1.  

    This is a good reminder that twitter is someone else’s computer, and they can remove your content for any arbitrary reason and should not be trusted with it. It’s bad that so many influential people use twitter as a form of public communication and everyone should be interested in using alternatives to twitter that don’t allow random people to arbitrarily start bureaucratic processes that result in the removal of your content.

    1.  

      Twitter is easy to use, that’s one of the reasons I use it.

      It is possible to have a public, but not someone else’s computer, shared space? I know it’s possible, but maybe the real question is if it is practical.

      1.  

        Yeah, it’s possible to imagine specific software systems that are consistent with being public spaces where individuals have private control over their own data. This is what Urbit is trying to create, for instance, and it’s one of the things that decentralized social networking protocols like ActivityPub and Scuttlebut are trying to allow developers to build. There are good structural reasons why this is harder than just turning over your data to a centralized service, and they’ve attracted less engineering effort than centralized services so far.

        1.  

          Yeah, it’s possible to imagine specific software systems that are consistent with being public spaces where individuals have private control over their own data.

          Like… websites? Blogs? Forums?

    1. 1

      This is something we should have explicit, precise control over, but instead it’s a completely black box we have no control over or insight into whatsoever.

      I raise an eyebrow at the author being surprised or dismayed here. How was any part of the iPhone or iOS ever not “a completely black box” from day one? All software and firmware on the device, and on their servers, are utterly closed-source.

      1. 4

        Compare the section where he describes the submission of feedback for voice transcription. That’s what he means by control.

        Having access to the source of some piece of software is orthogonal to controlling a third party’s use of said software.

        1.  

          Is it so orthogonal? All the sliders, checkboxen, radio buttons and toggles anyone wants in a UI can’t be assured to do what they’re claimed to do for as long as the software is closed source.

          1.  

            That’s true, but lots of people — especially prominent Apple bloggers like Gruber — trust Apple, and often much more so than other big tech companies. Seeing this is surprising, especially when other major tech companies do it better.

            And from a practical standpoint, unless you’re running open-source hardware with open-source firmware and drivers on an open-source operating system all of which you’ve verified, including looking at the boards to see if China or the NSA snuck a secret snitch module in there, at some level you’re trusting the system. People trusted Apple, and in this case got burned.

            1.  

              I think we might be talking past each other.

              Here’s the situation as I see it: you use an interface to a remote service. The interface has an option that says “preserve my privacy”. You choose that option, and as the software for the interface you’re using is open source, you can confirm that that option is actually set.

              The data is sent to the third party, who betrays your trust and doesn’t preserve your privacy.

              The fact that the software you have access to is open source doesn’t give you any control over how a third party handles your information after you’ve relinquished control over it.

          1. 2

            ah missed that one, better link too :)

          1. 4

            I’m happy to see FTP die. But aren’t some websites still providing download links over FTP? I think it was just a year ago when I noticed I was downloading an ISO file from an FTP server..

            1. 9

              There’s nothing wrong with downloading an ISO from an FTP server. You can verify the integrity of a download (as you should) independently of the mechanism (as many package managers do).

              1. 4

                I agree! The same goes for downloading files from plain HTTP, as long as you verify the download you know the file is okay.

                The reason I don’t like FTP has to do with the mode of operation; port 21 as control channel and then a high port for actual data transfer. Also the fact that there is no standard for directory listings (I think DOS-style listings are the most common?).

                1. 2

                  The reason there’s no standard for directory listings is possibly more to do with the lack of convention on filesystem representation as it took off. Not everything uses the same delimiter, and not everything with a filesystem has files behind it (e.g. Z-Series).

                  I absolutely think that in the modern world we should use modern tools, but FTP’s a lot like ed(1): it’s on everything and works pretty much anywhere as a fallback.

                  1. 1

                    If you compare FTP to ed(1), I’d compare HTTP and SSH to vi(1). Those are also available on virtually anywhere.

                    1. 1

                      According to a tweet by Steven D. Brewer, it seems that at least modern Ubuntu rescue disks only ship nano, but not ed(1) or vi(1)/vim(1).

                      1. 1

                        Rescue disks are a special case. Space is a premium.

                        My VPS running some Ubuntu version does return output from man ed. (I’m not foolish enough to try to run ed itself, I quite like have a usable terminal).

                  2. 1

                    Yes, FTP is a vestige of a time where there was no NAT. It was good until the 90s and has been terrible ever since

                  3.  

                    Most people downloading files over FTP using Chrome don’t even know what a hash is, let alone how to verify one.

                    1.  

                      There is everything wrong with downloading an ISO over FTP.

                      Yeah, you can verify the integrity independently. But it goes against all security best practice to expect that users will do something extra to get security.

                      Security should happen automatically whenever possible. Not saying that HTTPS is the perfect way to guarantee secure downloads. But at the very least a) it works without requiring the user to do anything special and b) it protects against trivial man in the middle attacks.

                    2. 7

                      You got it backwards.

                      Yeah, some sites still ofter FTP downloads, even for software, aka code that you’re gonna execute. So it’s a good thing to create some pressure so they change to a more secure download method.

