Threads for duraki

  1. 20

    Here’s what I’m doing to adjust to the new era of dystopian surveillance capitalism:

    • Replaced my old MacBook Air with a Thinkpad T14 running Linux (currently Fedora, which has less spyware and advertising than Ubuntu)
    • Firefox + UBlock Origin is my primary web browser. Configured so it mostly doesn’t “phone home” to Mozilla.
    • Ungoogled Chromium (from the flatpak store at flatpak.org) is my backup browser, for web sites where Firefox has issues. Guaranteed never to phone home to Google.
    1. 6

      I’m interested in why you installed “ungoogled chromium” from the flatpack store?

      I personally install it from RPM fusion. (Which you might wanna install if you want to watch any video/listen to any music on fedora)

      $ sudo dnf info chromium-browser-privacy
      Installed Packages
      Name         : chromium-browser-privacy
      Version      : 88.0.4324.150
      […]
      Source       : chromium-browser-privacy-88.0.4324.150-1.fc33.src.rpm
      Repository   : @System
      From repo    : rpmfusion-free-updates
      Summary      : Chromium, sans integration with Google
      URL          : https://github.com/Eloston/ungoogled-chromium
      License      : BSD and LGPLv2+ and ASL 2.0 and IJG and MIT and GPLv2+ and ISC
                   : and OpenSSL and (MPLv1.1 or GPLv2 or LGPLv2)
      Description  : chromium-browser-privacy is a distribution of ungoogled-chromium.
      […]
      
      1. 3

        No good reason, I think it was recommended as an installation method by the blog post where i read about the browser. Thanks for the information. I am still getting used to Fedora.

        1. 2

          What kind of sandboxing does the flatpak-ed package get you? It’s a useful point to remember – a while back (I’m not on Linux anymore so I don’t have a more recent data point) a lot of applications from flathub were packaged without much sandboxing at all, e.g. they still had full access to the user’s home folder.

          1. 2

            Fedora has an “app store” GUI called Software. It is far more user friendly than using the “dnf” command in bash, at least if you are coming from MacOS. On my laptop, since I installed it, UnGoogled Chromium shows up as an installed application in Software, together with a lot of useful information, including an indication that it is sandboxed, with the following permissions: Network, Devices, Home Folder, Legacy Display System.

            1. 1

              Oh, thanks! I couldn’t find an explanation of what the “friendly” names mean but assuming the most obvious mapping to Flatpak permissions (here) I think it would go something like this:

              • Home Folder means it has unrestricted access to the home folder (which is slightly better than --filesystem=host but, as XKCD famously put it, not that good…)
              • Devices means it has unrestricted access to things like webcams
              • I’ve no idea what Legacy Display System maps to – presumably either --socket=x11 or --socket=fallback-x11?
              • Network is obvious, I guess :-)

              This is actually a little better than I expected, I think?

            2. 1

              This page is a little clickbait-y but still somewhat true: https://flatkill.org/2020/

              Long story short, yes isolation is still an issue on flatpak

        2. 4

          Can you clarify the first point of replacing MacBook and its impact on privacy as you see it?

          1. 31

            MacOS has telemetry that cannot be disabled. You cannot modify the System folder. Apple wants to be an intermediary in everything you do, they want to see all your data. You are encouraged to store your data on the Apple cloud, which is not end-to-end encrypted, so that they can hand your data over to the government without your knowledge(*). You are encouraged to download apps from Apple’s app store, and even if you don’t, MacOS phones home about apps not installed from the store. I don’t want to use these services, but the UI has built in advertising for these unwanted services that I can’t disable.

            (*) https://www.theverge.com/2020/1/21/21075033/apple-icloud-end-to-end-encryption-scrapped-fbi-reuters-report

            Apple has been very successful at branding themselves as pro privacy. A lot of people believe their bullshit. Here’s an experiment that you can try. Go to an apple store and buy something using cash (so that Apple doesn’t know your identity). When they ask for your email address, refuse to give it to them. See how that goes for you. My experience is that they try to inflict as much pain as possible, but with negotiations, it is possible to leave the store with your merchandise and a receipt. But it is not easy. I try to use cash for everything (although I’ve made exceptions during the pandemic), and the apple store has by far the worst experience.

            We live in an age of anxiety, where there is an ever increasing number of things that you are supposed to be anxious about. The pandemic, of course, but now that we are getting vaccinated, instead of that being a reason to be less anxious, you are now supposed to be anxious about getting and protecting your vaccine passport, without which you will be denied access to services. And of course we are supposed to be anxious about surveillance capitalism. This all sucks. I want to minimize the number of things in my life that generate anxiety: deal with the problem once, then stop thinking about it. The rational thing is to get rid of all my computers and phones, and unplug from the internet. I’m not ready for that yet, so I’m replacing my gear with new gear that doesn’t surveil me. Hopefully that will allow me to stop thinking about those particular issues.

            1. 12

              Great answer, especially this parts resonates with me:

              I want to minimize the number of things in my life that generate anxiety

              1. 15

                I recently got sent a mac by my employer for compliance reasons, and the process of setting it up was quite a trip. I felt like I spent twenty minutes answering “no” to various forms of “OK but can we collect this piece of personal information? How about if we phrase it slightly differently?” before I could even use the machine at all.

                In the end they refused to take no for an answer re: my mobile phone number, and after an experience like that I don’t actually have much confidence that they take my consent very seriously for the other pieces of information that I did not agree to.

                Luckily in my case the compliance concerns can be addressed by simply doing my development inside a virtualbox VM running on that machine over SSH.

