1. 9

    I’ve been working remotely for a few months, although only recently full time. I love it. I feel very confident that my employer is getting much higher quality hours out of me than when I worked in an office. I feel much more productive and I believe that I am much more productive. A lot of talking that I did in an office really didn’t matter so much for getting work done. For random conversations, I just send an email to someone or talk to them on a chat, that has worked fine for me.

    1. 2

      Now switch to 4 day work-weeks and be amazed that you can be even more productive!

      1. 3

        Already there actually :) And yes, I am more productive! But we’ll see how it works in the long run. Do I acclimate to 4 day work weeks as we did to 5 day work weeks so long ago and productivity drops once the novelty wears off?

        1. 2

          The extra time you have to let your subconscious work on problems stays. And the potential extra sleep. And the burnout-prevention.

          That’s how it works for me, anyway.

          1. 3

            I’m curious about how both of you ended up working four-day weeks. Does everyone at your employers do so? Are you contractors or employees? Have you always worked these hours at your current gigs or did you cut back from a five-day week?

            1. 2

              Employed. My last job had a 4-day-week, which was increased from 3-days before. I was one of the very few not working full time, but as far as I know it never gave real problems; people learned not to schedule meetings on Wednesdays if they wanted me to show up. The initial three-day setup was because there wasn’t enough money available for a fulltime position, but even once there was enough having a full day for my own stuff (or just catching up on sleep, so I don’t have to do that on the weekend) is worth the lower pay.

              And I honestly think employers win with 4 days. I’m much happier, sharper and motivated. They have to pay less, and I doubt I do less (effective!) work. If you come from 5-days make sure they know they are better off with you in the team for 4-days then not in the team at all ;)

    1. 6

      I think the faulty assumption is that the happiness of users and developers is more important to the corporate bottom line than full control over the ecosystem.

      Linux distributions have shown for a decade that providing a system for reliable software distribution while retaining full user control works very well.

      Both Microsoft and Apple kept the first part, but dropped the second part. Allowing users to install software not sanctioned by them is a legacy feature that is removed – slowly to not cause too much uproar from users.

      Compare it to the time when Windows started “phoning home” with XP … today it’s completely accepted that it happens. The same thing will happen with software distributed outside of Microsoft’s/Apple’s sanctioned channels. (It indeed has already happened on their mobile OSes.)

      1. 8

        As a long-time Linux user and believer in the four freedoms, I find it hard to accept that Linux distributions demonstrate “providing a system for reliable software distribution while retaining full user control works very well”. Linux distros seems to work well for enthusiasts and places with dedicated support staff, but we are still at least a century away from the year of Linux on the desktop. Even many developers (who probably have some overlap with the enthusiast community) have chosen Macs with unreliable software distribution like Homebrew and incomplete user control.

        1. 2

          I agree with you that Linux is still far away from the year of Linux on the desktop, but I think it is not related to the way Linux deals with software distribution.

          There are other, bigger issues with Linux that need to be addressed.

          In the end, the biggest impact on adoption would be some game studios releasing their AAA title as a Linux-exclusive. That’s highly unlikely, but I think it illustrates well that many of the factors of Linux’ success on the desktop hinge on external factors which are outside of the control of users and contributors.

          1. 2

            All the devs I know that use mac use linux in some virtualisation options instead of homebrew for work. Obviously thats not scientific study by any means.

            1. 8

              I’ll be your counter example. Homebrew is a great system, it’s not unreliable at all. I run everything on my Mac when I can, which is pretty much everything except commercial Linux-only vendor software. It all works just as well, and sometimes better, so why bother with the overhead and inconvenience of a VM? Seriously, why would you do that? It’s nonsense.

              1. 4

                Maybe a VM makes sense if you have very specific wishes. But really, macOS is an excellent UNIX and for most development you won’t notice much difference. Think Go, Java, Python, Ruby work. Millions of developers probably write on macOS and deploy on Linux. I’ve been doing this for a long time and ‘oh this needs a Linux specific exception’ is a rarity.

                1. 4

                  you won’t notice much difference.

                  Some time ago I was very surprised that hfs is not case sensitive (by default). Due to a bad letter-case in an import my script would fail on linux (production), but worked on mac. Took me about 30 minutes to figure this out :)

                  1. 3

                    You can make a case sensitive code partition. And now with APFS, partitions are continuously variable size so you won’t have to deal with choosing how much goes to code vs system.

                    1. 1

                      A case sensitive HFS+ slice on a disk image file is a good solution too.

                    2. 2

                      Have fun checking out a git repo that has Foo and foo in it :)

                      1. 2

                        It was bad when microsoft did it in VB, and it’s bad when apple does it in their filesystem lol.

                    3. 2

                      Yeah definitely. And I’ve found that accommodating two platforms where necessary makes my projects more robust and forces me to hard code less stuff. E.g. using pkg-config instead of yolocoding path literals into the build. When we switched Linux distros at work, all the packages that worked on MacOS and Linux worked great, and the Linux only ones all had to be fixed for the new distro. 🙄

                    4. 2

                      I did it for awhile because I dislike the Mac UI a lot but needed to run it for some work things. Running in a full screen VM wasn’t that bad. Running native is better, but virtualization is pretty first class at this point. It was actually convenient in a few ways too. I had to give my mac in for repair at one point, so I just copied the VM to a new machine and I was ready to run in minutes.

                      1. 3

                        I use an Apple computer as my home machine, and the native Mac app I use is Terminal. That’s it. All other apps are non-Apple and cross-platform.

                        That said, MacOS does a lot of nice things. For example, if you try to unmount a drive, it will tell you what application is still using it so you can unmount it. Windows (10) still can’t do that, you have to look in the Event viewer(!) to find the error message.