                      1. 8

                        Secure against what? Let’s consider the possibilities.

                        Compromised server. Transport protocol security is irrelevant in that case. Most (all?) known compromised download incidents are of this type.

                        Domain hijacking. In that case nothing prevents attacker from also generating a cert that matches the domain, the user would have to verify the cert visually and know what the correct cert is supposed to be—in practice that attack is undetectable.

                        MitM attack that directs you to a wrong server. If it’s possible in your network or you are using a malicious ISP, you are already in trouble.

                        I would rather see Chrome stop sending your requests to Google if it thinks it’s not a real hostname. Immense effort required to support FTP drains all their resources and keeps them from making this simple improvemen I guess.

                        1.  

                          MitM attack that directs you to a wrong server. If it’s possible in your network or you are using a malicious ISP, you are already in trouble.

                          How so? (Assuming you mostly use services that have basic security, aka HTTPS.)

                          What you call “malicious ISP” can also be called “open wifi” and it’s a very common way for people to get online.

                          1.  

                            The ISP must be sufficiently malicious to know exactly what are you going to download and setup a fake server with modified but plausibly looking versions of the files you want. An attacker with a laptop in an open wifi network doesn’t have resources to do that.

                            Package managers already have signature verification built-in, so the attack is limited to manual downloads. Even with resources to setup fake servers for a wide range of projects, one can wait a long time for the attack to succeed.

                    1. 4

                      I damaged my ankle and discovered that although there is such a thing as minor surgery on the medical level, there is no such thing as “minor surgery” on the financial level.[1]

                      [1] unstated: “in the USA”

                      I’m sorry ESR has medical and financial issues, so I’ll refrain from digging around his copious output for arguments against the ACA. I’m not even sure he ever was against it, but considering his other states political positions, I’m pretty sure he was.

                      1. 6

                        I think this article is using the wrong measure, or at least unclear about what it is saying.

                        The question is not whether the net value of software is positive, but whether the marginal cost of securing software is greater than the marginal benefit. It clearly isn’t for some companies: Equifax lost billions in market cap.

                        1. 2

                          Equifax lost billions in market cap.

                          That’s an interesting example. Did Equifax lose market share? I.e., was the company’s ability to extract rents from the credit-verification process in any way impeded? Sure, stockholders (among them no doubt the leaders of the company) lost money when the stock went down, but was the company’s bottom line affected in any meaningful way?

                          Equifax’s customers (the ones seeking to learn the credit-worthiness of the people who were affected by the breach) weren’t affected. Who cares if the bank from which you’re seeking a loan uses Equifax? Would you forgo a cheaper mortgage from one that does, just out of principle - especially if for all you know the competitors are just as bad?

                          1. 11

                            I need to write this up at some point, because the belief that Equifax saw no consequences is really common. The short of it is that Equifax lost several hundred million, multiple executives lost jobs, and the loss of stock market value is important, because

                            1. the stockholders own the company (albeit with all the caveats you have to attach to that) and
                            2. many key players are compensated in stock

                            Everyone involved was incentivized to do better, but they had zero control of their own tech processes.

                            One thing I need to look into further is what drove the stock price to take such a big hit. Who expects what about Equifax’s future profits? I can’t answer your question about the impact was to Equifax’s market share, so thanks for that!

                            P.S. None of this is to say that they shouldn’t have faced more consequences.

                            1. 5

                              I look forward to reading anything you write up. I’m sure it’s all a bit more complex than I imagined, and I’d love to know more!

                              1. 4

                                A lot has happened since the news broke. I’m also interested in a detailed write-up on what costs and effects the breach had.

                            2. 1

                              Absolutely, & I think the reason so much software is insecure is that so many devs & managers make the same mistake in reasoning as OP (i.e., doing cost/benefit of bad software versus no software, instead of comparing bad software to no software, and thus accidentally constructing a set of practices and norms built on the assumption that good software is not possible).

                              The benefits of making marginally better software is generally worth the cost on society as a whole, since the ease of reproduction is an incredible force multiplier: a single developer might take a man-week to fix a particularly nasty bug or a man-month to do a complete refactor, but only days of only hundreds of running copies need to exist for that engineer time to be amoritized in saved machine time.

                              Other resources that are harder to quantify are arguably even more important: How much electricity are you saving & what’s the impact on carbon release? How much stress have you saved in the non-technical users who have no choice but to use the application as it exists? A few minutes of work can improve these metrics by orders of magnitude.

                              Now, the cost & benefits of society as a whole is very externalized from the perspective of a for-profit business. It’s almost never worthwhile for an individual developer to make their software any better than ‘good enough’, or for a company to do any more than slightly better than the competition. The bad software vs no software division is aligned in praxis with practices like rentseeking through frequent upgrades, writing obfuscated code for the sake of job security, hiring only inexperienced developers, letting upper management control the tech stack based on third-hand hype, wasteful project management styles like scaling scrum to hundreds of developers, and shipping big monolithic applications or using web tech.

