1. 10

    Related soapbox: stop it with the WTFPL-and-friends shenanigans.

    I get it. Licensing isn’t fun. It’s frustrating and convoluted and, depending on how you lean, may be generally a bad idea for software. But it’s here, and we have to deal with it. Being edgy and using the word “fuck” in an attempt at being subversive just flags as being childish, and ironically, no one can do anything with your code, because it’s not a license.

    If you really want people to do whatever they want with your code, use MIT, 0BSD, CC0 or something tested that actually does what you intend, and move on.

    1. 9

      I actually advocate eschewing licenses. I don’t want companies to benefit off of my work product without paying me, and I want individuals to go ahead and use it for their own personal projects. In reality, for code without a license, most people aren’t going to look at a license file unless they find themselves in some legal dilemma, and most people tend to assume that code is open source by default, so they will just go ahead and use it without thinking more of it, that’s fine. After all, if I didn’t like it, then what am I going to do, sue them? If they are really scared, they can send me an email and I’ll grant them a perpetuity license or whatever.

      Now for companies, they have legal departments that will wring-hands over something not having a license, so not having a license will deter them and make it harder for them to use it. They’d have to email me and from there we have a line of communication where I can state that they either pay me, or to GTFO for trying to exploit my work output for their profit margin.

      Now for big companies, or for things like ICE, even if I do have a license, what am I going to do, sue them? They can win a war of attrition and tie me up with legal red tape for the next thirty years. There’s literally no reason to bother with dealing with licenses because in reality, functionally when you are using software, it doesn’t matter one iota.

      The idea of “Open Source” as a concept has been, overall, detrimental to the “Free Culture, Free Software” movement anyway – such as when GNU/The FSF petitioned one of the Nordic governments not to abolish copyright, as it would be detrimental to GPL licenses. Not to mention that it’s facilitated and aided what is essentially, continued mass exploitation on a previously unforseen scale.

      1. 2

        I actually advocate eschewing licenses. I don’t want companies to benefit off of my work product without paying me, and I want individuals to go ahead and use it for their own personal projects.

        I feel much the same way, but I’m not sure not using a license achieves what I want. Ideally, I would want a functional “Ethical Source” or “copyfarleft” license, but I’m also skeptical about the ability of licenses to achieve those goals. I’m actually looking at the FAFOL (Fuck Around And Find Out) license, just because it’s going to be an unacceptable legal risk to any company looking at it, but no actual person in their right mind is going to pay attention to it.

        1. 1

          This is an interesting one because so many folks work for companies which might run afoul of some “ethical source” licenses. Like imagine someone who works for a healthcare company or an energy company or a government. It’s sort of an interesting conundrum.

        2. 1

          such as when GNU/The FSF petitioned one of the Nordic governments not to abolish copyright, as it would be detrimental to GPL licenses.

          I’m really interested in this, do you have a source or can you point me to a good place to start looking for info about this?

          edit: i found this: this

        3. 8

          Yeah, I don’t think saying “fuck” counts as edgy anymore…

          1. 1

            Why is it not considered a license?

            1. 2

              Because neither you nor I are lawyers. Plus it’s redundant to a bunch of real licenses.

              Does “do what the fuck you want” include suing you if the code doesn’t work? It could be interpreted that way, hell, it might even invite it. I dunno — again, I’m not a lawyer — but it’s not worth me taking the slightest risk in that regard if the only benefit is just to be petty.

              But people want to be smugly against licenses, and ironically they don’t even get the benefits they want to be radically open. It’s sad, really.

              1.  

                (Disclaimer: I am not a lawyer and this is not legal advice, of course)

                Us not being lawyers has nothing to do with whether or not it’s a license.

                It not having a warranty clause also has no effect on it being a license or not. That may preclude it from being a good license, which I’d agree with.

                I think it’s more a statement on the restrictiveness of certain licenses, not a critique of licenses in general.

          1. 6

            Disgusting work. And the security angle is pure BS. Its entire purpose is to deny us our computing freedom. To “protect” the code from us like we’re some adversary.

            This will only be used by scammers and those who now try to block right clicks with an alert()

            1. 6

              I don’t think this is about how to make your website more secure. This is a “hey, here’s shit evil people could do, you need to be aware of it” kind of thing.

              1. 5

                Disgusting work.

                I think this is great, assuming browser vendors are willing to fix it. @freddyb Do you know if firefox is vulnerable to this too?

                1. 3

                  I think treating this sort of thing as a vulnerability that can be fixed is a losing battle.

                  1. 4

                    Why ? Browser vendors are already implementing pretty good js environment segregation for webextensions, I can’t imagine why they wouldn’t be able to do the same for debuggers.

                    1. 2

                      I think those issues can be treated as fixable, but I don’t think they will all be fixed. Most of the things in part 2 are about calling into site-code (e.g., overridden prototypes), which I consider possible. But some of the things posted here (and in part 1) are hard to resolve. Especially when they cause additional second-level side-effects like source map URLs, the layout shift that comes from enabling DevTools etc.

                      I’ll try to get a definite answer from the team though :)

                    2. 1

                      if that’s the case then it’s an admission of defeat

                1. 20

                  I’ve been using JS since the late 90s and I haven’t even seen alert/confirm/prompt outside of toy tutorials or horrendous code since roughly 2005. I don’t find the arguments in this blog very convincing.

                  It’s also incredibly clickbait/alarmist, which is an immediate eye roll.

                  1. 37

                    I use confirm for actions that cannot be undone and are potentially dangerous. Why wouldn’t I? The alternative is to write a lot of code to throw up a modal div that does the same thing. Might as well do it natively.

                    1. 32

                      Wait until you meet enterprise software!

                      1. 28

                        In the relevant bug tracker discussion someone says this broke ERP software with hundreds of thousands of users.

                        1. 18

                          Half the argument of the blog post though is that “toy tutorials” are important and valuable in a way that isn’t captured by how often the feature is used in production. And most of the rest is about how actually, it’s valuable that code from 2005 still works. I think you are missing the forest for the trees.

