1. 7

    That fast feedback that the statically typed language gave you about your code, the dynamically typed language will give you about your process.

    I’m not so sure about this one. Sure, the article admits it’s trolling a bit (and maybe this should have rant tag), but this stands out to me as a “rly?” kind of statement.

    Whether I’m using stronger type systems (C++ now) or weaker ones (Python, C previously), the process is basically the same: write code and tests, submit for review, get feedback, adjust, then deploy (which can mean various things) when there is concensus. For the most part, I’d say the process involved in software development that I have experienced has been independent of the programming language used.

    1. 1

      I felt the article was rhetorical, which is why I didn’t add the rant tag (although I nearly did…).

      Using rhetorical questions, can I believe be valuable in self-reflecting on the work you are doing, which is what I took away from the article.

      1. 2

        Understood. It’s one of those cases where I wouldn’t take the tag away if it was there, nor would I add it if it wasn’t.

    1. 11

      There’s also an outsider point of view text in Free For All (2002) by Peter Wayner:

      1. 1

        Thanks for the link, but it is now found in the web archive: Forks

      1. 3

        My passwords regularly end up in my $HISTFILE, both by accident and when connecting to certain services, it would be good to not store that in a central repository. Not sure how you would tackle this issue…

        1. 3

          Store the hash and blacklist content in the $HISTFILE based on the hash. If you get that one in a quadrillion false positive then you just accept that you lost some data for the sake of security.

          1. 1

            Yeah I like that….

          2. 2

            Aside from the shared secret security, it would be easy to add a blacklist file to the code (checking it’s an 0400 file). I could implement this if you want.

            1. 1

              Some encryption would be required - am pondering whether this should be SSL or a simpler scheme using the shared key.

              1. 3

                If you think about it, there’s not actually a need for the central server to read the logs: it just needs to store & serve them to authorised clients.

                You could have a single key shared by the clients, with SHA256(key || ‘client-server key’) being the client-server connexion key and SHA256(key || nonce) being the line-encryption key. Then the clients have simple configuration and the server cannot read the records, but all clients can read any client’s records.

                More complex schemes are possible, but this should be good enough for what I think you want to do.

                1. 1

                  ssh tunnel?

                  1. 1

                    Am keen to keep it as simple as possible - re-using the secret key seems like the shortest path (but I may be missing a technique).

            1. 1

              How much would we have to donate to get a picture of Theo (and/or @tedu) with a lobster on his head?

              1. 7

                I know you’re joking, but jokes aside, the software released by the project should already provide sufficient incentive to make a donation.

                1. 1

                  two Iridium donations might encourage the foundation to ask for them for a picture…or the whole 2018 target?

                1. 4

                  $work: try to document the mess that is our custom hacked Wordpress installation and maintain my sanity…

                  !$work:

                  1. find a CMS to host my BMX club’s new website - the server will be OpenBSD and I think I would like the CMS to use either go or python, any and all lobste.rs recommendations appreciated :~)
                  2. catch up with Return to Teaching online course that I’m currently on…
                  1. 4

                    more audio and tactile outputs would be great - it would also improve accessibility to technology.

                    having started wearing glasses this year due to age - my fonts are getting larger and larger on the high resolution screen that I own…

                    1. 3

                      replying to myself - one of the issues I notice is that the focus on the visual means that much information is lost as we end capturing written word as images - rather than text.

                      while ocr and image recognition systems help, when you p-score tells you it’s a giraffe when you know it’s a cat there is likely to be information loss.

                      1. 2

                        For tactile outputs there are a couple of microfluidics based prototypes. For braille there was BLITAB and a couple others. There are also some tactile screens where the keyboard rises. The tech seems promising, but other than promotion articles and events I have yet to see one.

                        My eyes would really appreciate a large size e-ink display for work. Most of my time is spent reading or writing text anyway. The largest one I’ve found was a 13in screen.

                      1. 2

                        @mort the link goes to this entry not the article…

                        1. 4

                          This is just a text post, not a link to a blog post :p

                        1. 29

                          As someone who was in the position of the child not so long ago - please don’t do this*. Giving children without any explicit interest to learn about these things gifts trying to initiate some interest will fail for both 90% of the time. Sure, most people here would have loved (or were fortunate enough) to have been given technological gifts when they were children, but that’s easy to say now. If on the other hand you would have been giving something you had absolutely no interest in, or unfortunately no capacity to learn at that age, say a dictionary of ancient greek, an introduction to advanced arctic-geology, the collected works of Hegel or socks, and you know on some level that the person giving you the present is hoping for you to be as happy about it as they think they would have been - well that kind of “pressure” (for the lack of a better word) is not really a nice present, even if it was unintentionally. On the other hand, from the side of the person who gave the gift, unless you enjoy disappointment, you won’t feel much better either.