              2. 8

                You are encouraged to store your data on the Apple cloud[…] You are encouraged to download apps from Apple’s app store, […] Apple has been very successful at branding themselves as pro privacy. A lot of people believe their bullshit.

                Also, you are encouraged to buy into the non-Mac hardware ecosystem (iPhone, Watch, etc.) with their own app store “soft” lock-in (using Things/OmniFocus on Mac? Why not buy the iPhone version!?).

                Technically, one can use a Mac and avoid the rest of Apple’s ecosystem (by running Chrome, Thunderbird, open source apps, etc.) - but most people will eventually get sucked into Apple’s marketing vortex. I know because I did; which is why I avoid touching anything Apple with a ten foot pole.

                1. 7

                  This is every business’ strategy. One man’s lock in is another man’s products that work together well.

                  1. 2

                    Does only sound like purchase realization when you’ve locked yourself into that ecosystem.

                    1. 1

                      realization

                      Can’t edit anymore, but that was meant to be rationalization.

                2. 13

                  if you don’t like the telemetry done by MacOS, that’s totally fine, but there is no need for the hyperboles, like “they try to inflict as much pain as possible”. them knowing your email address is better for their business. of course, it is worse for your privacy. but it’s just a business decision that you can dislike, not them trying to inflict you pain like some james bond villain with a lake with sharks :-)

                  also, in general, you will have to trust the company that makes your operating system. not because they are trustworthy, but because if they were evil, they could just read everything you do on your computer and you would never know. so simply pick one that you can trust the most. (and it applies to linux distros too. i don’t think anyone is reading and understanding every fedora patch).

                  1. 13

                    not them trying to inflict you pain like some james bond villain with a lake with sharks

                    It’s a figure of speech

                    you will have to trust the company that makes your operating system

                    A company doesn’t make my operating system, but even if one did it’s open source, which MacOS is not

                    1. 1

                      Shell and coca cola are exemplars of making the world a better place.

                      Mind explaining? Was this an irony?

                      1. 1

                        I think you replied to the wrong comment.

                    2. 1

                      james bond villain

                      I think this reasoning is problematic and completely ignores wolves in sheep’s clothing. How many James bond villains have ever really existed ? We agree that sharks exist but what about the following

                      1. The nigerian prince scammers don’t really say hey want your money for personal benefit, but dress up the message in the language of victimhood.
                      2. Sexual predators feign weakness, especially if they are older men before making the victim unconscious.
                      3. Pedophiles work in charities or armed forces but present themselves as pillars of community.
                      4. Religious people commit evil on completely innocent people but dress it up in the language of love, justice and purity. You don’t think of nuns who steal babies as human traffickers.
                      5. Communists preach egalitarianism but practice slavery under the guise of enemies of egalitarianism.
                      6. Pharma companies preach healing but sell addictions.
                      7. Under the guise of freedom of speech, pornographers exploit people from towns.
                      8. Shell and coca cola are exemplars of making the world a better place.

                      The list goes on and on. Almost every idea which seems innocent enough is abused by wolves in sheep’s clothing and not james bond antagonists. Maybe there is no such thing as sheep and we are all wolves. Heck even the open source contributors are abused under the guise of openness and community, while the parent company seeks funding.

                      Social media companies, including Google, claim they are making the world a better and connected place while allowing sexualisation of pre-teens and enabling predators on their platforms. They are selling private user data, allow non-state actors to influence elections, let unverified stories to run amok, abuse copyright protections and run behavioral experiments on users. How difficult is it to enable age verification ? You can always store sha(government-id) or use credit cards to verify age.

                      We merely have to ask the question are Google and Apple, wolves in sheep’s clothing ? The answer is obviously yes. Apple is a tobacco company. In what ways can they be stopped ? I don’t think limited liability is the answer.

                      1. 3

                        It’d probably be a good idea to strip out some of the more, um, controversial items from your comment to avoid a hellthread here litigating offtopic matters.

                    3. 7

                      We live in an age of anxiety, where there is an ever increasing number of things that you are supposed to be anxious about.

                      No offense, and I honestly mean that, but it feels as though you’ve got a little more anxiety going on than most of us. One valid way to deal with anxiety is to accept that some things are just facts of life in the modern world. For example, I use an ad-blocker, I don’t use Chrome, and I choose devices and services that are at least reasonably secure, but I gave up trying to control every piece of data I own because the attempt was causing me much more anxiety than just going with the (admittedly unfortunate) flow.

                      Just a thought.

                      1. 5

                        “Don’t worry, be happy” is not a serious answer to anxiety. If you decide to surrender that’s your choice, but that doesn’t mean people preferring to fight a managed retreat and prevent a total rout are wrong to do so. At a minimum they will preserve their freedom longer than you and possibly even retake ground that you have ceded.

                        https://www.history.com/news/7-brilliant-military-retreats

                  2. 2

                    How does the T14 compare to other ThinkPads you have used (eg the X1 carbon)?

                    1. 9

                      I chose the T14 AMD w. Ryzen 4750 (8 cores, decent GPU) because I’m doing open source development and 3D graphics (not gaming), and I wanted this much power. Thicker than my old MacBook, but same mass. Easy to disassemble, lots of upgradeable components. The T14s is too thin, cooling system is inadequate for the 4750 CPU (according to notebookcheck): it runs too hot and throttles. Ryzen uses more energy but performance is comparable to an Apple M1 (faster on some benchmarks, slower on others). Fan noise hasn’t bothered me.