                        1. 3

                          In case it’s unclear, non-Native means webapps, not software that doesn’t come preinstalled on your Mac.

                          1. 3

                            It is actually pretty unclear what non-Native here really means. The original HN post is about sandboxed apps (distributed through the App Store) vs non-sandboxed apps distributed via a developer’s own website.

                            Even Gruber doesn’t mention actual non-Native apps until the very last sentence. He just talks/quotes about sandboxing.

                            1. 3

                              The second sentence of the quoted paragraph says:

                              Cocoa-based Mac apps are rapidly being eaten by web apps and Electron pseudo-desktop apps.

                        2. 1

                          full-screen VM high-five

                        3. 1

                          To have environment closer to production I guess (or maybe ease of installation, dunno never used homebrew). I don’t have to use mac anymore so I run pure distro, but everyone else I know uses virtualisation or containers on their macs.

                          1. 3

                            Homebrew is really really really easy. I actually like it over a lot of Linux package managers because it first class supports building the software with different flags. And it has binaries for the default flag set for fast installs. Installing a package on Linux with alternate build flags sucks hard in anything except portage (Gentoo), and portage is way less usable than brew. It also supports having multiple versions of packages installed, kind of half way to what nix does. And unlike Debian/CentOS it doesn’t have opinions about what should be “in the distro,” it just has up to date packages for everything and lets you pick your own philosophy.

                            The only thing that sucks is OpenSSL ever since Apple removed it from MacOS. Brew packages handle it just fine, but the python package system is blatantly garbage and doesn’t handle it well at all. You sometimes have to pip install with CFLAGS set, or with a package specific env var because python is trash and doesn’t standardize any of this.

                            But even on Linux using python sucks ass, so it’s not a huge disadvantage.

                            1. 1

                              Installing a package on Linux with alternate build flags sucks hard in anything except portage

                              You mention nix in the following sentence, but installing packages with different flags is also something nix does well!

                              1. 1

                                Yes true, but I don’t want to use NixOS even a little bit. I’m thinking more vs mainstream distro package managers.

                              2. 1

                                For all its ease, homebrew only works properly if used by a single user who is also an administrator who only ever installs software through homebrew. And then “works properly” means “install software in a global location as the current user”.

                                1. 1

                                  by a single user who is also an administrator

                                  So like a laptop owner?

                                  1. 1

                                    A laptop owner who hasn’t heard that it’s good practice to not have admin privileges on their regular account, maybe.

                                2. 1

                                  But even on Linux using python sucks ass, so it’s not a huge disadvantage.

                                  Can you elaborate more on this? You create a virtualenv and go from there, everything works.

                                  1. 2

                                    It used to be worse, when mainstream distros would have either 2.4 or 2.6/2.7 and there wasn’t a lot you could do about it. Now if you’re on python 2, pretty much everyone is 2.6/2.7. Because python 2 isn’t being updated. Joy. Ruby has rvm and other tools to install different ruby versions. Java has a tarball distribution that’s easy to run in place. But with python you’re stuck with whatever your distro has pretty much.

                                    And virtualenvs suck ass. Bundler, maven / gradle, etc. all install packages globally and let you exec against arbitrary environments directly (bundle exec, mvn exec, gradle run), without messing with activating and deactivating virtualenvs. Node installs all it’s modules locally to a directory by default but at least it automatically picks those up. I know there are janky shell hacks to make virtualenvs automatically activate and deactivate with your current working directory, but come on. Janky shell hacks.

                                    That and pip just sucks. Whenever I have python dependency issues, I just blow away my venv and rebuild it from scratch. The virtualenv melting pot of files that pip dumps into one directory just blatantly breaks a lot of the time. They’re basically write once. Meanwhile every gem version has it’s own directory so you can cleanly add, update, and remove gems.

                                    Basically the ruby, java, node, etc. all have tooling actually designed to author and deploy real applications. Python never got there for some reason, and still has a ton of second rate trash. The scientific community doesn’t even bother, they use distributions like Anaconda. And Linux distros that depend on python packages handle the dependencies independently in their native package formats. Ruby gets that too, but the native packages are just… gems. And again, since gems are version binned, you can still install different versions of that gem for your own use without breaking anything. Python there is no way to avoid fucking up the system packages without using virtualenvs exclusively.

                                    1. 1

                                      But with python you’re stuck with whatever your distro has pretty much.

                                      I’m afraid you are mistaken, not only distros ship with 2.7 and 3.5 at same time (for years now) it is usually trivial to install newer version.

                                      let you exec against arbitrary environments directly (bundle exec, mvn exec, gradle run), without messing with activating and deactivating virtualenvs

                                      You can also execute from virtualenvs directly.

                                      Whenever I have python dependency issues, I just blow away my venv and rebuild it from scratch.

                                      I’m not sure how to comment on that :-)

                                      1. 1

                                        it is usually trivial to install newer version

                                        Not my experience? How?

                                        1. 1

                                          Usually you have packages for all python versions available in some repository.

                          2. 2

                            Have they chosen Macs or have they been issued Macs? If I were setting up my development environment today I’d love to go back to Linux, but my employers keep giving me Macs.

                            1. 3

                              Ask for a Linux laptop. We provide both.

                              I personally keep going Mac because I want things like wifi, decent power management, and not having to carefully construct a house of cards special snowflake desktop environment to get a useable workspace.

                              If I used a desktop computer with statically affixed monitors and an Ethernet connection, I’d consider Linux. But Macs are still the premier Linux laptop.

                              1. 1

                                At my work place every employee is given a Linux desktop and they have to do a special request to get a Mac or Windows laptop (Which would be in addition to their Linux desktop).

