1. 4

    Interesting that they open their technology. Usually AWS is not doing that. I wonder what they hope to gain from that. Simply attracting tech talent?

    1. 3

      This is a common mis-perception. Try validating said perception. You’ll find it’s unfounded. AWS contributes to OSS a LOT.

      This is the second announcement in two weeks of a major OSS project from us (AWS).

      #include <I_do_not_speak_for-AWS.h>

      1. 4

        They contribute but they usually do not start open source projects. That is a different thing IMO.

        1. 1

          Disagree. This is a counter-example, as are others that can be seen here

          Admittedly some of them are OSS projects that work with or are in support of AWS products, but my point still stands.

    1. 3

      I don’t get it. Why not use less or head?

      1. 3

        The idea is you can still see your buffer while peeking.

      1. 19

        That is a problem with any VM style hosting, isn’t it? You can never check if they have modified the virtualization technology underneath to get access to all your data.

        1. 10

          There’s always that joke that the cloud is just “someone else’s computer” - but it’s true, and no one should be surprised. You need to trust your cloud vendor.

          If your application has isolation requirements from the cloud vendor, you run with your own hardware. If you have isolation requirements from other tenants, you run in a cloud environment that will provide them.

        1. 96

          I’m sorry to bring this up, and it’s probably considered off-topic here on Lobsters, so feel free to flag this.

          I know that OpenBSD and SQLite and lots of great pieces of software have been funded by the US military, and computing and military have a long and complicated relationship, but where do we as developers draw the line as to whom we are willing to accept contributions from?

          This is from Palantir, the company providing the technology for Trump’s deportation machine. I don’t think that this is a black/white issue, and I guess it may be possible to work at a seedy company and still do good stuff. But the docs include a FlightSearch example; is that really appropriate given the context?

          Regardless, thanks for releasing this as free software.

          1. 37

            Thank you very much for saying it. I think making sure these ethical topics aren’t ignored is the very least we all have a responsibility to do. It’s also entirely possible that there are people here who didn’t know about it, so it’s always worth saying.

            1. 37

              Thank you for saying this. I’m troubled by the cavalier attitude of techies toward ethics lately, and it’s nice to know I’m not alone.

              1. 23

                I don’t think a forum where this response is off-topic is worth participating in. The tech industry spends too little time thinking about the ethical implications of it’s products.

                1. 25

                  Even today, we debate the ethics of using the data gathered from unethical experiments in WW2.

                  I agree that there is a massive ethical issue working for Palatir - and I am not sure it’s ethical to use the work they have produced. Particularly if it’s a Swagger-like clone not yielding substantive value to humanity.

                  1. 10

                    While we’re at it, you probably typed that on a machine made by highly-exploited workers in a corrupt country that does far worse, added to the lake in the process, probably paid a surveillance-enabling company in a police state to send it over the network, and possibly wearing clothes made by kids in a sweatshop. And you did all this to get online suggesting moral folks maybe shouldn’t contribute to a HTTP/JSON thing that’s open source since a bad company might misuse [more] open source. Seems hypocritical to me.

                    Where to we draw the line on how our consumption and contribution harms or helps others? And do you regularly do that for every product and service you buy? Most of them? Have you been active in government on laws, treaties, court cases, etc? The stuff that stops things like you describe. Or just some quick, social signaling on Lobsters getting feel-good points? If you care, I encourage you to put time into legal reform or bootstrapping alternatives to each of the things I mentioned. Maybe make for better opportunities for immigrants in whatever your country is, too. Maybe host some coding bootcamps or something for those in the slums. What you’re doing here is adding to the noise but not helping Trump’s victims or your country’s immigrants in any way.

                    1. 71

                      I feel like this is a great example of whataboutism.

                      I think that if this approach was applied to tech, we’d never fix a bug because “what about the other bugs that could crash the app, this is just virtue signaling because physical compromise means game over”. Why fix a bug when you can say “What about the terrible state of security education in general, why fix a security bug when developers are just adding more?”

                      It’s ok to make a judgement call and improve one thing in this messy world. It’s ok to try and reduce your footprint/total harm while hypocritically still participating in the system that feeds you. In fact that’s sort of core to improving those systems in a democracy.

                      Sorry if I misinterpreted your statement, I greatly enjoy your comments across the internet.

                      1. 11

                        Whataboutism is a common reply on HN or Lobsters when a popular group decries their outgroup’s activities, third party points out their actions are contrary to their own beliefs, adds that the biases indicate they’re scoring political points rather than really care, and someone pops in to say third party is whataboutism to silence those views. Thing is, whatever 3rd party brings up is almost never on these forums, getting crowd support, or whatever. Always absent. Rather than likely-intended purpose, the whataboutism claim just reinforces specific types of people supporting/rejecting specific activities by silencing dissenters. I mean, if commenter really cares about Trump’s horrors or not contributing to evil organizations, why the hell are they funding evil, slaving companies to buy toys to spend so much time on the programming projects? So, they probably don’t care or are acting like it now. Then, I do to them as they do to others.

                        Far as what I’m doing, I’ll tell you straight up. There’s been an increase over time of political comments that are about shaming people into behaving certain ways for a perceived, social good. Almost all of them are coming from hypocrits and/or slactivists. I mean, they’re talking on a forum no politician reads with low views. It’s not going to change Palantir’s or Trump’s practices. They know they avoiding stuff that can get results to spend time on Internet forums. So, they’re just getting an emotional high off attacking their opponents, looking like they’re responsible, or getting meaningless votes from people that agree with them. They also tie up our threads with that shit. So, as a real activist doing real-world work, I just call out their selfish, hypocritical bullshit to (a) deter more comments like that here and/or (b) encourage them to actually work on the causes they claim to work on.

                        Disclaimer: In fairness, people could (and do) call me out for not putting more time into actually building and deploying secure goods rather than high-level designs posted online. Although I defended my choice, I’m probably guilty of screwing up on a reasonable ratio between the two. Anything above zero code might be better. I plan to work on that more next year after I change circumstances.

                        Disclaimer 2: I say “almost all” cuz a few people here are legit activists or doing things at a loss to address the causes they’re talking about. I respect them a lot.

                        “It’s ok to make a judgement call and improve one thing in this messy world. It’s ok to try and reduce your footprint/total harm while hypocritically still participating in the system that feeds you. “

                        I totally agree with you. That’s not what the person was doing, though. It won’t stop Palantir’s contracts, it won’t stop the government’s activities, and proliferation of HTTP/JSON libraries will continue. The latter will even be FOSS so anyone, including Palantir, can use them. Maybe person complaining should start an alternative to Palantir that’s more ethical, organize boycotts of their products, get in a HR office poaching all their smartest talent (or delivering idiots), make enough money to pay off politicians to change government policies, and so on. Stuff that actually affects Palantir or Trump’s agencies.