                      According to reviews, T14 has a better keyboard than X1 carbon. X1 carbon has a better trackpad, but this trackpad can be ordered and installed in a T14 (many people on Reddit have done this). The X1 is limited to gen 10 intel + UHD graphics, too slow for my requirements. It maxes out at 16GB soldered RAM (not upgradeable), too small for my future requirements. Probably too thin to support the Ryzen 4750 with adequate cooling. The display options are better than the T14 AMD, that’s my one regret.

                      1. 3

                        I replaced my MacBook Air M1 by a T14 AMD a few months ago and like it very much as well!

                        Fan noise hasn’t bothered me.

                        Me neither. The fan is not very loud, definitely much more quiet than Intel MacBooks.

                        lots of upgradeable components

                        Love this aspect as well. I added an additional 16GB RAM (for 32GB RAM) and replaced the 512GB NVMe SSD by a 1TB NVMe SSD. There is still room for one more upgrade, since the WWAN slot can be used for some SSDs.

                        The display options are better than the T14 AMD, that’s my one regret.

                        Especially in Linux. On Windows the screen is quite acceptable with 150% scaling. Unfortunately, when enabling fractional scaling in GNOME, most X11 applications break (blurry upscaling).

                        1. 1

                          Unfortunately, when enabling fractional scaling in GNOME, most X11 applications break (blurry upscaling).

                          I remember this problem with the X1 Gen3 which couldn’t scale 2x properly, so I could chose between things looking way too tiny or things looking way too large (and very little screen real estate). The 4K screen in the T14s is much better in that regard.

                          But really the problem is that GTK+ 3 (at least) doesn’t support fractional scaling so things are just a complete mess.

                          1. 1

                            But really the problem is that GTK+ 3 (at least) doesn’t support fractional scaling so things are just a complete mess.

                            For me on Wayland, GTK 3 applications work fine. AFAIK, they are rendered at a larger integer scale and then Mutter (?) downscales to whatever fractional scaling you use. This is pretty much the same approach as macOS uses.

                            It’s XWayland where it goes wrong, though I think it was with an external screen hooked up, since XWayland does not support mixed DPI.

                        2. 2

                          The AMD variation is near perfect - but there is one downside to anyone, like me, who owns a Thunderbolt device (eg: LG Ultrafine 5k; I cannot go back to non-retina monitors having used this). It has no support for TB3 even with a dock.

                          1. 3

                            It sucks if you already have a Thunderbolt display, but it does drive 5k@60Hz over USB-C with DP-Alt (according to PSRef).

                            1. 1

                              Is there a demonstration of this actually working with any particular 5k monitor (of which there aren’t many)?

                          2. 1

                            The T14s is too thin, cooling system is inadequate for the 4750 CPU

                            I own a T14s, and I can confirm the cooling system is absolutely inadequate.

                            1. 1

                              The fact that the 4K screen is only available in the T14(s) with Intel is the sole reason I got the Intel T14s (which apparently does not run crazy hot as the Intel T14). Also oddly the T14s can be ordered with 32 GB RAM unlike the X1, so you get a rather similar device with better specs and keyboard and a worse (non-replaceable) touchpad.

                        1. 11

                          GPL’ed header files are now holed below the waterline.

                          1. 8

                            So is windows.h. That’s probably a good thing, over all.

                            1. 1

                              windows.h has been independently re-derived a number of times, making it a nonissue regardless.

                              1. 3

                                How are those cases different from what Google did with Java?

                                1. 5

                                  Copyright protects your work from being copied by others. If I look at the windows.h that microsoft distributes and use that as a basis for my own windows.h, it’s possible that what I produce constitutes a derivative work that thus infringes on microsoft’s copy rights. (This is what google v oracle was about.)

                                  However, if I derive the windows api in the context of a clean room, the result is not a derivative work and thus not infringing. This, for instance, is what the wine and reactos projects have done, and wine expressly prohibits people who might have had contact with windows source code from contributing for this reason.

                                  1. 1

                                    What if you clean room derive a 100% identical header?

                                    (Not impossible if the original, say, didn’t have comments and was formatted with a tool like clang-format which you’ve also decided to use…)

                                    1. 3

                                      clean room derive a 100% identical header?

                                      Then that’s fine, as long as you didn’t copy it from the original.

                                      1. 1

                                        Or better put, where do you draw a line between clean room based development output vs an actual system you are converting?

                                    2. 2

                                      The work that Oracle claims is copyrighted in this case is the “Structure Sequence and Organization” of the APIs, which is a term they created that somehow includes things like names.

                                      I presume Moonchild’s point is that people have reversed the windows ABI into an API many times, and the ABI doesn’t include the requisite elements to be copyrightable even if Oracle is right that their API is copyrightable. I’m not sure I agree with that argument, but it is an interesting one.

                                2. 2

                                  Shit, hadn’t thought of that. Good catch.

                                  1. 2

                                    Even if they’re C++ libraries where everything is in the header file?

                                    (You just know some court’s going to be unable or unwilling to distinguish between declarations and code.)

                                    1. 1

                                      I don’t know, this is a massive fair use question! You would have to show that there’s broad knowledge of the header file contents in particular.

                                      Java being Java is where the fair use conclusion came in. Millions of people knowing The Java API definitions! I think it’s non controversial to state that Java APIs are more universally known than almost anything under the sun

                                      And this case in the outset is like “look this is complicated and fast moving, we’re going to state stuff here but don’t consider it broad in scope”. Pretty tough fight to win IMO

                                      1. 1

                                        Good read! Thanks a lot for sharing.

                                      1. 25

                                        I think everyone who interacts with frontend javascript feels the same way. I’m afraid that in the backend he is going to see a similar kind of rapidly growing complexity too - except instead of npm hell it is k8s hell.