                              1. 1

                                I like the analogy of user data / personal information to toxic waste. In the “good old times”, industries dumped effluent into waterways without any sort of intervention or regulation. After a while, legislation was enacted to prevent this.

                                GDPR is a step in this direction, I think. As flawed as it is, it does recognize consumers as having rights outside the dictates of a corporation’s EULA or Terms of Service.

                            1. 6

                              Two things on this:

                              I just recently started playing with Twitter’s APIs, and was a bit surprised to discover that you can only retrieve the most recent 3,200 tweets of a user. Any tweets older than that are forever inaccessible by the semi-public API. Note that you seem to need to provide a rather detailed description of what you intend to do with it in order to get developer keys. It seems that there are commercial APIs available for a very substantial price that may allow accessing older tweets, but nobody talks much about them. I did hear a rumor that their Firehose access - all tweets sent by anybody in realtime - costs 30% of your company’s revenue, whatever that is. I’m not sure if that’s true, but it does seem odd that so much of our history on Twitter is, for all practical purposes, forever locked away behind extremely expensive contracts.

                              It also seems that Twitter’s Rules are being weaponized, by both sides of the political divide, in attempts to control the conversation. The ban lists seem semi-random, and the decisions of what is and is not considered hateful seem rather arbitrary, possibly depending on which particular moderator gets a particular case. Aside from the difficulty and expense of accessing old data in general, it’s entirely possible people are running algorithms to search Twitter for potentially actionable things said against their favorite figures, even if they were said very long ago.

                              1. 2

                                Twitter has been slowly cutting all the good bits out of itself ever since they looked up and said “oh HEY we gotta make some money!” a few years back.

                                This is why decentralized platforms will prevail, because people are just not willing to pay for social media en masse.

                                1. 3

                                  This is why decentralized platforms will prevail, because people are just not willing to pay for social media en masse.

                                  Users are not going to be paying for Twitter any time soon, either? Twitter’s selling their content, but the platform remains free to use, and I can’t see that changing.

                                  Companies, meanwhile, are perfectly willing to pay Twitter for access to their data.

                                  1.  

                                    That’s right. That’s why the Fediverse’s model will win IMO, but I predict it will take much more work to get where it needs for truly widespread adoption - that being it becoming point and drool easy to start your own instance.

                                    Right now you have to have some basic sysadmin skills in order to run one.

                                2. 2

                                  I might misremember this, but I believe Twitter made a big splash about how you (as a logger in user) could now access all your tweets. I seem to remember downloading an archive back when that happened.

                                  1. 3

                                    You can download your own tweets, yeah. In the web interface, it’s under Settings->Account->Your Twitter data. What’s not possible to do easily is get the full tweet history of anyone else.

                                    1. 1

                                      What’s not possible to do easily is get the full tweet history of anyone else.

                                      I’m certain that this is for performance reasons. No doubt if you pay for API access it’s possible.

                                1. 5

                                  From the linked post

                                  I can’t imaging anyone going through tweets from 2010 and actively reporting them, so it seems more likely that they must be using some algorithm to go back and find posts they consider offensive, throughout the history of their site.

                                  (my emphasis)

                                  This is a serious allegation to make. Why isn’t it possible that someone is searching for offensive things people said about Sarah Palin 10 years ago, found it, and flagged it?

                                  If Twitter is scanning old tweets and attempting to erase them, they’re also erasing a part of their history and the history of their users.

                                  Twitter could go out of business at any time, and people’s tweets would be gone too. It’s a free service. If you’re concerned about your tweets, back them up.

                                  1. 6

                                    Twitter’s archive is of substantial historical value. So long as Twitter actively positions itself as a platform for public debate and political communication, users will expect a greater-than-normal degree of transparency and accountability. While they are not legally required to save all this material, they do have an ethical obligation to document changes that they’ve made to the historical record. I can’t comment on this particular case but I am sure that this will continue to be a problem in the future– especially when they go out of business.

                                    1. 1

                                      This is a serious allegation to make. Why isn’t it possible that someone is searching for offensive things people said about Sarah Palin 10 years ago, found it, and flagged it?

                                      And how’s that any better? Applying modern rules to historical content isn’t something that should be celebrated in my book. TBH, the tweet in question is a bit on the extreme side, but this concept has also been used as a pretext to de-platform users mostly just due to their ideologies, by reporting tweets that were years old.

                                      I mean, an easy solution is to just remove all your old tweets. Is that really what they want?!

                                      1. 2

                                        And how’s that any better? Applying modern rules to historical content isn’t something that should be celebrated in my book.

                                        We’re talking about ten years, not a thousand. Things haven’t changed that much.

                                        1. 1

                                          It’s a difference in degree.

                                          If someone flags a tweet, presumably someone at Twitter makes the call that this should be cause for locking the account. I.e. there’s a human element in the loop.

                                          The author thinks that Twitter without external prompting is flagging tweets and locking accounts. There’s no evidence that this is happening - I’d consider evidence of that being more than one Twitter user reporting that this is happening to them.