                          *: I’d like to clarify that I’m not trying to universally condem any gifts with the intention to boost a childs interest in some subject - just be sure that he or she has a potential to understand it, and know her or him good enough to be sure that they are the kind of person to be interested in it. Not every present is appropriate for every child. Thinking about it twice will prevent you from becoming the person who is trying to force his interest on children and your present to just disappear in a cupboard indefinitely.

                          1. 7

                            +1 to this, as the parent of a 6-year-old.

                            We have Robot Turtles (as mentioned in another thread) and we’ve played it quite a few times, and she simply doesn’t find it compelling. This is not intended as a knock on the game, I’m sure it’s great for a lot of kids, but different kids like different things. I bought the card game SET, and she gets it and will grudgingly play it with me but insists that it’s boring and that she’d rather do something else. I bought her “No Stress Chess” and she learned how the game works and how the pieces move but decided she would rather act out little dramas with the king and queen and such.

                            I’ll keep trying more things, but you can’t force kids into any of this stuff. (Or at least you shouldn’t, is my belief.)

                            I would love it if she wanted to learn coding, but this year for Christmas she really wants a Barbie that turns into a mermaid and also into a fairy, so that’s what she’s getting. Maybe next year.

                            1. 2

                              Edit: Previous comment didn’t really move the discussion forward, so here’s a new one.

                              Can you make your comment more constructive? Answers to some of the following would really help.

                              • Was there a certain approach, attitude, or expectation that put you off?
                              • How was “gift to try and initiate interest” conveyed? If it had been conveyed differently, like “toy that might resonate with deeper interest”, would you have had a better experience? What would each of these approaches look like to you?
                              • Is there a certain kind of gift/kit/etc that was too complicated/specialized/specifically about learning?
                              • Was there an interest of yours that had been mistaken for an interest in programming?
                              • Were there redeeming parts of your experience that could be illustrative for a better approach?
                              • Any specific input on what “he or she has a potential to understand it” means as it relates to your experience, or that would surprise a casual observer?

                              Surely there are ways to go about giving gifts that involve learning (not necessarily as a primary focus) that isn’t “pressure”.

                              I feel like you have an interesting perspective to share, but it’s all hidden behind a dismissive post. Even if your experience was an unmitigated disaster, there is something you could offer beyond “don’t even think about doing this”.

                              1. 4

                                Was there a certain approach, attitude, or expectation that put you off?

                                Not really “put me off “ - but I’d say that there was often an expectation that I already understood more than I did. In my case it was a electronics kit, but I didn’t know (and nobody told me (or at least I didn’t understand if if anyone did)) that electricity needs to flow in a circuit - and why should it? There’s only one wire from the plug hole to a lamp, why would this be any different?

                                How was “gift to try and initiate interest” conveyed?

                                To give an opposite example from my previous one - my grandfather, who was a professor of physics, once bought me some game (I can’t remember what it actually was, I was 5 y/o) that had to do with motors, moment and mechanics, etc. And he wanted to explain it all to me, but - not that I didn’t like it per se - but I just wasn’t interested in the physical stuff. There were little cut-out mammoths I found great delight with, and I remember my grandfather being disappointed to put it mildly that I didn’t want to play with the actual things…

                                If it had been conveyed differently, like “toy that might resonate with deeper interest”, would you have had a better experience?

                                … so it’s not really a problem of intention, or that’s at least not what I meant (I’m sorry if I was misunderstood). The issue just was that back then, I had e.g more interest in ancient animals than the laws of mechanics. So maybe it would have been different if I had an interest in physics, but for that I would have had to have had a basic understanding of the subject - without that - if all these things stay “mystical”, “magical” ideas beyond comprehension - I believe not much can be done to help the child develop an interest. So again, make sure the child is curious and capable (age and education wise) to engage with subject you want to introduce them to.

                                Is there a certain kind of gift/kit/etc that was too complicated/specialized/specifically about learning?

                                I’ve given examples already from my childhood, but for the most part I’d recommend not to give toolkits as first gifts. If one doesn’t have any idea what to do with it, or how to use it, it will either be forgotten or broken before one actually learns to use it properly.

                                Was there an interest of yours that had been mistaken for an interest in programming?

                                Well in my case it wasn’t programming, I had to teach myself all of that. Interestingly enough, I did always have a greater interest in things related to computers, but I guess my family were less interested in it, so they didn’t feel like supporting it. So the tip here would be to maybe transcend ones owns interest and actually try to support something the child actually likes.

                                Were there redeeming parts of your experience that could be illustrative for a better approach?

                                None of which I could think of spontaneously, I might edit the post later on if I come to think of something.

                                Any specific input on what “he or she has a potential to understand it” means as it relates to your experience, or that would surprise a casual observer?

                                “If the toy says ages 9-16, don’t give it to a 5 year old child” would be a good guideline. I’ve already implied it, but I’ll say it again, make sure the child’s first exposure isn’t this toy - 95% of the time this will go wrong, especially with younger children.