                        “I greatly enjoy your comments across the internet.”

                        Thanks and same to you. :)

                        1. 25

                          Maybe person complaining should start an alternative to Palantir that’s more ethical, organize boycotts of their products, get in a HR office poaching all their smartest talent (or delivering idiots), make enough money to pay off politicians to change government policies, and so on.

                          This objection is absurd on its face. You can’t ethically compete in a market for unethical services. An ethical alternative to Palantir is an oxymoron, because Palantir’s ethical issues are fundamental to the things that Palantir sells. You also can’t “organize a boycott” of a defense contractor. Your final two points are literally “just have enough money to fix the problem”.

                          How does starting a company which sells the same thing as Palantir to the same customers Palantir sells to, hires the same people as Palantir, has the same wealth as Palantir, and bribes politicians the way Palantir does, stop the problem of companies that behave like Palantir? You’re objecting to someone criticizing the status quo by telling them they should instead… further reinforce the status quo?

                          1. 19

                            I think you misapprehend what is going on here. This is a forum for highly technical people; by raising the serious ethical space Palantir exists in, it directly bears on creating difficulty in recruiting, along with decreasing retention.

                            You, of all people, should understand the power of words on an internet screen to influence readers: you’ve been writing long & grammatically correct essays on security across multiple major internet fora for years. I’ve seen you on Schnier and HN, :) Communication, persuasion, and discussion are an essential activist activity. (And for my money, it is substantially more effective than picketing and marching 95% of the time…)

                            1. 7

                              (I suspect this was meant as a reply to the person I replied to.)

                              1. 2

                                “by raising the serious ethical space Palantir exists in, it directly bears on creating difficulty in recruiting, along with decreasing retention.”

                                I agree with you. I actively do that in real life every day for customers and coworkers wanting something better in a lot of areas. I have plenty of results to show for it. That’s because I put the time in where it gets results and consistently do it rather than one-off’s we sometimes see here. Companies like Palantir use recruiting practices that cast a wide net. Anyone wanting to disrupt their recruiting should be posting such comments on sites with massive numbers of page views that are mostly developers. Big, social media sites like Twitter, Facebook, Reddit, and Hacker News. LinkedIn, too, if you can do it that way but I haven’t been on in long time. That’s why I encourage them to put political efforts in front of literally millions of developers instead of a hundred or less participating here if aiming for a big wave of change.

                                “You, of all people, should understand the power of words on an internet screen to influence readers: you’ve been writing long & grammatically correct essays on security across multiple major internet fora for years. I’ve seen you on Schnier and HN, :) “

                                You said long and grammatically correct. You gotta be messing with me on second half lmao. I agree with the power of words and persuasion as stated above. Hell, you had to have seen me do it there, esp to “Skeptical” (troll or near-perfect DOD apologist) before I left. That’s why I tell them to use that power where it gets results instead of Lobsters. Then, we keep Lobsters focused on deep, technical stuff with low noise. Anyone wanting to achieve political action can ping Lobsters, via dedicated threads or private messages, to go where the action is to get actual, Palantir-scale results.

                                ““It is what it is”, which is what your comment & Nick’s comment promote, simply promotes apathy; history provides many examples of change taking place. I encourage people to shake off the belief that things will always stay the same.”

                                That’s not true at all. I’ve just followed something like several lifetimes worth of history on the U.S. military and government under both left- and right-leaning leaders finding the military-industrial-complex just got more powerful over time. The politicians of both sides support it. The right supports companies like Palantir overtly. The left’s politicians will support the defense contractors for both payouts and to bring jobs to their districts. So, to change the situation voronoipotato describes, you have to get millions of people to vote out scumbags that take money to improve chances of elections to combat defense industry or get an anti-war, pro-immigration President in office with Congress willing to roll-back legislation.

                                The last election surprised most lefter-than-I liberals that were trying to make people say the correct things on forums, etc in ways we see in some threads here. I doubt they’re capable of achieving that 180 directly if keeping same practices that failed before so hard they didn’t even see what was coming. Fingers crossed that we just get lucky that Trump does so much damage and embarrassment that a reversal happens in swing states after the Democrats get on top of their shit this time. Or we centrists get a President. Fat chance on that one since few listen to moderates. ;)

                              2. 5

                                The person you’re talking to likely doesn’t even think that Defense Contracting is unethical. Being said palantir is going to keep existing, boycotting doesn’t mean anything here because we don’t even buy their products. Even under a proper organized effort if we got a different defense contractor absolutely nothing would be different. The only tactics I’m aware we can do are mitigation tactics of not giving our labor to defense contractors, but this drives up the wages to the point where someone would. You can if you work there do a labor slowdown, but your ability to act in that way is limited, and useless if it’s not a group effort.

                                Palantir is a bad thing but our ability to affect it is extremely limited. Electoral politics is mostly useless here. Their lobbying power affects both parties pretty evenly. IMHO it’s better to put energy into mitigation tactics into problems where it’s easier to have traction. One group has been for example paying for bail bonds for refugees.

                                Defense contractor spending isn’t a symptom of capitalism but rather attached to the heart, a swollen vestigial organ from mercantilism and much like the appendix may kill you if you remove it unskillfully.

                                I think it’s natural to see the biggest problem and try and lock horns with it, but sometimes a smaller problem you can solve is genuinely better than a larger problem you can’t. Obviously don’t work for them, there’s plenty of other places that pay you well and you won’t even have to think about all the bodies when you go to sleep.

                                1. 7

                                  The person you’re talking to likely doesn’t even think that Defense Contracting is unethical.

                                  Yes, but the person they’re suggesting this in response to does, which was the context of nickpsecurity’s original suggestion to compete with Palantir.

                                  The only tactics I’m aware we can do are mitigation tactics of not giving our labor to defense contractors, but this drives up the wages to the point where someone would.

                                  I don’t know what your point is. Driving up wage costs for unethical corporations is the point of organizing an effort to boycott employment at specific corporations. The goal is making things like human rights violations untenable to corporations by making them unprofitable. Yes, this is a half measure - but it’s not nothing, either.

                                  Defense contractor spending isn’t a symptom of capitalism but rather attached to the heart, a swollen vestigial organ from mercantilism and much like the appendix may kill you if you remove it unskillfully.

                                  So your point is, we should leave it alone?

                                  I think it’s natural to see the biggest problem and try and lock horns with it, but sometimes a smaller problem you can solve is genuinely better than a larger problem you can’t.