                          1. 8

                            The article considerably overstates what the Chrome team is actually intending to ship: it’s disabling cross-origin alert inside iframes, not alert entirely. Most of the article seems to be an extremely uncharitable reading of Dominic hoping that “one day”, “in the far future”, “maybe” (literally these are direct quotes!) they can remove blocking APIs like alert — not that they have any plans to do so now or any time soon.

                            I don’t think the GP is missing the forest for the trees; I think the author is making a mountain out of a molehill.

                            1. 7

                              Few things:

                              • “Some day” tends to come a lot sooner than we’d expect.
                              • This is the sort of thing people use to justify further encroachment down the line (“Well we already disable it for iframe stuff…”).
                              • This directly reduces the utility of using iframes–and some folks still use those on occasion, and it is exceedingly tacky to unilaterally decide to break their workflows.
                            2. 1

                              You can still do your little toy tutorials with alert/confirm/prompt, just don’t do them in an iframe?

                              1. 2

                                If you’re making a codepad-like site, you kind of have to put all the user-submitted JS in an alert so it’s not on your own domain.

                                1. 1

                                  If you’re making a codepad-like site, you can also inject a polyfill for alert() etc in the user-controlled iframe to keep things working. Until you’re done locking down the codepad for arbitrary user scripts to run without problems, this is probably one of the smaller tasks.

                                  1. 2

                                    Can you make the polyfill block?

                            3. 11

                              I use alert() and confirm(). It’s easy, simple, works, and doesn’t even look so bad since Firefox 89. I don’t think my code is “horrendous”; it’s just the obvious solution without throwing a bunch of JS at it.

                              I agree this blog post isn’t especially great though.

                              1. 1

                                Do you use it in a cross-origin iframe?

                                1. 3

                                  No, but your comment made no mention of that:

                                  I haven’t even seen alert/confirm/prompt outside of toy tutorials or horrendous code since roughly 2005.

                                  1. 1

                                    Sorry, I read your reply in the context of the blog post (i.e. your code is going to break).

                                    My line about horrendous code is hyperbolic, but the fact is that alert/confirm/prompt don’t offer customizability to make for a consistent, well-made UX. Maybe it’s not a problem for certain audiences (usually things like internal tools for devs end up having them), but most customer-facing solutions require more to their experience.

                                    I’m not saying they should remove them right now, but a day in the future where they go away (presumably deprecated due to a better option) is not something we should be dreading. Who knows if that day will even come.

                              2. 8

                                At $JOB we have used prompt for some simple scenarios where it solves the problem of getting user input in a scenario in some sync-y code, and was no fuss.

                                We integrate with Salesforce through an iframe. This change caused us to have to like redo a whole tiny thing to get stuff working again (using a much heavier modal thing instead of, well, a call to prompt). It wasn’t the end of the world, but it was annoying and a real unforced error.

                                We would love a scenario where browsers offered more rich input in a clean way (modals have been in basically every native GUI since the beginning of time!). I’m sure people would be way less frustrated if Chrome offered easy alternatives that don’t rely (for example) on z-index-overlays (that can break for a billion reasons) or stuff like that.

                                Sometimes you just want input from somebody in a prompt-y way

                                1. 5

                                  You haven’t seen a lot of business to business software then.

                                  1. 1

                                    That is still no reason to remove a perfectly functional feature that has worked reliability for decades and requir a orders of magnitude less resources than the alternative. Both human and computational resources.

                                    I use it all the time on simple UIs I write for my own usage or for restricted groups of users.

                                    The amount of resources that could be saved if we favoured well known, tried and true technology rather than the new aesthetically shiny thing, is astonishing.

                                    1. 2

                                      It’s not about “shiny things” but about use experience. Linux has suffered for decades due to the approach you’re talking about.

                                      1. 2

                                        No, Linux has suffered precisely because it does not offer a native GUI, or UI at all, forcing everyone to reinvent basic functionality like on the web.

                                  1. 6

                                    The quote from SICP stuck out at me:

                                    “programs must be written for people to read, and only incidentally for machines to execute.”

                                    I think we may have gone too far in this direction, and are perhaps at the illuminated manuscript (javascript?) stage of things.

                                    Hot take: given how little of the iceberg of our dependencies and libraries we see, I would posit that most people don’t read programs in any meaningful holistic way at all.

                                    1. 5

                                      I would have called Literate Programming the “Illuminated Manuscript” of our art.

                                      1. 2

                                        I’m struggling to understand this reply. We’ve made programs so readable that nobody bothers reading them?

                                        1. 3

                                          I think we’ve lost our empathy for the machines, and have hit a degree of perfomative coding where we perhaps are writing programs for other programmers rather than for machines.

                                          Which is fine, until you consider that the programmers won’t be executing the programs and the Earth is drowning in e-waste and waste heat.

                                      1. 1

                                        Waiting for the inevitable dethronement of Slack and Discord by Ripcord. I jest, I wish faster tech won a majority of the time, but I’ve seen enough to know that’s just not the case.

                                        1. 16

                                          The author hit the nail on the head in his own piece. Most of these job offers are not for webSITE building, they’re for wepAPP building and as a consequence the framework they’re written in matters when hiring for new people.

                                          1. 3

                                            Has anyone tried to define the difference between the two? It always seems like there’s an implicit assumption that it’s easy and obvious to tell what defines a site vs. app.

                                            1. 4

                                              For me the differentiating factor is the degree of interactivity. A web site is largely concerned with displaying largely static information, and potentially sending some data back to a server with standard HTML forms. A web app on the other hand often has a high degree of interactivity, possibly communicates with a REST API, database, or other collaborating service, and works more like a traditional application that just so happens to run inside a web browser.

                                              1. 3

                                                This definition is a little circular, though.

                                                • You implement websites with HTML forms and webspps with React
                                                • How do I know if it’s a webapp or a website?
                                                • Well websites use HTML forms and webspps use REST APIs etc.

