees with their steamy piles of debt; debt the previous generation would not have had because they could pay for school by working at a grocery store. The cost of education is too high and it’s being turned into a pipeline to the industry that is in demand. The debt locks people in.

                                                                                                                                        Want to solve income inequality? Make everyone’s income public. Every employee knows what every other employee makes and that should be a Federal mandate. Why the fuck is there a taboo over income anyway. If you know what people are worth, you know what you should be wroth. I have a hypothesis that if you could somehow measure confidence, people’s incomes would directly correlate with their confidence level and not their genders.

                                                                                                                                        I think people are locked into a certain political ideology and the false left/right paradigm that they fail to see the real issues are not the issues they’re addressing. Those are symptoms of a much deeper cause.

                                                                                                                                        1. 4

                                                                                                                                          I honestly haven’t read the memo. Is it something specific in the memo that you wanna be able to express your agreement with? or do you want to be able to express any opinion regardless of what it entails?

                                                                                                                                          1. 1

                                                                                                                                            I’m still overall confused by James Damore’s memo. It was mostly an incoherent mess when I read it. What part was he right about in regards to Google’s gender diversity efforts?

                                                                                                                                        2. 3

                                                                                                                                          Ok. What do you do that violates the CoC that isn’t bad? So far all I’ve heard is weird analogies that don’t really make sense. Can you articulate your concrete concerns?

                                                                                                                                          1. 9

                                                                                                                                            Not fighting for moral autonomy because you agree with it is analogous to not fighting for free speech because you agree with what the state says.

                                                                                                                                            I do enjoy my moral autonomy, i exercise it, and i expect other people to let me do it. And the FreeBSD CoC says, “not here”. So i avoid FreeBSD.

                                                                                                                                            Like free speech, moral autonomy is an essential part of democratic society (Lawrence Kohlberg: “Moral Development”), even if not everyone needs it.

                                                                                                                                            1. 7

                                                                                                                                              Not fighting for moral autonomy because you agree with it is analogous to not fighting for free speech because you agree with what the state says.

                                                                                                                                              This is entirely disingenuous. FreeBSD is not the state, and requiring that contributors to an open source project not express violent prejudice against other contributors in order to be allowed to contribute is not at all similar to state censorship.

                                                                                                                                              I do enjoy my moral autonomy, i exercise it, and i expect other people to let me do it.

                                                                                                                                              Thanks for clarifying. You should realize that this is literally the purpose of CoCs like this one. You value your ability to do whatever you like over the productivity and comfort of others, and that’s not the attitude FreeBSD, Rust etc want in their community, because it tends to decrease productivity and cause burnout, not to mention just being a pain in the ass to work with.

                                                                                                                                              So, yes, I agree with the others in this thread. Please continue to avoid FreeBSD, and if possible, me as well.

                                                                                                                                              1. 3

                                                                                                                                                FreeBSD is not the state, and requiring that contributors to an open source project not express violent prejudice against other contributors in order to be allowed to contribute is not at all similar to state censorship.

                                                                                                                                                Would you not avoid a project that required you to limit your freedom of speech simply on principle? Or, if you would not, do you at least understand why someone else might on principle?

                                                                                                                                                The only difference in this example is that you at least have a reasonable choice of simply not using/contributing to FreeBSD if you disagree.

                                                                                                                                                1. 5

                                                                                                                                                  Would you not avoid a project that required you to limit your freedom of speech simply on principle?

                                                                                                                                                  Assuming you don’t mean “freedom of speech” (as in, freedom from state censorship) and actually mean “freedom to say whatever you want, whenever you want, in whatever forum you want”, this question is so broad as to be meaningless. If you DO mean “freedom of speech”, then it is so narrow as to be irrelevant, since the policies of open source projects don’t affect your legal freedom of speech. In either case, you miss the point.

                                                                                                                                                  Community standards exist in order to prevent, in specific spaces, behavior that will adversely affect the community that creates them. All communities have standards. Codes of Conduct formalize and write down those standards, and allow people to examine them. If a community with standards by which one did not wish to abide existed and was otherwise appealing, one might join it and be unpleasantly surprised. On the other hand, a CoC allows one to see, up front, the norms and standards of a community. This is good.