                                  On the contrary - refusing to work for companies like Palantir and encouraging my fellow tech workers to do the same is one of my most fruitful opportunities to fight against systemic injustices at the moment. Each of us in the tech industry have far more influence on an our industry’s actions than on the actions of things like the federal government - there are less than four million programmers in the entire US, as opposed to the vastly higher number of voters. We should be adamant about using our privileged place as one of the few labor pools left with real negotiating power to prevent our industry from committing acts of evil, not conveniently defeatist whenever someone dares to suggest the small personal sacrifice of choosing not to directly build the tools of human misery.

                                  1. 7

                                    Fundamental changes are achieved by many people choosing to not accept what is, and coming together to push towards a major change in the status quo.

                                    “It is what it is”, which is what your comment & Nick’s comment promote, simply promotes apathy; history provides many examples of change taking place. I encourage people to shake off the belief that things will always stay the same.

                                    1. 1

                                      You said it even better than me.

                                  2. 20

                                    Whataboutism is a common reply on HN or Lobsters when a popular group decries their outgroup’s activities, third party points out their actions are contrary to their own beliefs, adds that the biases indicate they’re scoring political points rather than really care, and someone pops in to say third party is whataboutism to silence those views. Thing is, whatever 3rd party brings up is almost never on these forums, getting crowd support, or whatever.

                                    No it’s a common reply when you distract from the discussion at hand to go ‘oh but what about these other unrelated issues?’ Your response is literally at the level of ‘capitalism made your iPhone you’re using to have this conversation so checkmate’ in a discussion about economic systems.

                                    There is no ‘popular group’ here, there’s no ‘outgroup’, nobody is decrying anyone’s activities. You haven’t ‘pointed out’ any actions that are contrary to anyone’s beliefs or exposed any biases or virtue signalling. All you’ve done is responded to a post pointing out that Palantir might be an unethical company, accusing them of virtue signalling! They didn’t even say ‘Palantir is bad’. They suggested that it might be, and that it was worth thinking about and discussion. Did you then discuss it? Did you think about it? No, you just launched into an attack, said that their post was social signalling and accused them of hypocrisy.

                                    Imagine for a moment the discussion was oil companies, and the person you were responding to had said ‘I think oil companies often act unethically and I think we should consider whether we want to be working with them and contributing to their open source software’. Your response was the equivalent of ‘you don’t have an electric car so you’re not allowed to discuss this’. I hope you can see that that is nonsense.

                                    I totally agree with you. That’s not what the person was doing, though. It won’t stop Palantir’s contracts, it won’t stop the government’s activities, and proliferation of HTTP/JSON libraries will continue. The latter will even be FOSS so anyone, including Palantir, can use them. Maybe person complaining should start an alternative to Palantir that’s more ethical, organize boycotts of their products, get in a HR office poaching all their smartest talent (or delivering idiots), make enough money to pay off politicians to change government policies, and so on. Stuff that actually affects Palantir or Trump’s agencies.

                                    When someone says ‘where do we as developers draw the line as to whom we are willing to accept contributions from?’ they are opening up a discussion. Maybe the result of that discussion would have been ‘anyone actually’. Suggesting that the first thing you should do is start boycotting companies before the issue has even been discussed is ridiculous. Discussions are fine. Discussions are not slacktivism. Posting ‘#stoppalantir #metoo #stoptrump’ at the end of your tweets and doing nothing else in your life is virtue signalling. Discussing issues is not.

                                    1. 10

                                      There is no ‘popular group’ here, there’s no ‘outgroup’, nobody is decrying anyone’s activities.

                                      A person submitted a HTTP/JSON toolchain that they were open-sourcing. A versatile, general-purpose tool that can be used for good if someone wants to. The comment I replied to ignored the software submission entirely to tell them they’re unethical for working at Palantir since other parts of the company uses its tech to serve an unethical customer. That’s decrying activities. Such reasoning also applies to companies like Google (or other surveillance companies), Apple/Foxconn, VC-funded companies aiming for lock-in, and so on since buying their stuff or contributing to their FOSS might support all kinds of evil. Some people supporting the decrying comment even work at such companies despite other jobs being available for people with that kind of talent. Strange.

                                      The fact that this accusation and suggestion to quit their job got 60 votes vs 7 about the submission… on Lobsters with lower numbers of votes to begin with… definitely says it’s popular. The marked difference between the people who support or question that tangent supports the existence of an outgroup relationship. I can’t say as much about what it means here since the outgroup receives more support on a lot of political divides. Lots of folks here hate companies like Palantir regardless of other beliefs. That’s what I’m leaning toward.

                                      It’s been an interesting thread to observe, though.

                                      1. 2

                                        Wholeheartedly agree, there! I suspect I drew different conclusions than you, though.

                                    2. 3

                                      People can disagree with you without being part of a conspiracy to silence or shame you. Maybe a less emotional response would be more informative.

                                    3. 0

                                      One of nick’s pastimes seems to be railing against liberal “hypocrisy” on this website, mostly by deflecting into muddy tangential arguments just like so.

                                      1. 13

                                        Please don’t post ad-hominem attacks here. If you disagree with the argument, pick it apart politely.

                                        Lord knows you should have enough practice by now to do so.

                                        1. 5

                                          If you disagree with the argument, pick it apart politely.

                                          That only works if both sides are arguing in good faith though which definitely doesn’t appear to be the case with some commenters on here.

                                          1. 4

                                            If that’s the case, then arguing further with somebody in bad faith is just going to create noise and antagonize other lobsters. Best just to ignore the posts then.

                                            1. 3

                                              I do but it ruins the lobsters experience for me to see people arguing in bad faith without any censure. Some of them even seem to be encouraged as a kind of clickbait/outrage generator. It’s disheartening.

                                          2. 4

                                            Lord knows you should have enough practice by now to do so.

                                            This is an ad-hominem, friendly.

                                      2. 19

                                        Leaving whataboutism aside, I think you cannot conflate the (delusional) idea of ethical consumption with active usage and contribution of open source software.

                                        Ethical consumption doesn’t work for the structure of the market, where the contribution of the individual gives no perceivable feedback to the system.

                                        The Open Source world and software engineering are a much smaller world. It is a realistic goal to radicalize enough software engineers inside and outside of Palantir in order to halt their production. Your target audience has contract leverage, money and is highly connected and easily reachable.

                                        This is a much easier and realistic goal than convince the management of some big corporation to reduce their exploitation just because a small minority of consumers is unhappy. When they realize this, instead of reducing exploitation, they invest in more marketing to wash their brand, or they simply start a new one. Much cheaper.

                                        Don’t conflate your power as a consumer with your power as a producer, because they very different.

                                        1. 11

                                          I used to work for Nokia. They did everything in their power to ethically source all their materials. It was the only phone company that did that. Other companies don’t do that because nobody demands it from them. While there is no ethical consumption under capitalism, there is slightly less terrible consumption. So where do we draw the line? As deep into their pocket books as it can go.