                            2. 3

                              Let’s be clear though, what this author is advocating is much much worse from an individual liberty perspective than what Microsoft does today.

                              1. 4

                                Do you remember when we all thought Microsoft were evil for bundling their browser and media player? Those were good times.

                            1. 39

                              Perhaps build systems should not rely on URLs pointing to the same thing to do a build? I don’t see Github as being at fault here, it was not designed to provide deterministic build dependencies.

                              1. 13

                                Right, GitHub isn’t a dependency management system. Meanwhile, Git provides very few guarantees regarding preserving history in a repository. If you are going to build a dependency management system on top of GitHub, at the very least use commit hashes or tags explicitly to pin the artifacts you’re pulling. It won’t solve the problem of them being deleted, but at least you’ll know that something changed from under you. Also, you really should have a local mirror of artifacts that you control for any serious development.

                                1. 6

                                  I think the Go build system issue is a secondary concern.

                                  This same problem would impact existing git checkouts just as much, no? If a user and a repository disappear, and someone had a working checkout from said repository of master:HEAD, they could “silently” recreate the account and reconstruct the repository with the master branch from their checkout… then do whatever they want with the code moving forward. A user doing a git pull to fetch the latest master, may never notice anything changed.

                                  This seems like a non-imaginary problem to me.

                                  1. 11

                                    I sign my git commits with my GPG key, if you trust my GPG key and verify it before using the code you pulled - that would save you from using code from a party you do not trust.

                                    I think the trend of tools pulling code directly from Github at build time is the problem. Vendor your build dependencies, verify signatures etc. This specific issue should not be blamed directly on Github alone.

                                    1. 3

                                      Doesn’t that assume that the GitHub repository owner is also the (only) committer? It’s unlikely that I will be in a position to trust (except blindly) the GPG key of every committer to a reasonably large project.

                                      If I successfully path-squat a well-known GitHub URL, I can put the original Git repo there, complete with GPG-signed commits by the original authors, but it only takes a single additional commit (which I could also GPG-sign, of course) by the attacker (me) to introduce a backdoor. Does anyone really check that there are no new committers every time they pull changes?

                                      1. 3

                                        Tags can be GPG signed. This proves all that all commits before the tag is what the person signed. That way you only need to check the people assigned to signing the tagged releases.

                                  2. [Comment removed by author]

                                    1. 2

                                      Seriously, if only GitHub would get their act together and switch to https, this whole issue wouldn’t have happened!

                                      1. 4

                                        I must have written this post drunk.

                                  1. 1

                                    But first, let me start on a somewhat somber note: what nobody tells you is that one’s level on the leadership ladder tends to be inversely correlated with several measures of happiness.

                                    With all due respect, this is self-serving and untrue. Research has shown that stress levels are lower the higher you go in an organization. The people at the bottom of the org chart are the most stressed.

                                    1. 2

                                      Suggest visualization.

                                      Is this really a privacy thing? This is behavior explicitly advertised by the product.

                                      I’m not sure that getting a lot of “look at this totally expected behavior of modsern products” posts here is good. Tends to lead to clickbaity stuff.

                                      1. 5

                                        I think really this isn’t the advertised behavior. While Strava does advertise activity tracking, it’s not until you mix in the occupation related PT required in the military that this emergent behavior appears where you can see very regimented fitness activity often in areas that otherwise wouldn’t have it. Together, you see the initially surprising - but entirely reasonable in hindsight - ability to locate bases. It’s something that makes you go “huh!”.

                                        Strava advertises fitness activity tracking. The military takes fitness seriously. Combined, Stava can be used to identify the location of abnormal areas of activity, ie, military bases.

                                        This is the tweet that really sums it up: https://twitter.com/gavinsblog/status/957786002751332354

                                        1. 1

                                          The users of these devices had an expectation of privacy which has been violated. I doubt they believed their use of a fitness device could reveal their position to the enemy.

                                          I think it’s decent news and worthy of attention/discussion.

                                          1. 3

                                            Have you used Strava? I have, and it is very clear when you are posting an activity publicly. (My understanding based on discussion elsewhere is that private activities are not included in the heat map. Strava also provides a feature whereby you can post an activity publicly but hide the start/end points so that your home address isn’t apparent; my understanding is that these hidden sections of public activities are also omitted from the heat map.)

                                            I have no more expectation of privacy when I post a public activity to Strava than when I post a public photo to Instagram, or a comment to Lobste.rs.

                                        1. 40

                                          Almost anyone just reads the mail, but not the mail it was a reply to or the discussion that comes out of it.

                                          What makes you think this is true? I always read the surrounding thread.

                                          I have found many of these links very interesting and feel they are legitimate posts for Lobsters.

                                          1. 6

                                            General experience with the discussions that burst out below. Exceptions make the rule, as they say.

                                            Also, in the linked example, a lot of what Theo was referring to was in topics a couple of days away, so establishing context isn’t always “click previous, click followup”.

                                            1. 8

                                              Exceptions make the rule, as they say.

                                              No. “Exceptio probat regulam in casibus non exceptis” means that if there is an explicit rule regarding exceptions then there exists an implicit rule from which those exceptions are derived.

                                              1. 2

                                                I saw the pattern you were talking about. It seemed part of a larger one being really eager to speak but lazy about reading. I second your proposal of no mailing list threads unless it’s an independent write-up with context included so people see big picture at a glance.

                                                1. 2

                                                  I agree and disagree. I agree that if we’re going to ban deep linking into threads then sure a write up would be ok.

                                                  But, I would rather posit a second option, which amounts to when linking to a thread we link in a comment to the specific post that is at issue with the link to the top of the thread as the article link. Thus trying to encourage everyone to read the context that surrounds the post and allowing everyone to come to their own conclusions as to the post in its original context.