                                                I know I’m exaggerating a little :) But I think it’s important to keep implementation out of the definition if these terms are to be useful in this discussion. Because then what do I call applications that are built with technologies like Hotwire? They aspire to handle fairly complex interactivity with very minimal JavaScript.

                                          1. 1

                                            To add to this, another anti-pattern that i’ve seen is, simply querying or writing to the DB in the middle of application code. Everyone agrees that global state singletons are bad but when I ask them why they’re accessing the DB in the middle of code (that is now un-reusable, and can’t compose cause it has a flipping database call in the middle of it) they look at me like I’m telling them to rewrite it in COBOL.

                                            An even more advanced method that I’ve see is, taking incoming data, processing it, storing the processed result to the DB, and then in the same method, querying the data you just wrote “cause it’s easier than accessing deeply nested objects” and then processing that before outputting it as the result and clearing the DB.

                                            1. 4

                                              I find discussions about what is or isn’t strictly legal to be somewhat boring. I mean, of course it matters, but it’s also not a very interesting as such. What should be the right thing is much more interesting.

                                              Copyleft and GPL also doesn’t strike me as especially relevant; the question is whether a license should apply at all. The restrictions this license may or may not have is a secondary matter.


                                              As a thought experiment, imagine a savant colleague who has read thousands of the top GitHub repos. Let’s call this person Spock. Now, Spock doesn’t rote memorize all the code character-by-character, instead he just learns about how various things are done by reading these millions and millions of lines of code.

                                              I walk up to Spock, and as him “Spock, do you know how people usually make HTTP requests in Python?” Based on his experience from reading all the code Spock answers, “sure, I think people usually do it like this, but I’ve also seen some people do it like that”.

                                              Should this be copyright infringement? I think most people would say it wouldn’t be; at least, that’s what I would say. Would it be any different if Spock started Spock’s Code Academy™ where he answers questions from the public for a fee? I don’t see why it should.

                                              I’m not entirely sure how this case is fundamentally different, other than that our Vulcan savant (well, half-Vulcan) is replaced with a machine learning algorithm.

                                              A ML algorithm can do much more than even the most savant of humans; but should this factor in? Why should it? I can’t really see a good reason why. I don’t think “I created this in my spare time and GitHub stands to make a lot of money from it” is a very strong argument; we could apply the same argument to Fair Use or pretty much any exception that the copyright system allows. Besides, GitHub is offering free hosting service to a large chunk of the free software community – it’s not like you’re not getting anything in return either.

                                              And what would this mean for ML in general? Having ML fall under copyright would also restrict all sorts of other usages. It’s a double-edged sword. Expanding copyright in the past has often been done with the best of intentions, and look where we ended up. I can already see DMCA notices and lawsuits coming over things that were never anticipated. Extensions of copyright rarely – if ever – benefit individuals like you or me, but corporations like Microsoft.

                                              1. 4

                                                interesting point of view, but then where does this end? i can very easily data mine one of the many internal leaks of microsoft code. if copyright does not apply at all then the provenance of such code doesn’t really matter

                                                but if i were to do such a thing i doubt it would end well

                                                1. 4

                                                  Fundamentally, the difference here is that we probably assume the savant is applying some degree of judgment and understanding in the process - Spock has some idea of what an HTTP request is, why someone might make it, and why various libraries might make them. Natural language models don’t work that way - they’re pure correlation, no causation. It can recognize that, given a set of surrounding strings, the string “requests” is likely to be what will show up next. This is actually incredibly useful, properly used, and I don’t want to diminish the technical wizardry on display here. That’s cool as hell. And, total honesty, it’s a huge part of what a programmer typically does in a day; most code is not going to be channeling the unbridled creativity of the Muses into your IDE, it’s going to be assembling problems you’ve already solved into form that does what you need now.

                                                  The problem is copyright explicitly deals in this vague, wishy-washy concept. Copyright does not protect ideas - that’s why it can’t protect algorithms and why patents need to be a separate branch of IP law. Copyright protects expressions of ideas. But it’s also not purely literal - one song sampling another can infringe even though the audio of the new song is not identical to the original.

                                                  Now that said, I think the process of analogy is a good one. I don’t think the presence of ML fundamentally changes anything. The “creator” is whatever person or organization put the algorithm in place, just as it usually is the person or organization that commissioned a work in whatever other way. Allowing evasion of legal principles by saying “a machine did it, not a human, so nobody’s responsible” is far more dangerous than allowing copyright to apply to machine-produced text.

                                                  1. 4

                                                    I don’t think Copilot and Spock are analogous. A human or vulcan who learns doesn’t just parrot out pre-memorized code, and if they do they’re infringing on the copyright in that code.

                                                    Copilot seems like a roundabout way of laundering copying through a non-linear model.

                                                    1. 2

                                                      A human or vulcan who learns doesn’t just parrot out pre-memorized code,

                                                      I certainly do, at least some of the time, as there is a lot of boilerplate and repetition in everything. Deciding whether what copilot does is qualitatively different from what I do at those times basically requires answering the question‘what is human intelligence’. However, that doesn’t matter, because:

                                                      and if they do they’re infringing on the copyright in that code.

                                                      This is right when it crosses the threshold for copying something original and creating a derivative work. Most of the time neither you, nor copilot, are doing so. But ‘some of the time’ matters.

                                                    2. 1

                                                      Expanding copyright? Current state is (simply said): everything is prohibited despite thing explicitly allowed to you by the license or by the law. So, does it really mean a copyright expansion? I do not think so.

                                                      If we focus on the ideas and intention behind the copyleft licenses, it means: anyone can benefit from this free software provided that he preserves the free nature of the work. If someone takes free software created by others and feeds it into a blackbox and then gets pieces of derived code from it and inserts them into his software under incompatible license and without acknowledging the original authors, it should be a copyright infringement and it is against the idea of free software. Bit different case are non-copyleft licenses that explicitly allow you to do whatever you want – however usually you still have to acknowledge the authors.