                                          this concept has also been used as a pretext to de-platform users mostly just due to their ideologies, by reporting tweets that were years old.

                                          I am not condoning this, but it’s different from what the author of the linked post is presuming.

                                      1. 17

                                        well I gotta give to whoever flagged that or whatever, that tweet wasn’t just immature rant against the two party system, was a deeply misogynist tweet.

                                        1. 12

                                          Yeah, the whole post is a thinly-veiled excuse to say an awful misogynist thing again, under the guise of pretending he would never say that awful misogynist thing again, and oh btw twitter has a responsibility to show this awful thing he would never say again to more people than it already showed it to. So even though he’s “grown” and would never say this again, he thinks twitter should say it again and again forever on his behalf. What a cowardly perspective.

                                          1. 3

                                            I don’t know the author’s cultural background, but that’s not universal. Scottish Twitter (and Scotland for instance) have quite different norms.

                                            1. 1

                                              Based on the author’s own About page, his cultural background is American.

                                              I started Fight the Future to help spread awareness for topics the deeply concern me and that I hope would deeply concern American (sic!) and the world.

                                            2. 3

                                              You have an incredible talent for reading minds.

                                          1. 2

                                            xbiff! Man, that takes me back…

                                            1. 2

                                              surface mounting mechanical components is just asking for trouble. Through-hole FTW.

                                              1. 1

                                                But that costs more money, no?

                                                1. 1

                                                  Perhaps. I’m just a software person that works closely with hardware. I don’t know a lot of the details of hardware manufacturing.

                                                  1. 1

                                                    Yeah, not as easy to machine-assemble. If the rest of the board is surface mount you’d be adding a whole new manufacturing step, though I imagine attaching displays and such isn’t part of the surface mount step either.

                                                1. 5

                                                  It’s been on this site before, but it wasn’t caught by the duplicate link checker because the domain changed: https://lobste.rs/s/u4imgn/sr_ht_is_now_sourcehut

                                                  1. 5

                                                    It’s been long enough a repost is OK. The hard limit is a week.

                                                    1. 1

                                                      The hard limit is a week.

                                                      Gosh, do you really want to allow slightly-older-than-1-week material to be reposted here?

                                                      1. 6

                                                        When I said “hard limit” I was thinking of what the code enforces, and I remembered wrong, it’s 30 days. Whoops. I’ve used a week as the time period for merging duped stories/hot takes so big news doesn’t take over the homepage.

                                                        1. 1

                                                          Wow, that list of articles. That is certainly a powerful case for why the feature needs to exist.

                                                          1. 1

                                                            Thanks for the clarification! I’m usually not that quick to flag submissions as “already posted” but now I know there’s an informal limit I can make more informed choices.

                                                      2. 1

                                                        Oops! Thanks for letting us know!

                                                      1. 3

                                                        Agree with the analysis and as the other comment mentions, there are clear reasons for this.

                                                        “Number of people killed by bad software” is an interesting one. There are certainly the classic stories of thing gone wrong (Therac-25 comes to mind), but I imagine that a software failed occurs somewhat invisibly to the people whose lives depend on it - hidden amongst a tumult of other failures.

                                                        The boeing MAX planes also come to mind. Certainly compared to other things that can kill us software is a negligible slice, but it’s not zero.

                                                        As we continue to have more software in the world and depend on it for more and more, the number can only go up. I wonder though if it will rise disproportionately with the distribution of new software systems: will we care less about safety as we grow?

                                                        1. 3

                                                          The boeing MAX planes also come to mind.

                                                          I believe that wasn’t really a software failure. Oh, it was definitely an engineering clusterfuck because they wanted to save money on re-certification:

                                                          • Aerodynamically unstable design (so they could make bigger, more fuel efficient reactors).
                                                          • Botched redundancy (left computer used left sensor, right computer used right sensor, and no way to tell which computer is right when one sensor (inevitably) go south).
                                                          • Limited pilot training, that hides the differences of the MAX under the carpet.
                                                          • Difficult to override automatic controls (the pilots basically have to lift weights to be able to counter the nosedive).
                                                          • […]

                                                          Forgot where I saw it, but a pilot wrote a painstakingly detailed review of the debacle. If someone can find the link…

                                                          That said, whether it was a software failure or something else doesn’t really matter. We make stuff, and bad things happen when it breaks. Software shouldn’t be treated any differently. (And in the case of the MAX, they certainly expected software to compensate for the physical shortcomings of the plane. Too bad it didn’t, I guess…)

                                                          1. 3

                                                            so they could make bigger, more fuel efficient reactors

                                                            I think you just meant to write “engines” here.

                                                            1. 2

                                                              Crap, I did.

                                                              1. 1

                                                                I figured you did :D An older name for a jet plane in Swedish is “reaplan” (“plan” is plane, and “rea” is from “reaktionsmotor”) and it has the same root.

                                                            2. 1

                                                              Fair. I was considering the software overcompensation for a physical failure as a software failure, but as mentioned, “tumult of other failures” might be over-blaming the software.