                                Surely there are ways to go about giving gifts that involve learning (not necessarily as a primary focus) that isn’t “pressure”.

                                Of course, the pressure I was talking about doesn’t (or at least in my case didn’t) come from the presents themselves, but the expectation from the people who gave them to me, to flourish or immediately develop a profound interest in the subject. I guess you could see this more as an attitude problem from the perspective of the gift-giver, but (depending of the child) he or she can feel that too. That’s the uncomfortable part, I really want children to be spared from.

                                I feel like you have an interesting perspective to share, but it’s all hidden behind a dismissive post. Even if your experience was an unmitigated disaster, there is something you could offer beyond “don’t even think about doing this”.

                                I apologize if my first commend was a bit too dismissive, I hoped my last paragraph would give the whole thing a positive turn, that’s why I added the footnote after the first sentence. But I hope I could clarify a few things now, and help you and anyone reading this with coming to an informed choice, when thinking about giving gifts with good intentions. Again, if it’s the right gift for the right person, it’s fantastic, but it’s not that easy to make sure that that is the case!

                                1. 4

                                  if you are lucky enough to be able to work with the child and the gift, or you know their parents will be supportive, then you might create an interest, otherwise @zge comment is unforutnately the likely outcome - unless you know that they already have an interest in that area.

                                  however, if the gift is fun and doable by the child then it can be a real success - although, the age on the tin is not helpful, my youngest is 7 years younger than her older siblings and she has aways played with age inappropriate toys :~)

                                  my 2 pence worth from the perspective of a being a Dad :~)

                                  1. 4

                                    if you are lucky enough to be able to work with the child and the gift

                                    I wish I could edit the OP as this is exactly the case, and there has been expressed interest.

                                    1. 4

                                      If it’s practical to do so, why not take the child somewhere where sciency toys are on display and see what he/she gravitates towards? I think if the learning is initiated by curiosity in the child then it’s more likely to have lasting effects.

                                      I started taking guitar lessons when I was five years old because my granddad saw me staring at a guitar and he asked me if I wanted to learn (and I did). I don’t know how I would have reacted if I was just given an instrument as a gift without anyone asking beforehand what I thought about it.

                              1. 2

                                For a slight different approach for things to do with kids how about https://chibitronics.com/: learning technology through arts and crafts.

                                Scratch from MIT can be fun, and ScratchJr is an app for a tablets, the current version of Scratch is unfortunately flash based (but Scratch 3.0 is in beta) and you can use a web based version called Snap! - which grew out of the build your own blocks project for Scratch.

                                And the Pirates at Pimoroni have idea’s kits and instructions for kids!

                                1. 12

                                  I like how the article notes one of the main sources of burnout in senior engineers: continually cleaning up messes caused by other people.

                                  However, I think that it does miss the biggest pathology of engineers–a continual reinvention of shiny and experimentation that I can only describe as neurotic. Watching engineers throw away perfectly good tooling in order to try the framework of the month reminds me of a cockatoo plucking its own feathers out because it isn’t getting to do anything fundamentally interesting in its cage.

                                  Companies have this problem where they refuse to acknowledge the commonalities that their businesses have with every other business on the planet (and hence they won’t accept standardized solutions) and also where they won’t actually pay engineers in such a way as to reward them for delivering value on time and under-budget.

                                  I ask you fellow lobsters–if you were guaranteed 1-5% of growth profits that your company had this year, how much harder would you work? How much less would you invest in new toys?

                                  Similarly, if there is no further growth, maybe it’s time to stop writing software. Maybe the business is completed, and we can all go do something else rewarding with our lives.

                                  1. 5

                                    Similarly, if there is no further growth, maybe it’s time to stop writing software.

                                    I think there’s also an important detail: the job isn’t to write software. It’s not to ship things. It’s not to fix bugs.

                                    The job of everyone is to do the “right things” so the company can make more money/be more sustainable/whatever the final goal of the company.

                                    Sometimes this means not goofing off on rewrites. Sometimes it means killing off a project because this isn’t actually important. Sometimes it’s not even about technology. If you’re sitting around making store page updates but company logistics are causing your company to lose shipments, maybe you need to go help the mailroom.

                                    This is why I love having engineering handle user support. It helps teach you that shipping doesn’t mean anything if your old stuff is breaking. It teaches you that you’re not doing things in a vacuum. And it helps engineers also realize that results matter, and software development is just one piece of that.

                                    A lot of product teams build out these huge product plans, but in the end spend half of their time in “firefighting” mode. Most of those teams should immediately drop everything and…. just fix their stuff. Nothing else matters.

                                    Whenever you end up spending a bunch of time on things but it doesn’t seem to have an effect on the bottom line, it weighs on you. If you can get out of the box of your job title, though, you can go immediately towards fixing the things that need fixing, adding the things that need adding. And if you’re right, you will know, and you will know immediately.