                                                      1. 2

                                                        If someone takes free software created by others and feeds it into a blackbox and then gets pieces of derived code from it and inserts them into his software under incompatible license and without acknowledging the original authors

                                                        I do this all the time. Everyone does. I’ve probably read over a hundred thousand lines of copyleft code in my life, and the “black box” that is my brain generated all sorts of derived code from this. That was the point of my thought experiment.

                                                        it is against the idea of free software

                                                        Maybe, but just because someone had an idea doesn’t mean you can impose that idea on everyone else.

                                                        Expanding copyright? Current state is (simply said): everything is prohibited despite thing explicitly allowed to you by the license or by the law. So, does it really mean a copyright expansion? I do not think so.

                                                        It’s the exact reverse: only if it has been established (by law enacted through parliament, or case law though the courts) does copyright apply. It doesn’t somehow “automaticity” apply to everything in the universe unless specified otherwise. Exact details differ on all of this differ per jurisdiction, but generally speaking ideas are not subject to copyright, creative works are (and then only if they meet some threshold of originality).

                                                        There is some grey area between the boundary of “algorithm” (which is an idea) and “algorithm implementation” (which is a creative work), which is why we had the entire Google vs. Oracle lawsuit for example, but the notion that anything anyone wrote is subject to copyright as some absolute is really not how it works. Look up the history of copyright in software: there was a time when people thought copyright didn’t apply to software at all. Courts had to rule on this and/or laws had to change for this.

                                                        1. 2

                                                          my thought experiment

                                                          At least, there is a difference: you are a citizen and a free man, while AI (or other software/tool) is just a thing owned and controlled by someone else. Humans are explicitly allowed to study the source code (e.g. in GNU GPL) and it is one of intended purposes when someone publishes software under such license. But they are not allowed to compile/transpile/convert/obfuscate/etc. the source code (using any tool/blackbox/etc.) to another work under an incompatible license and without acknowledging the original author.

                                                          1. 3

                                                            You keep harping on about the GPL, but the question is whether copyright (and therefore a license – any license) applies at all.

                                                    1. 63

                                                      I consider myself somewhat of an outsider to the Racket community, but I was invited to be a speaker at RacketCon 2019. I fondly remember nearly everyone being friendly and accepting, with the exception of Felleisen. There were several discussions about how to make the community more inclusive, but he was dismissive these efforts and kept saying everything’s fine as it is.

                                                      1. 22

                                                        Just weighing in that I was also at that conference and can confirm.

                                                        Also, shortly after, on the Racket mailing list there was a thread about a very different topic (syntax stuff which had been discussed at RacketCon) and I only barely mentioned the word “diversity” in passing but that was enough to seemingly make Matthias upset. I still don’t understand that response… I found it very disturbing, and still do.

                                                        Racket is a really amazing community in general with an incredible ecosystem around it. I have also had some pleasant conversations one on one with Matthias; I also respect his contributions to CS (particularly in terms of the work on delimited continuations). However, I know it hasn’t been easy for everyone around him, especially some of his students. I wish that weren’t true… for his students’ sake, for the Racket community’s sake (which again, has otherwise been very wonderful in my experience), and even for Matthias’s sake.

                                                        1. 13

                                                          From that thread:

                                                          (And for the record, you have no clue what my political views are or how I deal with the diversity of individuals in this community.)

                                                          As an outsider to all of this, I suspect that this single response gives me a pretty clear idea.

                                                          1. 7

                                                            Also as an outsider - you should read some of the stuff on his personal site. I’ve read a bit, and it looks like he’s a run of the mill US Conservative, bristling at a lack of political and philosophical diversity in big tech.

                                                            I think his politics are orthogonal to his behaviour towards Butterick, for which he has apologised.

                                                            Worth noting too that the apology seems genuine, and isn’t crouched in “I’m sorry if you took it that way” weasel words.

                                                            1. 8

                                                              Worth noting, sure, it’s good he apologized. I also note this only happened as a result of a pretty widely circulated blog post. A lot of other people reported the same thing about his behaviour, but they don’t get an apology.

                                                              1. 5

                                                                Okay, so let’s see if anything changes.

                                                                Anecdata for sure, but I’ve seen people in tech leadership make very big, worthwhile changes in their approach to people after receiving feedback like this.

                                                                Surely a great outcome here would be a public apology to the public complaint, and a genuine change of behaviour?

                                                                It’s way too soon to write that off as a very real possibility.

                                                                1. 2

                                                                  While I’m not holding my breath, I very much wish that would happen.

                                                              2. 4

                                                                While there are assholes of all political persuasions there does seem, anecdotally, to be a set of people whose toxic personalities mesh with certain parts of US conservative culture. There’s a focus on the individual rather than the group that has value in many contexts but can be harmful in open source projects.

                                                                1. 5

                                                                  Well, sure, but again that’s completely irrelevant to the conversation at hand.

                                                                  I might as well observe that, anecdotally, I’ve seen more of the “virtue-signalling purity-testing schism creator” asshole type in US liberal circles.

                                                                  Also true, also not true of the vast majority of liberals, and also irrelevant to the topic.

                                                                  1. 3

                                                                    I know we’re way off on a tangent here, and so in terms of the broader conversation about the racket community and dealing with leaders i mostly agree with you that in this specific instances of bullying described in the blog post, Felleisen’s politics aren’t terribly relevant. But in terms of the anecdote @paroneayea raised, Felleisen’s politics are in scope since he explicitly chose to transform “diversity” into “politics” and then reject politics as off topic… which is a pretty impressive 180 from free-speech trolling his students by posting James Damore’s memo on his office door.

                                                            2. 4

                                                              It’s nice to see Bradley Kuhn pop up on my screen every so often. Every time he does, I think more highly of him.

                                                          1. 1

                                                            I don’t quite get it, is it a virtual machine in the sense of a program that can run an instruction set (e.g. like the JVM), or is it a virtual machine in the abstract sense that the specification describes the language as if it’s running on a standardized piece of hardware no matter what the underlying hardware actually is (e.g. like the C virtual machine).