                                                  I say this as while I’d love independent write-ups, noticing how every write up or news post can skew things ever so slightly I would rather encourage everyone to read through the original source material.

                                                  I would propose the same rule for forum posts, I wouldn’t expect write ups in all cases and think that requirement would just discourage discussion over the actual issue at hand, if any.

                                                  1. 2

                                                    “I say this as while I’d love independent write-ups, noticing how every write up or news post can skew things ever so slightly I would rather encourage everyone to read through the original source material.”

                                                    This is a good point. The Dalmore memo discussions were a good example of that.

                                              2. 1

                                                Personally, I try to get the context but I’ll admit that I can get a bit lazy with it. And my reflex is also a bit to do meta-discussions on communication.

                                                Unlike something like a Github issue, a bit more effort is required to get the full context. Not a huge amount, of course, but enough. Not to mention double-quoting and whatnot confusing people.

                                                Perhaps linking to the first e-mail in the chain will force people to read through stuff? Not sure how doable that is

                                              1. 11

                                                you will be banned. No warnings.

                                                Pretty heavy handed IMHO

                                                1. 6

                                                  That is extremely harsh. Mistakes happen; I would suggest two strikes, assuming the deficiency in the original posting is rectified immediately.

                                                  1. 6

                                                    Given how often people spam bad job postings, and given how basic that information is, I think it is reasonable.

                                                    If you put up a sloppy posting, you are wasting the time and being disrespectful to all the people who have to parse through it. If you are unwilling to proof it for those four things, you should be banned.

                                                    1. 5

                                                      I’m pretty tired of recruiter shenanigans, but this got upvoted strongly, so I’m rewriting it to say “it will be deleted.” We can reserve banning for repeat offenders, and hopefully it won’t come up.

                                                      1. -1

                                                        I think part of the problem is you desire to run this site with an iron fist and that’s really not needed. We’re all mature and have been vetted through the invite process, there is no need to be the über admin. Instead this site needs something akin to a caretaker.

                                                        1. 6

                                                          I think part of the problem is you desire to run this site with an iron fist and that’s really not needed.

                                                          I think this is being unfair to @pushcx. The only “iron fist” thing he did in the past month was ban a person calling for a race war, which IMO was long-overdue. Everything else was quality of life adjustments like merging dupes and removing off topic content, and I for one am glad they’re done.

                                                          We’re all mature and have been vetted through the invite process, there is no need to be the über admin.

                                                          The invite process isn’t really a vetting process. It means you either 1) knew a person who already had an account, or 2) went on the IRC channel and demonstrated that you know tech stuff (which is how I got an invite). It doesn’t filter for maturity or decency.

                                                      2. 3

                                                        I agree.

                                                        I’ve occasionally floated semi-public postings over the years when I was not ready to divulge the company name until the req was actually public and in all cases salary was listed as “competitive”.

                                                        I’d say that “competitive” really means “negotiable” which can be off-putting and doesn’t bracket it. It was only for junior hires that I had a solid range rather than a floor.

                                                        1. 3

                                                          I think the company name is vital because it allows people to look up lots more information.

                                                          For salary range, “competitive” is used by everyone but non-profits, so it doesn’t mean anything. And all salaries are negotiable, so again, that doesn’t convey any information.

                                                          1. 1

                                                            There are plenty of places you can post those listings and far fewer places where you can escape them. It’s nice for this group to be one of the latter.

                                                        1. 7

                                                          A phenomenon I’ve noticed and cannot account for is that people who are not experienced with or who even reject the notion of object-oriented design are nonetheless excited by the idea of microservices, with their independent, encapsulated state, discrete responsibilities, communication by message sending and so on.

                                                          I’ve therefore found that “microservices versus monolith” is a great false dichotomy to get modularity concerns considered, even though there are attendant complexities.

                                                          1. 6

                                                            Everywhere I’ve worked where there has been any appetite for microservices, it’s been with the specific goal of making most or all of them stateless.

                                                            1. 4

                                                              Do you mean java/C++ style OO or perhaps something like erlang? I would hardly call C++/Java method calls ‘message sending’ and I think that is part of the problem. Shifting to services fixes that somewhat and moves things closer to erlangs process/actor model where each service/actor manages state and has a known/documented protocol that can be networked and scaled.

                                                              C++/Java OO is just making function calls look a bit different with a whole lot of boiler plate and poor abstraction.

                                                              1. 1

                                                                Thanks problem is that most popular OOP languages don’t have a way of nesting classes, so you can’t use them to enforce multiple levels of modularity. I’ve written about this before: https://www.hillelwayne.com/post/box-diagrams/

                                                              1. 10

                                                                Any post that calls electron ultimately negative but doesn’t offer a sane replacement (where sane precludes having to use C/C++) can be easily ignored.

                                                                1. 10

                                                                  There’s nothing wrong with calling out a problem even if you lack a solution. The problem still exists, and brining it to people’s attention may cause other people to find a solution.

                                                                  1. 8

                                                                    There is something wrong with the same type of article being submitted every few weeks with zero new information.

                                                                    1. 1

                                                                      Complaining about Electron is just whinging and nothing more. It would be much more interesting to talk about how Electron could be improved since it’s clearly here to stay.

                                                                      1. 4

                                                                        it’s clearly here to stay

                                                                        I don’t think that’s been anywhere near established. There is a long history of failed technologies purporting to solve the cross-platform GUI problem, from Tcl/tk to Java applets to Flash, many of which in their heydays had achieved much more traction than Electron has, and none of which turned out in the end to be here to stay.

