1. 3

    DuckDuckGo is the way to go for this very feature.

    1. 2

      I’m personally well aware of DDG and use it mostly, this happened to be on my kind of new iPhone where I haven’t changed the defaults yet.

      1. 2

        there is a whole where

        *hole

        :)

        1. 1

          Thanks, fixed :-)

    1. 4

      I agree with Drew that an intelligent being in the loop is necessary - and dangerous for all kids of actually long term storage.

      Regarding the technical parts:

      For business use there there are rules that can be set in Google Cloud (and probably Azure and AWS as well) to prevent deletion, but I guess of you don’t pay your bills it goes away anyway.

      Personally I’ve been considering getting an mdisc compatible DVD burner and some mdiscs for photos, and I’d be happy to know if someone here has looked closer at that option and would care to share their findings.

      1. 48

        I saw this described on the IRC channel as ‘what-color-are-your-underpants threads’ - lots of easy engagement stuff, crowding more interesting stuff off the front page. My perception is that there is now a lot less of the stuff that differentiated lobste.rs from the other hundredty-dillion tech sites - it was good at bridging computer-science-proper topics and real applications, e.g. someone’s experience report of using formal verification in a real product, or how property testing uncovered some tasty bug in some avionics, or how to synthesize gateware with Z3. That sort of thing.

        It doesn’t have to be the case that underwear-threads exist at the cost of quickcheck threads, but as they increasingly crowd the front page and stay there, it means the slightly more cerebral stuff has less chance to be seen, and new people get a different perception of what lobste.rs is about, and so the tone of the place gradually shifts. Some people might think that’s fine, I think it’s a shame. Differentiation is good.

        As for ‘if it gets upvotes then by definition it belongs’, I’ve always thought that ‘just leave it to the market’ attitude is total and utter cow-dung. Of course there should be regulation. If you applied that confusion everywhere you’d have sport be replaced by gladiatorial combat, McDonalds purchasing every farm until that was all you could eat, and other kinds of dystopia that unfortunately some americans are beginning to suffer a flavor of (choosing between insulin and death, $1000 toilet roll…). There is nothing inevitable about letting upvotes decide the tone of the site, it’s not a fundamental physical force. You’re allowed to intervene, complain, and so on. It should be encouraged, I think.

        1. 21

          crowding more interesting stuff off the front page

          Come on, there’s very rarely more than one of these threads on the front page, how is that crowding?

          1. 7

            Well I counted three at one point today, which is over 10% of the front page. I’d like to nip this virus in the bud! It’s too facile to make corona references but regardless, we can go from ‘15 deaths out of 300 million people, no big deal’ to We Have A Problem is a fairly short space of time.

            One of the more useful and formative talks I watched when helping to start my business was Ed Catmull [computer graphics pioneer and former Pixar president]’s talk entitled ‘Keep your crises small’*in which he makes the case that businesses are fundamentally unstable and it’s especially hard to notice the bad stuff during periods of high growth or profitability. He contends that you must always have your hand on the tiller and make steering corrections before problems get too big. I see an analogous situation on lobste.rs.

            Look at my posting history here. It’s crap. I am a consumer and not a contributor. I have no right to voice my opinion really because I have not done my bit to try and steer lobsters in the direction I want. I am a mechanical engineer with no formal CS background and I stayed here merely because I learned a great deal, and my industry is one built on MScs and PhDs committing abominations in Excel and Matlab, in which a bit of solid CS and solid industrial best-practice would reduce the friction in aerospace R&D by an order of magnitude. It took me five years to get one of my customers to switch to python. Now one of them is using Hypothesis (!) and advocating its usage more widely in a reasonably large aerospace company. I am a True Believer in the value of Advocating the fruits of Computer Science in a field where most participants think the low hanging fruit lies elsewhere. All I’ve been doing is sharing the good stuff that lobsters introduced me to. And this is why I lament the fact that it’s being muscled out by what vim colorscheme do we all prefer, and why I therefore am moved to leave a comment like the grandparent.

            Yes, I will make more effort to upvote and comment on the bits of lobsters I value from now on.

          2. 11

            is that there is now a lot less of the stuff that differentiated lobste.rs from the other hundredty-dillion tech sites

            There is and it’s due to less demand. What the audience wants has changed. I was still doing submissions like you described. They rarely hit the front page. The things getting upvoted were a mix of Lobsters-like content and stuff that gets high votes on other sites. Sometimes cross-posted from those sites. I stopped submitting as much for personal reasons (priority shift) but lack of demand/interest could’ve done it by itself.

            1. 8

              I stopped submitting as much for personal reasons (priority shift)…

              For what it’s worth, I noticed that you have been posting less. Hope all is well.

              1. 12

                I’ll message you the details if you want. It’s been a trip with me back to the Lord, surviving some Gone Girl shit, and facing COVID workload right after. Right now, Im focused on fighting COVID and problems it causes however I can. City-wide shortage on toilet paper, soap, cleaners, etc and nurses having no alcohol/masks made me source them first. Gotta block hoarders and unscrupulous resellers, though.

                Gonna have to find some web developers who can build a store or subscription service. Plan to let people pick up limited quantities that I order in bulk and resell just over cost. Might also scan what’s in local stores to reduce people’s time in them. After that, maybe a non-profit version of InstaCart with advantages that may or may not be easy to code. Got an anti-microbial scanner on the way for whatever.

                Once everything settles, I’ll get back to my security projects. I just go where needed the most. Worse, people arent social distancing here: enveloping around me constantly. COVID can kill me. So, Im tired after work from holding my breath and dodging people up to 14hrs a day. Had no energy for doing CompSci papers either.

                So, there’s a brief summary of some things Ive been up to for anyone wondering.

                1. 4

                  I’m sorry to hear that. I assumed that you must be busy with other stuff or taking a break, but I wouldn’t have guessed how hard of a time you were having. I hope that things start looking up for you soon.

                  1. 4

                    I really appreciate it. Everyone supporting these comments, too, more than I thought I’d see. I’m good, though. (taps heart) Good where I need to be.

                    The possibilities and challenges do keep coming, though. Hope and pray those of us fighting this keep making progress both inside ourselves and outside getting things done in the real world. I’ll be fine with that result. :)

              2. 2

                Speaking of which, where do you find your papers?

                1. 6

                  I applied old-school methods of using search engines to paper discovery. I pay attention to good papers that cite other work. Each sub-field develops key words that are in most of the papers. I type them into DuckDuckGo and/or Startpage with quotation marks followed by a year. Maybe “pdf” with that. This produces a batch of papers. I open all of them glancing at abstracts, summaries, and related work. I’ll go 5-10 pages deep in search results. I repeat the process changing the terms and years to get a batch for that sub-field. Then, I used to post the better ones one by one over a week or two. Then, do a different sub- or sub-sub-field next.

                  The Lobsters didn’t like seeing it that way. Too much on the same topic. So, I started getting the batches, saving them in a file, batch another topic when I have time/energy, and trickling out submissions over time with varying topics. So, I might have 50-100 papers across a half dozen to a dozen topics alternating between them. I just pick one, submit it, and mark it as submitted. Eventually, when there’s not much left, I would just grab some more batches.

                  1. 2

                    Wow that’s amazing! Thank you so much for doing this! I’ve seen some really nice papers here but I didn’t realize there would be this kind of work behind the posting.

                    1. 2

                      I thought people like you just happened to read extremely much.

                      Equally impressed now, just for a different reason.

                2. 2

                  I get the idea of that. I think that what makes the distinction between good and not-so-good ask threads is the length of the responses. For share your blog - what is there to say except a link to your blog? I didn’t bother looking at that one. On the other hand, the distro question generated a ton of long responses about various Linux distros and the pros and cons thereof, interesting stuff. I wonder if there’s some way we could discourage short responses on ask threads, or ask thread topics that tend to generate short responses.

                  1. 1

                    Of course there should be regulation. If you applied that confusion everywhere you’d have sport be replaced by gladiatorial combat, McDonalds purchasing every farm until that was all you could eat, and other kinds of dystopia that unfortunately some americans are beginning to suffer a flavor of (choosing between insulin and death, $1000 toilet roll…).

                    It’s not that I’m looking forward to opening a discussion about this topic, but are you sure this would be the case? Lots of pathological actions done by monopolies are the result of regulating the market in a way which effectively removes competition, leaving the power to the monopolies (in fact, lots of megacorporations that exist nowadays wouldn’t be able to grow to such sizes if it wasn’t for the help from the government). I wouldn’t be so sure that the lack of regulations is the main problem.

                  1. 3

                    Thanks for sharing and liking everyone.

                    If you enjoyed this tou might also enjoy my “interview” with my internal strawman of Chrome developers from last March: Are you making a real web application? Or just a Chrome application?.

                    1. 13

                      Filtering tags (ask included) is the way to go.

                      If they ever add the infamous domain filtering, lobster would become perfect for me. I would start filtering the few domains that I 100% hide and be done with it.

                      Perhaps stick to other less abused tags or keep clicking hide.

                      1. 15

                        I disagree. Filtering on tags means you miss out entirely…better for the community to just take responsibility for weeding out garbage and maintaining standards.

                        1. 7

                          Sure, you can rely on the community to weed out “garbage”, but how exactly do you plan on reaching a consensus about what qualifies as “garbage”?

                          Because I’ll tell you right now, none of these “low effort” posts that have been made over the past few days are what I would call “garbage”. I think that kind of content has a place on a website like this (or any site with a specialized focus).

                          And that seems to be the big issue here: “low effort” posts like these receive community engagement, and a lot of people like them, but then there seems to be a lot of other users who do not.