                                          1. 1

                                            I didn’t know that about Nokia. That’s awesome! Thanks for the tip.

                                            1. 1

                                              Now, keep in mind the new Nokia phones are made by a different company that just licenses the brand. I’m not sure if care as much.

                                          2. 10

                                            […] the lake […]

                                            That is horrible.

                                            Seems hypocritical to me.

                                            Ok.

                                            Where would you draw the line personally? Do I understand your opinion correctly as suggesting that if you use a computer, then you shouldn’t be discussing unethical behaviour, e.g. racism? It is not my intention to judge here; just genuinely curious.

                                            Maybe make for better opportunities for immigrants in whatever your country is, too.

                                            I agree with this very much, and this is something that I aspire to do. Additionally I do have friends that have been deported, and worry a bit about my own not so distant post-Brexit situation in the UK.

                                            1. 2

                                              Im glad you’re doing real work on this issue. I commend that.

                                              Writing it here likely isn’t is the thrust of my point. Instead, it’s just adding noise to the forum plus sending a jab at one of only folks we know in Palantir doing something possibly beneficial (eg open-sourcing software for data analysis). The people here that would agree with your position already dont work for Palantir, use their services, or vote for folks that support horrible policies on immigration.

                                              Those that do these thing are (a) mostly not on Lobsters where your comments bave about lowest ROI you can get and (b) usually disagree with you with no intent to change their mind based on your comment that states the obvious. So, you’re not reaching them. Goes for similar comments aiming for political impact on government-level stuff in non-political, Lobsters threads. So, I push for people not to introduce them.

                                              Im at work now so responses might be delayed.

                                              1. 5

                                                mostly not on Lobsters where your comments bave about lowest ROI you can get

                                                Yes, you are probably correct in that observation.

                                                I wasn’t really sharing my thoughts here expecting any impact, but rather because I’m interested in hearing what other people think. And you are right that I’m being hypocritical here, because I doubt I’d react the same to an IBM project even though they have a shameful past; and even worse, I used to work on this phone app promoting some agrochem from DOW. At first I just kept my eyes on the code, but I couldn’t justify it to myself after reading about their role in the Vietnam War and the Bhopal Disaster and all that.

                                                So, it was intended more of an open question about where people here draw the line.

                                                1. 2

                                                  Well, you seem to be speaking out of the heart on things you’ve been close to personally. I respect that. I still say low-ROI with better results elsewhere. You were bringing it up for good reasons, though. The community response also strongly favored your comment in a way consistent with prior threads on politics showing a shift in what Lobsters wants as a community. I’ll write on that in the future.

                                                  And it’s still cool you’re another person reusing older computers with the LiveCD tests and such. Off-topic a bit, but I was wondering if the hardware vulnerabilities they probably won’t patch on 5-10 year old machines have you considering new stuff? I always knew they were there. Now, they’re coming quickly with many eyeballs on them. Might be best reason I ever heard to get the latest and greatest from Purism, Raptor, or whoever. And then most have backdoors for (insert group) but fewer hardware 0-days for (more groups). Wait, I thought this tangent-tangent could lighten things up with easier choices… Looks just as hard… ;)

                                                  1. 1

                                                    Off-topic a bit, but I was wondering if the hardware vulnerabilities they probably won’t patch on 5-10 year old machines have you considering new stuff?

                                                    I don’t know enough about this; what hardware vulns are we talking about here, and how easy are they to exploit? Although it’s not really about hardware, there’s that whole Intel Management Engine issue that is avoided by using somewhat old WinXP-era 32-bit laptops, so newer is not always more secure.

                                                    And it’s still cool you’re another person reusing older computers with the LiveCD tests and such.

                                                    Oh yes that thread! At least it’s a bit less harmful if we can use computers for longer. A friend of mine has a Mac that can’t get more OS X updates now, so she’s stuck with insecure versions of Firefox and all that. Gonna put Debian on it later this week, hopefully!

                                                    Do you know of any somewhat more ethical laptop producers?

                                                    1. 2

                                                      re hardware attacks.

                                                      Essentially, the hardware has always been secure with only elite pro’s focusing on it. Now, due to Meltdown/Spectre, hardware attacks have gone really mainstream with all kinds of university research, private research, folks describing stuff on blogs, and so on. All the CPU’s that were highly optimized (esp Intel/AMD) are vulnerable to them needing patches. They’re doing the attacks over the network now. Older systems used to be safer but now they’re not since attacks will get more numerous and effective over time.

                                                      About the only things that are immune were simpler, embedded CPU’s. They’re not designed for security, though, with far less attention by defenders. So, that could reduce the hardware risk adding to the software risk. Simpler boards that can run modern, security-updated OS’s might help. I’m not sure. At lot of stuff is piling in.

                                                      re put Debian on it.

                                                      Ok, you’re already using that strategy. Good thinking and being helpful! :)

                                                      re ethical producers

                                                      I can’t remember since I was buying used ones like you. The one I see in media most with good things going for it is Purism. They try to disable the ME with software changes, too. Some folks pushing high freedom were using MiniFree to get ME-less, FOSS-firmware laptops. It had downsides. My own Core Duo 2 still handles stuff nicely outside games, highest-def content, and worst of web apps. Here’s a Guardian article I just found with some recommendations. Another said iFixit can help keep things going.

                                                      So, not a lot of options for new hardware minimizing harm to self and others. There are options in both reuse and new categories that help us reduce harm. We can at least do that. I stay dedicating slices of my research to solving this problem. Tracking whatever can help for whoever can do it. Maybe something will shake out eventually.

                                              2. 0

                                                Additionally I do have friends that have been deported

                                                Sorry but are we now living in a world where the ‘standard’ left-wing political view in the Anglosphere is that any kind of deportation is bad? Because that’s how I’m reading this comment.

                                                Immigration policy exists for very good reasons. The American political dichotomy that either there should be zero immigration or completely unchecked immigration is, for lack of a better word, moronic.

                                                1. 3

                                                  I think it’s fair to assume that the poster could be criticising the particular immigration policy that led to these deportations, instead of all immigration policy.

                                                  1. 1

                                                    It could be fair, if the poster denounced similar and almost identical policies under the previous President. As it stands, the poster is mostly just criticizing immigration policies that seemed totally reasonable and main stream just eight short years ago.

                                              3. 5

                                                You can’t make perfect the enemy of good. Your argument essentially seems to be that if you can’t live perfectly you shouldn’t try living better at all.

                                                It’s virtually impossible to operate in the modern world without using the internet, without having and using a computer. If it were possible to, for a reasonable price that I can afford but knowing I’d have to pay somewhat of a premium, buy a computer that I knew wasn’t made using exploitation of those in the third world, then of course I would buy one. But I don’t know that it is. And there are other competing priorities too, like getting a computer that is free of binary blobs and proprietary software.