                                                                        1. 2

                                                                          I seriously doubt much of anything, good or bad, is here to stay in a permanent sense

                                                                          1. 2

                                                                            Thing is that Electron isn’t reinventing the wheel here, and it’s based on top of web tech that’s already the most used GUI technology today. That’s what makes it so attractive in the first place. Unless you think that the HTML/Js stack is going away, then there’s no reason to think that Electron should either.

                                                                            It’s also worth noting that the resource consumption in Electron apps isn’t always representative of any inherent problems in Electron itself. Some apps are just not written with efficiency in mind.

                                                                      2. 5

                                                                        Did writing C++ become insane in the past few years? All those GUI programs written before HTMLNative5.js still seem to work pretty well, and fast, too.

                                                                        In answer to your question, Python and most of the other big scripting languages have bindings for gtk/qt/etc, Java has its own Swing and others, and it’s not uncommon for less mainstream languages (ex. Smalltalk, Racket, Factor) to have their own UI tools.

                                                                        1. 4

                                                                          Did writing C++ become insane in the past few years? All those GUI programs written before HTMLNative5.js still seem to work pretty well, and fast, too.

                                                                          It’s always been insane, you can tell by the fact that those programs “crashing” is regarded as normal.

                                                                          In answer to your question, Python and most of the other big scripting languages have bindings for gtk/qt/etc, Java has its own Swing and others, and it’s not uncommon for less mainstream languages (ex. Smalltalk, Racket, Factor) to have their own UI tools.

                                                                          Shipping a cross-platform native app written in Python with PyQt or similar is a royal pain. Possibly no real technical work would be required to make it as easy as electron, just someone putting in the legwork to connect up all the pieces and make it a one-liner that you put in your build definition. Nevertheless, that legwork hasn’t been done. I would lay money that the situation with Smalltalk/Racket/Factor is the same.

                                                                          Java Swing has just always looked awful and performed terribly. In principle it ought to be possible to write good native-like apps in Java, but I’ve never seen it happen. Every GUI app I’ve seen in Java came with a splash screen to cover its loading time, even when it was doing something very simple (e.g. Azureus/Vuze).

                                                                          1. 1

                                                                            Writing C++ has been insane for decades, but not for the reasons you mention. Template metaprogramming is a weird lispy thing that warps your mind in a bad way, and you can never be sane again once you’ve done it. I write C++ professionally in fintech and wouldn’t use anything else for achieving low latency; and I can’t remember the last time I had a crash in production. A portable GUI in C++ is so much work though that it’s not worth the time spent.

                                                                          2. 1

                                                                            C++ the language becomes better and better every few years– but the developer tooling around it is still painful.

                                                                            Maybe that’s just my personal bias against cmake / automake.

                                                                        1. 33

                                                                          Side topic, this story may explain an odd story from two weeks ago about how the Intel CEO sold all the shares he could. If he doesn’t have rock-solid documentation that the trade was planned before he learned this, that’s probably insider trading. (Hat tip to @goodger prompting me to look up the SEC rule in the chat.)

                                                                          ETA: here’s the form 4 he filed. I’ve got to step out the door, but if anyone can figure out if this was reported to Intel before Nov 29 that would be interesting.

                                                                          1. 18

                                                                            From the project zero blog post:

                                                                            We reported this issue to Intel, AMD and ARM on 2017-06-01

                                                                            1. 6

                                                                              Good find. Looks like some press has it now, too. And a yc news commenter notes it’s not in their 10-Q, so that’s probably a couple counts in an indictment and a shareholder lawsuit.

                                                                            2. 1

                                                                              Even if he knew, I think it matters whether this is a recurring event. If he always sells his shares at the end of the year, it would be insane to demand that he doesn’t do it.

                                                                              Otherwise people could just start shorting as soon as they see an executive not selling stock, because they can infer now that there is some bad news incoming.

                                                                              1. 9

                                                                                It’s public information, there’s no need to speculate. He doesn’t.

                                                                                1. 1

                                                                                  Matt Levine is relaying Intel comments that are the opposite of what you’re saying.

                                                                                  1. 3

                                                                                    That article is pretty misleading. It’s true that the November sale was “pursuant to a pre-arranged stock sale plan with an automated sale schedule,” but that stock sale plan was pre-arranged only in October, months after Google had notified Intel of these vulnerabilities.

                                                                                    1. 3

                                                                                      I thought these all had to be disclosed on Form 4s. Maybe there’s another reporting vehicle I’m unaware of, but “Krzanich’s plan seems to involve getting stock grants at the beginning of each year and then selling as much as he can in the fourth quarter, which he has done consistently for a few years.” is not an accurate description of the record in the linked form 4s. His sales happen in every quarter and this is the only time he’s sold down to Intel’s minimum (eyeballing rather than making a running total, but it seems clear).

                                                                              1. 10

                                                                                Our goal is to deliver the best experience for customers, which includes overall performance and prolonging the life of their devices. Lithium-ion batteries become less capable of supplying peak current demands when in cold conditions, have a low battery charge or as they age over time, which can result in the device unexpectedly shutting down to protect its electronic components.

                                                                                Last year we released a feature for iPhone 6, iPhone 6s and iPhone SE to smooth out the instantaneous peaks only when needed to prevent the device from unexpectedly shutting down during these conditions. We’ve now extended that feature to iPhone 7 with iOS 11.2, and plan to add support for other products in the future.

                                                                                Come on. If this is really about managing demand spikes, why limit the “feature” to the older phones? Surely iPhone 8 and X users would also prefer that their phones not shut down when it’s cold or the battery is low?

                                                                                1. 6

                                                                                  I would assume most of those phones are new enough where the battery cycles aren’t enough to cause significant enough wear on the battery to trip the governor, and/or battery technology improved on those models.