                          Which is exactly the kind of situation that filtering tools are great for.

                          Either way, I think the best solution here would not be to phase out these kinds of posts, but instead establish a recurring schedule that they can be posted on.

                          For instance, just like the week/weekend posts recur weekly, posts asking about tools or other “low effort” content could happen semi-annually, on different dates, so that you could regularly have one of these kinds of posts for people to engage with, but not all at the same time.

                          Something like “What tools do you use?” every January and June, “Share your blog” every April and October, etc.

                          Then, just create a recurring tag that can be applied to these kinds of posts so that users can filter them out if they want (though their frequency should be much reduced at that point, so I doubt many will want to).

                          That is exactly what is done over at Tildes. We have a bunch of topics that get posted (automatically by the website even) and they all recur on a schedule. Users can hide those topics by filtering out the recurring tag.

                          You can see all the recurring topics on the site:

                          https://tildes.net/?tag=recurring

                          There are even, for the moment, daily recurring topics about the coronavirus. These recurring topics have worked out wonderfully for the community so far.

                          1. 4

                            Then, just create a recurring tag that can be applied to these kinds of posts so that users can filter them out if they want (though their frequency should be much reduced at that point, so I doubt many will want to).

                            This is an excellent idea. I have had the desire to hide the “What are you doing this week/end?” threads for a long time now, but didn’t want to filter the “ask” tag as I still sometimes find value in them. I thought I needed a way to filter based on titles, but a recurring tag would work even better.

                          2. 2

                            What about implementing a recommendation system like “People who have hidden the same stories you have also hidden in the past, have also hidden this subset of stories currently in the frontpage; so we have visually de-emphasized it”?

                            1. 1

                              So just add support for filtering out people, the person who posted this complaint could have just filtered out stories by mraza instead of making another thread where people can post low effort comments.

                              1. 3

                                I don’t believe filters build good communities, least of all because they break the ability to form community norms and standards. If two members have a vastly different experience of what a community is about, they will only diverge over time.

                                Plus, filtering tends to mean that the average unfiltered experience for new users regresses to the mean.

                                1. 1

                                  Filters are the only way to build communities, because each person has limited bandwidth and different opinions.

                                  Saying “I don’t believe in filters for good communities” is like saying “the utopian community is an echo chamber has consensus on signal/noise evaluations” and I won’t disagree with you on that. However I will contest the viability of this “perfect consensus model” as a desirable engineering goal for building a good lobste.rs scale community. In my experience limiting features doesn’t change usage, it just pushes more of the filtering into the wetware (e.g. clicking ‘next page’ a bunch of times and scanning headlines).

                                  To make a contrived example: I subscribe to some RSS feeds and mailing lists, this is my personal feed and although it is constructed explicitly (cherry-picking) using the basis of a vector space we call “the internet” rather than implicitly by taking the negation of some content-set in some subspace, like for example lobste.rs, it is in fact very much the same idea, the social contract is: I give up some of my control and in exchange I save some amount of work. Now our mission is to give back control (or rather the perception, via aligning opinions) but still make it cost minimal work.

                                  So, here on lobste.rs we are sharing a single feed together and one way to give control is to allow people to “slice the feed” or “tune in to a certain frequency” (e.g. filtering out the tags they think are noisy or see all the posts of a tag you think is signaly). This means that in theory we allow for more technical higher quality discussion since in the ideal version of this model there will be an expert community at the heart of each tag and these communities compose to form the lobste.rs community. Best of all, each expert community (or “opinion population”) has roughly the “perfect consensus model”.

                                  Regarding the unfiltered experience regressing to the mean (a la reddit’s “front page of the internet”) this is totally true IF the join of all these expert communities has no discernible qualities. So long as most of us can all tolerate the Top of our space (i.e. unfiltered front page) things will be fine. Once we reach the scale that we are pushing the foundation of the community into more and more heavily filtered sections of the space then we have failed to preserve this identity but maybe that wasn’t a good goal to begin with?

                                  Preserving the identity means maintaining a Goldilocks zone where the conflicts can still be managed using filtering without ruining the unfiltered experience. The next level of scaling becomes a model like ActivityPub where each pub is a lobste.rs equivalent and the unity is lost but each subspace is deeper than before (but this is hard to do, for example ActivityPub does not have particularly “deep” pubs afaict).

                                  So the central thesis is: “giving people more axis to slice along (without giving too many!) is a black magic that if done correctly should improve our community”

                                  Okay, so lets say we know where in the hierarchy we want to place the lobste.rs identity and we leave aside any compositions that reach ActivityPub scale. Then we will never have a unfiltered experience that regresses to the mean since we will actually be filtering at the community level (banning users and flagging stories). This may create some level of spite in the surrounding ecosystem so even this is not side-effect free.

                                  As a random anecdote; I have seen the same phenomena happen in group chats often, you have a small group of friends / acquintances, they make a group chat without any particular investment and so at the beginning people just add new people randomly and the group becomes lots of fun. Then people become afraid that they will lose the group and start making restrictions or somehow try to preserve the optimal state, this leads to stagnation and eventually the chat becomes a relic, too sacred to have fun.

                                  Bringing it back to the ground: I’m saying you misidentify the problem as filtering, I think the problem is consensus on identity. If we allow filtering within the community to silence people that you don’t think produce valuable output then that is the internet equivalent of “agree to disagree” which is an important tool for being able to live with other people in a small space. Eventually some disagreements may grow into faction-splitting situations and in those cases we will be forced to invent the ActivityPub analogue. But hopefully the act of coexisting in a similar environment will actually resolve these conflicts as people learn how to communicate in a shorthand that others can appreciate.

                                  The concrete example is @mraza007 and @zge, it looks like the former derives high signal from getting to know in broad-strokes what the lobste.rs community is about while the latter feels he already has a pretty good idea about this (or doesn’t care about it and just wants IT), either way, @zge seems to think @mraza007 is noise.

                                  Now we can resolve this by taking a hard stance on not allowing one opinion in the community (consensus through violence) or we can take a softer approach like allowing to filter out people. Then the “black magic” is which part of the feature-fractal should we implement, do we want to give an option to set an upvote threshold for unfiltering a piece of information or maybe a dual construct like “trusting users” and if someone you trust upvotes someone you filter then that message gets unfiltered, giving you a chance to re-evaluate the filtered user.

                                  Of course maybe these tools will lead to the community segmenting i.e. we implement the trust idea above and then everyone @zge trusts also filter similarly as him and the ones they filter are filtering back. This is pretty much equivalent to having subreddits and the problem you describe regarding the unfiltered experience suffering is a foregone conclusion in that case.

                                  So the result is that you end up in feature creep as you attempt to maintain balance. Lets say you want to maybe give new users access to the different filter-perspectives but then you’ve just invented subreddits (albeit emergent subreddits rather than predefined ones, so it’s bottom up organization rather than top down, which is always good) and we’ve lost our soul…

                                  So basically, I agree, ideally we all can coexist without losing our identity, but this is a very delicate engineering problem and while we can maybe find some nice local-optima that isn’t too violent I fear that “all good things must come to an end” is always the truth with these things.

                                  In the end, a “chose your own delusion realiity” model is probably the best we can do.

                                  Sorry for how long this became, I didn’t anticipate it when I started and while I would like to edit it down I need to get back to work..

                                  1. 1

                                    I think the problem is consensus on identity. If we allow filtering within the community to silence people that you don’t think produce valuable output then that is the internet equivalent of “agree to disagree” which is an important tool for being able to live with other people in a small space.

                                    I like this framing of the problem, but disagree heavily on the “agree to disagree” bit.

                                    The lowest effort solution, and one that appeals to techies because it’s an engineering solution to a people problem and one that doesn’t require scary topics like taste and judgement, is the filtering solution you advocate.

                                    Filters don’t prevent an accumulation of garbage, which tends to leak when it isn’t labeled properly. It also tends to lead to fractured communities (see also: /pol/ or even the culture tag here). It also means that people that see Lobsters fresh are going to be more lost, with people saying “oh no osdev is a garbage fire, but the plt tags are worth following” (or whatever).

                                    I’d rather just pull on our big kid pants and try to solve the conflict and settle on norms instead of being conflict avoidant.

                                    1. 1

                                      I don’t think the level of filtering that we have now is too bad and being able to filter users wouldn’t be a big change but I also see the slippery slope so I understand your hesitation.

                                      Really what I want to point out is that the problem is hard and any “solution” is a tradeoff. Which tradeoffs we choose will define our collective identity, so for example; I am okay with the feed becoming too fast for me to keep up with - so long as I can just go in, find what I want, and then leave. Granted, this means I am okay with the degradation of the community which is the whole point for many of us (rather than just another faceless content source).

                                      In general I agree that ‘agree to disagree’ is not the best way to act in your relationships… a step up from that is ‘suspending disbelief’ and then re-evaluating periodically to see if the disagreement can be resolved. However the problem stems from the need for eventual consistency and currently I don’t see a way to keep consistency without an ever increasing supply of violence (as the user base grows so does the amount of conflicting views).

                                      There’s conflict avoidance but the conflict intolerance is what I worry about, like when two engineers have different ideas on a detail in a system so the manager steps in and forces a worst-of-all-worlds solution just to avoid having the conflict end with a “winner” and because there is no obvious best-of-all-worlds solution (or the conflict wouldn’t have existed in the first place).

                                      Conflict intolerance is like the chat group that became a relic, it’s the solution that has become politically correct (in the groups collective ethos) but makes everyone unhappy (most of the time because the group is unwilling to drop a false assumption).

                                      Conflict avoidance means you just have some meekness and people who will suffer rather than rocking the boat. This brings down morale but often this can be managed (I think good management is all about standing up for those who can’t stand up for themselves).