                                                I certainly don’t pay a ‘surveillance-enabling company in a police state’ to send anything over the internet. I pay an ISP for internet access, but I don’t live in a police state and as far as I know my ISP doesn’t enable surveillance.

                                                In the same way that I think it’s perfectly reasonable for someone to say ‘I can’t afford to be vegan’ even though being vegan is morally important, I think it’s perfectly acceptable to say ‘I can’t afford to buy ethically produced clothes’. Plus there’s significant evidence that manufacturing things in third world countries has improving their living standards and wages considerably.

                                                Where to we draw the line on how our consumption and contribution harms or helps others? And do you regularly do that for every product and service you buy? Most of them?

                                                I like to have an idea, at least, of what goes into the things I buy, yes. It’s hard to do it with absolutely everything though, because there’s just so much different stuff.

                                                Have you been active in government on laws, treaties, court cases, etc? The stuff that stops things like you describe.

                                                That’s absolutely ridiculous. You do not have to be a member of government to have a political view. You do not have to negotiate an international treaty to have a political view. You do not have to sue someone to have a political view. Your standards are ridiculous.

                                                Or just some quick, social signaling on Lobsters getting feel-good points?

                                                Discussing important issues is not ‘virtue signalling’.

                                                If you care, I encourage you to put time into legal reform or bootstrapping alternatives to each of the things I mentioned. Maybe make for better opportunities for immigrants in whatever your country is, too. Maybe host some coding bootcamps or something for those in the slums. What you’re doing here is adding to the noise but not helping Trump’s victims or your country’s immigrants in any way.

                                                This has nothing to do with immigrants and everything to do with Palantir being a company that operates in an unethical manner. It’s a surveillance company. There’s absolutely nothing problematic about a company producing software on contract for a government that has immigration policies. The issue is that Trump’s policies are violating human rights in how they’re enforcing those laws.

                                                You don’t solve this problem by creating ‘coding bootcamps’ for immigrants LOL.

                                              4. 4

                                                I guess it may be possible to work at a seedy company and still do good stuff.

                                                Regardless, thanks for releasing this as free software.

                                                Every field of endeavor is welcome here. Every field of endeavor is welcome here for technical discussion, free of (without expectation of) moralizing, guilt, or shame.

                                                1. 2

                                                  I personally already draw the line at technology coming from uber for ethical reasons, so I will not touch palantir things at all. Thanks for bringing that up!

                                                1. 1

                                                  s3 is not a filesystem and trying to make it look like one usually leads to weird problems. It is a key-value blob store. Treat it like that.

                                                  1. 1

                                                    Yes, but just because you’re mounting a bucket, it doesn’t mean you’re doing it wrong. For example, as a destination for logrotate to put files would be a perfectly good use. Similarly, as the backing store for an ftp dropbox this would make perfect sense.

                                                  1. 2

                                                    Why not just print the ascii key?

                                                    1. 1

                                                      QR codes allow you to scan, rather than manually transcribing.

                                                      1. 1

                                                        Eh. I have more OCR software than QR software.

                                                        In particular, the OCR software is on the computer where I want my keys to be, and the QR scanner is on my phone where I have no use for keys. So I’d end up transcribing off my phone screen.

                                                      2. 1

                                                        Probably because qr codes are an easy way to restore the data. Better than OCR or typing by hand.

                                                      1. 4

                                                        I’m amazed by the level of detail in this post! Incredibly interesting comparisons and analysis.

                                                        1. 10

                                                          I’m amused by the level of Cupertino Kremlinology. But yes, this (like its predecessors) is a high-quality writeup by someone with some depth in both digital cartography and business models.

                                                          Suggested “practices” tag, because the “AI” is apparently (at least in part) 5000 new employees in the new Hyderabad office. The more you know!

                                                          1. 4

                                                            google employs similar numbers to edits its maps. When I was still at TomToms map unit (former TeleAtlas) 6 years ago google had already more people manually editing its map than TomTom had employees across all business units worldwide. Map making is suprisingly complex and requires a lot of manual work.

                                                            1. 2

                                                              I worked on the US Census Bureau’s TIGER maps over a decade ago. Fixing some of their legacy maps (like, some of them just digitized paper maps) to modern commercial maps while preserving historical data was a great summer job! We churned through it pretty quickly with software help. Flyover counties in North Dakota could be cleaned up in an hour or two, while Queens, NY took two weeks (and the beefiest machine in the house, a Sun Blade 2500).

                                                        1. 9

                                                          Want to find the magical ffmpeg command that you used to transcode a video file two months ago?

                                                          Just dig through your command history with Ctrl-R. Same key, more useful.

                                                          (To be fair, you can do this in bash with history | grep ffmpeg, but it’s far fewer keystrokes in Elvish :)

                                                          Sorry, what? Bash has this by default as well (At least in Ubuntu, and every other Linux distribution I’ve used). ^r gives autocomplete on history by the last matching command.

                                                          1. 10

                                                            I hoped I had made it clear by saying “same key”. The use case is that you might have typed several ffmpeg commands, and with bash’s one-item-at-a-time ^R it is really hard to spot the interesting one. Maybe I should make this point clearer.

                                                            1. 6

                                                              That’s handy, but it is easy to add this to bash and zsh with fzf:

                                                              https://github.com/junegunn/fzf#key-bindings-for-command-line

                                                              With home-manager and nix, enabling this functionality is just a one-liner:

                                                              https://github.com/danieldk/nix-home/blob/f6da4d02686224b3008489a743fbd558db689aef/cfg/fzf.nix#L6

                                                              I like this approach, because it follows the Unix approach of using small orthogonal utilities. If something better than fzf comes out, I can replace it without replacing my shell.

                                                              Structured data in pipelines seems very nice though!

                                                              1. 1

                                                                What exactly does programs.fzf.enableBashIntegration do? I just enabled it, and it seems to have made no difference.

                                                                1. 2

                                                                  https://github.com/rycee/home-manager/blob/05c93ff3ae13f1a2d90a279a890534cda7dc8ad6/modules/programs/fzf.nix#L124

                                                                  So, it should add fzf keybindings and completions. Do you also have programs.bash.enabled set to true so that home-manager gets to manage your bash configuration?

                                                                  1. 1

                                                                    programs.bash.enabled

                                                                    Ah, enabling that did the trick (no need to set initExtra). Thanks!

                                                                    I did however have to get rid of my existing bashrc/profile. Looks like I need to port that over to home-manager …

                                                                    1. 2

                                                                      Yeah, been there, done that. In the end it’s much nicer. Now when I install a new machine, I have everything set up with a single ‘home-manager switch’ :).

                                                            2. 3

                                                              I’ve always found bash’s ctrl+r to be hard to use properly, in comparison elvish’s history (and location) matching is like a mini-fzf, it’s very pleasant to use.