                                    1. 4

                                      “However, I think that it does miss the biggest pathology of engineers–a continual reinvention of shiny and experimentation that I can only describe as neurotic.“

                                      We agree on this idea, that software engineering seems to operate in circles. Fundamentally, there is not much change happening: just new layers or ways of expressing. Each has its positives and negatives with respect to expressivity. For example, where first-class “objects” in object-orientation could help model concurrency and interactivity, now futures in event streams seem to be it all. The underlying model of concurrency has however not fundamentally changed for 40 years, and will unlikely change in another 40.

                                      Sometimes I am concerned, when discussing programming with fellow students who seem to be dissatisfied with extremely simple programs, that we learn to expect complicated solutions everywhere. In reality, only simple solutions are really solutions in the literal sense: a solution dissolves the original problem into understandible and simpler terms. The simpler terms allows one to perform a computation more easily, thereby tackling the original problem. I am not talking about algorithmics here, e.g. divide and conquer, but modeling humane computational problems.

                                      I would be even inclined to believe that too much focus on the programming activity actually distracts from solving any problem. Keep programming activitities at minimum, focus on the humane part of development of a project. Learn as much as is possible, or as much as one wants, from the problem domain. Attack small problems first, built it out into an ecosystem of solutions. Validate the solutions: try to explain peers what is the problem, why it is important and how it can be simplified. These solutions live in the minds of people within an organisation. Develop training programs to effectively learn new hires the legacy of the company comprising all existing ideas and ways of thinking.

                                      Most people equate the role of developer and programmer. That is wrong. Project development is people-first, machine-second. Now, the word “neurotic” perfectly fits this description in my mind: people problems can not be solved by thinking like a machine.

                                      1. 3

                                        The evidence to say that money movitvates (see https://hbr.org/2013/04/does-money-really-affect-motiv) is not strong, so the guaranteed bonus might not have an incentive effect…

                                      1. 2

                                        Neither networking or sci-fi, I’m currently reading: The Montessori Method by Maria Montessori, and Computer Science Teacher by Beverly Clarke

                                        partly as I’m so fed up with $work that I’m looking at going back into teaching next year, but also to improve my coaching and teaching in general…

                                        ..but I am enjoying reading the Heroes of Olympus Series by Rick Riordan with my youngest daughter :~)

                                        1. 29

                                          I think there’s a bigger point missing here with the focus on Rust. Neither Theo or most of the OpenBSD developers want to leave C. There’s been system languages that are safer, compile faster, allow unsafe when necessary, and either had a langX-to-C compiler or could be modified to. The team had no interest in switching despite massive reduction in bugs they offer with almost no effort on developers part as language does it by default. Theo’s recent post cites compile times, compatibility with other architectures, and building self. Wirth-style languages that did that got no adoption from him. If Rust does it, he likewise won’t use it since that’s not what’s going on.

                                          What’s going on is Theo and OpenBSD developers like C (maybe love it), want to use C, and already have a lot of C. Given all that together, they’ll keep using C. Don’t let that last part fool you as a justification for keeping on C for avoiding costly rewrites: OpenBSD people rewrite stuff all the time. They love doing that shit usually to improve security or maintainability. Recently, they added a new randomization that took all kinds of work and discussion for a security argument so probabilistic they can’t tell me precisely what attacks it will stop that old OS wouldn’t. They put massive amounts of effort into those kinds of projects. Rewriting some core utils in a safe language that provably eliminates entire classes of errors at root causes? And one they can learn in days (eg Wirth’s) to months (eg Rust)? Now that is too much work. Someone else will have to do all that, make the compiler meet arbitrary criteria, etc before OpenBSD folks will even begin to consider it.

                                          These double standards on where they put in effort show they do what they do because it’s their culture and preference, not for purely technical reasons. They’re no different than most groups building stuff in that sense. At least they build high-quality stuff they give out for free. Can’t knock them too much given how rare that is (quality part that is). That said, I encourage people to address Theo’s complaints even if they have nothing to do with whether they’ll rewrite OpenBSD in Rust or whatever else. That’s because compilation time, self-hosting, and OpenBSD utilities in safe languages are genuinely-important issues for those of us who might actually use that stuff. The end result of putting that work in is faster, safer tooling with a bunch of utilities written in it. Proponents of safe, systems languages win by dealing with the very things Theo is griping about regardless of whether OpenBSD adopts the tools.

                                          And don’t forget there’s other security-focused OS’s with a lot less labor and maturity that can use the effort. If he turns the stuff down, go to Genode, Redox, Minix 3 (availability-focused) or whoever. They’ll improve over time with people needing practical OS’s for embedded or server appliances having more choices over time. As Redox showed, the end result can happen quite quickly if done in a safe language since you spend less time fixing code-level vulnerabilities. Those with fast compile times would also iterate new features faster. So, have at it I say!