                                                            1. 2

                                                              The idea was to be both. The VM should be thoroughly specified, and even formally verified, but also implemented on real hardware in such a way that the distinctions between hardware platforms either don’t matter or are accounted for in the spec.

                                                            1. 4

                                                              Is it free software or just open source? Does the license allow sharing these paid modules with other parties? Do you know of such case?

                                                              1. 7

                                                                The author actually answers this in one of the comments:

                                                                Well, no, open3A is no freeware. I know it usually is seen as if open source was the same as freeware. But open3A is “only” open source. Which means anyone who runs the software is allowed to see the source code and make alterations to it like she pleases. Some people actually do that with open3A, too.

                                                                In theory they are also allowed to re-sell the software. But we all know how hard it is to run a company and sell something. This hasn’t been an issue so far.

                                                                I think that’s really interesting. It sounds like it is a “true” FOSS license (I haven’t checked myself), and the only thing preventing everyone from taking it for free is access (only available via a shop or someone redistributing it). It probably means there are people running free versions out there, but the fact that updates are part of the paid package/download is likely what is keeping this going - it’s a neat hybrid one-time/subscription model.

                                                                1. 5

                                                                  in the comments the author clarifies that the plugins themselves are also open source

                                                                  1. 3

                                                                    Yeah, I get that. But what’s the license, though? If someone put it on GitHub or started selling it under a different name for a cheaper price, would the author mind? Free software would allow it, some source-available license not necessarily. I’m curious what’s the actual licensing and whether all people have acted in good will so far.

                                                                    1. 2

                                                                      The author might mind, but do you care?

                                                                      This isn’t new, BTW. Parts of GDB or GCC were developed under this model, by Cygnus in the nineties. I’ve forgotten which one (was it both?). None of the customers ever published what they got, even though they unambiguously had the right under the GPL.

                                                                      1. 6

                                                                        The author might mind, but do you care?

                                                                        Nah, I just wanted to know how viable and reliable this business model is to support one’s life. FOSS projects have been ripped before.

                                                                        I’d be afraid of it being just a matter of growing to a certain size or attracting someone like Albert Silver. A game of luck, basically. Once it happens, there goes your project and there goes your income. You can still sell future updates or support, but all your previous work got “stolen” and there’s nothing you can do with it.

                                                                        So what’s the strategy to cope with this? Make the sources available, but under a license stating basically that “this becomes licensed under GPL 5 years from now, but until then, you cannot redistribute this”?

                                                                        1. 1

                                                                          If you don’t want people to take your stuff without paying for it, don’t make it OSS. Why is this hard?

                                                                          1. 14

                                                                            Someone talks about flying around the world.

                                                                            Q: How likely is an aircraft accident?

                                                                            A: If you don’t want to die in an aircraft accident, don’t fly.

                                                                            Author of the article described his experiences with selling something. I asked about a specific scenario. Have it ever happened? That’s a yes or no question. Has she thought about what to do in such case?

                                                                            I find answers to these questions highly relevant for my own reasons at this very moment. Either answer it or don’t, but please stop going meta. (I also originally thought the story was posted by the author herself, but it probably wasn’t.)

                                                                            1. 2

                                                                              How on earth is this a valid analogy? A key part of all certified OSS licenses is the users’ right to re-distribute the software without your permission.

                                                                              1. 1

                                                                                Sorry about the lateness of this… “a key part” doesn’t imply that this part is important for everyone, or even for many people.

                                                                                The last time I was involved in anything of the sort, the company chose open source for sensible reasons that had nothing to do with that particular “key” part: Development and debugging convenience.

                                                                                Open source meant that I had the source for all the code that went into the final executable. I could see the source code for every stack frame in my debugger, and I when I released for production, I could say “this can be built reproducibly from this git tree”. They had no desire to distribute, but did have a desire to use less of my time, and did have a desire to have buildable source code on hand.

                                                                          2. 1

                                                                            AFAICT it’s awfully risky, but not more or less risky than developing software, generally speaking. You’ve read Peopleware and the other great classics that describe how and why most software projects fail? Those are large risks. Developing FOSS doesn’t make you immune, and AFAICT doesn’t make you much more susceptible either.

                                                                            If you have a specific case in mind, then that case will be one where going open source may add more risks than benefits. Or more benefits than risks. It depends.

                                                                    2. 1

                                                                      Cannot find the project on my mobile, but already a fork: https://github.com/Happy-Ferret/Office-Fox

                                                                      Which already answers some questions.

                                                                      1. 1

                                                                        Hasn’t got the last 5 years of updates, tho.

                                                                        1. 1

                                                                          is that not a rebase away?

                                                                          1. 3

                                                                            Yes, of course it could be updated, but the point is that, like the Cygnus customers, Open3A customers don’t seem to be interested in doing that.

                                                                            Open3A also seems inexpensive, so I don’t see that many people would want to undercut the author by buying from someone else (especially when the someone else won’t be creating new features for it).

                                                                    1. 15

                                                                      Hi, Interviewer Here.

                                                                      Casey Muratori has been building a commercial video game on twitch since 2014. His approach is building everything from scratch, no libraries, and not using much besides a very strict subset of C++. In this interview, he shares his story with lots of details on why he thinks people are making things too complex and why he thinks teaching ‘modern’ languages and frameworks makes things harder for the learner.

                                                                      Let me know if you have any feedback on the interview

                                                                      1. 6

                                                                        Just listened to it this morning - it was a great interview.

                                                                        PS. Thanks for getting transcripts made and making them available!

                                                                        1. 8

                                                                          I’m glad you enjoyed it! I’m working on adding transcripts for back episodes as well.

                                                                        2. 3

                                                                          Great interview, I really enjoyed it.

                                                                          I do have one small correction. Maybe a very pedantic one.