                                      Anyway, this exact problem is why I am trying to design a forum system organized around different primitives. The users should be able to express political consensus around a certain type of collective identity in the semantics of the system and shared views between different identities should be truely shared, collapsing duplicates into canons and making the space of collective identities continuous rather than discrete.

                            2. 13

                              Bingo.

                              Different people enjoy different things. I happen to think that this community contains a bevvy of super interesting people, so I quite enjoy the ‘low effort’ posts you’re harping on.

                              So I’d much rather give you the tools to ignore it than try to remove them by mandate.

                              1. 5

                                Totally agree. A diverse group of interesting people scattered across the world, too. Threads that bring out the activities and lifestyles of these interesting people just make it more fun for me.

                                1. 4

                                  Agreed that’s one the reason why i posted these questions. Honestly seeing this post today really surprised me

                                  1. 3

                                    I think I agree.

                                    There was a promising site, lamernews or some other really weird name, - just like hn and llbsters ;-)

                                    AFAIK and IIRC some early users killed it by overpolicing it and scaring away everyone.

                                  2. 3

                                    Filtering works to a point, but I think a whitelist would also be a good idea.

                                    For example, I have web blocked because most of the posts don’t interest me. Occasionally however there is a post on how someone used Lisp to write a web application or something to that effect, which gets filtered from my frontpage because it’s tagged with web as well as lisp. If there was a way for me to say I always want to see lisp posts regardless of what other tags they have, I’d be very happy. Unfortunately I don’t have enough Ruby skills to implement this.

                                    1. 2

                                      Add a userscript to set display:none for li.story > div.h-entry > div.details > span.link > a[href=https://somedomain.com/*] on lobste.rs.

                                      1. 2

                                        Filtering would be the solution, if you are never interested in ask posts, but I do enjoy reading and sometimes contributing to “what are you doing this week/-end” posts. I don’t have an issue with annual or semi-annual “share you’re site” threads. I started this thread to discuss the frequency and kind of questions that are being asked, and filtering would just be overkill.

                                      1. 1

                                        erik.itland.no - old style, next to no styling, few pictures, no third party trackers (but I do look at server logs). It is very human, authentic or just plain-and-a-bit-weird and contains a mix of

                                        • programming,
                                        • tech history (a post about google+ in particular was very popular a year or two ago, and actually today a post about the “Chrome is the new IE” meme that I wrote earlier today seems to be gathering some eyeballs ),
                                        • observations (weather, habits of Norwegians etc)
                                        • comments on news from Norway etc

                                        Use RSS or follow on fediverse at @blog@erik.itland.no as I only post when I feel like posting. The upsite is of course less filler content ;-)

                                        1. 1

                                          My first distro was Red Hat (7.1 I think, came in the cover of a book about linux).

                                          I later eperimentet with a lot of distros, I remember I particularily liked Mandrake (later Mandriva) and preferred KDE before I settled with Gnome 2 on Ubuntu from 2006 until they swapped to Unity.

                                          After that there were a couple of years were I felt there were no really good options until I found KDE Neon, which I have used for the last 4 years, I guess one of the installations (the one I work on now) have been with me since then which is quite remarkable.

                                          I think what distro one use is important. For me it is incredibly important that it is fast and doesn’t get in the way. Otherwise I could have used one of the two mainstream options, but for me the micro-lagging on Windows drives me crazy, as does CMD-Tab (and back when I used it, the fact that fn and ctrl was swapped) on Mac.

                                          1. 1

                                            We were forced to use a bare bones editor in Java classes at school for reasons like this: learn the concepts, not defer learning. Only for me the easiest way towards really understanding something was to use it in a realistic context.

                                            I knew and enjoyed programming and got a B (second best) but decided Java was not for me and only began using it and enjoying it after I started working with someone who showed me how to use eclipse.

                                            I know school shouldn’t tie you to one product but teach the concepts, and I agree that knowledge of operating systems concepts and the differences between them are important but that doesn’t mean schools shouldn’t teach how to use available after they have in the first week explained how to compile from the command line. Especially when the tooling is free and open source.

                                            BTW: the microcontroller course I took was much more reasonable and taught assembly first, and then immediately followed up by teaching C, explaining how to inspect the generated code in the process.

                                            The result was vastly different: in the Java case I got a distaste that lasted for a years until someone took the time to help me. In the microcontroller case I enjoyed both assembly and C.

                                            1. 3

                                              This is interesting and well worth mentioning.

                                              That said: Signal has had at least one (but I think more nasty flaws) over the years and WhatsApp is constantly uploading all your data to Google Cloud in the form of unencrypted backups.

                                              Signal is good as far as I can see but I have a hard time taking anyone seriously who actually uncritically recommends WhatsApp while telling me how bad Telegram is.

                                              Finally: I’m still no Telegram fanboy and I am in the market for what I think WhatsApp was/should have become;

                                              • low yearly fee like before
                                              • API access (didn’t exist back then)
                                              • same encryption as today (it was bad back then)
                                              • bots and a few other improvements from Telegram
                                              • actually I realize I don’t care extremely much about bulletproof crypto (I have Signal and can use it of I need to).

                                              I’ll happily pay again like I did for WhatsApp as llng as there’s some kind of legal guarantee that prevents “the next WhatsApp” from selling out.

                                              1. 4

                                                That’s our fellow lobster @hyfen, pinged him in case anyone has questions! He is still actively working on this epic project.

                                                1. 2

                                                  Is the source anywhere? Or if it’s closed, does he want testers at all?

                                                  1. 1

                                                    At least there is this page where you can sign up for email updates or even email him: https://hyfen.net/memex/

                                                1. 7

                                                  The Naming Things book

                                                  you’ll want to get the book!

                                                  We’ll explore these in detail in the book.

                                                  The book explores these

                                                  these are explored in more detail in the book

                                                  To learn more about them and see examples of how to apply them, click the button below: GET THE BOOK

                                                  Sorry, but I flagged this as spam

                                                  1. 3

                                                    This is not spam, this is bad content. I’m not saying this to insult the author. It is my opinion, which I base on the following argument:

                                                    The article lists some mistakes you can make in naming things. That list is not exhaustive. Nor does it give practical hints how to name things correctly. Nor does it provide examples. As a reader, you can get more information by reading the Wikipedia article on naming conventions.

                                                    On my blog I have also written bad content in the past. I bet that I will write some bad content in the future. It happens, get over it. Maybe the author will be able to write a better article the next time he posts here. If you want, you can send me your article before you publish it and I will give you constructive criticism.

                                                    1. 5

                                                      Bad/poor/low-effort content in itself is ok and adequate reaction to it is to ignore (maybe downvote) it and try providing constructive criticism. Bad/poor/low-effort content immediately followed by an ad-like call to action (“subscribe for real actual contents I pinky promise” in this case) is fully worth of being flagged as spam/ad. There’s a world of a difference: in the first case I can assume idealistic intentions with poor execution; in latter case I can only assume monetization intentions. I don’t claim it bad, but if only that this platform is not intended as an ads aggregator AFAIU.

                                                      1. 1

                                                        I see your point and I agree that the CTAs are unfortunate. I understand why one would decide to flag the article as spam.

                                                      2. 1

                                                        Thanks for the constructive criticism. (I’m the author.) I appreciate the feedback and agree with all of your points; I’ll use this to improve content going forward. The intention of the post was to see what people would think of these principles, but the feedback here so far has focused on other areas, so I’ll work to improve those. In case it’s helpful to know, I’m writing the book in parallel to this, and the book’s beta readers have also been giving me very valuable feedback that has some overlap with what has been mentioned here.

                                                      3. 2

                                                        I just looked at it.

                                                        FWIW I say this is not enough to qualify as spam. I’ve not upvoted it because it wasn’t interesting to me but not spam. And in my opinion “spam” just like “hate speech” is terms that should be reserved for actual “spam” and actual “hate speech” and not “stuff I don’t like” or “stuff I don’t agree with”.

                                                        It is totally ok to write less than perfect blog posts that recommends the authors book.

                                                        When does it cross into spam/blog spam?

                                                        • you get it in the form of unsolicited mail
                                                        • someone posts it multiple times to your forum
                                                        • when it is about something completely different (you search for a JS implementation of Spring Framework and get a page that contains the relevant keywords, in white text on white background)

                                                        That said, posting history for that domain us interesting, but I’ll leave that to the mods, I might be misreading: https://lobste.rs/domain/namingthings.co

                                                        1. 0

                                                          (I’m the author.) Thanks for the feedback on this; I agree that it was heavy-handed. I’ve updated this part of the blog post to deemphasize it and I’ve removed the CTA button.

                                                        1. 26

                                                          I think return and throw should be emphasized. I want it to be very clear if there are early exits!

                                                          1. -2

                                                            Even better:

                                                            Remove superfluous control-flow constructs like return, throw, for, break and continue from the language – they are pointless relics of the past anyway.

                                                            The slight convenience of being able to write “nicer” code is completely offset by the difficulty to read such code a week later (or a month, or a year).

                                                            1. 13

                                                              Oh gods, I could not disagree more; I think explicit control flow should be prominent. One of the languages I find most frustrating has a tonne of implicit and optional control flow that renders it super hard to read or write, as it allows for way too much personal style.

                                                              1. 3

                                                                I’m not sure how you are disagreeing with me – my suggestion is that there is only one set of control-flow keywords:

                                                                • if: replaces return, throw, switch/case, break, continue.
                                                                • while: alternative to recursion. Replaces for loops.