                                                                                  It’s really a lose-lose for Apple whichever way they do it, and they IMHO picked the best compromise: run the phone normally on a worn battery and reduce battery life further, and risk just shutting off when the battery can’t deliver the necessary voltages on bursty workloads; or throttle the performance to try to keep battery life consistent and phone running with a battery delivering reduced voltages?

                                                                                  1. 6

                                                                                    Apple could have also opted to make the battery replaceable, and communicate to the user when to do that. But then that’s not really Apple’s style.

                                                                                    1. 3

                                                                                      I believe that’s called “visiting an Apple store.” Besides, as I’ve said elsewhere in this thread, replacing a battery on an iPhone is pretty easy; remove the screen, (it’s held in with two screws and comes out with a suction cup) and the battery is right there.

                                                                                    2. 4

                                                                                      and plan to add support for other products in the future.

                                                                                      They probably launched on older phones first since older phones are disproportionately affected.

                                                                                      1. 2

                                                                                        Other media reports indicate that battery performance loss is not just a function of age but of other things like exposure to heat. They also indicate that this smoothing doesn’t just happen indiscriminately but is triggered by some diagnostic checks of the battery’s condition. So it seems like making this feature available on newer phones would have no detrimental effect on most users (because their batteries would still be good) and might help some users (whose batteries have seen abnormally harsh use or environmental conditions). So what is gained by limiting it only to those using older models? Why does a brand new iPhone 7 bought new from Apple today, with a brand new battery, have this feature enabled while an 8 does not?

                                                                                        1. 2

                                                                                          Probably easier for the test team to find an iPhone 7 or 6 with a worse battery than an 8. the cpu and some other components are different.

                                                                                          1. 3

                                                                                            There are documented standards for rapidly aging different kinds of batteries (for lead-acid batteries, like in cars, SAE J240 says you basically sous-vide cook them while rapidly charging and draining them), and I’d be appalled if Apple didn’t simulate battery aging for two or more years as part of engineering a product that makes or breaks the company.

                                                                                    1. 23

                                                                                      As a programmer, I read this and think, yes, that’s an unsurpassable moat. How will Apple–much less OpenStreetMaps–ever catch up?

                                                                                      As someone who worked with Sanborn fire insurance maps in a previous career, I’m not so sure. Sanborn maps had even more detail than today’s Google Maps–they showed not only building footprints but building function, number of floors, construction materials, and other features of interest to fire insurers (sometimes interior structural walls were indicated). They existed for big cities but also for places like Circle City, Alaska and Adrian, Michigan. I have a hard time imagining the level of effort that went into creating and maintaining these maps (they were literally updated by mailing out sheets with bits of paper you would cut out and paste over your existing map, usually at the level of individual buildings). But people managed to do it without aerial or satellite imagery, or ML image recognition, or any of the other tools available to us today. It’s hard to imagine that Apple couldn’t–if it wanted to–replicate something a much smaller company (the Sanborn Map Company employed 700 people at its peak) was doing a hundred years ago.

                                                                                      1. 10

                                                                                        The Sanborn example is a really good one. As a fire insurance company, they invested in good maps because they were potentially liable for a lot of unexpected costs from inaccurately-estimated risks. The maps were literally Sanborn’s business. Apple sells phones and computers so they just need a good-enough map to keep people from jumping ship to Android or allowing GMaps an enclave in iOS territory. What does Google need this level of detail for? Ultimately they sell ads, and they’ve been very creative in figuring out ways to expand the potential surface area for ad sales and improve consumer data flowing back to them.

                                                                                        1. 3

                                                                                          I agree with you, it’s all about who the detail is for. It’s not unsurpassable. It really depends what you’re trying to do.

                                                                                          Mapping is one of the most subjective pieces of data you can offer: a map’s value is only what the reader gets from it. That’s why we have so many… hiking maps, road maps, the fire maps you point out. Is the information that the article notes others don’t have really that valuable? Not to me. I’m sure it’s valuable to some. I’ve tried Apple Maps again because it worked nicely with the iPhone X out the box (note to app developers: you don’t get second chances, you gotta be there at the beginning) and it seems fine for road maps, which is what I need it for. I also like the Yelp reviews that are embedded. I remain skeptical about the traffic information, though.

                                                                                          Waze is a really good example of a map that’s hyperfocused on a single use case: driving. You got roads. You got traffic. You got where you can get a donut. You don’t need to know the shape of a building.

                                                                                          I guess I just don’t find the idea of moats all that compelling. I think we’ve seen time and again in tech and elsewhere that when people see a moat, what you usually have is a very broad offering which leaves opportunities for very focused offerings to do better (even Google was this at the beginning, Yahoo had all the content out the wazoo, and everyone thought you couldn’t compete with that, and Larry and Sergey just built a very good search engine that rocked the one Yahoo had).

                                                                                        2. 3

                                                                                          I sat next to a Apple maps engineer on a flight recently. Was told it’s a 1500 person org. Kind of shocked me.

                                                                                          1. 1

                                                                                            Most of those people are acquiring and processing data, similar to other mapping orgs.

                                                                                        1. 7

                                                                                          I’ve seen quotes from Alan Kay where he says that his approach to objects (not classes) was like this. Each object is something you send messages to. Erlang processes are similar.

                                                                                          This post has the right idea, though. It makes sense to adopt microservices only if you need the specific features you get from sticking network boundaries between things.

                                                                                          1. 3

                                                                                            You can try his kind of OOP if you want since it’s still maintained and extended.

                                                                                            http://squeak.org

                                                                                            Edit: Also supposedly easy to learn due to minimalist language and designed for kids.

                                                                                            1. 3

                                                                                              I think the problem with objects in most languages is with having shared mutable state when you pass around references to them. Erlang avoids this problem entirely.