                                        I wish I had a cogent view on the forces that are making software engineering go this horrible way but I have no such insight. The best I can come up with is that Alan Kay quote about how professions that grow faster then their education end up susceptible to fads which, christ preserve me, I cannot even find by searching. I really hope that quote is true because it at least suggests that once the profession stops growing the symptoms might improve.

                                        1. 17

                                          I think it happens because the only way to make a simple solution is if you have a deep understanding of the problem you are trying to solve. It requires a much greater understanding than what is needed to solve it via sheer force of effort.

                                          In the majority of developers’ work they don’t have enough time to gain deep understanding of the problems they are trying to solve. The moment they have a solution, even a half-baked one, they move onto solving the next problem in an ever growing queue of work.

                                          Developers may also become bored before building up enough context to break through the complexity barrier. It can take a long time and many iterations to simplify some problems. Many developers (or their managers) lack the patience to keep working on “solved” problems after they have something that meets their needs well enough.

                                          As an industry we also have a problem with knowledge transfer. Even if a developer reaches a new level of understanding they may not be able to pass all of this onto the next generation of devs. The new devs go through the process of reinvention and relearning the same concepts, then the cycle continues.

                                          1. 12

                                            I think it happens because the only way to make a simple solution is if you have a deep understanding of the problem you are trying to solve. It requires a much greater understanding than what is needed to solve it via sheer force of effort.

                                            I agree, The best thing to look for in any professional, doctor, lawyer, coder, etc is their ability to not engage with a problem, instead solving it in a simple and non-intrusive way. The worst behavior from professionals are the folks who are going to do a lot of work no matter what. These guys look busy, and they’re deep in a bunch of technically wonky stuff that nobody understands, so naturally they look like they know what they’re doing and are doing a good job. The guy who shows up in flip-flops and after a five-minute conversation solves your problem? He’s just some smart eleck showman, probably a con man.

                                            It’s a severe problem. It’s eating our industry alive.

                                          2. 5

                                            I do have a (self-consistent, if not necessarily correct or happy) set of thoughts which explain the dynamic sufficiently for me.

                                            1. As developer productivity improves, the set of problems profitably solved by software grows faster than productivity does, so there’s demand for more developers the more productive they are.
                                            2. Software development frequently generates profits far in excess of what is needed to sustain the operation
                                            3. Organisations which enjoy profits far in excess of their operating needs become dominated by empire-building because there is no counter-pressure.
                                            4. As an empire-building manager, I need to invent plausible ways to occupy the developers I hire.
                                            5. A consultancy will recommend technologies suitable to the size of the team I have (that is, something that will require all of my staff to maintain).
                                            6. A consultancy will generally not recommend something that works with no configuration or setup required, since then they can’t sell you configuration or setup work.
                                            1. 1

                                              k8s hell

                                              Thats DevOps, not Backend? More like composer, pip, gem, all of who are better in one way or another against trashy npm and alike.

                                            1. 1

                                              This website doesn’t contain any information, perhaps the link should be pointing to the github repository instead?

                                              1. 1

                                                You are right, it might be better to post direct Github repository instead. If any mod sees this, please redirect the thread.

                                              1. 3

                                                Hi pps of lobsters, thank you for another great year of knowledge sharing, and happy holidays!

                                                1. 11

                                                  I love seeing positive stories like this (especially on Tech, here on Lobsters). Any similar small/simple/curated websites in this regards?

                                                  1. 14

                                                    I have this list sitting in some old notes:

                                                    sublime

                                                    tarsnap

                                                    bingo card creator

                                                    jepsen

                                                    sidekiq - https://www.indiehackers.com/interview/how-charging-money-for-pro-features-allowed-me-quit-my-job-6e71309457

                                                    image compression for games - https://twitter.com/sehurlburt/

                                                    complice - https://www.indiehackers.com/product/complice

                                                    https://www.indiehackers.com/product/insomnia

                                                    https://www.indiehackers.com/product/browserless

                                                    pinboard

                                                    instapaper

                                                    newsblur

                                                    duckduckgo

                                                    minecraft

                                                    dwarf fortress

                                                    metafilter

                                                    backblaze

                                                    prgmr

                                                    lavabit

                                                    growstuff

                                                    tabnine?

                                                    fathom

                                                    ravelry

                                                    sqlite

                                                    1. 1

                                                      Thanks, appreciate it. Can you reformat your comment to be inline? It’s taking whole FF window on my Macbook Retina.

                                                      sublime, tarsnap, bingo card creator, jepsen, sidekiq, image compression for games, complice, insomnia, browserless, pinboard, instapaper, newsblur, duckduckgo, minecraft, dwarf fortress, metafilter, backblaze, prgmr, lavabit, growstuff, tabnine, fathom, ravelry, sqlite

                                                      1. 1

                                                        I can’t edit it, sorry :S

                                                  1. 14

                                                    As someone who paid a fair bit of attention to the early docker world, and now seeing its commodification am left wondering “what was it”, I think this article does a good job of explaining it. What it doesn’t explain is… I was around at that early redhat time, when it was small, when you could shake Bob Young’s hand at a Linux meetup. Heck, I remember when google was a stanford.edu site… the question in my mind is… why did redhat and google succeed (as corporate entities) and docker not so much? Perhaps it was the locking in of the company name and the core tech? Perhaps the world of 2010-2020 was far more harsh to smaller businesses, perhaps they just overshot by trying to fight their competitors instead of partnering with them. That will probably have to wait for a HBR retrospective, but I’m not 100% psyched that the big incumbents won this.