                                                                With this

                                                                • there is neither implicit, nor optional control flow
                                                                • there are no styles, because there is only one choice
                                                                • things become easy to read, because there are only 2 keywords to look out for, not 10
                                                                • things become easy to understand, because there are simply no interactions between different “levels” of control-flow anymore
                                                                1. 9

                                                                  Would absolutely love to program in a language with insane nested if statements because returning early is for chumps apparently?

                                                                  1. 2

                                                                    Couldn’t you pick any existing language for that? It’s not like people aren’t doing it voluntarily…

                                                                  2. 4

                                                                    This is almost Rust. Everything-is-an-expression makes it possible to make entire function body just ifs and match blocks that exhaustively handle all possible cases, so you never need an explicit return.

                                                                    However, in such case every last statement of every “leaf” block becomes an implicit return. If you overdo it, it’s completely inscrutable.

                                                                    BTW: your list 100% matches brainfuck: no implicit control flow, no style choices, no superfluous keywords, only one kind of control flow. Less is not always better.

                                                                    1. 3

                                                                      This is almost Rust.

                                                                      I don’t think this is even remotely true – there is a huge difference between “you could do that” and “there is no other way of doing it”.

                                                                      The latter means that the code you haven’t written (99.99% of the code) is written in that specific style; the former only means you can make your own code follow these rules (which is rather irrelevant).

                                                                      Rust has waaaaay to much going, it’s not a good data point.

                                                                      Less is not always better.

                                                                      At least the goal posts aren’t moving every single year about the “right” language size, like in Rust’s “more features == better language” ideology. :-)

                                                                      This is why my Rust libraries (very small, only about 5 million total downloads) are permanently staying on Rust 1.13 (released 2016), because I don’t feel the feature additions in the meantime have been worth the cost.

                                                                      your list 100% matches brainfuck

                                                                      Turing tarpit much?

                                                                    2. 2

                                                                      while: alternative to recursion. Replaces for loops.

                                                                      I don’t understand this, return, throw, and so on are also alternatives to if, but we’re removing them, yet loops, which can be completely removed and replaced with simple recursion are an alternative that we’re keeping? how so?

                                                                      1. 3

                                                                        The reason is that sometimes it’s hard to write tail-recursive code (or code the compiler can turn into PTCs), so having to pick code that leaks stack frames at runtime, or having awhile loop, I’ll pick the latter.

                                                                        1. 2

                                                                          a fair enough point, I understand

                                                                      2. 2
                                                                        • if: replaces return, throw, switch/case, break, continue.
                                                                        • while: alternative to recursion. Replaces for loops.

                                                                        Would you mind showing us a code example?

                                                                        1. 2
                                                                          class HashMap[K: Identity + Hash, V]()
                                                                            var insertedAndDeleted: BitSet = BitSet(0)
                                                                            var keys: Array[K] = Array.empty()
                                                                            var values: Array[V] = Array.empty()
                                                                          
                                                                            var size: Int = 0
                                                                            var cap: Int = 0
                                                                          
                                                                            ...
                                                                          
                                                                            fun isLive(idx: Int): Bool =
                                                                             self.insertedAndDeleted.contains(2 * idx) &&
                                                                             self.insertedAndDeleted.contains(2 * idx + 1).not
                                                                          
                                                                            fun get(key: K): Option[V] =
                                                                              assert(self.size < self.cap)
                                                                          
                                                                              var hash = key.hash
                                                                              var idx = hash.bitwiseAnd(self.cap - 1)
                                                                          
                                                                              var continue = true
                                                                              var result = None
                                                                          
                                                                              while continue
                                                                              do
                                                                                if self.isLive(idx)
                                                                                then
                                                                                  let currentKey = self.keys(idx)
                                                                                  if currentKey.hash == hash && currentKey === key
                                                                                  then result = Some(self.values(idx))
                                                                                  else ()
                                                                                  idx = (idx + 1).bitwiseAnd(self.cap - 1)
                                                                                else
                                                                                  continue = false
                                                                          
                                                                              result
                                                                          

                                                                          Here is some write-up regarding control flow.

                                                                        2. 1

                                                                          I agree with most things you say, but the “for” construct is invaluable for math-heavy code where “while” feels very unnatural and verbose. I agree that the notation for “for” should be simplified to only allow an iterator over a fixed range of two constant ints. I would actually prefer to keep this “for” (which is general enough) and discard “while”. It makes your code much easier to reason about (you know exactly how many loops it is going to do, without needing to understand the logic of the program).

                                                                          1. 1

                                                                            I think you can make that case every control flow keyword; that’s basically how most languages have accumulated every control flow keyword ever invented in the last 60 years.

                                                                            I’m not claiming that not having some specific keyword isn’t inconvenient in cases that keyword would shine – I’m making the case that the inconvenience caused is smaller than having to learn, remember and understand how the half dozen control flow keywords interact with each other.

                                                                            It’s a bit like static imports in Java – sure, they are sometimes convenient (when writing code), but I’d argue that having two trivial, interchangeable ways to write the same thing is a much bigger inconvenience (when reading it).

                                                                      3. 2

                                                                        Discouraging use of control flow words makes sense for future readability, but getting rid of them completely is too strong. Sometimes you really need to use these old style control flow constructs.

                                                                        J gets this right – idiomatic J code are a series of one-liners using zero old-style control words (therefore allowing code to be one-way-to-do-things idiomatic, as you suggest in a reply). But if, while, try, catch, return, for, continue, goto (?), are all still there if you need them.

                                                                        1. 1

                                                                          getting rid of them completely is too strong

                                                                          I didn’t propose that.

                                                                          But if, while, try, catch, return, for, continue, goto (?), are all still there if you need them.

                                                                          So basically “don’t change anything”, with the result that none of the benefits are realized?

                                                                          1. 1

                                                                            I didn’t propose that.

                                                                            Ah, I misread. Then we’re talking about different things – you were thinking about removing some keywords and I was thinking about removing all keywords.

                                                                            So basically “don’t change anything”, with the result that none of the benefits are realized?

                                                                            I think the idea is to encourage refactoring foreign code using if, for, and while, into a more idiomatic form using combinators and no if, for, and while. Not removing these keywords from the language outright just makes it easier to get started without knowing all about J’s combinators, which is good since everyone’s likely coming from languages that use control flow keywords. Again, this is a different view from yours.

                                                                    1. 4
                                                                      • Work,
                                                                      • Play with the kids (my wife will work Saturday night and Sunday morning.)
                                                                      • Be one of the hosts at a party (friends only though) at Sunday night.

                                                                      Now that I write it down it looks like a busy weekend

                                                                      1. 4

                                                                        One way to look at it:

                                                                        If you aren’t working on a hard problem there’s still room for some improvement.

                                                                        Something along the lines of: Churning out CRUD apps? That’s what DHH and the 37 signals folks did until they upped their game, created Basecamp and the Ruby on Rails framework that sparked innovation that changed web development even in the enterprise Java world.

                                                                        But they used to be a consulting/web development agency.

                                                                        Me, I’ll probably not do that but there’s plenty of hard problems still:

                                                                        • deliever my contributions faster and more predictable on existing projects while learning new stuff and maintaining a healthy work-life balance? Can be hard.
                                                                        • trying to improve broken processes as an individual contributor? Can be hard.
                                                                        • trying to contribute to open source/church/other community groups after taking care of other responsibilities? Can be hard.

                                                                        If you want to play life on hard there are opportunities.

                                                                        And: I’m lucky as is many others here I guess. For me it is optional and I only do it to dthe degree I choose it myself. For many others hard is the default setting.

                                                                        1. 11

                                                                          I think this post misses the point as severely as the hypothetical conversation in the first panel of the comic. To wit: assume your adversary can’t prove whether you know the key, and they don’t care. If they can punish you without due process, or their judiciary system’s concept of due process does not consider your knowledge (or lack thereof) germane, it may be worthwhile for them to punish you regardless.

                                                                          Looking like you could plausibly be sending encrypted messages becomes the crime, and crushing anyone who looks like they might be doing that is a fine remedy. Regardless of whether or not they can prove you did.

                                                                          1. 8

                                                                            I mentioned this problem:

                                                                            Defining success can be tricky as Mallory can ultimately decide not to believe any claim that Alice makes.

                                                                            Ultimately this is something that we can’t solve, so I choose to ignore it and suppose that the adversary has to be able to assert that data exists. Without this assumption we lose before we ever begin.

                                                                            1. 3

                                                                              I noticed that and didn’t read it as the same problem, though it’s certainly related. Mallory choosing not to believe any claim Alice makes versus Mallory not being held to any standard for the evidence that underlies that belief (due process…) is subtly but IMO importantly different.

                                                                              And I’ll toss in that I think the only solution is for dissidence (in this case, in the form of unbreakable encryption) to be so pervasively used in a society that Mallory can’t get away with meting out punishment on that basis alone.

                                                                              Disobeying rules like this is a public good that needs to be widespread in order to prevent them from being enforceable.

                                                                              1. 2

                                                                                Whether Mallory does not believe Alice or instead shoots Alice in the head without considering her claims, the fundamental problem is the same. Without defining some (perhaps arbitrary) requirement for winning, the game is meaningless. I think unfalsifiability is as good a criterion as any.

                                                                                With regards to the wider scope of societal impact, I agree that a normalised standard is better. Actually what’s interesting is that even in the protocol that I describe, when we have a hosted service that is shared amongst multiple people it becomes way easier to retain deniability. I imagine if there were thousands (or millions) of people using such a service, we would be in a situation similar to what you describe.

                                                                                1. 2

                                                                                  Governments are not under an obligation to consistently enforce their own laws. The worst case scenario is when a government can punish anyone for not disclosing the key to a deniable encryption scheme whether they actually used any encryption or not—using any random blocks from their filesystem as nominal “evidence”. Or planting an output of dd if=/dev/urandom and presenting it as “evidence”.