                                          1. 20

                                            I think you’re ignoring the costs of having a system written in multiple languages. There already is one significant component written in a not C language: pkg_add, written in perl. And it has exactly one developer who does all the work and zero other devs touch it.

                                            Something which probably isn’t visible from the outside is how much code gets shared and migrates around within the source tree. I write a function to do something fancy in this utility. It gets copied to that utility. It gets modified. It evolves. It lands in libc. More programs use it. That’s not impossible with rust, since you can write C bindings, but it’s the kind of thing that doesn’t happen. Switching to rust, for all the good that might do for new code, would kill ongoing development of the existing C code because new techniques and patterns would not be backported.

                                            1. 2

                                              “I think you’re ignoring the costs of having a system written in multiple languages. There already is one significant component written in a not C language: pkg_add, written in perl. And it has exactly one developer who does all the work and zero other devs touch it.”

                                              I’m saying you should pay it while minimizing it. My claim is one could have improved a safe language of the 90’s or earlier that was close to C. Wirth stayed doing that. Hansen did. Some others did. I keep weaking the requirements to fit your constraints. My comments here include a type/memory-safe superset of C that’s easier to parse, uses C’s types/interfaces, seemlessly includes C libraries, and optionally produces C. It’s hard for me to see how that’s a big cost. It also in no way compares to Perl.

                                              Whereas, you’re ignoring the costs of using C for your project in this comment. The C language was cobbled together from BCPL to implement a tiny, unsafe OS on PDP-11 hardware constraints. The OpenBSD project is trying to use it to build a large, safe, and secure piece of software on platforms a decade or so more modern. It’s such a bad fit that you all have created your own libraries, coding style, and even OS to make up for all its failures. In essence, there’s your type of C and the regular: almost like two, similar languages already. On top of it, all the details a high-level language will get right automatically have to be manually handled by your people. It sounds like your superset and modifications to C are more labor intensive while leaving all of its problems there with mitigations for some of them. That’s a bigger cost to accept than mine.

                                              “Something which probably isn’t visible from the outside is how much code gets shared and migrates around within the source tree.”

                                              Which would’ve happened if you all picked a safer language early on. Now, it might require the compiler/translator to generate human-readable C that conforms to your standards for what’s acceptable. The cool thing is a superset with macros and/or advanced types might let one reuse those patterns with less cognitive overhead plus more machine checks.

                                              “would kill ongoing development of the existing C code because new techniques and patterns would not be backported.”

                                              That sounds like a cultural problem. The web folks manage to keep their monoliths working with multiple, programming languages. I’m talking the good developers where it actually works. Then, you say selectively introducing something new would kill all the C activity? They must want to kill it. They could keep it both going if they wanted with the rewrites incremental. With a no-friction proposal like mine, it would be even easier after they build the initial tooling. Regardless, I’d start with the filesystem, the networking stack, and server software that operate on top of them. Those seem to have been the most critical components for OpenBSD for a while now. At the least, a significant subset of OpenBSD representing much of its real-world use might end up memory-safe with all sorts of validation.

                                            2. 3

                                              Of everything I have seen, checked-c was the only thing i could imagine openbsd adopting, and even then, only if it had a way to translate back to normal C so the code can be distributed. e.g. sshd

                                              1. 3

                                                I think that is a little disingenuous, when you consider that they currently support 12 architectures, and generally I can run the same code on my sparc64, amd64, i386, macppc and armv7 machines - where as a lot of these system languages to do not run on all those architectures.

                                                1. 1

                                                  A safer C or similar language compiling to C would run on same architectures with less effort due to fail fast, HLL features, and (if Wirth-style) fast compilation. The Oberon language was ported to PPC and ARM IIRC with minimal effort (i.e one or two students’ project). Im not sure what each GCC backend took. If harder, then it would be further support.

                                                  Again, point is the portability argument doesnt counter my recomendation since the compile-to-C variant gives you at least the same ISA support as C compilers.

                                                  1. 5

                                                    The Oberon language was ported to PPC and ARM IIRC with minimal effort (i.e one or two students’ project). Im not sure what each GCC backend took. If harder, then it would be further support.

                                                    The effort of building a compiler backend depends much more on the assembly quality you want than on the compiler. To build a minimalistic backend for a new architecture in GCC is probably not much harder than in any other compiler. The biggest necessary part is instruction selection (translating IR operations into target architecture instructions). It might be a little bit more work if GCC has more possible IR operations due to fancy optimizations, but overall the process is tedious leg work. Register allocation and scheduling are the other two necessary parts, but they can usually be mostly reused across backends unless you have something fancy. For popular backends GCC (and LLVM and …) also have a ton of (optional) optimizations in the backend. Building those is a neverending story where we only approximate some illusive optimum. You can write arbitrary amounts of code here.