                                                                                              1. 3

                                                                                                I’ve come to believe that state is just as problematic for services as it is for objects, and that, as with data in Clojure, immutability should be the default. The “black box” terminology around both classes and microservices tends to imply that state is an implementation detail and the consumer shouldn’t know or care. I don’t think that’s viable. Stateful services need to be called out as their own category of thing, or the state needs to be moved out of the services altogether.

                                                                                                1. 3

                                                                                                  Clojure addresses this in a really nice way of ‘Identity’ and ‘state’, you can read about it here .

                                                                                                  https://clojure.org/about/state#_object_oriented_programming_oo

                                                                                                  1. 2

                                                                                                    Yup, very happy with the way this works in Clojure. I find that immutability as the default naturally leads to low coupling. I tend to treat each namespace as a small library that does a specific transformation of the data.

                                                                                              1. 2

                                                                                                This is crazy. I chalked the root-without-password problem up to Apple not caring much about MacOS anymore since they make so much more money from mobile devices. But this makes me think they just gave up.

                                                                                                1. 2

                                                                                                  Once an intruder gains access to the user’s iPhone and knows (or recovers) the passcode, there is no single extra layer of protection left.

                                                                                                  Is this such a big deal? With physical access to the device, anything is one password away. What do you expect once an intruder gains access to your MacBook and knows (or recovers) the password? The whole point of two factor authentication is just, in addition to knowing the password, you need physical access to a trusted device.

                                                                                                  1. 7

                                                                                                    The issue is that before Apple would require you to enter other passwords to accomplish certain action.

                                                                                                    For example, before if you wanted to change your backup encryption password Apple would require you to type it in. Otherwise it would refuse to reset the password.

                                                                                                    Now you can remove the backup encryption password without entering the older password first. This allows the possessor to create a new backup password, back the phone up, grab the backup and with other tools dump all other passwords in the Keychain, like all their Safari-saved passwords for other websites.

                                                                                                    In this new world if the user happens to have setup two-factor auth, from the compromised device they can (quoting the article):

                                                                                                    • Change the user’s Apple ID password
                                                                                                    • Remove iCloud lock (then reset and re-activate the iPhone on another account)
                                                                                                    • Discover physical location of their other devices registered on the same Apple account
                                                                                                    • Remotely lock or erase those devices
                                                                                                    • Replace original user’s trusted phone number (from then on, you’ll be receiving that user’s 2FA codes to your own SIM card)
                                                                                                    • Access everything stored in the user’s iCloud account

                                                                                                    All this because you have the device in hand and either guessed or coerced their PIN from them. Whereas before Apple had layers to their security model. With an iOS 11 device you can totally own everything Apple they own and possibly a lot more.

                                                                                                    That’s why it’s a big deal.

                                                                                                    1. 3

                                                                                                      With physical access to the device, anything is one password away.

                                                                                                      I would not expect physical access to the device alone to yield administrator-level control of my iCloud account and the ability to wipe any of my other devices (to which the attacker did not have physical access). I think that’s a genuinely non-intuitive behavior.

                                                                                                  1. 2

                                                                                                    Kinda neat, but still wish MS hadn’t screwed up with Win8 and the potential for tiling window management. I’ve used i3 on Linux since 2012, both at work and home, and I don’t think I could ever go back to Mac/Win again (although I’ve heard there are some decent tiling window managers for Mac now).

                                                                                                    Overlapping windows were a terrible design choice (I think that was Xerox?) More tabs in unrelated applications are not the answer.

                                                                                                    1. 2

                                                                                                      Tiling plus tabbing is the bee’s knees. I have to use a Mac these days and I miss the Ion window manager more than anything else from Linux.

                                                                                                    1. 5

                                                                                                      Meanwhile, I’m still waiting on ESR for Vimperator or Vimium to catch up :)

                                                                                                      1. 5

                                                                                                        Vimperator is EOL sadly.

                                                                                                        cmcaine has gotten an extended keyboard api for WebEx approved but it not slated to be implemented until the next release. They are also https://github.com/cmcaine/tridactyl working on a replacement for Vimperator called Tridactyl.

                                                                                                        1. 3

                                                                                                          Yeah, I know.

                                                                                                          That said, Vimium is said to be the best among WebEx-compatible, Vimperator-like extensions. I think I’ll probably wait until 52 is EOL and decide what to do then.

                                                                                                          1. 4

                                                                                                            Someone on the orange website mentioned this one: https://github.com/ueokande/vim-vixen apparently the only one supporting ex commands

                                                                                                        2. 1

                                                                                                          I’ve been using Vimium with Quantum (Firefox Developer Edition) for a few days and haven’t noticed any problems. (I am a long-time user of Vimium in Chrome.) I don’t know if it’s at 100% feature parity, but all of the features I use work.

                                                                                                        1. 9

                                                                                                          It turns out the machines that feel quick are actually quick, much quicker than my modern computer – computers from the 70s and 80s commonly have keypress-to-screen-update latencies in the 30ms to 50ms range out of the box, whereas modern computers are usually in the 100ms to 200ms range.

                                                                                                          This makes me sad.

                                                                                                          Updated to add: if the original author is reading this, I have some 1990s Models M and a modern Unicomp (Model M remake built by the original IBM contractor) and I’d be really interested in seeing how they compare. I am in NYC and would be happy to lend them to you. But your “please contact me” link goes to Twitter (of which I am not a member), so please e-mail me if you are interested.

                                                                                                          1. 3

                                                                                                            For the 90s keyboards, you might want to measure the latency coming out of the original interface, then as it goes through a PS/2->USB converter (or in my case, an AT->PS/2->USB converter).