                                                                                  If someone with enough power wants to see you behind the bars, they will, whether you actually broke any laws or not. Ultimately it’s a social and political problem of government accountability that has no technical solution.

                                                                                  1. 2

                                                                                    I think we’re saying very similar things. The social and political solution to the problem of “If someone with enough power wants to see you behind bars” is due process, to a point. A firm societal expectation of due process at least raises the “enough power” threshold.

                                                                                    I think a technical tool that can help raise the bar for “nominal evidence” is widespread adoption of encryption by people who have done nothing wrong. If your entire society does it, it gets politically harder to treat it as evidence of wrongdoing.

                                                                                2. 2

                                                                                  It can be solved. People have been doing it forever. Talking in code. A form of one-time pad where the semantics of the text is only known between two parties.

                                                                                  1. 1

                                                                                    Are you talking about stenography?

                                                                                    You could think about the linked post as if you are hiding encrypted data within an image and presenting the image to the adversary. She notices some redundant image data and demands an explanation.

                                                                                    We try to explain this specific remnant data in a plausible way.

                                                                                    1. 3

                                                                                      You mean steganography, not stenography. The latter is a form of typing.

                                                                                      No, I’m not. I’m talking about how people write something that appears to mean something normal on the surface but has further meaning between two parties :)

                                                                                      1. 1

                                                                                        Ah I see what you mean. That’s somewhat analogous to “encryption” where the ciphertext looks like some innocent plaintext rather than some “suspicious” random noise. The recipient “decrypts” it with their knowledge of the code.

                                                                                        It’s a neat way to get deniability! However it is highly specific to circumstances and algorithmically intractable. I also suspect that it would be very easy to break if the adversary suspects there’s a double meaning.

                                                                                        1. 1

                                                                                          it is highly specific to circumstances and algorithmically intractable

                                                                                          Could be seen as strengths.

                                                                                          very easy to break if the adversary suspects there’s a double meaning

                                                                                          They could never be sure.

                                                                                          I’ve put a looot of thought and research into this idea and I’ve concluded that the only way to “hide in the open” is to share a secret before, just like regular cryptography. But this secret information is not like that of a secret key, but secret semantics. There is no way a program could do this without being some form of neural network. In that case it’s easiest to just be a human and write your own.

                                                                                      2. 1

                                                                                        I guess you mean Steganography?

                                                                                        (Stenography is a very different art that is also very interesting.)

                                                                                        Also while it isn’t totally clear to me what indirection mean above it doesn’t look like steganography, more like using common knowledge in a group to hide what you are talking about. (Examples: referring to someone by their childhood name. Or mentioning the place “where person x fell in such a funny way”. )

                                                                                        1. 3

                                                                                          Yes that’s what I was referring to, thanks.

                                                                                          And honestly I’m not sure what the user I’m replying to is trying to say.

                                                                                          1. 1

                                                                                            Precisely eriki.

                                                                                      3. 1

                                                                                        For some values of “ultimately”, for sure, but what we really want is the (admittedly much weaker) guarantee that no direct analysis of the volume will suggest Alice is lying.

                                                                                        The approach of a “hidden volume” is trivial to spot with fdisk, which means that seeming gap is highly suggestive of another secret key (even more so if the TrueCrypt software is installed on the first layer!)

                                                                                        However there are things worth considering we can do about this, for example: http://geocar.sdf1.org/rubber.html

                                                                                    1. 72

                                                                                      He’s not wrong, but a quarter of a page about how almost all laptops are worse than 2008-era thinkpads is a little bit low-information for the lobste.rs frontpage isn’t it?

                                                                                      1. 14

                                                                                        I think you’re right, it’s low information. But, if others here feel the same as the article, I’m optimistic it will promote conversation on what can be used (I’m hoping I am wrong about what’s out there). I’d love an alternative to the Dell stack I currently use.

                                                                                        1. 11

                                                                                          It is a good justification for me to mention (once again) that there are a lot of barely-touched second hand 10 year old thinkpads on ebay for, like, less than $100. So, you can get like a dozen good laptops for the price of a bad one.

                                                                                        2. 19

                                                                                          Maybe it’s not the most “technical” post, but I think the point / heart of it is that there is a change that many would like to see in future laptops. Instead of razor thin laptops with horrible keyboards, many people want something that just works.

                                                                                          It’s an opinion piece, and I personally don’t see anything wrong with it being posted here (and the tags are correct).

                                                                                          1. 7

                                                                                            Sure. It’s just both an opinion piece & very short.

                                                                                            1. 25

                                                                                              The only reason it’s on the front page is because drew wrote it. There’s zero doubt about this.

                                                                                              This place loves to laud over him which annoys me specifically given I’ve seen him harass friends of mine because according to him, if you don’t use the “right software” (aka, software he believes is right), it makes you an absolute horrible person deserving of harrassment.

                                                                                              Wish I could filter out domains…

                                                                                              1. 8

                                                                                                Mostly, I wish there was more consistency. I post ranty things with more substance than this & get downvoted to hell (here & HN) – and my rants are rarely less than a five minute read. (On top of that, I stay away from ad hominems when arguing with strangers on the internet, which is not nothing.) If lobste.rs was rant-friendly I’d post more of them here.

                                                                                                Folks posting links to low-quality posts that are popular because people already agree with them is a much bigger part of the signal/noise ratio problem on lobste.rs than actual spammers, & because Drew is a name, he seems to get attention even when the same exact content in a comment would get one or two upvotes. (Like, this blog post is just a more severe version of comments I’ve literally made on this site.)

                                                                                              2. 7

                                                                                                I’d rather read this than yet another post about how Unix is so terrible because it’s based on plain text like that “Programmer’s critique of missing structure of operating systems” post, or some company talking about using AWS (literally nobody cares whether you use AWS), or yet another “I rewrote [unix standard command] in Rust” post.

                                                                                                1. 4

                                                                                                  “Programmer’s critique of missing structure of operating systems” post,

                                                                                                  There was a lot more in that post than you’re giving it credit for, the AWS thing can be interesting from a “This is how switching works/is motivated”. The Rust stuff is what it is.

                                                                                                  This submission was basically a complaint about the state of consumer products without any relevant links or analysis/context (at least when I read it). It contains really inflammatory and frankly mean screeds like:

                                                                                                  If you work at any of these companies and you’re proud of the garbage you’re shipping, then I’m disappointed in you.

                                                                                                  On a factual basis, it’s a lot easier to get a multicore laptop right now with a better camera than it was 12 years ago. It is a lot easier to get one with USB 3. It is a lot easier to get one with a high-resolution screen. It is a lot easier to get one with a good graphics card. Drew is happy to ignore all of that progress because he finds them difficult to service and difficult to run Free as in Freedom software on, and so immediately condemns everything else as garbage.

                                                                                                  I’d rather read somebody talking about their attempt at making wordcount in Rust than such a shallow and negative and just obviously narrow-minded outburst.

                                                                                                  1. 1

                                                                                                    Fair enough. I like that first category so long as it says something new (which it often does), but the other two are at least as spammy & low-effort as this.

                                                                                              3. 19

                                                                                                It’s correctly tagged as rant, and @cfenollosa can’t help that Drew is the darling child of lobsters who can say no wrong.

                                                                                                EDIT (clarification, in case you don’t see the below): this is criticism of Lobsters, and defense of this blog post being posted, not criticism of any individuals.

                                                                                                1. 53

                                                                                                  In reality, there also seem to be a fair number of people on Lobsters who think I can say no right. I don’t post my own writing to Lobsters anymore because of issues ranging from valid concerns about spam to obnoxious toxicity.

                                                                                                  My take is, I write for myself, not for Lobsters. When a Lobster seems to think something I’ve written is worth discussing, then I leave it up to the community to vote on as they see fit. I’ll usually drop into the threads to answer questions, but I find it difficult to engage with Lobsters beyond this - and even that much is difficult. Because you know who I am and what I work on, it seems like any topic I weigh in on is interpreted as spam, be it via submissions or commenting in discussions, even if I go out of my way not to frame my comments in the context of anything I work on.

                                                                                                  I don’t really like this community anymore, but I reckon some Lobsters would argue that’s by design.

                                                                                                  1. 15

                                                                                                    obnoxious toxicity

                                                                                                    I’m not going to claim that Lobsters is perfect, but “obnoxious toxicity” doesn’t seem like an apt description either; at least not in my experience. How is it toxic, specifically?

                                                                                                    1. 29

                                                                                                      Obviously tone is mostly subjective, but I have noticed the same thing recently on some of Drew’s writings that get posted here. Even the comment by @mz could be seen as really negative

                                                                                                      @cfenollosa can’t help that Drew is the darling child of lobsters who can say no wrong

                                                                                                      I have a hard time not reading that with vitriol or almost malice (though as indicated by @mz this was supposed to be sarcastic). Saying, “hey I don’t think there isn’t a ton of technical information here” and not upvoting is one thing, but when Drew clearly didn’t post the article themselves and still gets comments that to me seem very unpleasant. It really would be hard to like a community.

                                                                                                      EDIT: Again in this same thread, I’m just going to start collecting the comments that if I were reading about me that I’d consider to be disheartening and drive me away from this community.

                                                                                                      I’ve seen much worse Drew Dewalt rants keep the top spot on lobste.rs for weeks tbh.

                                                                                                      1. 24

                                                                                                        Ya, that comment is clearly less-than-perfect, but I also wouldn’t describe it as “obnoxious toxicity” personally, but YMMV.