                                                    1. 13

                                                      Docker lost, as I understand it, because of commoditisation. There’s a bunch of goo in Linux to try to emulate FreeBSD jails / Solaris Zones and Docker provided some tooling for configuring this (now fully subsumed by containerd / runc), for building tarballs (not really something that needs a big software stack), and for describing how different tarballs should be extracted and combined using overlay filesystems (useful, but should not be a large amount of code and now largely replaced by the OCI format and containerd). Their two valuable things were:

                                                      • A proprietary build of a project that they released as open source that provided tooling for building container images.
                                                      • A repository of published container images.

                                                      The first of these is not actually more valuable than the open source version and is now quite crufty and so now has a load of competitors. The second is something that they tried to monetise, leaving them open to competitors who get their money from other things. Any cloud provider has an incentive to provide cheap or free container registries because a load of the people deploying the containers will be spending money to buy cloud resources to run them. Docker didn’t have any equivalent. Running a container registry is now a commodity offering and Docker doesn’t have anything valuable to couple their specific registry to that would make it more attractive.

                                                      1. 9

                                                        I wrote a bit about that here – Docker also failed to compete with Heroku, under its former name dotCloud.

                                                        https://news.ycombinator.com/item?id=25330023

                                                        I don’t think the comparison to Google makes much sense. I mean Google has a totally different business that prints loads of money. If Docker were a subdivision of Google, it could lose money for 20 years and nobody would notice.

                                                        As for Red hat, this article has some interesting experiences:

                                                        Why There Will Never Be Another RedHat: The Economics Of Open Source

                                                        https://techcrunch.com/2014/02/13/please-dont-tell-me-you-want-to-be-the-next-red-hat/

                                                        To make matters worse, the more successful an open source project, the more large companies want to co-opt the code base. I experienced this first-hand as CEO at XenSource, where every major software and hardware company leveraged our code base with nearly zero revenue coming back to us. We had made the product so easy to use and so important, that we had out-engineered ourselves.

                                                        (Although I don’t think Docker did much engineering. It wasn’t that capable a product. It could have been 30 to 100 people at Google implementing it, etc. Previous thread: https://lobste.rs/s/kj6vtn/it_s_time_say_goodbye_docker)

                                                        1. 4

                                                          I appreciate the article on RedHat. It has certainly opened my eyes to the troubles with their business model, which I had admired in the past. (I suppose it is still admirable, but now at least I know why there aren’t more companies like it.)

                                                          The back half of the article is strange, though. I’m not sure what I’m supposed to learn about building a new business based around open source by looking at Microsoft, Amazon or Facebook. While they all contribute open source code now, they did not build their businesses by selling proprietary wrappers around open source products as far as I know. And given the enormity of those companies, it seems very hard to tell how feasible it would be to copy that behavior on a small scale. Github seems like a reasonable example of a company monetizing open source, however. It is at least clear that their primary business relies on maintaining git tools. I just wish the article included a few more examples of companies to look up to. Perhaps some lobsters have ideas.

                                                          1. 5

                                                            I just wish the article included a few more examples of companies to look up to

                                                            To a first approximation, there are no companies to look up to.

                                                            1. 2

                                                              I feel like some of the companies acquired by RedHat might be valid examples. I expect that the ones that are still recognizable as products being sold had a working model, but I don’t know what their earnings were like.

                                                            2. 3

                                                              the biggest ones I can think of, not mentioned, are mongo and elastic… redis may go public soon, there are lots of corps around data storage and indexing that to some extent keep their core product free. There might be more. If you look at interesting failures, going back to the early days, LinuxCare was a large service oriented company that had a giant flop, as did VA Linux (over a longer time scale):

                                                              linuxcare https://www.wsj.com/articles/SB955151887677940572

                                                              va linux https://www.channelfutures.com/open-source/open-source-history-the-spectacular-rise-and-fall-of-va-linux

                                                              1. 2

                                                                Appreciate it, thanks.

                                                          2. 8

                                                            same question, I think, could be asked why netflix succeeded but blockbuster failed, both were doing very similar thing. It seems that market success consists of chains / graphs of very small incremental decisions. The closer decisions are to the companies ‘pivot time’, the more impactful they seem to be.

                                                            And, at least in my observation, paying well and listening to well-rounded+experienced and risk-taking folks – who join your endeavor early, pays with huge dividends later on.

                                                            In my subjective view, docker failed to visualize and execute on the overall ecosystem around their core technology. Folks who seem to have that vision (but perhaps, not always the core technology) are the ones at hashicorp. They are not readhat by any means, but any one of their oss+freemium products seem to have good cohesive and ‘efficient’ vision around the ecosystem in this space. (where by ‘efficient’ I mean that they do not make too many expensive and user-base jarring missteps).

                                                            1. 1

                                                              could be asked why netflix succeeded but blockbuster failed, both were doing very similar thing

                                                              I’m not sure I agree. Coincidentally, there’s a YT channel that I follow that did a decent overview on both of them:

                                                            2. 3

                                                              My opinion on this is that both Google and Redhat are much closer to the cloud and the target market than Docker is/was.

                                                              Also, I thought that Docker was continuously trying to figure out how to make a net income. They had Docker Enterprise before it was sold off, but imo I’m not sure how they were aiming to bring in income. And a startup without income is destined to eventually close up.

                                                              1. 3

                                                                the question in my mind is… why did redhat and google succeed (as corporate entities) and docker not so much?

                                                                Curating a Linux distribution and keeping the security patches flowing seamlessly is hard work, which made Red Hat valuable. Indexing the entire Internet is also clearly a lot of hard work.

                                                                By comparison, what Docker is doing as a runtime environment is just not that difficult to replace.