                                                              1. 2

                                                                Note: I believe the software people ought to have noticed this: see, each computer relied on one sensor, and then you have to resolve the conflict whenever they disagree. With only two systems —not three as is commonly seen in vote based redundancy systems. Actually, I’m pretty sure a number of engineers, software or otherwise, did notice something fishy was going on. They probably told their hierarchy too. Yet someone somewhere still decided they were going to go through with this.

                                                          1. 2

                                                            Posted link is from 2008. Suggested a title change.

                                                            1. -8

                                                              this is bad advice.

                                                              1. 2

                                                                Why is it bad advice?

                                                              1. 5

                                                                I was sure this was submitted before. Url changed.

                                                                https://lobste.rs/s/tos2zx/why_you_should_stop_using_git_rebase

                                                                1. 1

                                                                  According to Word of Mod, reposts this old are OK:

                                                                  https://lobste.rs/s/j2wdwl/sourcehut_hacker_s_forge#c_akwblr

                                                                  1. 1

                                                                    “repost” tag?

                                                                1. 20

                                                                  I don’t think this is controversial. The benefits of producing insecure software outweighs the costs. Or rather, the costs are so externalized and diffuse that there’s no appreciable cost to the producer of said software.

                                                                  1. 12

                                                                    The car industry went through this. Without a doubt benefits of cars still outweighed the cost of them being death traps: https://en.wikipedia.org/wiki/Unsafe_at_Any_Speed

                                                                    And before that the rail industry. Trains were revolutionary, but it was accepted that even such a basic task as stopping the train would regularly get people killed: https://en.wikipedia.org/wiki/Brakeman

                                                                    In comparison, software vulnerabilities don’t seem that bad! But we should still sort this out, since we rely on software more and more, and it will get serious eventually.

                                                                    1. 5

                                                                      That’s safety, not security, though. Security is tougher because it is an adversarial game with opponents that make counter-moves.

                                                                      It’s telling that despite hundreds (thousands?) of years of history, bank buildings and homes are still very regularly robbed.

                                                                      1. 1

                                                                        But that’s the point of the article. Apart from a few very very rare cases (Therac-25) bad software doesn’t kill people.

                                                                        1. 14

                                                                          The point of the article is “benefits outweigh the costs” but your point “the costs are externalized so even if they were high it wouldn’t matter” is a lot more subtle and much closer to the truth.

                                                                      2. 7

                                                                        Yes until there is an organized response against the problem, or a use of governmental power to associate developing insecure software with loss of profits, there will never be any meaningful action on the issue.

                                                                      1. 3

                                                                        Drew DeVault does your comment from last year that you’re opposed to officially supporting Docker deployment of sourcehut stand? I have a homelab where I like to mess with stuff and sourcehut’s Mercurial support looks really nice, but the install steps are daunting. I assume it wouldn’t actually be too bad, but when compared to something like Gitea’s declarative deployment via Docker which took me 3 seconds to start playing with, I hesitate. Either way thanks for working on sourcehut!

                                                                        p.s. how do you @-mention a user on here?

                                                                        1. 11

                                                                          Yes, it stands. What also stands is the idea that if someone were to take on the role of building a third-party docker deployment for sourcehut, they would find the task reasonably easy to accomplish and I would be supportive of them, albeit insistent that it remain a third-party solution.

                                                                          Note, however, that deploying sourcehut on docker is itself not the matter discussed in the linked ticket. As for the subject of the ticket, I still have no desire to address this at this time.

                                                                          1. 1

                                                                            Reasonable stance! Perhaps I will attempt to tackle it some time (if no one else beats me to it).

                                                                            I actually don’t even understand that ticket but it came up in a google search result for “sourcehut docker.” GPU passthrough with Docker? So confused.

                                                                            1. 2

                                                                              It’s for the CI service.

                                                                          2. 3

                                                                            @altano you just type @ in front of the username and the markdown formatting does the rest

                                                                            1. 3

                                                                              how do you @-mention a user on here?

                                                                              You just prepend @ to the username: @altano

                                                                            1. 3

                                                                              I Am Not A License Lawyer but I don’t know if you can mix commercial and GPL clauses like this

                                                                              https://raw.githubusercontent.com/arcaneoffice/Photos/master/LICENSE.txt

                                                                              1. 1

                                                                                I am not either, but I saw that in some projects and we wanted to have that to know what should be done. Thanks for the note, I will look more into it.

                                                                                1. 1

                                                                                  Dual licensing, if that is what you mean usually consists of offering:

                                                                                  • an Open Source / Free Software license, typically a somewhat restricted one like GPL or AGPL

                                                                                  • a commercial license for those who would rather pay than follow the free software license

                                                                                  Those who use it under the free software license don’t have to think about the commercial terms and those who use it under the commercial license doesn’t have to consider the free software license.

                                                                                  And no, I’m not a lawyer either .

                                                                                  PS: I’m often out if something is AGPL. I still have unanswered questions regarding it.

                                                                                  1. 1

                                                                                    Yes, it is what I mean. Did I do it wrong? Can you please give me an example you think done it right?