                                                                                                            1. 1

                                                                                                              Heh. I used a single “Windows 98 ready!” Logitech NewTouch ergo keyboard with an integrated touchpad for the bulk of my career, taking it with me from job to job. Best keyboard feel I ever found, and completely indestructible. I can’t speak to its latency, but its longevity was legendary – six jobs, sixteen years, and who knows how many lines of code.

                                                                                                              The series of keyboard connectors that I had to use to keep it running got pretty ludicrous though, and I remember that a crummy ps/2 to usb converter did seem to change how responsive the keyboard felt. It was worth it to suffer the return line at Fry’s to find good ones.

                                                                                                            2. 2

                                                                                                              Models M

                                                                                                              Thank you for your proper pluralization.

                                                                                                            1. 27

                                                                                                              I’ve worked with people like the guy who was fired. In every case, those people were given the leeway to become so critical specifically because managers with no real idea how to evaluate technical skill mistook their arrogance, inability to work well with others, cowboy coding practices, and willingness to promise anything as signs of programming genius. Meanwhile, better programmers who could actually communicate and collaborate but who didn’t fit the managers’ cliched movie image of the anti-social Mountain-Dew-at-3am hacker were treated as bench players.

                                                                                                              1. 1

                                                                                                                I’m torn. I do resent being asked to do significant amounts of work for free. But it’s far nicer for me to be able to solve a problem at my own pace, in my own home, with the tools I’m used to, than to try to do something on a whiteboard or with an unfamiliar dev environment during an on-site interview. (I did one awful remote interview where I had to write some functions that should have been trivial using a weird web-based multi-user editor I’d never heard of or seen before or since.)

                                                                                                                One issue is that, in my experience, hiring managers often drastically underestimate how long their coding challenge is going to take. Maybe I’m just slow (though that would be contrary to the feedback I’ve gotten in all of my jobs), or too finicky (I’m not going to skimp on test coverage or documentation unless they are very clear up front that they don’t care about those), but several times now I’ve been asked to build little toy applications that “should take you a couple hours” that end up eating my entire weekend. That’s a really excessive amount of work to ask for from someone with years of documented experience in the field and a bunch of public Github repositories–especially before the real interview.

                                                                                                                1. [Comment removed by author]

                                                                                                                  1. 6

                                                                                                                    The question is whether I want to work for an organization that is so lazy in their hiring practices that they’re handing out FizzBuzz to non entry level hires.

                                                                                                                    Even as it seems like an insult to the intelligence, you’d evidently be shocked at how many complete frauds have glow-in-the-dark CVs, and the horrifying fact that FizzBuzz-level tests are actually a useful tool, and quite a quick one.

                                                                                                                    Next time your company has a hiring round, I urge you to sit in. You’ll see why the poor person doing the hiring does this.

                                                                                                                    (I’m a sysadmin not a coder, but we have the same thing in sysadmin. Twenty-year CVs where they clearly don’t know basics.)

                                                                                                                    1. 3

                                                                                                                      But are they, though?

                                                                                                                      As a personal anecdote, I have to be in the right “mindset” for writing code, which is a very different mindset from “interviewing”, so much so that they collide. When I’m in “social mode”, talking about what I do, following social cues, etc. I absolutely cannot write code to save my life. When I’m in ‘coding mode’ I can write code for just about anything you can imagine but my social skills amount to grunts and forces smiles.

                                                                                                                      Having been on both sides of the fence, I think there’s really a perception that there are frauds behind every CV and it’s up to YOU as the hiring manager to root them out. I believe that this is an adversarial position before the interaction even begins. I’ve found much more success in assuming people are capable and letting them rise or fall from that starting point.

                                                                                                                      Further, this modality also doesn’t account for the fact that “interviewing” is a skill that is different than “coding”.. Solving large complex problems in relatively unbounded time (weeks, months) vs. on the spot 45 minute brain teasers/puzzles are two entirely different skillsets and don’t signal anything about the prospective person other than they’re practiced and your interview style.

                                                                                                                      1. 3

                                                                                                                        Solving large complex problems in relatively unbounded time (weeks, months) vs. on the spot 45 minute brain teasers/puzzles are two entirely different skillsets and don’t signal anything about the prospective person other than they’re practiced and your interview style.

                                                                                                                        I wonder if this is analogous to doing arithmetic in one’s head versus doing mathematics.

                                                                                                                        It’s pretty easy to practice arithmetic and get quick & good at it, just by mechanical drilling. That’s one way you get to be known as the guy who’s “good at maths” at school. And then you get lazy about it because you have a calculator, and there’s something more interesting to do than summing & multiplying numbers.

                                                                                                                        Once on a coffee break, a coworker asked me something silly like how much is 1.5 * 0.5. It was sudden, unexpected, and shocking, and I just sort of froze. It probably took me at least five minutes to come up with the answer.

                                                                                                                        Were that to be an interview question, I suppose one could extrapolate and conclude that I am hopelessly bad at mathematics. (To be honest I’m not a maths geek but I’m not that bad either, ha!)

                                                                                                                        1. 2

                                                                                                                          I’m talking specifically about 5-minute ones on the level of FizzBuzz, not 45-minute things. My cynicism comes from sad experience. Perhaps it’s the same 199 people, per Joel: https://www.joelonsoftware.com/2005/01/27/news-58/

                                                                                                                          FizzBuzz isn’t a coding test, it’s a quick bozo filter.

                                                                                                                        2. 1

                                                                                                                          Next time your company has a hiring round, I urge you to sit in. You’ll see why the poor person doing the hiring does this.

                                                                                                                          You know, I’ve been in a bunch of interviews at several companies, and I’ve never seen one of these frauds who are supposedly so ubiquitous. Maybe it’s because I haven’t worked at big or “name” companies. But I just haven’t seen people who couldn’t write FizzBuzz applying for developer jobs.