                                                                1. 1

                                                                  I kinda feel like this is the ding ding ding answer… when your project attempts to replicate a project going on inside of a BigCo, you will have a hard time preventing embrace and extend. Or perhaps, if you are doing that, keep your company small, w/ limited debt, because you may find a niche in the future, but you can’t beat the big teams at the enterprise game, let alone a federation of them.

                                                                2. 2

                                                                  I think we all know our true desires we are just left to discover them.-

                                                                  Lets not forget, The Docker Timeline:

                                                                  • Started in 2013.
                                                                  • Got open-source recognition.
                                                                  • Got increased public use in 2015/2016.
                                                                  • In 2017. project renamed from Docker to Moby. Mistake 1.
                                                                  • In 2018. started requiring User Registration on DockerHub. Mistake 2.
                                                                  • In 2019. Docker Database has been hacked which exposed user. Mistake 3.
                                                                  • In 2020. Docker finally died and awaits new reborn. Good bye.

                                                                  When I think about it, I’m not even mad. Hail death of Docker.

                                                                1. 25

                                                                  I was hoping for a bit more. It looks like the only real content is a link to how to install Linux on Apple hardware. https://linuxnewbieguide.org/how-to-install-linux-on-a-macintosh-computer/

                                                                  1. 3

                                                                    Yeah I was hoping for strong arguments for why op decided to switch.

                                                                    1. 1

                                                                      Oh, yes, I tried that. Trust me, it’s a hassle for sure.

                                                                    1. 6

                                                                      Great thread.

                                                                      choose replaces the usual awk oneliner to get a column of text for me. https://github.com/theryangeary/choose

                                                                      $ echo first second third | choose 1
                                                                      second
                                                                      
                                                                      1. 1

                                                                        Now this one is pure awesome, thanks; as someone who has to search for awk samples every time I use it, this will help me a lot.

                                                                        1. 1

                                                                          It’s not in a separate package or documented so well, but I have an example program in cligen that does all this and more. For me, the memory mapped IO mode is even ~2x faster than mawk on Linux for files in /dev/shm.

                                                                      1. 3

                                                                        Work:

                                                                        • Release documentation, and helping fix up the last few remaining edges in our installation process.

                                                                        Personal:

                                                                        • I’d suggested I could put up a e-commerce website for my wife’s various crafty/DIY creations, and she took me up on the offer this weekend. I’m using this as the reason to finally buckle down and learn Elixir and Phoenix, so this week will involve working on getting familiar with all of the moving parts involved there. We have a backup plan if the project gets to be too overwhelming, but I’ve wanted to see what happens on the other side of actually learning Elixir and Phoenix, rather than just giving up after 2 hours of not quite getting it. I plan on using Stripe for payment processing.

                                                                        If anyone has any advice on pitfalls to avoid when building an e-commerce site, I’d be interested in hearing them.

                                                                        • I picked up Godot again, after having been away from it for a while. Other than one person having a bug with key mapping or something, it seems to have a really nice HTML 5 game export with WASM. I’m considering making a game gallery as one of the ramp-up projects in Elixir. (I plan on building multiple smaller projects before I attempt to take on the e-commerce site. I want to have my sea legs before I take on that complicated of a project).
                                                                        1. 1

                                                                          If anyone has any advice on pitfalls to avoid when building an e-commerce site, I’d be interested in hearing them.

                                                                          My best advice is - don’t [1]. There are many security issues that may arise developing custom e-commerce website for the complexity which it requires. My best advice is to fork a stable, mature & open-source e-commerce and build it from such base.

                                                                          I pwned a few ECMS (Ebay//OLX to name a few) [2]; if those large in-house developed ECMS websites are vulnerable, so will be yours. The vulnerabilities will probably be logic-based; and framework won’t protect you from those.

                                                                          [1] https://twitter.com/0xduraki/status/1108908794208239616
                                                                          [2] https://duraki.github.io/reports.html

                                                                          1. 1

                                                                            Do you have any recommendations as to which open source projects to use?

                                                                            I think I stand a hope of building an E-commerce site that is at least not vulnerable to script kiddies (aka safe from SQL injection, CSRF and XSS). I also hopefully can keep the feature set small enough that it doesn’t have too many issues (the idea being that keeping the feature set smaller should hopefully keep the potential interactions under control, and make securing it easier).

                                                                            That notion probably sounds like lunacy to you, tho.

                                                                            1. 1

                                                                              I’m not sure I’m adequate enough to answer your first question. Magento comes to my mind but if I was, I’d do some comparison between choices. One with strict control, a lot of source reviews, and decomplexity (one which allows you to turn options on or off) would be a great fit. This would minimize your attack surface.

                                                                              As for the notion, again, be very careful. ECMS is both a target to gray hats and black hats for the juicy details they may find. Sometimes, script kiddies can make a bigger damage then professional infosec person.

                                                                              Best of luck with the development! :-)

                                                                        1. 9

                                                                          One blog post is at least a couple of hours of work and could be valued in hundreds.

                                                                          looks at list of first drafts that each have 10+ hours of work in them

                                                                          I don’t get how people can write a blog post in a couple of hours. Like I know it’s normal and everybody does it, I just… don’t get it. It doesn’t connect with my brain somehow.

                                                                          1. 2

                                                                            I’m with you. My posts take several days minimum.

                                                                            1. 2

                                                                              Quality over quantity. Yes, I dig that.

                                                                              1. 1

                                                                                Not sure how that discussion makes sense when no-one is specifying the size of the blog post. I write blog posts in less than 30 min but they are short.

                                                                                1. 2

                                                                                  In my case the size of the post is only very loosely correlated with the time taken to write it. In fact much my time writing is editing it down to be smaller. Only rarely am I trying to edit it to be longer.