                                                                              1. 17

                                                                                Do not delete the path part of that URL, yikes.

                                                                                Anyway, what is “Suckless”? That’s what I was trying to see, and instead got an image of a naked man holding a bottle of wine.

                                                                                1. 15

                                                                                  For Suckless, see https://suckless.org/, not the users subdomain.

                                                                                  It’s a project/group related to cat-v and classical-unix/plan9 advocacy, rejecting tools that “suck” and wanting to replace them with “simpler” alternatives (dwm for window managment, st for terminals, dmenu for reading keyboard input, …). This often entails that configurations have to be applied pre-compilation and that the default distributions of various tools and projects are pretty lean – hence additional features are collected as patches, which are listed here, showing which can be successfully applied, and which can’t.

                                                                                  1. 4

                                                                                    I can report that dwm and st are great tools.

                                                                                    The only hitch is recompiling them after modifying their configuration files, which are written in C. Many people don’t like this. Some, like myself, don’t mind.

                                                                                    1. 3

                                                                                      I used st (off and on) for a while (~1yr), and for me the biggest annoyance was having to rebase some patches when multiple patches modify similar lines of code. Once that headache was resolved, it was generally OK unless some st commits triggered rebasing some stuff again. Basically it was all the fun of maintaining your own branch of st with patches someone else wrote.

                                                                                  2. 13

                                                                                    Suckless was in its heyday around the time of the systemd eruption, as far as I know. This would be around 2010. Slightly prior was this one weird viral video of an artist named Gunther, a self-styled “sex prophet,” who made the rounds with a (completely SFW in the most technical of senses, though apparently not germane to your sensibilities, bheisler, which is fine with me, thus this explanatory note to lessen the blow of freakishness herein) music video called “Ding Ding Dong.” Pop music beats, euro summer beach ditzy style. Not amazing, but pretty good, definitely unique. The naked man is that same gunther. Just wanted to clear that up, because this is a clear case of an overreaction to a misunderstood joke. As far as I know, the suckless community was and is to the extent that it still exists, pretty insular. Probably didn’t anticipate being posted on an HN style board

                                                                                    1. 7

                                                                                      Probably didn’t anticipate being posted on an HN style board

                                                                                      Lobste.rs has even “suckless developer” hat used by several people. Not quite buying the unanticipated part.

                                                                                      1. 1

                                                                                        Reasonable.

                                                                                        Would you, however, admit that Gunther, the individual who presumably is the man behind gunther.suckless org, is not the OP of this link?

                                                                                        In admitting this, if you do admit this, are you not therefore forced to agree with me that the post we’re discussing was not intentionally put forth as a display of nudity to eyes averse to that same nudity?

                                                                                        If a list of patches to utilities and other programs is hosted at a path of a subdomain which contains the image a naked man holding a vertical wine bottle (with suggestive verticality) is posted without awareness of the suggestive verticality of said bottle, then can’t we conclude that the proximate nature of that suggestively vertical bottle to said list of patches to utilities and programs is in some sense accidental, and therefore unanticipated?

                                                                                        By this argument, I intend to demonstrate that your claim, while seemingly reasonable, is eliding the quite clear nature of the circumstances, in an effort to maintain that all suckless developers and subdomain holders should be aware of all possible audiences for their online “speech” (or however you wish to define what the image is), when in fact it is absurd to believe that all speech of all suckless developers would be anticipated to agree with all possible audiences. I’m afraid that, unless Gunther appears to justify his position, we’ll have to remain in a misunderstanding silence regarding the reason why a suggestively vertical bottle and naked man are so closely associated with this list of patches.

                                                                                        I tried to explain it, because it seemed necessary to explain, to me. Perhaps one day, your doubt regarding this explanation will itself be exposed to the eyes of someone on a far away news site, and they will be as horrified as if they had seen a vertical and suggestively placed bottle.

                                                                                        1. 2

                                                                                          @varjag simply wanted to inform you that @FRIGN not only has an account here, but also has the [suckess.org developer] hat. So a lot of the community knows about Suckless (presumably not @bheisler, who asked the question in the first place).

                                                                                          I must confess to be in the same position as @bheisler. I knew of suckless, but had no idea what the linked page meant in context of that project.

                                                                                      2. 3

                                                                                        So the guy probably thought since he had the same name as this weirdo that for internet reasons (remember when memes were cool and unique signifiers of in-group identification?) it would naturally follow to have him around on the ol’ personal page

                                                                                        1. 2

                                                                                          Sorry for the long-winded explanation, but I miss the old web, and I am not even old! Would you, Herr heisler, have been hip to a tidy game of Flash-powered Sandspiel, even if it were on a subdomain of ebaumsworld?

                                                                                      3. 8

                                                                                        The suckless project makes and maintains a bunch of Unix programs that meet their definition of “sucking less” - http://suckless.org/philosophy/

                                                                                        I’ve been caught off guard by them offering personal subdomains on their site before, too - suckless.org is SFW, but any individual subdomain?

                                                                                        I use and like dwm when I can.