                                                              1. 1

                                                                I think the idea here is that it shows you more than one line of the list at once, while C-r is sometimes a bit fiddly to get to exactly the right command if there are multiple matches.

                                                                1. 1

                                                                  For zsh try «bindkey '^R' history-incremental-pattern-search-backward» in .zshrc. Now you can type e.g. «^Rpy*http» to find «python -m http.server 1234» in your history. Stil shows only one match, but it’s easier to find the right one.

                                                                  1. 1

                                                                    I use https://github.com/dvorka/hstr for history search on steroids and I am very happy with it.

                                                                  1. 7

                                                                    it needs more autoplaying videos, how else can I run through my data plan fast enough?

                                                                    1. 1

                                                                      At work:

                                                                      • slack
                                                                      • zoom meeting (video conferencing)
                                                                      • google hangouts (rarely)
                                                                      • email

                                                                      Private:

                                                                      • WhatsApp: family and not techy friends
                                                                      • Signal: more nerdy friends
                                                                      • email
                                                                      • twitter dms with certain people
                                                                      1. 37

                                                                        What about dependencies? If you use python or ruby you’re going to have to install them on the server.

                                                                        How much of the appeal of containerization can be boiled directly down to Python/Ruby being catastrophically bad at handling deploying an application and all its dependencies together?

                                                                        1. 6

                                                                          I feel like this is an underrated point: compiling something down to a static binary and just plopping it on a server seems pretty straightforward. The arguments about upgrades and security and whatnot fail for source-based packages anyway (looking at you, npm).

                                                                          1. 10

                                                                            It doesn’t really need to be a static binary; if you have a self-contained tarball the extra step of tar xzf really isn’t so bad. It just needs to not be the mess of bundler/virtualenv/whatever.

                                                                            1. 1

                                                                              mess of bundler/virtualenv/whatever

                                                                              virtualenv though is all about producing a self-contained directory that you can make a tarball of??

                                                                              1. 4

                                                                                Kind of. It has to be untarred to a directory with precisely the same name or it won’t work. And hilariously enough, the --relocatable flag just plain doesn’t work.

                                                                                1. 2

                                                                                  The thing that trips me up is that it requires a shell to work. I end up fighting with systemd to “activate” the VirtualEnv because I can’t make source bin/activate work inside a bash -c invocation, or I can’t figure out if it’s in the right working directory, or something seemingly mundane like that.

                                                                                  And god forbid I should ever forget to activate it and Pip spews stuff all over my system. Then I have no idea what I can clean up and what’s depended on by something else/managed by dpkg/etc.

                                                                                  1. 4

                                                                                    No, you don’t need to activate the environment, this is a misconception I also had before. Instead, you can simply call venv/bin/python script.py or venv/bin/pip install foo which is what I’m doing now.

                                                                                  2. 1

                                                                                    This is only half of the story because you still need a recent/compatible python interpreter on the target server.

                                                                                2. 8

                                                                                  This is 90% of what I like about working with golang.

                                                                                  1. 1

                                                                                    Sorry, I’m a little lost on what you’re saying about source-based packages. Can you expand?

                                                                                    1. 2

                                                                                      The arguments I’ve seen against static linking are things like you’ll get security updates etc through shared dynamic libs, or that the size will be gigantic because you’re including all your dependencies in the binary, but with node_packages or bundler etc you’ll end up with the exact same thing anyway.

                                                                                      Not digging on that mode, just that it has the same downsides of static linking, without the ease of deployment upsides.

                                                                                      EDIT: full disclosure I’m a devops newb, and would much prefer software never left my development machine :D

                                                                                      1. 3

                                                                                        and would much prefer software never left my development machine

                                                                                        Oh god that would be great.

                                                                                  2. 2

                                                                                    It was most of the reason we started using containers at work a couple of years back.

                                                                                    1. 2

                                                                                      Working with large C++ services (for example in image processing with OpenCV/FFmpeg/…) is also a pain in the ass for dynamic libraries dependencies. Then you start to fight with packages versions and each time you want to upgrade anything you’re in a constant struggle.

                                                                                      1. 1

                                                                                        FFmpeg

                                                                                        And if you’re unlucky and your distro is affected by the libav fiasco, good luck.

                                                                                      2. 2

                                                                                        Yeah, dependency locking hasn’t been a (popular) thing in the Python world until pipenv, but honestly I never had any problems with… any language package manager.

                                                                                        I guess some of the appeal can be boiled down to depending on system-level libraries like imagemagick and whatnot.

                                                                                        1. 3

                                                                                          Dependency locking really isn’t a sufficient solution. Firstly, you almost certainly don’t want your production machines all going out and grabbing their dependencies from the internet. And second, as soon as you use e.g. a python module with a C extension you need to pull in all sorts of development tooling that can’t even be expressed in the pipfile or whatever it is.

                                                                                        2. 1

                                                                                          you can add node.js to that list

                                                                                          1. 1

                                                                                            A Node.js app, including node_modules, can be tarred up locally, transferred to a server, and untarred, and it will generally work fine no matter where you put it (assuming the Node version on the server is close enough to what you’re using locally). Node/npm does what VirtualEnv does, but by default. (Note if you have native modules you’ll need to npm rebuild but that’s pretty easy too… usually.)

                                                                                            I will freely admit that npm has other problems, but I think this aspect is actually a strength. Personally I just npm install -g my deployments which is also pretty nice, everything is self-contained except for a symlink in /usr/bin. I can certainly understand not wanting to do that in a more formal production environment but for just my personal server it usually works great.

                                                                                          2. 1

                                                                                            Absolutely but it’s not just Ruby/Python. Custom RPM/DEB packages are ridiculously obtuse and difficult to build and distribute. fpm is the only tool that makes it possible. Dockerfiles and images are a breeze by comparison.

                                                                                          1. 2

                                                                                            This link gives me a 404.

                                                                                            1. 2

                                                                                              same here

                                                                                            1. 4

                                                                                              Hooray!

                                                                                              Just today someone was looking for a file system that could store metadata and a tool to view it. I was reminded how amazing using BeOS was.

                                                                                              Zeta was my daily driver until it was revealed to be a not quite legal continuation of BeOS. I switched to Haiku and kept it around for a while until it got outpaced by the progress of the web and I had to jump to a more mainstream OS.

                                                                                              Haiku was already good when the alpha releases were coming out. Can’t wait to get the beta installed.

                                                                                              1. 3

                                                                                                Zeta was my daily driver until it was revealed to be a not quite legal continuation of BeOS.

                                                                                                I never understood how that happened. How did they get a hold of the source code to create Zeta? I thought Palm bought Be.