                                                                                                        It’s not like Drew’s communication style is always … gentle. I mean, in this post he’s literally telling people they should die. Obviously I know it’s supposed to be a joke and intended to be hyperbolic, but sjeez man; that’s pretty harsh… Reasonably sure such a comment would be downvoted to hell on Lobsters or HN.

                                                                                                        If you dish out harsh words, then don’t be surprised if people reply with harsh words, too.

                                                                                                        1. 4

                                                                                                          This is definitely a case of a missing /s or otherwise tone being lost in text form. Please see my clarification and comment follow-up.

                                                                                                          1. 5

                                                                                                            I really don’t mean this as a cut to you either, it is just how I read it tonally. Text communication is hard.

                                                                                                        2. 9

                                                                                                          In my experience the toxicity has various specific loci, and if you happen to avoid those in your interactions with the community then you’re fine.

                                                                                                          Woe betide you however it you step on a hot button.

                                                                                                          Still love the place. I donned my asbestos underwear for the first time long before at least some of you were born :)

                                                                                                        3. 6

                                                                                                          I absolutely know what you’re saying, and I commend you for writing for yourself rather than for clout or for internet points. I think a lot of the blog spam we see on lobsters is stuff trying to be topical enough to be unoffensive, but content-less enough to be spam.

                                                                                                          I in no way meant this as a criticism of you @ddevault. I meant it as a criticism of lobsters, a community which seems to be very addicted to being polarized over your content.

                                                                                                          I totally get why you don’t post your stuff here. In general, a blog post not being appropriate for lobsters is not a criticism of the blog post (to think otherwise is some serious tech elitism).

                                                                                                          Thanks for engaging with the comment. It seems you interpreted it the way I intended it, as I had no intention of offense.

                                                                                                          1. 6

                                                                                                            Point of fact: you took advantage of us as a marketing channel.

                                                                                                            1. 45

                                                                                                              Here is my self-evaluation of my posting history. Green = unambiguously not spam. Blue = cool stuff I made, but which doesn’t make me money. Together these make up almost half of my posts. Pink = dubious, I could benefit indirectly from these, but would argue that they’re on topic and relevant. That covers all but 3 of my posts. Of the remainder, which are definitely more ads than not, one is the most highly upvoted story of all time in each of its tags.

                                                                                                              I think that this balance was reasonable enough, but in the BSD submission there was some discussion about whether or not it was too spammy, so I curbed my posting on Lobsters. The vast majority of submissions from my blog are not submitted by me, but it seems like I’m being held accountable for all of them as spam.

                                                                                                              In any case, I don’t post my stuff here anymore. Take it up with the rest of the community if you don’t like seeing my posts here.

                                                                                                              1. 32

                                                                                                                I’m sad and sorry that the community has responded this way to your posts, especially as you have stopped linking them yourself. You can’t control what other people do, yet you bear the brunt of their unhappiness.

                                                                                                                I like seeing your posts here, as there is often good discussion that is prompted by them. Even if some think of them as “ads”, at least it’s for good, open source software (and not things much worse like Google and Facebook).

                                                                                                                I’m glad you’re writing for yourself- I (and others) will continue to enjoy reading what you write.

                                                                                                              2. 8

                                                                                                                Drew’s content may not always be earth-shattering, but a typical post of his likely opens my eyes as anything else on the site. Lobsters is not a place that discourages people from posting their own content.

                                                                                                                ☑️ I am the author of the story at this URL (or this text)

                                                                                                                1. 7

                                                                                                                  The link doesn’t seem to prove the “took advantage of” part, or am I missing something?

                                                                                                              3. 0

                                                                                                                Fair enough! And yes, I’ve seen much worse Drew Dewalt rants keep the top spot on lobste.rs for weeks tbh. I guess I can’t argue with success.

                                                                                                              4. 3

                                                                                                                Yes, it could have been contained in a comment. But maybe that’s why the article gets upvoted a lot: It’s low-effort to read, everyone basically agrees, and it’s a relief that apparently everyone feels the same (and it’s not their fault for not being able to find a proper laptop).

                                                                                                                1. 1

                                                                                                                  How’s it a quarter of a page? It’s an entire page on my fairly high-resolution screen (1440p with no scaling). How zoomed out is your web browser?

                                                                                                                  1. 1

                                                                                                                    I have a portrait display & my zoom setting is only 100% – basically because I don’t want a ‘screenful’ to be thirty seconds of reading.

                                                                                                                1. 67

                                                                                                                  What should people use instead?

                                                                                                                  Real secure messaging software. The standard and best answer here is Signal,

                                                                                                                  Oh please. They aren’t even close to sharing the same level of functionality. If I want to use Signal, I have to commit to depending on essentially one person (moxie) who is hostile towards anyone who wants to fork his project, and who completely controls the server/infrastructure. And I’d have to severely limit the options I have for interfacing with this service (1 android app, 1 ios app, 1 electron [lol!] desktop app). None of those are problems/restrictions with email.

                                                                                                                  I don’t know what the federated, encrypted ‘new’ email thing looks like, but it’s definitely not Signal. Signal is more a replacement for XMPP, if perhaps you wanted to restrict your freedom, give away a phone number, and rely on moxie.

                                                                                                                  1. 14

                                                                                                                    I think Matrix is getting closer to being a technically plausible email and IM replacement.

                                                                                                                    The clients don’t do anything like html mail, but I don’t think I’d miss that much, and the message format doesn’t forbid it either.

                                                                                                                    1. 28

                                                                                                                      If you can’t send patches to mailing lists with them then they’re not alternatives to email. Email isn’t just IM-with-lag.

                                                                                                                      1. 5

                                                                                                                        Email can be exported as text and re-parsed by Perl or a different email client.

                                                                                                                        Until that functionality is available, I won’t consider something a replacement for email.

                                                                                                                        1. 4

                                                                                                                          In all fairness: cmcaine says “Matrix is getting closer”.

                                                                                                                          1. 3

                                                                                                                            Matrix is a federated messaging platform, like XMPP or email. You could definitely support email-style use of the system it’s just that the current clients don’t support that. The protocol itself would be fine for email, mailing lists and git-send-email.

                                                                                                                            The protocol also gives you the benefits of good end-to-end encryption support without faff, which is exactly what general email use and PGP don’t give you.

                                                                                                                            1. 2

                                                                                                                              Adding patch workflow to Matrix is no different to adding it to XMPP or any other messaging solution. Yes, it is possible but why?

                                                                                                                              I can understand you like Matrix but it’s not clear how Matrix is getting closer to e-mail replacement with just one almost-stable server implementation and the spec that’s not an IETF standard. I’d say Matrix is more similar to “open Signal” than to e-mail.

                                                                                                                              1. 2

                                                                                                                                “Getting closer” is a statement towards the future, yet all of your counter arguments are about the current state.

                                                                                                                                1. 3

                                                                                                                                  If I only knew the future I’d counter argument that but given that the future is unknown I can only extrapolate the current and the past. Otherwise Matrix may be “getting closer” to anything.

                                                                                                                                  Do you have any signs that Matrix is getting e-mail patch workflow?

                                                                                                                            2. 2

                                                                                                                              Mailing lists could move to federated chatrooms. They moved from Usenet before, and in some communities moved to forums before the now common use of Slack.

                                                                                                                              I’m not saying it would be the best solution, but it’s our most likely trajectory.

                                                                                                                              1. 6

                                                                                                                                Mailing lists existed in parallel with Usenet.

                                                                                                                                1. 5

                                                                                                                                  Both still exist :)

                                                                                                                                  I do think, actually, that converting most public mailing lists to newsgroups would have a few benefits:

                                                                                                                                  1. It’d make their nature explicit.
                                                                                                                                  2. It’d let us stop derailing designs for end-to-end encryption with concerns that really apply only to public mailing lists.
                                                                                                                                  3. I could go back to reading them using tin.

                                                                                                                                  Snark aside, I do think the newsgroup model is a better fit for most asynchronous group messaging than email is, and think it’s dramatically better than chat apps. Whether you read that to mean slack or any of the myriad superior alternatives to slack. But that ship sailed a long time ago.

                                                                                                                                  1. 4

                                                                                                                                    Mailing lists are more useful than Usenet. If nothing else, you have access control to the list.

                                                                                                                                    1. 2

                                                                                                                                      Correct, and the younger generation unfamiliar with Usenet gravitated towards mailing lists. The cycle repeats.

                                                                                                                                    2. 4

                                                                                                                                      Mailing lists don’t use slack and slack isn’t a mailing list. Slack is an instant messaging service. It has almost nothing in common with mailing lists.

                                                                                                                                      It’s really important to drive this point home. People critical of email have a lot of good points. Anyone that has set up a mail server in the last few years knows what a pain it is. But you will not succeed in replacing something you don’t understand.

                                                                                                                                      1. 4

                                                                                                                                        The world has moved on from asynchronous communication for organizing around free software projects. It sucks, I know.

                                                                                                                                        1. 3

                                                                                                                                          Yeah. Not everyone, though.

                                                                                                                                          Personally I think that GitHub’s culture is incredibly toxic. Only recently have there been tools added to allow repository owners to control discussions in their own issues and pull requests. Before that, if your issue got deep linked from Reddit you’d get hundreds of drive by comments saying all sorts of horrible and misinformed things.

                                                                                                                                          I think we’re starting to see a push back from this GitHub/Slack culture at last back to open, federated protocols like SMTP and plain git. Time will tell. Certainly there’s nothing stopping a project from moving to {git,lists}.sr.ht, mirroring their repo on GitHub, and accepting patches via mailing list. Eventually people will realise that this means a lower volume of contributions but with a much higher signal to noise ratio, which is a trade-off some will be happy to make.