                                                                                        1. 17

                                                                                          They like to send mail from hosts with names like wolfsschanze. You can also see FRIGN’s opinion about diversity as shared on lobsters. Or the time someone pointed out there are torchlit marches at suckless conferences and someone else asked FRIGN to clarify and he basically admitted to being a white nationalist, complete with dogwhistles like “cultural marxism”?

                                                                                          I’m not saying that suckless is definitely a white nationalist organization but I am saying someone would have to do a lot of work to convince me otherwise.

                                                                                          1. 4

                                                                                            Must we do this everytime someone posts something suckless related? Can we please just talk about technology instead of all this political nonsense and random accusations?

                                                                                            1. 13

                                                                                              Look, for every person who thinks this is “political nonsense and random accusations,” there’s at least one person who thinks this is so damning that they want literally nothing to do with suckless ever again.

                                                                                              And despite Lobster’s general “politics is off-topic” policy, this thread is literally someone asking “what is ‘Suckless’?”, so if it’s on-topic anywhere, it’s here.

                                                                                              1. 2

                                                                                                Please see my reply above.

                                                                                                1. 4

                                                                                                  Um. Welcome to lobsters? A couple of words to a wise guy:

                                                                                                  1. Your previous comment is not “above” this one. The whole tree gets reordered based on upvotes.
                                                                                                  2. That stream-of-consciousness-wall-of-text style may play well wherever @enkiv2 invited you from, but it’s gauche here. At least, I find it exhausting more than amusing.
                                                                                                  3. For heaven’s sake, please don’t feed the trolls! No matter how many big buckets of troll slop you may have handy.
                                                                                                  1. 0

                                                                                                    Thank you, minimax! – for your welcome, since it is utterly welcoming. A couple more words in response, and whether they contain a wisdom equivalent to my similar and apparently inherent quality of same is entirely your determination. I am so grateful to have run into an authority on these matters. Perhaps you can finally solve the trolley problem for us all, and divide good people from bad ones, as you scry into your palantir of forum posts.

                                                                                                    To wit -

                                                                                                    (1) My previous comment is in a tree of comments.

                                                                                                    (a) What is the precise and preferred nomenclature, such that an ignoramus could understand?

                                                                                                    (b) In the sense that a tree (such as this comment tree) goes from a single node to plenty of nodes, is it entirely inappropriate to say “above” in order to indicate, where n is the depth indicated away from the origin, trunk, root, or base of the tree, the position n - 1? I understand if your perspective is like the protagonist of Ender’s game, and you feel like n-1 compared to n is down, not up, but Ender held that of his enemies, and I am not yours. Are you mine?

                                                                                                    (2) I don’t care. Actually, like a total four-year-old, I feel an evil glee.

                                                                                                    (a) When you say, “stream-of-consciousness-wall-of-text,” you are committing a grammatical error by hypenating between “chunks” of words. One noun is “stream-of-consciousness” and the other is “wall-of-text,” and, while neither necessitates hyphens, it is an elegant stylistic choice, and redounds back upon my usage of “implied-by-you.” But the nouns you connected simply don’t need to be joined. In fact, they should be separated by a comma. I’m running out of breath just looking at it.

                                                                                                    (b) Gauche – what is the meaning of this word in the sense you’re applying?

                                                                                                    (b, cont.) John Ohno is no concern of yours in this regard, is he? What are you, a partisan of webbiness that wants to condemn hypertext? What beef could you possibly have with the guy? How do you even go from his proto-post-communism on the one hand and quasi-Ludditic radically conservative ideals of “small computing” on the other, to me? Am I to consider you as thinking that my response, “below,” (in opposition to ngoldbaum’s unfair condemnation of an entire ideal of technical practice in contemporary FOSS on the basis of his own flawed reasoning, equating cultural marxism, which predates the ilk whom ngoldbaum is, in abject ignorance, confusingly attempting to condemn, by about 45 years) the same as enkiv2’s opinions?

                                                                                                    (b, cont.) That you find it exhausting to read: good for you. :)

                                                                                                    (3) This would be humorless, except it is meaningless.

                                                                                                    Please, oh minimax, solve the trolley problem, since you know how to identify trolls and can give advice to the gauche. I am happy to lay on the tracks if you want to flip that switch to experimentally determine once and for all whether it is worth saving some arbitrary group of people as opposed to me. Regarding the basic subject matter at hand, which is suckless, and someone’s unfair-in-my-opinion (see how that’s grammatical?) condemnation of suckless, I should say that I find a policy of opposition to affirmative action intolerant. I support techne, and it follows that I support suckless. It does not therefore follow that I support what ngoldbaum very confusedly understands to be a persecution of the Jews by FRIGN. This seems absurd to have to point out, but here we are. Again: I find intolerance disgusting. I also find vendettas disgusting. Lastly, I find hubris disgusting. I am painfully aware that I, too, sadly lack the cleanliness that would come with an absence of this very quality. However, you have to admit, your hubris in judging me is incomparably greater than my hubris in defending myself against your allegations of . . .