                                                                          He’s writing C code in spirit. In practice he’s writing C++ code that cannot be compiled by any C compiler. It’s just such a strict subset of C++ (outside of dynamic dispatch I’m hard pressed to name any other C++ feature) that you might be tricked into believing it is C code.

                                                                          1. 4

                                                                            Thanks for listening. That is a good point, he is using the c++ compiler, and operator overloading and maybe a couple of other things. I edited the above.

                                                                            1. 3

                                                                              (C++)– is a pretty standard practice in game programming for a while now.

                                                                              This is due in no small part to Microsoft dragging its heels on supporting more modern C standards in MSVC for near decades.

                                                                          1. 1

                                                                            Some really neat ideas, but also, a lot of headshaking around things like the XLA/Tensorflow dependency. The serious numerical story in Elixir doesn’t exist because core doesn’t care and, frankly, most Elixir folks are basically just doing web stuff as Ruby + Rails refugees.

                                                                            Nice agitprop though if you want to boost your language’s popularity by riding the AI/ML gravy train.

                                                                            1. 17

                                                                              The serious numerical story in Elixir doesn’t exist because core doesn’t care and, frankly, most Elixir folks are basically just doing web stuff

                                                                              Same applied to Python way back. That the Elixir devs are attempting to broaden their ecosystem is good.

                                                                              1. 6

                                                                                BEAM would not be my first choice for anything where I had to do some serious number crunching. I wonder who will even use this, and if it’ll die out like the Swift extensions for it.

                                                                                I use Elixir because it’s good at networking, concurrency, and parsing, not anything AI.

                                                                                1. 3

                                                                                  I had the same initial reaction and would rather bet on Julia for the future of ML. But at the very least, breaking Python’s monopoly is good and, of course, there is no good reason for Python’s ascent in this field. So, there’s no reason other ecosystems that have certain advantages over Python shouldn’t try to make a dent here.

                                                                                  A lot of ML projects use Ray (ray.io) for orchestration and workflows (or so I hear), basically implementing the actor model, and Elixir/BEAM is probably a more natural fit for that side of the problem.

                                                                                  1. 3

                                                                                    On the other hand, not everybody needs serious number crunching. This could let people in the elixir ecosystem stay within it for longer.

                                                                                    1. 1

                                                                                      Seems like they are using multistage programming to make this rather fast - I’m guessing this stuff wouldn’t be running on the BEAM directly? Could be wrong though.

                                                                                    2. 5

                                                                                      The serious numerical story in Elixir doesn’t exist because core doesn’t care

                                                                                      Ehhhh. Clearly you don’t mean “Elixir core”, as Jose is the one writing this. Even if you mean the Erlang core team, they might not care enough to lead implementation but they’re open to additions that support it: https://github.com/erlang/otp/pull/2890

                                                                                      Anyway, BEAM isn’t the logical execution environment for this stuff, it needs GPU to fly. For this use case, BEAM is a great place to write a compiler, and will function adequately as a test environment.

                                                                                      1. 1

                                                                                        ¯\_(ツ)_/¯

                                                                                      2. 5

                                                                                        FWIW, the compiler backend of Nx is pluggable, so other compilers aside from XLA can also be integrated with. XLA happened to be the first one they’ve gone with thus far.

                                                                                        What do you mean with “the core doesn’t care”?

                                                                                        1. 5

                                                                                          Paraphrasing a colleague’s gripes…Elixir has a bunch of math functionality inherited from Erlang, and hasn’t bothered to fix any of the problems around it.

                                                                                          In erlang:

                                                                                          2> math:exp(344).
                                                                                          2.4963287283217065e149
                                                                                          3> math:exp(3444).
                                                                                          ** exception error: an error occurred when evaluating an arithmetic expression
                                                                                               in function  math:exp/1
                                                                                                  called as math:exp(3444)
                                                                                          

                                                                                          In Elixir:

                                                                                          iex(3)> :math.exp(344) 
                                                                                          2.4963287283217065e149
                                                                                          iex(3)> :math.exp(3444)  
                                                                                          ** (ArithmeticError) bad argument in arithmetic expression
                                                                                              (stdlib 3.13.2) :math.exp(3444)
                                                                                          

                                                                                          Contrast with JS:

                                                                                          > Math.exp(344)
                                                                                          2.4963287283217065e+149
                                                                                          > Math.exp(3444)
                                                                                          Infinity
                                                                                          

                                                                                          What’s going on here is that Erlang uses doubles internally (except for integers, but that’s a different kettle of fish), but does not do IEEE754 support for special values like NaN or Infinite. This is certainly a choice they could make, but it rears its ugly head when you implement something mathematically well-behaved like the sigmoid function:

                                                                                          iex(5)> sigmoid = fn (x) -> 1.0 / (1.0 + :math.exp(-x)) end
                                                                                          #Function<44.97283095/1 in :erl_eval.expr/5>
                                                                                          iex(6)> sigmoid.(-1000)                                    
                                                                                          ** (ArithmeticError) bad argument in arithmetic expression
                                                                                              (stdlib 3.13.2) :math.exp(1000)
                                                                                          iex(6)> sigmoid.(-100) 
                                                                                          3.7200759760208356e-44
                                                                                          

                                                                                          In JS, we’d get a negative in the denominator, it’d go to Inf, and the function would work fine. In Elixir, it explodes.

                                                                                          Core has had the opportunity to fix this for a long time, but has been spending cycles elsewhere.

                                                                                          1. 5

                                                                                            Elixir has a bunch of math functionality inherited from Erlang, and hasn’t bothered to fix any of the problems around it.

                                                                                            I found no tickets in the Erlang (where BEAM issues belong) or Elixir bug trackers discussing infinity.

                                                                                            1. 2

                                                                                              For all the supposed number crunching going on, nobody’s requesting working IEEE doubles?

                                                                                              1. 2

                                                                                                Not really, as most of “interesting” part of IEEE is already there. What is not supported are qNaN (sNaN is supported as it’s behaviour is exactly the same as what Erlang does - just throw exception) and infinites. All other values are fully supported in Erlang. And while it can be irritating to have exception in infinity, I think that in most situations you do not mind, as that would mean that the result of computation would be probably garbage to you anyway. So throwing up early is probably what will provide clearer information, especially with Erlang error isolation approach.