                                                                                                                                          1. 2

                                                                                                                                            Only recently have there been tools added to allow repository owners to control discussions in their own issues and pull requests. Before that, if your issue got deep linked from Reddit you’d get hundreds of drive by comments saying all sorts of horrible and misinformed things.

                                                                                                                                            It’s not like you used to have levers for mailing lists, though, that would stop marc.org from archiving them or stop people from linking those marc.org (or kernel.org) threads. And drive-bys happened from that, too. I don’t think I’m disputing your larger point. Just saying that it’s really not related to the message transfer medium, at least as regards toxicity.

                                                                                                                                            1. 3

                                                                                                                                              Sure, I totally agree with you! Drive-bys happen on any platform. The difference is that (at least until recently) on GitHub you had basically zero control. Most people aren’t going to sign up to a mailing list to send an email. The barrier to sending an email to a mailing list is higher than the barrier to leaving a comment on GitHub. That has advantages and disadvantages. Drive-by contributions and drive-by toxicity are both lessened. It’s a trade-off I think.

                                                                                                                                              1. 3

                                                                                                                                                I guess I wasn’t considering a mailing list subscription as being meaningfully different than registering for a github account. But if you’ve already got a github account, that makes sense as a lower barrier.

                                                                                                                                  2. 5

                                                                                                                                    Matrix allows sending in the clear, so I suppose this has the “eventually it will leak” property that the OP discussed?

                                                                                                                                    (A separate issue: I gave up on Matrix because its e2e functionality was too hard to use with multiple clients)

                                                                                                                                    1. 5

                                                                                                                                      (A separate issue: I gave up on Matrix because its e2e functionality was too hard to use with multiple clients)

                                                                                                                                      and across UA versions. When I still used it I got hit when I realized it derived the key using the browser user agent, so when OpenBSD changed how the browser presented itself I was suddenly not able to read old conversations :)

                                                                                                                                      1. 2

                                                                                                                                        Oh! I didn’t know that!

                                                                                                                                  3. 5

                                                                                                                                    Functionality is literally irrelevant, because the premise is that we’re talking about secure communications, in cases where the secrecy actually matters.

                                                                                                                                    Of course if security doesn’t matter then Signal is a limited tool, you can communicate in Slack/a shared google doc or in a public Markdown document hosted on Cloudflare at that point.

                                                                                                                                    Signal is the state of the art in secure communications, because even though the project is heavily driven by Moxie, you don’t actually need to trust him. The Signal protocol is open and it’s basically the only one on the planet that goes out of it’s way to minimize server-side information storage and metadata. The phone number requirement is also explicitly a good design choice in this case: as a consequence Signal does not store your contact graph - that is kept on your phone in your contact store. The alternative would be that either users can’t find each other (defeating the point of a secure messaging tool) or that Signal would have to store the contact graph of every user - which is a way more invasive step than learning your phone number.

                                                                                                                                    1. 9

                                                                                                                                      even though the project is heavily driven by Moxie, you don’t actually need to trust him

                                                                                                                                      Of course you must trust Moxie. A lot of the Signal privacy features is that you trust them not to store certain data that they have access to. The protocol allows for the data not to be stored, but it gives no guarantees. Moxie also makes the only client you can use to communicate with his servers, and you can’t build them yourself, at least not without jumping hoops.

                                                                                                                                      The phone number issue is what’s keeping me away from Signal. It’s viral, in that everyone who has Signal will start using Signal to communicate with me, since the app indicates that they can. That makes it difficult to get out of Signal when it becomes too popular. I know many people that cannot get rid of WhatsApp anymore, since they still need it for a small group, but cannot get rid of the larger group because their phone number is their ID, and you’re either on WhatsApp completely or you’re not. Signal is no different.

                                                                                                                                      And how can you see that a phone number is able to receive your Signal messages? You have to ask the Signal server somehow, which means that Signal then is able to make the contact graph you’re telling me Signal doesn’t have. They can also add your non-Signal friends to the graph, since you ask about their numbers too. Maybe you’re right and Moxie does indeed not store this information, but you cannot know for sure.

                                                                                                                                      What happens when Moxie ends up under a bus, and Signal is bought by Facebook/Google/Microsoft/Apple and they suddenly start storing all this metadata?

                                                                                                                                      1. 5

                                                                                                                                        Signal is a 501c3 non-profit foundation in the US, Moxie does not control it nor able to sell it. In theory every organization can turn evil but there is still a big difference between non-profits who are legally not allowed to do certain things vs corporations who are legally required to serve their shareholders, mostly by seeking to turn a profit.

                                                                                                                                        And how can you see that a phone number is able to receive your Signal messages? You have to ask the Signal server somehow, which means that Signal then is able to make the contact graph you’re telling me Signal doesn’t have.

                                                                                                                                        There are two points here that I’d like to make, one broader and one specific. In a general sense, Signal does not implement a feature until they can figure out how to do that securely and with leaking as little information as possible. This has been the pattern for basically almost every feature that Signal has. Specifically, phone numbers are the same: The Signal app just sends a cryptographically hashed, truncated version of phone numbers in your address book to the server, and the server responds with the list of hashes that are signal users. This means that Signal on the server side knows if any one person is a Signal user, but not their contact graph.

                                                                                                                                        1. 3

                                                                                                                                          In theory every organization can turn evil

                                                                                                                                          Every organization can also be bought by an evil one. Facebook bought WhatsApp, remember?

                                                                                                                                          The Signal app just sends a cryptographically hashed, truncated version of phone numbers in your address book

                                                                                                                                          These truncated hashes can still be stored server-side, and be used to make graphs. With enough collected data, a lot of these truncated hashes can be reversed. Now I don’t think Signal currently stores this data, let alone do data analysis. But Facebook probably would, given the chance.

                                                                                                                                          1. 6

                                                                                                                                            Every organization can also be bought by an evil one. Facebook bought WhatsApp, remember?

                                                                                                                                            WhatsApp was a for-profit company, 501(c)3 work under quite different conditions. Not saying they can’t be taken over, but this argument doesn’t cut it.

                                                                                                                                      2. 3

                                                                                                                                        The phone number requirement is also explicitly a good design choice

                                                                                                                                        No, it’s an absolutely terrible choice, just like it is a terrible choice for ‘two factor authentication’

                                                                                                                                        Oh but Signal users can always meet in person to re-verify keys, which would prevent any sim swap attack from working? No, this (overwhelmingly) doesn’t happen. In an era where lots of people change phones every ~1-2yr, it’s super easy to ignore the warning because 99% of the time it’s a false positive.

                                                                                                                                        The alternative would be that either users can’t find each other (defeating the point of a secure messaging tool)

                                                                                                                                        This is a solved problem. I mean, how do you think you got the phone numbers for your contacts in the first place? You probably asked them, and they probably gave it to you. Done.

                                                                                                                                      3. -8

                                                                                                                                        Careful there… you can’t say bad things about electron in here….

                                                                                                                                      1. 13

                                                                                                                                        I disagree with this post.

                                                                                                                                        If messages can be sent in plaintext, they will be sent in plaintext.

                                                                                                                                        That’s not a bad thing. If the person you are communicating with doesn’t care about encrypting the conversation then they don’t care about the confidentiality of the conversation and encrypting the messages is a waste of everyone’s time, a waste of computing resources and false security anyway. You cannot have secure communication between parties that do not care about security, in my opinion.

                                                                                                                                        Metadata is as important as content, and email leaks it.

                                                                                                                                        Metadata is not important data. That I sent a message to someone at a particular time is known to someone whether it’s a peer-to-peer service in which case it’s all the links between us, or a centralised service in which case it’s the service provider. Either way, everyone is aware I sent a message, and in both cases someone knows who I sent a message to. You should not trust anyone with genuinely important information that genuinely needs to be encrypted. If it’s a centralised service, then the service provider knows, and you should assume everyone knows.

                                                                                                                                        A centralised messaging service might have end-to-end encrypted messages but it cannot have end-to-end encrypted metadata for the obvious reason that it can tell where it has got messages from and it can tell where the messages it’s relaying are meant to go.

                                                                                                                                        If you are sending anything over the public internet, who sent the message, when it was sent, how big it is, who it is to, etc. is public information. The metadata of your Signal messages is public information.

                                                                                                                                        Every archived message will eventually leak.

                                                                                                                                        If I send you a message, and you decrypt it, you are responsible for its confidentiality. I cannot in any technological way prevent you from leaking the message. You can take a screenshot of the programme showing you the message, you can take a photo of your phone or computer screen, you can print it out, you can read it aloud, you can copy it by hand onto some paper. Part of sending someone a message is acknowledging that, regardless of the social norms around confidentiality, there’s no technological means of forcing someone to keep a secret. There are no Unbreakable Vows in the real world.

                                                                                                                                        This really goes back to the first point: if the person you are communicating with doesn’t care about security, you are not communicating securely no matter how many technological safeguards you try to put in place. At some point, they will fuck up, because they do not care. Auto-deleting messages just give a false sense of security. They’re like password expiry dates: all they do is encourage people to write things down. I’d rather my message was archived on their encrypted hard drive than written down on a piece of paper ‘because it will disappear otherwise’.

                                                                                                                                        etc. etc. It just goes on, repeating the same false and misleading statements about how encryption and trust and communication actually work. Ultimately, if you cannot trust the person you are communicating with and you cannot trust that they care about security, then your communications with them are not secure and the only form of ‘security’ you should bother with is the basic TLS level of just ensuring that dragnet surveillance won’t be able to passively eavesdrop on your conversations. But any kind of targeted surveillance will easily compromise your conversation, so don’t give yourself a false sense of security trying to harden yourself against something that you inherently cannot prevent.