                                                                                                1. 6

                                                                                                  In the last days of Be’s existence, someone leaked a nearly-complete copy of the BeOS R5 source code to BeShare (which was one of the reasons the main server got shut down around the same time, IIRC.)

                                                                                                  1. 3

                                                                                                    I’m not sure how what seemed like one guy developing Zeta got ahold of the source. It wasn’t until he sold it to a company that the rightful IP owners took notice.

                                                                                                    https://en.wikipedia.org/wiki/Magnussoft_ZETA

                                                                                                    Rightful owners: https://en.wikipedia.org/wiki/Access_(company)

                                                                                                1. 3

                                                                                                  any crustaceans heading there? (assuming tickets…)

                                                                                                  1. 2

                                                                                                    yup, I will.

                                                                                                    1. 2

                                                                                                      yes! It will be my 11th congress

                                                                                                      1. 2

                                                                                                        If I manage to get a ticket, yes.

                                                                                                        I really want to iterate, even though it’s a way longer drive for me, Leipzig congress center is way way way better than Hamburg’s. I hope it will stay in Leipzig forever.

                                                                                                        1. 1

                                                                                                          I was sloppy and missed the ticket window last year, going to try harder this year (and prebooked hotel) - was pretty satisfied with Hamburg (much less so Berlin - the grumpy tone in some of the various queues the final year there was very discerning) so slightly hyped if Leipzig is even nicer.

                                                                                                          1. 1

                                                                                                            I dunno, Leipzig is a bit too large for my taste. I liked the fact that I could easily run into people I know in Berlin and to some extend in Hamburg too, but it is impossible in Leipzig. It lost a bit of the “family gathering” vibe for me..

                                                                                                            1. 1

                                                                                                              according to Wikipedia, the Hamburg location had 12´000 visitors and 15´000 for Leipzig. Does not sound like a big difference

                                                                                                              1. 1

                                                                                                                a venue at capacity with 12000 people is something else than a entire fair ground with even more halls to use. The size difference between Hamburg and Leipzig is quite substantial.

                                                                                                          2. 2

                                                                                                            If i can get a ticket yes.

                                                                                                            1. 1

                                                                                                              yes…

                                                                                                          1. 3

                                                                                                            Is anyone on mac OS using Alacritty as their daily driver? I’m eager to get away from iTerm2 even if just because the increased sanity of my dotfiles because of the YAML configuration format instead of a constantly modified plist!

                                                                                                            1. 5

                                                                                                              I recently switched to Terminal.app (the builtin terminal) from iTerm2 because it’s slow for no reason. I used none of the features of iTerm2 often enough to warrant using it. If you’re seriously considering Alacritty as an alternative, then switching to the default terminal would probably work for you too.

                                                                                                              1. 5

                                                                                                                100% agree. I’ve gone from iTerm2 → Alacritty → Kitty, and as mentioned in my other comment, I could probably just use Terminal.app now.

                                                                                                              2. 1

                                                                                                                Been switching a few weeks ago, love it since then. Just note you would need a terminal multiplexer for some features (like tabs, split screen, etc). Also, you could miss the command+click facility to open a link (tracked here). Overall I still find the experience to be better than with the other terminals.

                                                                                                                1. 1

                                                                                                                  I did for a few months, using tmux. I like it for the most part (especially live-reloading of the config), but switched to kitty [1] about 2 weeks ago and haven’t regretted it. I switched because while Alacritty is (was?) faster than iTerm2, I would experience a lot of slow redraws in tmux, and some other things. I’ve found kitty to be faster. I honestly could probably just use Terminal.app at this point if I could set up some basic shortcuts correctly.

                                                                                                                  [1] https://sw.kovidgoyal.net/kitty/

                                                                                                                  1. 1

                                                                                                                    I have been using iterm2 for years and never had to edit a plist file. What are you doing that requires that constantly?

                                                                                                                    1. 4

                                                                                                                      I’m not editing it. Rather, it seems every time I exit it, something gets written to its plist file, which I’ve symlinked into my versioned dotfiles.

                                                                                                                  1. 10

                                                                                                                    Why do people think MS is doing all this? Do people really think a company worth 860 billion dollars has anything to give away for free? I do not want to go into MS bashing, but believing that a big company like MS is now altruistic and believing in making the world a better place is just naive. MS wants to be seen as cool and hip with the dev. crowd, esp. the young Sillicon Valley crowd, so that they can sell more Azure. They do not care about software freedom or anything like that.

                                                                                                                    1. 12

                                                                                                                      Goals can align. Microsoft might care about software freedom because that improves their business in some way. In this case, their goal is obviously to collect metrics about users. Almost all of the code is open though.

                                                                                                                      1. 3

                                                                                                                        I don’t think thats an obvious goal at all - metrics about users. A perfectly acceptable goal is to regain mindshare among developers. vscode can be seen as a gateway drug to other microsoft services, improving their reputation.

                                                                                                                        1. 2

                                                                                                                          I wonder what metrics from a text editor would be useful to them?

                                                                                                                          1. 10

                                                                                                                            I want metrics from the compilers I work on. It’d be super useful to know what language extensions people have enabled, errors people hit, what they do to fix them, etc. Sounds mundane at first, but it’d allow me to focus on what needs work.

                                                                                                                            1. 8

                                                                                                                              Well, VS Code doesn’t choose your compilers :)

                                                                                                                              either way, I don’t get the paranoia. Performance telemetry, automated crash reports, stats about used configurations – not stuff that violates privacy in any meaningful way. It’s weird that this gets lumped in together in the general paranoia storm with advertisers building a profile of you to sell more crap.

                                                                                                                              1. 8

                                                                                                                                Issue #49161 VSCode sends search keystrokes to Microsoft even with telemetry disabled

                                                                                                                                It’s not even paranoia so much as irritation at this point. I know my digital life is leaking like a sieve, and I’d like to plug the holes.

                                                                                                                                1. 3

                                                                                                                                  Kinda clickbait issue title. Yeah, keystrokes are always a lot more worrying than metrics, but this is settings search. I guess you could Ctrl+F search for something secret (e.g. a password) in a text file, but not in the settings.

                                                                                                                                  1. 12

                                                                                                                                    You know, there was a time when it was big news if a commercial program was caught to “phone home” at all. It didn’t matter what the content was.

                                                                                                                                    (Today, you’d call a ‘commercial program’ a ‘proprietary application’.)

                                                                                                                                    It’s still a big deal today if an open source/community maintained/free software application ‘phones home’, because reasons: untrusted individuals, the value of big data, and principles of privacy.

                                                                                                                                    Now that M$ is in the game, let’s add ‘untrusted corporation’ to that last list.

                                                                                                                                    I don’t care what the nature of the data is–I don’t want to be observed. Especially not as I ply my craft–few activities produce measurable signals from any deeper inside myself, and every one of those is definitely on my personal ‘no, you can’t watch!’ list.