                                                                                        2. 2

                                                                                          The serious numerical story in Elixir doesn’t exist because core doesn’t care and, frankly, most Elixir folks are basically just doing web stuff

                                                                                          That perfectly describes how I got into Elixir. Phoenix got me into the ecosystem, but I branched out pretty quickly once I understood the power of the OTP model. About two years ago I started looking into writing drone flight control software in Elixir and ran into a huge hurdle with the numerical processing portion of it; I was fiddling around with NIFs and things, but it felt like I was just compromising the robustness of the system by having it call out to my own C code.

                                                                                          The Nx project has me very very excited that the project I put on the shelf might be viable now!

                                                                                        1. 29

                                                                                          One thing I don’t think I’m ever going to get is how much Go does in comments. In my mind, comments are a way to communicate something to other humans, or, sometimes, a way to communicate something to some external tool (such as a documentation generator). However, in Go, you configure whether the file should be built in comments, you write C code in comments with CGo, you write shell commands for code generation in comments, and, with 1.16, you embed data into your binary using comments.

                                                                                          I’m all for a kind of extensible meta language; a way to have commands in the code which the compiler proper will skip, but which official tooling might interpret. Something like a #pragma. But… in my mind, the official language toolchain shouldn’t extensively parse my comments.

                                                                                          On the positive side though, I think what embed does is really cool. More languages should have a way to embed arbitrary data into the binary (without hacks).

                                                                                          1. 17

                                                                                            If it helps, you can consider the string //go: to be equivalent to the string #pragma and not think of it as a comment. Reusing the comment syntax has the advantage that parsers/formatters don’t have to worry about parsing anything other than comments. Much like how a shebang (#!/usr/bin/env bash) happens to be a comment in a bunch of scripting languages.

                                                                                            1. 17

                                                                                              Yea, if it was only that, I wouldn’t have been too worried. However, you also have a case where a comment changes the semantics of the following import after the comment. The whole thing seems like a giant hack to me; like “changing the grammar is too much work, so we’ll just make the tooling parse your comments so we don’t have to change the compiler”. I’m not saying that’s how the process is; I’m saying that’s how it feels as an observer.

                                                                                              I would’ve probably done something like C, where lines starting with # are obviously going to be interpreted differently from other lines. The compiler could ignore all lines starting with #, so that the tooling could add new directives in a backwards-compatible way, and parsers/formatters could largely ignore them. It just would’ve been a structured thing instead of essentially parsing prose.

                                                                                              1. 10

                                                                                                The whole thing seems like a giant hack to me; like “changing the grammar is too much work, so we’ll just (…)

                                                                                                This is how I feel about imports as strings. I see no good reason why we need quotation marks around the import paths in Go, it should be obvious for a parser how to deal with a path there. In general the Go syntax is… inconsistent at best.

                                                                                                1. 3

                                                                                                  I see no good reason why we need quotation marks around the import paths in Go

                                                                                                  This is a guess, but it may be to make plumbing easier in Plan 9/Acme. Syntax like <something> and "something" is easier to match than just something.

                                                                                                  1. 1

                                                                                                    I think the comment you’re replying to is arguing that it’s not just "something" vs. something, but import "something" vs. import something.

                                                                                                    1. 3

                                                                                                      Yeah, I know, but multiple imports still need quotation marks to be plumbable:

                                                                                                      import (
                                                                                                          "path/to/package1"
                                                                                                          "path/to/package2"
                                                                                                      )
                                                                                                      

                                                                                                      works, whereas

                                                                                                      import (
                                                                                                          path/to/package1
                                                                                                          path/to/package2
                                                                                                      )
                                                                                                      

                                                                                                      wouldn’t.

                                                                                                      1. 2

                                                                                                        Not sure why that would be the case. the plumber gets the whole string either way, expanded out to the surrounding whitespace if there’s no selection.

                                                                                                        1. 4

                                                                                                          But the plumber has to know somehow that it is a Go import path. The quotation mark syntax in Go (and C) makes that clear.

                                                                                                          For example, should test, without quotes, really be treated as a Go/C import path? Wouldn’t that be too broad a rule?

                                                                                                          1. 1

                                                                                                            The plumber also gets a bunch of context, like the place you plumbed from. It should use that.

                                                                                                  2. 3

                                                                                                    I thought the same at first, but it’s simpler for the lexer/tokenizer to not have to know what mode it’s in. It’ll (presumably) just output a STRING token, and it’s only the parser that has to know that it’s in an import directive. Go is partly about keeping parsing (and lexing) simple and fast.

                                                                                                  3. 6

                                                                                                    It’s not my most favourite syntax either, but using #pragma or //go: seems like a really minor issue. I’m not sure what the motivation was for choosing //go: over # or #pragma.

                                                                                                    a case where a comment changes the semantics of the following import after the comment

                                                                                                    I assume you mean package foo // import "bar" type comments? That one, in particular, was a mistake IMO. But also kind of obsoleted by modules, and not really related to //go: directives.

                                                                                                    1. 1

                                                                                                      I don’t know what package foo // import "bar" does. Could you elaborate on it?

                                                                                                      I was talking mostly about CGo, where you have a giant comment with a mix of C code and #cgo pseudo-directives followed by a line with import "C", where the comment (minus the #cgo lines) is compiled by a C compiler and linked with the binary.

                                                                                                      1. 3

                                                                                                        It enforces that the package is imported as bar; often used for “vanity paths”; e.g. lobste.rs/mypkg instead of github.com/lobsters/mypkg. This prevents some problem where one dependency might use the lobste.rs path, and the other the github.com path. It’s a bit of a hack, and you can do the same with a go.mod file now.