                                                    1. 1

                                                      Appreciate the info on that. Then, probably scratch that part of my comment.

                                              1. 4

                                                I am working on a proof of concept for GDPR using a graph database and vuejs. Wednesday I will be speaking about API first CMS at WHO in Copenhagen.

                                                1. 2

                                                  GDPR is going to be a hot topic next year. Is your idea to demonstrate links between data points?

                                                  1. 3

                                                    Yes it is! I am preparing a GitHub repo and few blog posts. I will share all when it is ready.

                                                    1. 1

                                                      Please do, I’m interested on this matter!

                                                      1. 1

                                                        Hello, as promised I have published the first part here: https://blog.grakn.ai/gdpr-threat-or-opportunity-4cdcc8802f22 the second part is here: https://medium.com/@samuelpouyt/grakn-ai-to-manage-gdpr-f10cd36539b9 and I have yet to publish the api example. Code is available here https://github.com/idealley/grakn-gdpr

                                                  2. 1

                                                    Are you talking about GDPR at the WHO? Or an actual CMS?

                                                    1. 3

                                                      At who I am speaking about Cloud CMS an actual CMS we have implemented where I work, but I am speaking generally about API first CMS’s and the benefits they can bring to a company, especially if you need to publish to different channels.

                                                      1. 1

                                                        Have you spoken at any other humanitarian agencies yet or worked at an NGO in a technical capacity before?

                                                        1. 1

                                                          I am working at an NGO. And we have implemented it. I agree it requires some technical knowledge, but the benefits are huge!

                                                          I did not speak at humanitarian agencies on this topic, but I have have in other digital circles.

                                                          1. 1

                                                            Cool, well good luck! I haven’t been to the Copenhagen office before, been to GVA and in-country offices, they only let me out of my cage to see the outside world once in a blue moon.

                                                            1. 1

                                                              I was also in cage. One day I was invited, my boss said no. I took the days off on my extra hours, and financed myself. Like this trip to Copenhagen. :( But all the rest is fun!

                                                  1. 1

                                                    did you mean to tag this entry in the thread?

                                                    1. 1

                                                      I’m surprised that more wasn’t made of the power saving, as cloudflare’s electricity bill must be significant.

                                                      1. 1

                                                        Read the final paragraph.

                                                      1. 1

                                                        The youtube demonstration of exfiltrating /etc/passwd is what lead me to this project.

                                                        1. 2

                                                          This article lists some interesting resources but it would be good to have some information on the pedagogy behind teaching children to code.

                                                          1. 18

                                                            When ad-blocking was obscure, we could free-load off of the majority who fund services by viewing ads… now Apple is taking my free lunch! :/

                                                            1. 18

                                                              I clicked on the article. It came up and I started reading it. I didn’t get very far when the window turned black, and said I had to rotate the screen to view it “properly” on my phone. First, I’m not on a phone, thank you very much. Second, I’m on an iPad, using it in landscape mode because I’m using it as a laptop [1].

                                                              Fine, I turn the iPad to portrait mode. Page loads with this #@%@#$@$ vertical ad, covering the article, with no way to dismiss it. Thank you so very much. Thank you so very much that I’m not going to read your sob story about how blocking ads will destroy the Internet.

                                                              [1] No power. Using iPhone as hot spot. Still waiting for power company to restore power after Hurricane Irma.

                                                              1. 5

                                                                Upvoted for your honesty. That’s exactly what ad-blocking is. The malware reduction argument some respond with is bogus. If they were about paying for what they consume and didn’t like malware, they’d just not use the ad-supported services. Free shit rocks, though, right? ;)

                                                                1. [Comment removed by author]

                                                                  1. 21

                                                                    I worked at a streaming media company. A lot of our ads were supplied by brokers like Google. They were mostly harmless. Frequently, however, we’d get custom ads for special events (launch events for movies, TV shows, and games).

                                                                    The code in the special-event ads was a disaster. If I could, I’d clean it up so that it still worked. Problem mostly mitigated.

                                                                    However, in many of the embed snippets we’d receive the code was a script that would pull the real ad from the advertising company’s servers. Complete crap. Almost all of them would engage in some kind of DOM manipulation. If you didn’t isolate the ads they would break the layout.

                                                                    The ad code would often try to include its own trackers for unique-visit tracking. Flash ads were very popular. So the companies would try page-takeover techniques to block everything and force you to view 15 seconds of crap. (And let’s not forget pop-over and pop-under ads.)

                                                                    Very few companies were content with a simple image and an anchor tag to let the user follow-up for further information.

                                                                    And that’s the chief problem with online ads. They try to be way too smart. Many want to interact with the user, or worse, “demand” you pay attention. Advertisers frequently have an attitude of “I paid for this, you’re going to give me some time.” They’ll say they just want to inform the public. But no. They want ROI.