                                                                                                    1. Being a “wise guy.”
                                                                                                    2. Having a “gauche” “style.”
                                                                                                    3. Having an exhausting and unamusing style.
                                                                                                    4. Feeding the trolls, in contradiction to the “sake of heaven.”
                                                                                                    5. Having handy “troll slop.”

                                                                                                    Your welcome is most welcome.

                                                                                                    And you’re welcome.

                                                                                                    Regards,

                                                                                                    Myself

                                                                                                    P.S.: “A couple of words” is merely a figure of speech! And you don’t have to type “um,” even if you habitually say it!

                                                                                                    1. 4

                                                                                                      This sardonic flippancy is tedious and unwelcome. Please treat others better than this.

                                                                                                      1. 2

                                                                                                        Noted

                                                                                                      2. 1

                                                                                                        (a) What is the precise and preferred nomenclature, such that an ignoramus could understand?

                                                                                                        I prefer to simply provide a link to the comment.

                                                                                                        (2) I don’t care. Actually, like a total four-year-old, I feel an evil glee.

                                                                                                        This is not a good attitude to have on Lobste.rs.

                                                                                                        (b) Gauche – what is the meaning of this word in the sense you’re applying?

                                                                                                        I’m not @minimax, but I would read it as “socially awkward”.

                                                                                                        (b, cont.) John Ohno is no concern of yours in this regard, is he?

                                                                                                        Actually he is, as he invited you and has a certain responsibility for that invitation.

                                                                                                        1. 2

                                                                                                          Yeah, um, @lettucehead, please don’t get yourself banned. I would not have invited you if I didn’t expect you to acknowledge community norms & practices.

                                                                                              2. 1

                                                                                                Hey, because minimax decided to play mod with my “gauche style,” and I suspect he just disagrees with what he believes to be my assumptions about what you said, I have some further, legitimate, serious questions. What can you say to substantiate your reduction of the “stream-of-consciousness, wall-of-text style” (to use minimax’s phrase with my improvement) post by which FRIGN “[clarified,] and … basically admitted to being a white nationalist,” in the torchlit marches link, above?

                                                                                                I’m honestly confused, I just don’t see how you get that from what he said. Can you, please, substantiate your reduction of what he actually said, to what you said he said?

                                                                                                Or, can you remove your unnecessarily politicizing post, in violation of pushcx’s general wishes for this forum? I will happily delete (or respect the deletion of) my replies to it, so that we’re “even.” But let it be known, I do wish substantive answers because I am sincerely curious about your opinion and understanding, and would rather not have the kabosh put on a polite and principled discussion. We’re all crustaceans here, instead of denizens of the orange site, because the discussion is of a much higher quality. At least, that’s what I’m here for, and I care deeply about that.

                                                                                                I should also add that I never would have been aware of any rift between certain members of this community were it not for one of your posts on almost the exact same subject several months ago, and while I have picked on specific points of contention regarding the “dogwhistles,” I was glad to receive the intelligence represented by your… saintly screeds… in this regard, both initially and now.

                                                                                                1. -5

                                                                                                  I believe your characterization of FRIGN and some generally-applicable ad hominem arguments about suckless devs as a whole are accurate and appropriate. Furthermore, I do think it’s not unreasonable to maintain that the qualifier “definitely,” being dropped, would result in a statement of something that you are indeed saying. I encourage you to unequivocally embrace your own opinions, since greater accuracy and forthrightness about a diminished predicate (the implied-by-you “absolute” white-nationalism of suckless being reduced to a mere quality thereof) will remove the difficulty necessitating a disavowal of your own opinion in the first place.

                                                                                                  It is an intellectual error to equate white nationalism with opposition to cultural marxism. The preeminent hypervisor over the various and factional containers of that latter opposition, Jordan Peterson, was interested when Zizek pointed out that during the passion of Christ, he said, “Why hast thou forsaken me?,” a point of contention in scholastic philosophy that, from Zizek’s point of view, cut at a certain root of Peterson’s misunderstanding of what communism was all about, in relation to the nominal subject of their appearance together recently. The fact that that seems unrelated, is because it is. However, it is definitely in the strictest possible sense of “relating to definition,” relevant to cultural marxism as such. All this is to say – there is such a thing as conversation, and it is stymied when an equation is made between unequal parts. I dont dispute the apparent co-location of nationalism and anti-Marxism, but this goes without saying, and I don’t dispute the divergent interests of “whiteness” (as concieved by the so-called cultural Marxists) and “culture” (read: “diversity;” as conceived by the self-styled neoreactionaries).

                                                                                                  In the final analysis, we’ll all go along with some eventual victory in the political arena, and either condemn or glorify the ideologues of the suckless branch of post- simplicity accordingly, but that victory has not yet been obtained by either belligerent party in this technical and confounded arena. Until then, FRIGN is probably gonna go on with his agenda in every sense, the mods are gonna maintain their positions of relative non-interference, and you might remain willing to conflate ethics with techne. I shall not.

                                                                                                  (The only remaining position is cultural Trotskyism!)