                                                                                                        cgo is kind of a tricky beast, yeah; but also fairly rare. And since you can write any C code in that comment, I’m also not sure how else to do it? Overall, it seems to work fairly well and in the grand scheme of things, it seems like a fairly minor issue to me.

                                                                                                2. 37

                                                                                                  But it’s a great way to pretend that it’s a small language with few reserved words.

                                                                                                  1. 7

                                                                                                    Even with the comment syntax, Go has fewer reserved words than C.

                                                                                                    1. 7

                                                                                                      While I agree with your comment, it’s a non sequitur. Having fewer reserved words and being a smaller language are two different things. LISP has 0 reserved words, therefore it must be the smallest language, right?

                                                                                                      1. 4

                                                                                                        Go is still a small language.

                                                                                                  2. 3

                                                                                                    This is the long-standing rationale for not having comments in JSON, and I think it stands the test of time (and complaints of programmers).

                                                                                                    1. 16

                                                                                                      This was just paternalistic nonsense on Crockford’s part. While I don’t really understand the Go author’s decision to use comments for pragmas, I would never in my life give up all comments to put a stop to it. An absolute textbook example of cutting off one’s nose to spite one’s face.

                                                                                                      1. 16

                                                                                                        I think it makes perfect sense for JSON’s intended usage as a data interchange format with good interoperability between all sorts of different environments. Extensions have made this much harder than it needs to be on more than a few occasions in the past.

                                                                                                        Now, if you want to use JSON for your config files then sure, it’s annoying. But that wasn’t the intended usage. If you’re driving a square peg through a round hole then you shouldn’t really complain about the peg shape but get a different peg instead.

                                                                                                        1. 7

                                                                                                          I still don’t buy it. If we’re considering the intended usage, one of the goals that gets thrown around is that it is “easy for humans to read and write” – just as long as they never need to convey something to another human being in the form of a comment!

                                                                                                          There are so many other under-specified parts of JSON, like what to do with large integers, or what happens when a document contains duplicate keys. It is extremely frustrating that comments were intentionally and unnecessarily stripped out, while the hard problems were apparently just ignored.

                                                                                                          1. 8

                                                                                                            HTTP or SMTP are easy for humans to read and write, and don’t have comments either because in the intended usage space it’s not really needed. Like those data formats, JSON is primarily intended to send text from one program to the other, and the “easy for humans to read and write” is more as a debugging and testing aid than anything else.

                                                                                                            There are so many other under-specified parts of JSON, like what to do with large integers, or what happens when a document contains duplicate keys. It is extremely frustrating that comments were intentionally and unnecessarily stripped out, while the hard problems were apparently just ignored.

                                                                                                            Sure, it could be improved, maybe, but as you mention these are not easy things to define in a compatible way since different languages deal with these things in different ways. But I don’t think that’s a good reason to introduce more interoperability issues.

                                                                                                    2. 2

                                                                                                      The comment syntax is mainly used together with cgo. Including a header instead of inlining C makes it feel less hacky and allows for syntax highlighting of the C code for a larger range of editors: // #include "project.h".

                                                                                                      1. 2

                                                                                                        IIRC there was discussion of adding pragma syntax, but it was decided that it’s not worth it to add yet another syntax, since there already existed comment-based pragmas that would have to be kept because of the go 1 compat promise.

                                                                                                      1. 2

                                                                                                        I’ve been looking for one of these write-ups since forever. It’s a fantastic resource!

                                                                                                        1. 2

                                                                                                          Nicely explained. You may want to examine relational parsing, a different approach which also has the same characteristic performance properties as Marpa-style Early parsing.

                                                                                                          1. 2

                                                                                                            While on the subject of novel techniques, a non-Early-like (sorry for being off-topic) that I really like is the Pika Parser. It has superb error recovery, which is how I found it in the first place.

                                                                                                            1. 1

                                                                                                              The linked-to paper is an excellent overview of parsing techniques.

                                                                                                              1. 1

                                                                                                                Indeed, there is also the Glush parser that is very recent. There is also the derivatives approach for parsing. I hope that at some point, we are able to bring all these together (implementations in the same language, accepting same grammar format), and do a systematic study of pros and cons.

                                                                                                            1. 14

                                                                                                              as much as I can appreciate that indeed, the internet has gotten more laden with options, the other thing that changes with time is professionalism, yeah, when you were hacking webpages in highschool, the projects could be done by joining together simple tools, at the time that you were doing that, “professional” devs were slinging around elephantine PHP frameworks that, believe it or not, did exist back then

                                                                                                              1. 9

                                                                                                                I am one of those professionals. My team was using FuseBox, a port of a ColdFusion framework by the same name. I do not miss it.

                                                                                                                1. 3

                                                                                                                  ah, ColdFusion, heard it’s still kicking about

                                                                                                              1. 2

                                                                                                                speaking of additions to the language, any idea why a crate for a proprietary password manager is now required to build rust itself?

                                                                                                                https://github.com/rust-lang/rust/blob/master/Cargo.toml#L24

                                                                                                                1. 9

                                                                                                                  That particular section of Cargo.toml is listing all of the workspace members, which just means that all of those projects share dependency resolution information, compilation profiles, etc.

                                                                                                                  That particular project is part of cargo, and it looks like that’s just one particular provider for storing tokens securely. There are other crates in the same repository for macOS, Windows, and Gnome. I suspect the maintainers would be open to contributions that support other providers.

                                                                                                                  1. 2

                                                                                                                    fair enough, thank you for filling me in

                                                                                                                    1. 1

                                                                                                                      1password is no more proprietary a password manager than macOS or Windows.

                                                                                                                      1. 1

                                                                                                                        You’re correct of course that macOS and Windows are both proprietary, but if you buy a Mac or Windows laptop, 1Password is not included in that purchase :)

                                                                                                                    2. 4

                                                                                                                      These tools are described in the cargo-credential README.

                                                                                                                      The specific crate you mentioned contains this single file: main.rs

                                                                                                                      It seems to be a wrapper around 1password’s op command line tool, implementing the Credential trait for storing and retrieving passwords.