                                                                                                                                        1. 15

                                                                                                                                          First of all, you completely ignored the forward secrecy and key rotation part. That’s kind of the killer, here – in order to support these things, you have to actually negotiate a key, which pretty much wrecks the whole “regular email with an encrypted payload” thing. The rest of this discussion is almost completely irrelevant compared to the lack of forward secrecy.

                                                                                                                                          But anyway…

                                                                                                                                          There are actual solutions for the metadata problem, particularly Mix networks like the recently-brought-to-my-attention Loopix system and the older MixMinion. I would rather use Loopix than Signal, all else being equal, because metadata is really useful. Tell me who you’re with, and I can pretty much figure out who you are even if I can’t actually read your email. And that’s before we start asking uncomfortable questions about the Subject line.

                                                                                                                                          I’d rather use a mixnet than Signal, but I’d still rather use Signal than PGP, for mostly the same reason that the author gave, and the reason that you didn’t address. The UX for the widely-available PGP email systems is really, really bad because they fail open. A well-designed security system should fail by erroring out, not by falling back to plaintext. If someone makes a mistake while using the encryption system, it is not proof that they don’t care. It is, at worst, proof of ignorance, and everyone is ignorant when they start out. It is easy to accidentally send an unencrypted email in most encryption-enabled clients. It is almost impossible to accidentally use email instead of Signal, specifically because the applications are completely separate.

                                                                                                                                          This is the same reason why I would run a Tor hidden service, even if I myself don’t care about my own anonymity, if I expected a lot of anonymity-sensitive users. If someone tries to use an onion site without actually using Tor, the site will not load, and they will immediately notice and correct the mistake. Even if your site offers both an onion address alongside a clearnet address, it at least acts as double-confirmation; someone who wants to use Tor would have to simultaneously use a clearnet browser and a clearnet address in order to accidentally leak their identity to me.

                                                                                                                                          I agree with you that auto-deleting messages are dumb, but seriously, the lack of forward secrecy ought to be enough. The part about making it harder to accidentally send a plaintext message is just a UX improvement that you take at the same time that you do the forward secrecy fix.

                                                                                                                                          1. 4

                                                                                                                                            First of all, you completely ignored the forward secrecy and key rotation part. That’s kind of the killer, here – in order to support these things, you have to actually negotiate a key, which pretty much wrecks the whole “regular email with an encrypted payload” thing.

                                                                                                                                            I’m not going to nitpick every single line of the post.

                                                                                                                                            The rest of this discussion is almost completely irrelevant compared to the lack of forward secrecy.

                                                                                                                                            I honestly don’t think that forward secrecy is that important.

                                                                                                                                            There are actual solutions for the metadata problem, particularly Mix networks like the recently-brought-to-my-attention Loopix system and the older MixMinion. I would rather use Loopix than Signal, all else being equal, because metadata is really useful. Tell me who you’re with, and I can pretty much figure out who you are even if I can’t actually read your email.

                                                                                                                                            I think this is really just security through obscurity. It’s not a bad thing, of course. But it seems to me that it really just protects metadata from dragnet surveillance in the same way that SMTPS/IMAPS protects data from dragnet surveillance. It doesn’t really prevent any targeted attacks.

                                                                                                                                            I’d rather use a mixnet than Signal, but I’d still rather use Signal than PGP, for mostly the same reason that the author gave, and the reason that you didn’t address. The UX for the widely-available PGP email systems is really, really bad because they fail open. A well-designed security system should fail by erroring out, not by falling back to plaintext.

                                                                                                                                            I’ve never had any issues with the UI for PGP email. I see the same complaints about PGP all the time and frankly people seem to want a magical solution to a problem that doesn’t have any solution: public key encryption is a fairly complicated thing and users need to understand it to use it. You can’t get around that.

                                                                                                                                            If someone makes a mistake while using the encryption system, it is not proof that they don’t care. It is, at worst, proof of ignorance, and everyone is ignorant when they start out. It is easy to accidentally send an unencrypted email in most encryption-enabled clients. It is almost impossible to accidentally use email instead of Signal, specifically because the applications are completely separate.

                                                                                                                                            I want it to be easy to send an unencrypted email, because I want to send lots of unencrypted emails. I don’t want all my emails to be encrypted. Most of them don’t need to be encrypted. Emails I’m sending to public mailing lists don’t need to be and shouldn’t be encrypted, as that just provides a false sense of security.

                                                                                                                                            I don’t want the applications to be completely separate. I think instant messaging (which is what Signal is and is for) should be separate from email, and for instant messaging things like always-on encryption probably does make sense. But email isn’t just for messaging privately to people you know, it’s used for loads of things where encryption isn’t appropriate, like mailing lists.

                                                                                                                                            I know some people think that mailing lists should be replaced with online forums or reddit or something, but I personally like mailing lists a lot more than reddit or even than old phpBB-style forums.

                                                                                                                                            This is the same reason why I would run a Tor hidden service, even if I myself don’t care about my own anonymity, if I expected a lot of anonymity-sensitive users. If someone tries to use an onion site without actually using Tor, the site will not load, and they will immediately notice and correct the mistake. Even if your site offers both an onion address alongside a clearnet address, it at least acts as double-confirmation; someone who wants to use Tor would have to simultaneously use a clearnet browser and a clearnet address in order to accidentally leak their identity to me.

                                                                                                                                            I agree with you that auto-deleting messages are dumb, but seriously, the lack of forward secrecy ought to be enough. The part about making it harder to accidentally send a plaintext message is just a UX improvement that you take at the same time that you do the forward secrecy fix.

                                                                                                                                            To me this is just optimising for stupid. If someone opens your website in Firefox instead of the Tor browser, they obviously don’t really care about their anonymity that much. If they really were worried they were being tracked by a government entity or something they’d be careful, constantly.

                                                                                                                                            1. 1
                                                                                                                                            2. 5

                                                                                                                                              Wrong / misleading in more than one way:

                                                                                                                                              If messages can be sent in plaintext, they will be sent in plaintext.

                                                                                                                                              That’s not a bad thing. If the person you are communicating with doesn’t care about encrypting the conversation then they don’t care about the confidentiality of the conversation and encrypting the messages is a waste of everyone’s time, a waste of computing resources and false security anyway. You cannot have secure communication between parties that do not care about security, in my opinion.

                                                                                                                                              It is possible to use unsafe mechanical equipment in a safe way. That doesn’t mean adding safety features is a bad idea.

                                                                                                                                              Yep, people can (and do) still jam the dead man switch, remove the covers etc but on average less people get maimed and killed now than before.

                                                                                                                                              Metadata is as important as content, and email leaks it.

                                                                                                                                              Metadata is not important data.

                                                                                                                                              If you can prove I sent a message to someone I was supposed to not tell I’m in trouble even if you cannot tell the exact contents of the message.

                                                                                                                                              That I sent a message to someone at a particular time is known to someone whether it’s a peer-to-peer service in which case it’s all the links between us, or a centralised service in which case it’s the service provider. Either way, everyone is aware I sent a message, and in both cases someone knows who I sent a message to.

                                                                                                                                              Emphasis mine. This does not necessarily follow. It depends on your threat model.

                                                                                                                                              You should not trust anyone with genuinely important information that genuinely needs to be encrypted. If it’s a centralised service, then the service provider knows, and you should assume everyone knows.

                                                                                                                                              Again: Threat model.

                                                                                                                                              If you are sending anything over the public internet, who sent the message, when it was sent, how big it is, who it is to, etc. is public information.

                                                                                                                                              I had a hard time figuring out what you meant here, one interpretation that makes it correct is if by “over the public internet” you mean if you send it by mail. You can do a lot to make sure this isn’t public information.

                                                                                                                                              The metadata of your Signal messages is public information.

                                                                                                                                              No. I’m not the biggest Signal fan (not open, Signal fans are seriously annoying etc), but let’s stick to the facts:

                                                                                                                                              Signal messages including metadata are encrypted in transit and discarded afterwards.

                                                                                                                                              Just like my 20 year old email hotmail messages aren’t public information, neither is the metadata from my Signal messages.

                                                                                                                                              1. 1

                                                                                                                                                metadata Who talks to who is of a high interest among surveillance agencies, perhaps the central nerve.

                                                                                                                                              2. 2

                                                                                                                                                Metadata is not important data. That I sent a message to someone at a particular time is known to someone whether it’s a peer-to-peer service in which case it’s all the links between us, or a centralised service in which case it’s the service provider.

                                                                                                                                                The amount of stuff that can be worked out just from metadata might surprise you. And the fact that modern secure messaging systems are working to make it harder for third parties to snoop on even the graph of who talks to whom should be a hint that maybe it is an important part of security.

                                                                                                                                                1. 0

                                                                                                                                                  There’s no reasonable expectation of privacy with metadata. It doesn’t matter what data can be worked out AT ALL. That’s not what’s in question.

                                                                                                                                                  If I send you a letter, that I sent you a letter is not private. The postman knows, the government is allowed to know, it might as well be public. What I sent you is private. Nobody is allowed to look in. We should be turning those legal privacies into technical, mathematical privacy. We shouldn’t be inventing new types of privacy and just assuming without any actually debate that privacy maximalism is philosophically correct.

                                                                                                                                                  1. 3

                                                                                                                                                    If I send you a letter, that I sent you a letter is not private.

                                                                                                                                                    Only if you put your name on the outside of the envelope, surely? Otherwise, yes, it’s completely private who and where the letter originated from because …

                                                                                                                                                    Nobody is allowed to look in.