                                                                    And these are the “legit” advertisers. After that there are the skeezy “b” players (remember “X10”) who aren’t trying to rob you but are more like the used car salesman of the internet. Then there are the porn advertisers and lastly the purveyors of drive-by malware. This last group doesn’t even pay for ad space. They steal it.

                                                                    And don’t forget the ad networks and information aggregators who want to build detailed dossiers about everyone (Google and Facebook are the most public of these). Who do you think invented persistent cookies?

                                                                    No. Being suspicious of online advertising isn’t a sign of paranoia. It’s sensible.

                                                                    1. 4

                                                                      Why aren’t ads just regular websites served in an iframe? That way, their shitty code couldn’t break anything about your website. Each site could have their own ID, sent in a query parameter in the iframe URL, to track which websites provide impressions. The ad could still be as flashy and interactive as it wants. The ad’s code could be as shitty as it wanted, and it wouldn’t have a negative impact on any users.

                                                                      1. 9

                                                                        That would make sense, but many ad networks ban displaying ads in iframes because they can’t check the contextuality of the ad to the page the user sees. The ban also helps mitigate fraud. If the ad could only “see” the iframe around it, it would make it easy to load the ad via techniques as simple as using curl, to more sophisticated uses of multiple javascript xhr requests.

                                                                        Google still ban it today (AdSense Policy FAQ). Common phrasing for this is “posting on a non-content page”.

                                                                        The online advertising industry created the cesspool and now they’re whining that Apple, Google, Mozilla, and dozens of ad-blocking companies are trying to force them to clean-up.

                                                                        On a related note, it might seem weird that Google would try to force better practices with Chrome when they make their money on advertising. But for the most part, Google run a pretty tight ship and force advertisers to adhere to some reasonable standards.

                                                                        Weeding out the worst players keeps the ecosystem sustainable. The last thing Google want to see is an end to online advertising. And it doesn’t hurt their chances of winning more advertising dollars from the gap left by their departure.

                                                                        1. 6

                                                                          because they can’t check the contextuality of the ad to the page the user sees.

                                                                          Well they can: IFrame “busters” have been available for a long time, and since the ad network is usually more trustworthy than the publisher (to the Advertiser anyway) they could provide an interface to look up the page the user is on well before location.ancestorOrigins (and generate errors if parent!=top).

                                                                          Indeed most of the display networks used to do this – all of them except Google, and now AdSense has edged everyone who wants to do impressions out.

                                                                          On a related note, it might seem weird that Google would try to force better practices with Chrome when they make their money on advertising. But for the most part, Google run a pretty tight ship and force advertisers to adhere to some reasonable standards.

                                                                          Google is probably the worst thing to come to advertising and is responsible for more ad fraud and the rise of blocking crap JavaScript than any other single force.

                                                                          Google will let you serve whatever you want as long as their offshore “ad quality team” sees an ad. Everyone just rotates it out after 100 impressions and Google doesn’t care because they like money.

                                                                          Google still lets you serve a page as an iframe – even if it has ten ads on it. Buy one ad, sell ten. Easy arbitrage. Even better if you can get video to load (or at least the tracking to fire). This has been trivial to stop for a long time, but hey, Google likes money.

                                                                          Googles advertising tools are amongst the worst in the world (slow, buggy, etc) and make it difficult to block robots, datacentres, businesses, etc. using basic functionality that other tools support.

                                                                          What’s amazing is Google’s PR. So many people love Android, good search, that quirky movie about an Intern, the promise of self-driving cars, and so on, that they don’t educate themselves about how Google actually makes their money out of fleecing advertisers and pinching publishers.

                                                                          1. 1

                                                                            Iframe busting is a technique for content in the iframe to “bust out” and replace the page with itself. It’s primarily used for ad-takeover and to prevent clickjacking. It’s not a technique for accessing the DOM of the parent. Browser bugs aside, accessing the DOM of the parent requires the child have the same origin as the parent (or other assistance).

                                                                            location.ancestorOrigins might not give the ad network or advertiser the contextual information they want if the page the user is viewing varies by status (guest, authenticated user, basic membership, premium membership).

                                                                            It’s easier (and better for data gathering) for ad networks to demand they’re on the same page the user is viewing. Whether that’s a good thing for the end user probably doesn’t matter to many content providers as long as the ad network isn’t serving up malware (or causing other issues that might hurt the provider/user relationship).

                                                                            In short, you want to monetize your site, you find a way to convince users to pay, or you get advertising which means you play by the ad-networks’ rules.

                                                                            Google definitely has issues, but they’ve made it easy enough and, compared to their competitors, less problematic such that many content providers accept it.

                                                                            1. 1

                                                                              Iframe busting is a technique for content in the iframe to “bust out” and replace the page with itself. It’s primarily used for ad-takeover and to prevent clickjacking. It’s not a technique for accessing the DOM of the parent.