                                                                          1. 1

                                                                            Nice article. Can anyone of elders give more information on shell word from the old times?

                                                                            1. 5

                                                                              Apparently, the original Multics shell (sense 1) was so called because it was a shell (sense 3); it ran user programs not by starting up separate processes, but by dynamically linking the programs into its own code, calling them as subroutines, and then dynamically de-linking them on return.

                                                                              Source: http://www.catb.org/jargon/html/S/shell.html

                                                                              1. 1

                                                                                Wow, thats a nice gem of a site. Much appreciated.

                                                                            1. 4

                                                                              Something else to consider; the average age of a registered car is 10.7 years in Europe, and Google quotes 11.8 as the average age in the US. Possibly this is skewed somewhat by people collecting classic cars, but for decades, a new car has offered few advantages over a used one.

                                                                              PCs have reached a similar level of age indifference; today you can buy a 5 year-old used laptop or pc, and expect to get at least another three years of use out of them. When you buy new, you expect to get at least five years, and I see people around me using laptops for over ten years.

                                                                              While there’s a growing market for refurbished phones, all of them seem doomed by the limited number of years Apple and Google will support older models.

                                                                              1. 2

                                                                                I’m using a number of ~10yo (9 and a half, more, but still…) Android phones almost daily, one of them in its original duty as a phone, others for different purposes - remote-controlled media player, trailer camera, etc. Even though the manufacturer - Motorola - never got beyond Android 2.3.6 they’re all running 4.4.4. One of them doesn’t have a screen (it got broken in some distant past), that is the one in use as a trailer camera. The thing is, these older Android phones are still useable for many purposes, from their original gadgety-communications-device role to those things I mentioned and more, due to the free software nature of Android and Linux.

                                                                                With Apple the story is a bit different, they do offer longer support than most Android vendors but once they drop a model it quickly becomes useless. Some devices can be ‘jailbroken’ and with that their useful life can be extended a bit but since the size of the hacking community around Apple devices is nothing compared to that around Android it takes a lot more effort to get things done. Seen as curves the Android ‘usability’ curve starts going down earlier than the Apple one but once Apple drops support their curve quickly sinks below that of Android devices of similar vintage. In both cases it takes a bit of hacking to extend the useful life, more in the case of Apple hardware.

                                                                                1. 1

                                                                                  With Apple the story is a bit different, they do offer longer support than most Android vendors but once they drop a model it quickly becomes useless.

                                                                                  How did you get to the conclusion of rendering Apple device useless after support is dropped?

                                                                                  1. 1

                                                                                    Depends on your use, I suppose.

                                                                                    My ipad quickly became useless for my use because I needed to install or upgrade apps to evaluate [… digression elided], and that quickly started demanding newer ios versions. If your use is to keep running and using the apps you already have, nothing bad will happen, AIUI.

                                                                                    1. 1

                                                                                      So basically same as w/ Android? I don’t recall difference between two platforms as per the comment bias.

                                                                                      1. 1

                                                                                        The big difference is that with many Android devices there are AOSP-derived distributions which can be used to keep the device up to date once vendor-supported updates have ceased.

                                                                                        1. 1

                                                                                          No, not basically the same. The same in principle. The key word is quickly.

                                                                                          Apple is good about providing upgrades and coercing users to upgrade, and the flip side is that app developers feel free to drop support for old versions quickly. Being two or three versions behind on an ios device limits your app selection much more than being two or three versions behind on android device.

                                                                                        2. 1

                                                                                          The biggest reason that the old iPads are “useless” today is that today’s apps use too much RAM and CPU - something a new OS version isn’t going to solve. When today’s latest iPads are five years old, this is likely going to be less of a problem since performance increases aren’t as huge any longer, but for the first five years or so of iPads this is the biggest limiting factor. IMHO.

                                                                                      2. 1

                                                                                        I don’t doubt that they’re useful for other purposes, and you’re probably right that we should be making better use of them. But personally I don’t like the idea of using an internet-connected device that’s limited to a seven year-old operating system.

                                                                                        1. 1

                                                                                          The thing is, they’re not limited to whatever version of Android the device is left with when the vendor ceases to support it. Those AOSP-derived distributions can take it along for the ride more or less until the hardware can no longer support the newest version, e.g. because of the 32/64 bit shift. The Galaxy SIIIneo which I mentioned was left by Samsung at Android 4.4.4, it currently runs Android 9 through LineageOS. It gets weekly OTA updates, the latest was on the 20th of April. As long as these projects support those devices they will stay up to date. They are supported until there is not enough interest from developers, which again depends on the number of users who want to keep those devices in use. There are some hard limits on support like the mentioned 32/64 bit shift, others are a lack of driver support for those platforms which rely on closed-source blobs, hardware capacity limits (memory, GPU, SoC) being exceeded by newer versions of the operating system, etc.

                                                                                      3. 2

                                                                                        Something else to consider; the average age of a registered car is 10.7 years in Europe, and Google quotes 11.8 as the average age in the US. Possibly this is skewed somewhat by people collecting classic cars, but for decades, a new car has offered few advantages over a used one.

                                                                                        Similar to cars, a lot of the advantages are in the realm of safety and security features you don’t want to become important. A 2020 Accord has measurable improvements in structural safety components over a 2010 Accord, and a 2020 iPhone has security features that 2017 iPhones don’t have the silicon to support.

                                                                                      1. 4

                                                                                        Cloudflare is shielding cybercriminals

                                                                                        It’s true Cloudflare protect victims from DDoS, but also protect attackers. Although, if there are no DDoS attacks, whom will Cloudflare protect you from? It’s basically money making machine. Both attackers and legit endusers use it for protection. Vice versa profitable.