                                                                                                                                    1. 1

                                                                                                                                      For me personally, I have no problem adding telemetry to apps I maintain. But I’m sure going to make sure users know about it and can disable it if they want. I think that’s the real issue - consent.

                                                                                                                                    2. 5

                                                                                                                                      That’s having to think way too hard about what they’re intercepting.

                                                                                                                              2. 4

                                                                                                                                Platform it’s running on, type of code being edited, frequency of use for a given feature. Heuristic data about how people interact with the UI. The list goes on. Note also that none of this need be evil. It could be seen as collecting data looking to improve user experience.

                                                                                                                            2. 3

                                                                                                                              I’d guess they’re after a platform. They want to build a base (using organic growth) that they might later on capitalize on, either by learning from it to invite people to use (proper) Visual Studio or by limiting VSCode’s openness.

                                                                                                                            1. 7

                                                                                                                              spending quality time with the girlfriend, bake a sour-dough bread, some nice big cycling tour and setting up unbound on my vpn raspberry pi.

                                                                                                                              1. 2

                                                                                                                                Unbound? VPN Raspberry Pi?

                                                                                                                                1. 2

                                                                                                                                  I run an openvpn on a raspberry pi at home. I currently have a dnsmasq based DNS setup on it (a bit like pi-hole, but self made). I want to replace it with unbound since that is a better caching resolver than dnsmasq.

                                                                                                                                  1. 1

                                                                                                                                    sounds like a neat project. What’s vpn all do, just let you act like you’re on your home network from outside? What do you need to know your home IP to connect?

                                                                                                                                    1. 2

                                                                                                                                      I have a Synology NAS that stores all our photos and I use the notes app as well. I travel a lot, so it is nice to have a vpn when I am using a public wifi. The girlfriend uses it for the same purposes.

                                                                                                                                      For connection I have a bit of a strange setup: my provider is dual stack, but the IPv4 is carrier grade NAT or something, so unreachable from the outside. IPv6 can be routed though. So my trick is that I run socat on a cheap/dumb scaleway instance that forwards IPv6 and IPv4 to my pi on IPv6. That way I can reach it from everywhere and only the scaleway box can talk to it.

                                                                                                                              1. 18

                                                                                                                                Odd, because I didn’t read the XKCD comic as making fun of security people for saying ‘voting machines won’t work, stay away’ at all. I read it as saying voting machines won’t work and that we should stay away from them. And to that I have to say: I totally agree. Voting works fine as it is: done by humans, counted by humans, entirely on paper with not a computer or network in sight.

                                                                                                                                1. 4

                                                                                                                                  Elections are really hard regardless if it’s done by computers or not, but we didn’t get to the point where we figured out the computer side of it at all. What’s worse, is that adding computers into the mix was an excuse to go back on well-tested election related rules, such as secret voting. No, we can’t have voting over the internet or via mobile phones or anything like that.

                                                                                                                                  We should really go back to limiting computer involvement in elections to UI, with the papertrail as the official record of votes. Involving computers in the actual process adds such a huge leap of complexity that it excludes most people from ever being able to verify results. Everyone can verify paper ballots.

                                                                                                                                  1. 6

                                                                                                                                    Not really sure why you’d even want computers as UI. The ‘UI’ of a piece of paper you tick a box on really is quite good.

                                                                                                                                    All I can say is that I’m glad that New Zealand has never (as least to my knowledge) involved computers in actual voting. Not even UI. I hope that the complete disaster that was our recent attempt at doing a census online[0] will help dissuade anyone from trying to do elections online as well.

                                                                                                                                    [0]: Somehow they managed to simplify the census, put it online, reduce the number of questions and get fewer responses than before even though it’s still mandatory. What. And in return for significantly reducing the amount of information we get from the census, now they have a mandatory incredibly invasive survey of a randomly selected few percent of the population.

                                                                                                                                    1. 3

                                                                                                                                      The reason for fewer responses may have little to do with technology and more to do with that notorious citizenship question.

                                                                                                                                    2. 1

                                                                                                                                      What’s worse, is that adding computers into the mix was an excuse to go back on well-tested election related rules, such as secret voting. No, we can’t have voting over the internet or via mobile phones or anything like that.

                                                                                                                                      There’s designs and protocols for that. We could even have diverse suppliers on the hardware side to mitigate the oligopoly risks. The question is, “Should we?” I think traditional, in-person methods combined with optical scanning is still the best tradeoff. The remote protocols might still be useful to reduce cost or improve accuracy on some mail-in votes, though.

                                                                                                                                    3. 4

                                                                                                                                      I absolutely agree. Voting should be as simple for voters to understand as possible. Introducing an electronic device makes it auditable only to experts and even they might have a difficult job given the many layers at which things can go wrong (including hardware vulnerabilities).

                                                                                                                                      One of the reasons people are advocating electronic voting is their lower cost. Personally, I think this argument is totally wrong. Cost is a factor but not the most important one - not having elections would be cheaper.

                                                                                                                                      1. 2

                                                                                                                                        And let’s face it, how significant is the cost of having elections really? The 2008 general election in NZ cost about $36 million. Sounds like a lot, but that’s $12 million per year: 1/1719th of the Government’s budget. Spending 0.058% of the budget to ensure we have safe and fair elections is pretty insignificant really, it’s about as much as is spent on Parliament and its services and buildings etc, and about half as much as the Police earn the Government in fines from summary infringement notices (speeding tickets etc).

                                                                                                                                        1. 4

                                                                                                                                          Exactly. Also, lots of good things can be said about software but not that it’s inexpensive.

                                                                                                                                      2. 3

                                                                                                                                        100% agree. I counted votes in the last federal election of Germany and that is some serious work, but totally worth it and very hard to tamper with.

                                                                                                                                      1. 1

                                                                                                                                        I do not like the click-baity title, but I kept it the way it was. There are some interesting extensions listed that I never heard of before.

                                                                                                                                        1. 3

                                                                                                                                          It looks like there are some “interesting” extension nobody else has heard of before.

                                                                                                                                          Like that Web Security addon, which appears to send all your navigation data to their servers over plain http, using some homegrown “crypto” to obfuscate the details. According to their privacy policy, they build a profile for advertising purposes.

                                                                                                                                        1. 7

                                                                                                                                          As far as Tech-newsletters go, I can really recommended the Nixers newsletter. If one reads sites like lobste.rs regularly, it may contain a few things one might have already seen, but especially if you were a bit more busy over the week, it’s a nice summary.

                                                                                                                                          1. 1

                                                                                                                                            I like the fringeness (is that a word?) of it. It feels it is off the mainstream and I often really like the quote of the week. A really well done newsletter!