                                                                              The same API ad servers provide to iframes for doing these rich media operations, also carry other capabilities, e.g. EyeBlaster’s _defaultDisplayPageLocation

                                                                              Since (hypothetically) the ad network is more trustworthy than the publisher, this could have been used to trivially unmask naughty publishers.

                                                                              The only reason I can come up with for the sell-side platforms not doing this is that they like money.

                                                                              Google definitely has issues, but they’ve made it easy enough and, compared to their competitors, less problematic such that many content providers accept it.

                                                                              They don’t really have any display/impression competitors for small sites anymore… although I’ve been thinking about making one.

                                                                    2. 4

                                                                      Well, I respect you for trying to avoid freeloading. I should also add I think it’s ethical for people to use ad blockers for security who otherwise avoid ad-supported site. Just trying to stop any sneaky stuff.

                                                                      1. [Comment removed by author]

                                                                        1. 2

                                                                          That’s reasonable. Similar to AdBlocks Acceptable Ads where being obnoxious or sneaky is unacceptable but ads themselves are OK.

                                                                    3. 5

                                                                      I disagree with that viewpoint. It’s right up there with, “Our service would be secure if people would just stop requesting these specific URLs.”

                                                                      I just don’t see ad-blocking as freeloading. It doesn’t make any sense to pay for something when there’s an equally good free alternative.

                                                                      I’m a happy paying customer of GitHub, Fastmail, SmugMug, Amazon Prime, Flickr, Netflix, and probably some services I’m forgetting. At the same time, I’m not stupid, and I’m not going to be annoyed and look at ads.

                                                                      1. 1

                                                                        ““Our service would be secure if people would just stop requesting these specific URLs.””

                                                                        It’s certainly not. Managing the risk your product or service has for consumers is totally different than getting a good you know is ad-supported, has ads built-in by default, and stripping the benefit to the other party while enjoying the content. They’ve put work into something you enjoyed and a way to be compensated for it. You only put work into removing the compensation.

                                                                        “ It doesn’t make any sense to pay for something when there’s an equally good free alternative.”

                                                                        I agree. I then make the distinction of whether I’m doing it in a way that benefits the author (ads, patreonage, even a positive comment or thanks) or just me at their expense since they didn’t legally stop me. I’m usually a pirate like most of the Internet in that I surf the web with an ad blocker. I’m against ad markets and I.P. law, too broke to donate regularly, and favor paid/privacy-preserving alternatives where possible (i.e. my Swiss email). When I get past financial issues, I’ll be using donations for stuff where possible. I still do that occasionally. Meanwhile, you won’t catch me pretending like I’m not freeloading off the surveillance profiles of others on top of whatever they have on me.

                                                                        1. 6

                                                                          These anti-adblock sentiments seem to always assume the content creator will get paid if I don’t block the ads. But that assumes that either (1) they get paid by impression – which is vanishingly rare or (2) I would click on ads, which I won’t blocked or not.

                                                                          1. 1

                                                                            Now that’s a good counter worth thinking about. It still fits into my overall claim of freeloading, though.

                                                                      2. 2

                                                                        Mostly it doesn’t which is why most of the time I don’t bother to look for ways to pay for it. But setting aside vast majority of websites where I might visit only once or twice why should I go out of my way to avoid sites that don’t offer any (to me) reasonable way of paying for them?

                                                                        From practical point of view using ad-blocker I don’t even know about most websites approach to monetisation if there is one. I do bail on those that notify me about my ad-blocking which I guess is ethical in your book?

                                                                        For what is worth I do pay for a bunch of online services, few patrons and sponsor/subscribe to a couple of news media organisations.

                                                                        1. 2

                                                                          why should I go out of my way to avoid sites that don’t offer any (to me) reasonable way of paying for them?

                                                                          A good point. The authors concerned with money should at least have something set up to receive easy payments with a credit card or something. If they make it hard to pay them, the fault is partly on them when they don’t get paid.

                                                                      3. 3

                                                                        While I agree content needs to be paid for in some manner - network ads use a not insignificant amount of bandwidth which I pay for on my mobile data allowance and at home through my ISP. The infrastructure costs of advertising, and spam email are not all bourne by the producers of that content. From my perspective the advertisers are not funding the content that I want…

                                                                        1. 1

                                                                          Well, that’s interesting. I can relate on trying to keep the mobile bill down. It still falls in with freeloading where you don’t agree to offer back what they expect in return for their content. Yet, it’s a valid gripe which might justify advertisers choosing between getting ads blocked or something like progressive enhancement for ads. They offer text, a pic, and/or video with what people see determined by whether a browser setting indicates they have slow or expensive Internet. So, they always serve something but less bandwidth is used when less is available.

                                                                      1. 2

                                                                        The concept is great, and I enjoyed the reads that I lurked on, thanks for putting in the effort.

                                                                        1. 2

                                                                          would lobsters recommend reading “The Psychology of Computer Programming”?