                                                                                        1. 4

                                                                                          This troubled me, as there is no source for that. Only a statement from the website’s owner :/

                                                                                          1. 4

                                                                                            It’s true though.

                                                                                            Cloudflare serves all customers willing to pay, and even has a free tier for some products. It doesn’t generally vet customers. You don’t have to prove that you’re worthy of using whatever Cloudflare product you wish to pay for, and Cloudflare protects its customers. That includes criminals. Most notably, it includes shielding criminals from people who send email saying “FOO BAR IS A CRIMINAL! I’M TELLING YOU FOO BAR IS A CRIMINAL!”

                                                                                            Amazon does the same — anyone can buy things there and the selection includes many useful tools, so Amazon sells burglary tools to criminals. But it’s not a universal standard. IIRC all of the big British banks eventually caved in to public pressure and closed the accounts of some customers the vegans didn’t like.

                                                                                        1. 6

                                                                                          vanilla vim in a basic terminal. Works everywhere, and I don’t have to spend brain-cycles thinking about it.

                                                                                          1. 2

                                                                                            How do you deal with multi language barrier? ie. Space vs Tabs in different project? Do you manually expandtab/tabstop?

                                                                                            1. 2

                                                                                              Personally, until I need to do it often enough to put in my .vimrc for a particular filetype, I kinda already remember the :setl sw=2 ts=2 et (replace 2 with whatever needed) “magic incantation” for when needed. Umm… a moment of self-reflection: is vim really a stockholm-syndrome lover I thought it to be in my younger days?… Yet in other editors, I’d have to do it by mouse or keyboard shortcuts anyway…

                                                                                              1. 1

                                                                                                I have an EditorConfig plugin, many projects ship with an .editorconfig file these days.

                                                                                                I also have some autocmd for specific languages/projects; you can just match it by directory:

                                                                                                au FileType go nnoremap MM :silent! :wa<CR>:compiler go<CR>:silent make!<CR>:redraw!<CR>
                                                                                                au FileType go nnoremap TT :silent! :wa<CR>:compiler gotest<CR>:silent make!<CR>:redraw!<CR>
                                                                                                
                                                                                                autocmd BufReadPre /home/martin/code/goatcounter/*.go
                                                                                                            \  if $CGO_ENABLED is# '' | let $CGO_ENABLED = 0 | endif
                                                                                                            \| let g:gopher_install_package = 'zgo.at/goatcounter/cmd/goatcounter'
                                                                                                

                                                                                                You can set tabs/spaces/etc. there too, if required.

                                                                                                1. 2

                                                                                                  I think “vanilla vim” was important context for the question. With custom config, these things become easy, as you point out.

                                                                                                  1. 1

                                                                                                    Ah right; I assumed “vanilla” meant “without plugins”, but yeah, could be “without config” too 😅

                                                                                            1. 1

                                                                                              Nice project. I wrote similar blogpost on automating iTerm sessions via tmux & tmuxinator, for anyone interested.

                                                                                              1. 3

                                                                                                This was a pleasant read!

                                                                                                I have thought a while about this, and will (eventually) implement this scheme for equality, mostly inspired by Scheme:

                                                                                                • identical? for reference equality (and possibly also primitives),
                                                                                                • equal? for structural equality (for types that support it),
                                                                                                • equivalent? as a more general trait which also requires a context within which you are comparing, like hashing or floats within a given epsilon. (The above two are special cases of this.)

                                                                                                Hopefully it will be intuitive and obvious, with no gotchas.

                                                                                                (Minor note: F# will let you use mutable as an adjective for Offspring and jane in case you didn’t want to switch to C# for that example).

                                                                                                1. 1

                                                                                                  This reminds me of Ruby & Objective-C cocktail.

                                                                                                1. 13

                                                                                                  Using this on my bar, it’s pretty nice. Still using JetBrains Mono for everything else, though.

                                                                                                  https://qtp2t.club/pub/setup.png

                                                                                                  1. 5

                                                                                                    That is a nice bar! Also, your wallpaper choice is impeccable.

                                                                                                    1. 2

                                                                                                      Yes, please link to it!

                                                                                                      1. 4

                                                                                                        Not OP but here it is. Just set your background to Tail/Pattern mode depending on OS of choice. Nice desktop tho @hazel.

                                                                                                        1. 5

                                                                                                          My dots are at https://git.qtp2t.club/hazel/etc if you want them, and thanks

                                                                                                        2. 4

                                                                                                          Hi, that’s from my wallpaper pack! something something copyright not intended (well some of them are OC)

                                                                                                          1. 2

                                                                                                            That’s really nice, thanks!

                                                                                                      2. 2

                                                                                                        Just wanted to say, your bar is awesome. You’ve got to post this on unixporn :)

                                                                                                      1. 12

                                                                                                        Write down a one-sentence mantra that you’d use to describe your current work to a technical friend who is in a hurry and doesn’t have time to receive a full download of your vision for the project. Chisel it down until it can be pronounced in a single breath, then recite it a few times a day, or whenever uncertainty creeps in.

                                                                                                        For example, here’s my mantra for one of the projects I’m hacking on:

                                                                                                        I’m building a self-hosted API & mobile app for virtualizing a remotely operated cell phone.

                                                                                                        This helps me leave by the wayside any features or yak shaving excursions which don’t directly contribute to the technical bottom line.

                                                                                                        1. 2

                                                                                                          This is a great advice. A mantra is gold worth and seems like a great motivation utility.