                                                                                                                                                  Therefore, it seems like @liwakura doesn’t disagree so much with the existence of a CoC as with the community standards many of them encode - in particular, those of the Node.js and FreeBSD communities. Now comes the critical point:

                                                                                                                                                  Rather than engage with specific problems in the CoC (e.g., “[specific rule] is open to serious abuse and provides little protection for the accused”, et cetera), liwakura focused on the “restriction of autonomy”. Yes, community standards restrict autonomy. That is the point. They prevent behavior such as the purposeful, spiteful misgendering liwakura described as a likely outcome with a negative interaction with a trans person, or purposeful ignorance (as in, the noun form of “to ignore”, not as in lack of knowledge) of social structure of gender- and sex-based oppression. By preventing those behaviors from being displayed by liwakura in FreeBSD spaces, the CoC has succeeded.

                                                                                                                                                  In other words, the CoC says “If you’re going to be a jerk, such as in these specific ways, stay out”, and liwakura’s response was “How dare you tell me that you don’t want me to be a jerk in these specific ways! I’m going to do what you say and not participate in your community, but also whine about it on the Internet.”

                                                                                                                                                  1. 2

                                                                                                                                                    Community standards exist in order to prevent, in specific spaces, behavior that will adversely affect the community that creates them.

                                                                                                                                                    From what I’ve seen, the CoC being enforced in these specific spaces does not usually happen - they are enforced outside of those spaces as well. If I say some homophobic stuff on IRC, and it gets screencapped and posted on Twitter, do I get kicked out as a member of Project XYZ that uses a CoC which specifically prohibits that sort of language? Obviously I’ve said it, and there is public record of it - but I wasn’t saying it in context of the project, or to any member of the project, and in a (relatively) private setting. If I’m punished for something like that, then I’ve lost moral autonomy outside of the project.

                                                                                                                                                    1. 1

                                                                                                                                                      I would consider that to be a very arguable case. Is it possible that one’s external behavior will negatively impact the project and its community? Yes. Is your objection about moral autonomy outside the project valid? Also yes.

                                                                                                                                          2. 0

                                                                                                                                            Ok. What do you do that violates the CoC that isn’t bad? So far all I’ve heard is weird analogies that don’t really make sense. Can you articulate your concrete concerns?

                                                                                                                                      2. 2

                                                                                                                                        To be fair, I fall between the OP and the parent. Aside from one pre-COC level FreeNAS, I don’t use FreeBSD (which is the example) because of the shitty CoC. I’m not opposed to a well-structured one, but FreeBSD doesn’t appear to have one. Using a product means you condone the producer’s practices. I don’t use Facebook. I’m slowly degoogling my life, and I’m getting rid of Linux. Amazon Prime will be a hard plaster to pull off, but I’m working up to that. I see FreeBSD the same way - I don’t support their CoC implementation, ergo I won’t support the product by using it.

                                                                                                                                        The very fact that any online discussion quickly devolves into poisonous ad-hominem is reason enough for me to be put off by the presence of one, but they can serve a purpose when well implemented (if GNU had a well-designed CoC then the recent Glibc abort() debacle could’ve been handled through it for example). When they’re poorly implemented like with FreeBSD, it’s not properly serving it’s existing community.

                                                                                                                                        1. 2

                                                                                                                                          Why are you getting rid of linux?

                                                                                                                                          1. 5

                                                                                                                                            It’s a combination of factors, some of which are due to shitshows like systemd, issues with breaking compatibility (e.g. ifconfig) and the realisation after moving to docker that for the most part, I have absolutely no idea what code is running on these systems.

                                                                                                                                            I wrote about this in another comment here: https://lobste.rs/s/yxswhm/what_are_you_self_hosting#c_8reclz

                                                                                                                                            To be fair, a lot of this is a result of my own poor personal choices, but I now feel like I’m fighting Linux to make it do what I want predictably, and not do things I didn’t tell it to do. It’s very reminiscent of MacOS’s shift a few years back.

                                                                                                                                            I’m going to spend some time with Alpine simply because that’s what a lot of my docker containers for public systems run on, but I’m not building new systems to run docker, no longer buying raspberry pis (thanks, binary blobs) and instead of migrating to Linux, I’m migrating a lot of systems to Open and NetBSD. I would’ve chosen FreeBSD, but the CoC debacles mean I’m less comfortable supporting it. My next NAS build may well run Illumos instead.